From d985128eebe7b8cb61f6a0d03a375680e176f4ff Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 28 Nov 2023 11:17:32 -0800 Subject: [PATCH 01/77] Draft Rancher PAYG offerings for AWS and Azure --- .../common-issues.md | 23 ++++ .../installing-rancher-prime.md | 86 +++++++++++++ .../rancher-prime-aws.md | 68 ++++++++++ .../troubleshooting.md | 88 +++++++++++++ .../upgrading-rancher-payg-cluster.md | 26 ++++ .../common-issues.md | 17 +++ .../installing-rancher-prime.md | 112 +++++++++++++++++ .../rancher-prime-azure.md | 19 +++ .../troubleshooting.md | 117 ++++++++++++++++++ .../upgrading-rancher-payg-cluster.md | 14 +++ .../aws-marketplace-payg-integration.md | 36 ++++++ .../azure-marketplace-payg-integration.md | 32 +++++ sidebars.js | 32 +++++ 13 files changed, 670 insertions(+) create mode 100644 docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md create mode 100644 docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md create mode 100644 docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md create mode 100644 docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md create mode 100644 docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md create mode 100644 docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md create mode 100644 docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md create mode 100644 docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md create mode 100644 docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md create mode 100644 docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md create mode 100644 docs/pages-for-subheaders/aws-marketplace-payg-integration.md create mode 100644 docs/pages-for-subheaders/azure-marketplace-payg-integration.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md new file mode 100644 index 00000000000..b3a84582593 --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -0,0 +1,23 @@ +--- +title: Common Issues +--- + +1. Uninstalling Rancher Prime: + + ```shell + helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud + ``` + + Uninstalling Rancher Prime may not cleanly remove all the resources that were + created by Rancher. Users are encouraged to use + [Rancher cleanup script](https://github.com/rancher/rancher-cleanup) to + perform a more comprehensive cleanup if necessary. However, it is + recommended to migrate any other workloads off the cluster and prepare + to destroy the cluster to complete the uninstallation since cleanup is not + recoverable. + +2. When migrating Rancher to a different EKS by following the steps specified in + [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), + Rancher Prime must be reinstalled on the target EKS cluster after restoring from the backup. + Furthermore, the restored Rancher version must not be newer than the version + available in the AWS marketplace. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md new file mode 100644 index 00000000000..a3c197a2e15 --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -0,0 +1,86 @@ +--- +title: Installing Rancher Prime on AWS +--- + +## Installing Rancher + +Log *helm* into the AWS Marketplace ECR to fetch the application. The AWS Marketplace ECR is always in the `us-east-1` region: + +``` +export HELM_EXPERIMENTAL_OCI=1 + +aws --region us-east-1 ecr get-login-password \ + | helm registry login --username AWS \ + --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com +``` + +Install Rancher into your cluster using *helm*. Customize your helm installation values if needed: + +**NOTE** + +Rancher Prime utilizes cert-manager to issue and maintain its certificates. Rancher will generate a CA certificate of its own, and sign a cert using that CA. + +The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](#prerequisites) section for more details. + +For example, if the DNS name is rancher.my.org, HOST_NAME=rancher.my.org + +```shell +helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ +oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud \ + --version {{chart_version}} \ + --set rancherHostname=$HOST_NAME \ + --set rancherServerURL=https://$HOST_NAME \ + --set rancherReplicas=$REPLICAS \ + --set rancherBootstrapPassword=$BOOTSTRAP_PASSWORD \ + --set rancherIngressClassName=nginx \ + --set global.aws.accountNumber=$AWS_ACCOUNT_ID \ + --set global.aws.roleName=$ROLE_NAME +``` + +NOTE: Monitor the rancher-cloud pod logs as the rancher-cloud pod is deleted 1 minute after a successful or failed installation. + +```shell +kubectl logs -f -n cattle-rancher-csp-deployer-system +``` + +After a successful deployment, running the following command should produce a similar output. + +```shell +kubectl get deployments --all-namespaces=true +``` + +```shell +NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE +cattle-csp-billing-adapter-system csp-rancher-usage-operator 1/1 1 1 30m +cattle-csp-billing-adapter-system rancher-csp-billing-adapter 1/1 1 1 30m +cattle-fleet-local-system fleet-agent 1/1 1 1 29m +cattle-fleet-system fleet-controller 1/1 1 1 29m +cattle-fleet-system gitjob 1/1 1 1 29m +cattle-provisioning-capi-system capi-controller-manager 1/1 1 1 28m +cattle-system rancher 1/1 1 1 32m +cattle-system rancher-webhook 1/1 1 1 29m +cert-manager cert-manager 1/1 1 1 32m +cert-manager cert-manager-cainjector 1/1 1 1 32m +cert-manager cert-manager-webhook 1/1 1 1 32m +ingress-nginx ingress-nginx-controller 1/1 1 1 33m +kube-system coredns 2/2 2 2 38m +``` + +Refer to the Troubleshooting section for a failed installation. + +To check if helm chart installation is completed, run following command: + +```shell +helm ls -n cattle-rancher-csp-deployer-system +``` + +After the helm chart installation is complete, you can verify the installation. +Verify the status of the helm charts installation by running the following command: + +```shell +helm status rancher-cloud -n cattle-rancher-csp-deployer-system +``` + +### Helm Chart Installed Successfully + +After it is completed, the Rancher Prime is successfully installed. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md new file mode 100644 index 00000000000..7931f9bcb9f --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md @@ -0,0 +1,68 @@ +--- +title: Rancher Prime in AWS +--- + +## Prerequisites + +Before using Rancher Prime on AWS as a PAYG offering, you need the following resources, information, and tools: + +- A Rancher-compatible EKS cluster. Please see + [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) + for more details. + Please see [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) + for bringing up an EKS cluster to install Rancher Prime PAYG which is covered in the later section of this document. +- An ingress installed on the EKS cluster so that Rancher is accessible outside + of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) + for instructions on how to deploy Ingress-INGINX on EKS cluster. +- Get the Load Balancer IP. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#6-get-load-balancer-ip) and Save the EXTERNAL-IP. +- The Rancher hostname must be a fully qualified domain name (FQDN) and its + corresponding IP address must be resolvable from a public DNS. Please refer + to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) + for instructions on how to setup DNS. This DNS is setup to point at the EXTERNAL-IP saved. +- Installation requires you have the following tools available and properly configured to access your AWS account, and your EKS cluster: + - `aws` + - `curl` + - `eksctl` + - `helm` (v3 or greater) + +## Preparing your cluster + +### OIDC provider + +Your EKS cluster is required to have an OIDC provider installed. To check for an OIDC provider first find the OIDC issuer with the following command. Substitute `$CLUSTER_NAME` with the *Name* of your EKS cluster and $REGION with *region* where it is running: + +```shell +aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query cluster.identity.oidc.issuer --output text +``` + +A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` will be referred to in later instructions as the *OIDC Provider Identity* (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`). The final section of the URL, `1234567890ABCDEF`, is the $OIDC_ID. + +Using the $OIDC_ID of the issuer found above, you can check if a provider is installed with the following command: + +```shell +aws iam list-open-id-connect-providers | grep $OIDC_ID +``` + +If there is no output, you will need to create an OIDC provider: + +```shell +eksctl utils associate-iam-oidc-provider --cluster $CLUSTER_NAME --region $REGION --approve +``` + +### IAM Role + +To provide the necessary permissions, an IAM role and an attached policy are required. The role name is passed as an argument during the *helm* deployment. + +Create the role with a *role name* of your choosing (for example, `rancher-csp-iam-role`), and the required policy attached to it: + +```shell +eksctl create iamserviceaccount \ + --name rancher-csp-billing-adapter \ + --namespace cattle-csp-billing-adapter-system \ + --cluster $CLUSTER_NAME \ + --region $REGION \ + --role-name $ROLE_NAME --role-only \ + --attach-policy-arn 'arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess' \ + --approve +``` + diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md new file mode 100644 index 00000000000..820de8cb018 --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -0,0 +1,88 @@ +--- +title: Troubleshooting +--- + +## Troubleshooting + +This section contains information to help you troubleshoot issues when installing Rancher Prime PAYG. + +Jobs and Pods: + +Check that pods or jobs have status Running/Completed + + +``` +kubectl get pods --all-namespaces +``` + + +If a pod is not in Running state, you can debug into the root cause by running: + +Describe pod + + +``` +kubectl describe pod -n +``` + +Pod container logs + + +``` +kubectl logs -n +``` + +Describe job + + +``` +kubectl describe job -n +``` + +Logs from the containers of pods of the job + +``` +kubectl logs -l job-name= -n +``` + +###Recovery from Failed Pods + +If any of the pods are not Running : + +Check the rancher-cloud Pod + +``` +kubectl get pods --all-namespaces | grep rancher-cloud +``` + +If the rancher-cloud pod is in Error state, wait for the pod to be deleted which takes approx 1 min after it goes in Error State. + +Fix the problem and execute + +``` +helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ +oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud --install \ + --version {{chart_version}} \ + --set rancherHostname=$HOST_NAME \ + --set rancherServerURL=https://$HOST_NAME \ + --set rancherReplicas=$REPLICAS \ + --set global.aws.accountNumber=$AWS_ACCOUNT_ID \ + --set global.aws.roleName=$ROLE_NAME +``` + +###Rancher Usage Record Not found: + +Error: + +``` +Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" + Check Configuration, Retrieve generated configuration csp-config +``` + +Solution: + +``` +kubectl get cm -n cattle-csp-billing-adapter-system csp-config -o yaml +``` + +if a configuration is not listed, you can debug into the root cause by checking the pod status and log (Refer Jobs and Pods section). \ No newline at end of file diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md new file mode 100644 index 00000000000..d3e12630f30 --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -0,0 +1,26 @@ +--- +title: Upgrading Rancher PAYG Cluster +--- + +## Upgrading a Rancher Prime PAYG Cluster + +The marketplace PAYG offer is tied to a billing adapter AND Rancher Prime version. These are updated periodically as new version of the billing adapter or Rancher are released. +In that case the helm chart will be updated with new tags and digests and new version of helm chart will be uploaded. In order to upgrade the deployed helm chart with new version, execute the following helm command + +``` +helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ +oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud \ + --version \ + --set rancherHostname=$HOST_NAME \ + --set rancherServerURL=https://$HOST_NAME \ + --set rancherReplicas=$REPLICAS \ + --set rancherIngressClassName=nginx \ + --set global.aws.accountNumber=$AWS_ACCOUNT_ID \ + --set global.aws.roleName=$ROLE_NAME +``` + +To check if upgraded helm chart installation is deployed, run following command. It should display the upgraded chart version and REVISION incremented by 1 from previous install. + +``` +helm ls -n cattle-rancher-csp-deployer-system +``` \ No newline at end of file diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md new file mode 100644 index 00000000000..4f307449363 --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -0,0 +1,17 @@ +--- +title: Common Issues +--- + +1. When migrating Rancher to a different AKS by following the steps specified in + [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), Rancher Prime must be reinstalled via the Azure + marketplace on the target AKS cluster after restoring from the backup. + Furthermore, the restored Rancher version must not be newer than the version + available in the Azure marketplace. + +2. Uninstalling Rancher Prime may not cleanly remove all the resources that were + created by Rancher. Users are encouraged to use + [Rancher cleanup script](https://github.com/rancher/rancher-cleanup) to + perform a more comprehensive cleanup if necessary. However, it is + recommended to migrate any other workloads off the cluster and prepare + to destroy the cluster to complete the uninstallation since cleanup is not + recoverable. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md new file mode 100644 index 00000000000..55e85b3d4d3 --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -0,0 +1,112 @@ +--- +title: Installing Rancher Prime on Azure +--- + +## How to install Rancher Prime PAYG + +The following is a step by step walk-through for creating a new deployment of +Rancher Prime from the Azure Marketplace page. + +1. Click "Rancher Prime with 24x7 Support" offer (either "EU and UK only" or + "non-EU and non-UK only") that corresponds to the location where your account + is registered. +2. Choose the plan from the dropdown list. ( "Plans + Pricing" tab more details about Software plan) +3. Click 'Create' + +### Basics + +1. Select existing subscription from the dropdown list. +2. Select existing Resource group from the dropdown list. +3. Select existing AKS Cluster Name from the dropdown list. +4. Choose name for Cluster extension resource name. It can be consisted of + alphanumeric and dots, and the length must be between 2 and 253 characters. + + --- + **NOTE** + + The **Create new** resource group feature is not supported. + + --- + +click 'Next' + +### Rancher Configuration + +1. Enter the hostname for Rancher, and it must be a fully qualified domain + name (FQDN). The Rancher server URL will be created using this hostname. + + --- + **NOTE** + + The IP address of the Rancher hostname must be resolvable by a public DNS. + + --- + +2. Using the slide bar, select the number of Rancher replicas. +3. Choose bootstrap password as it is suggested by the tip. The bootstrap + password will be used to authenticate to the Rancher dashboard during first + login. + + --- + **NOTE** + + The current Rancher deployment exposes the bootstrap password in the Cluster + configuration settings in Azure Portal. Until this is resolved, it is + suggested to change the Admin password after the initial login. Edit profile + in the Rancher dashboard to change password. + + --- + +click 'Next' + +### Review + create + + + This will summarize the offer and link to "view automation template" (Azure Resource Manager Template) + + + Price + Basics + Rancher Configuration + +click 'Create' + +### Deployment Complete + +Deployment will be in progress. After it is completed, the Rancher Prime +Kubernetes service extension is successfully installed. + + --- + ** NOTE: ** + + In the "Extensions + applications" page, the "Provisioning State" may show + "Succeeded" even though the provision may still be in progress. You may monitor + the actual progragress by logging into the AKS cluster and follow the + "rancher-cloud" deployment. + + --- + +## Log into the Rancher dashboard + +You may now login to Rancher dashboard by point your browser to Rancher server +URL **https://**, where **Rancher hostname** is the hostname +you have chosen previously. + + --- + **NOTE** + + The Rancher hostname must be resolvable by public DNS. Please refer to the + [Prerequisites](#prerequisites) section for more details. + + --- + +## How To Use Rancher + +Please refer to the [Rancher documentation](https://ranchermanager.docs.rancher.com/) +on how to use Rancher. + +## Rancher Prime PAYG billing + +Billing will be available in the Azure Portal billing + +Home > Cost Management | Cost analysis \ No newline at end of file diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md new file mode 100644 index 00000000000..887613cd569 --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md @@ -0,0 +1,19 @@ +--- +title: Rancher Prime in Azure +--- + +## Prerequisites + +- A Rancher-compatible AKS cluster. Please see + [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) + for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the + Azure Kubernetes service and Azure Container Apps service are available, see the + [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. + Please see [Creating an AKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#3-create-the-aks-cluster) for bringing up an AKS cluster to install Rancher Prime PAYG which is covered in the later section of this document. +- An ingress installed on the AKS cluster so that Rancher is accessible outside + of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#5-install-an-ingress) + for instructions on how to deploy Ingress-INGINX on AKS cluster. +- The Rancher hostname must be a fully qualified domain name (FQDN) and its + corresponding IP address must be resolvable from a public DNS. Please refer + to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#7-set-up-dns) + for instructions on how to setup DNS. \ No newline at end of file diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md new file mode 100644 index 00000000000..1e777b5ac6c --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md @@ -0,0 +1,117 @@ +--- +title: Troubleshooting +--- + +This section contains information to help you troubleshoot issues when install Rancher and configure Billing-adapter + +After successful deployment, it should list similar pod and chart output + +``` +kubectl get deployments --all-namespaces=true +``` + +``` +NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE +cattle-csp-billing-adapter-system csp-rancher-usage-operator 1/1 1 1 8h +cattle-csp-billing-adapter-system rancher-csp-billing-adapter 1/1 1 1 8h +cattle-fleet-local-system fleet-agent 1/1 1 1 8h +cattle-fleet-system fleet-controller 1/1 1 1 8h +cattle-fleet-system gitjob 1/1 1 1 8h +cattle-provisioning-capi-system capi-controller-manager 1/1 1 1 8h +cattle-system rancher 3/3 3 3 8h +cattle-system rancher-webhook 1/1 1 1 8h +cert-manager cert-manager 1/1 1 1 8h +cert-manager cert-manager-cainjector 1/1 1 1 8h +cert-manager cert-manager-webhook 1/1 1 1 8h +ingress-nginx ingress-nginx-controller 1/1 1 1 9h +kube-system coredns 2/2 2 2 20h +kube-system coredns-autoscaler 1/1 1 1 20h +kube-system extension-agent 1/1 1 1 8h +kube-system extension-operator 1/1 1 1 8h +kube-system konnectivity-agent 2/2 2 2 20h +kube-system metrics-server 2/2 2 2 20h +``` + + +Jobs and Pods: + +Check that pods or jobs have status Running/Completed + + +``` +kubectl get pods --all-namespaces +``` + + +if a pod is not in Running state, you can dig into the root cause by running: + +Describe pod + + +``` +kubectl describe pod -n +``` + +Pod container logs + + +``` +kubectl logs -n +``` + +Describe job + + +``` +kubectl describe job -n +``` + +Logs from the containers of pods of the job + +``` +kubectl logs -l job-name= -n +``` + + +###Rancher Usage Record Not found: + +Error: + +``` +Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" + Check Configuration, Retrieve generated configuration csp-config +``` + + +Solution: + +``` +kubectl get cm -n cattle-csp-billing-adapter-system csp-config -o yaml +``` + +if a configuration is not listed, you can dig into the root cause by checking the pod status and log (Refer Jobs and Pods section). + + +###Multiple extensions of same type: + +Error: + +``` +Multiple extensions of same type is not allowed at this scope. (Code: ValidationFailed)" +``` + +Solution: + +AKS cluster already has the extension with the same type. Uninstall the extension and re-deploy with the same cluster. + +###Resource already existing in your cluster: + +Error: + +``` +Helm installation failed : Resource already existing in your cluster : Recommendation Manually delete the resource(s) that currently exist in your cluster and try installation again. To delete these resources run the following commands: kubectl delete -n : InnerError [rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "rancher" in namespace "cattle-system" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "test-nv2-reinstall": current value is "testnv2-plan"] +``` + +Solution: + +AKS cluster already has the extension. Uninstall the extension as it suggested in the Error by deleting the resource via the kubectl command. or Uninstall the extension in Azure Console and re-deploy with the same cluster. \ No newline at end of file diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md new file mode 100644 index 00000000000..eeb818170b3 --- /dev/null +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -0,0 +1,14 @@ +--- +title: Upgrading Rancher PAYG Cluster +--- + +The Azure marketplace PAYG offer is periodically updated as a new version of +Rancher Prime are released, and for optimizations in the integration with Azure. +To update the latest version of the Rancher Prime PAYG offering supported in +the marketplace listing, use the "az k8s-extension update" command. + +Execute the following command in Cluster Cloud Shell: + +``` +az k8s-extension update --name --cluster-name --resource-group --cluster-type managedClusters --version +``` \ No newline at end of file diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md new file mode 100644 index 00000000000..d0882f881f9 --- /dev/null +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -0,0 +1,36 @@ +--- +title: AWS Marketplace Pay-as-you-go (PAYG) Integration +--- + + + + + +## Overview + +Rancher integrates with AWS Marketplace as a Pay-as-you-go offering. This will be in addition to the existing [AWS License integration](https://ranchermanager.docs.rancher.com/pages-for-subheaders/aws-cloud-marketplace) which is currently available. Customers will need information about their options and the features and limitations of the PAYG offerings. + +## Limitations + +- You must be running Rancher v2.6.7 or higher +- Rancher must be deployed with additional metrics enabled. +- Rancher must be installed on an EKS cluster. +- You must purchase at least one entitlement to Rancher support through AWS Marketplace. +- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md) for more information. + +## How to Use + +1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md). +2. [Install the CSP Adapter](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md). + +## FAQ + +**Can I purchase support for more nodes later on?** + +Yes. Simply go to the AWS Marketplace entry that you used to initially purchase support and increase the number of entitlements. + +**Can I use multiple instances of Rancher in the same AWS account?** + +Yes. However, each cluster that Rancher is installed in will need to adhere to the prerequisites. + +In addition, keep in mind that a given entitlement can only be used by one Rancher management server at a time. \ No newline at end of file diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md new file mode 100644 index 00000000000..67f849ea7f6 --- /dev/null +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -0,0 +1,32 @@ +--- +title: Azure Marketplace Pay-as-you-go (PAYG) Integration +--- + +## Overview + +Rancher integrates with Azure Marketplace as a Pay-as-you-go offering. + +## Limitations + +- You must be running Rancher v2.6.7 or higher +- Rancher must be deployed with additional metrics enabled. +- Rancher must be installed on an EKS cluster. +- You must purchase at least one entitlement to Rancher support through AWS Marketplace. +- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md) for more information. + +## How to Use + +1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md). +2. [Install the CSP Adapter](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md). + +## FAQ + +**Can I purchase support for more nodes later on?** + +Yes. Simply go to the AWS Marketplace entry that you used to initially purchase support and increase the number of entitlements. + +**Can I use multiple instances of Rancher in the same AWS account?** + +Yes. However, each cluster that Rancher is installed in will need to adhere to the prerequisites. + +In addition, keep in mind that a given entitlement can only be used by one Rancher management server at a time. diff --git a/sidebars.js b/sidebars.js index ce3687e759b..9cb4f143494 100644 --- a/sidebars.js +++ b/sidebars.js @@ -1148,6 +1148,38 @@ const sidebars = { 'integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/common-issues' ] }, + { + type: 'category', + label: 'AWS Marketplace PAYG Integration', + link: { + type: 'doc', + id: "pages-for-subheaders/aws-marketplace-payg-integration" + }, + items: [ + 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws', + 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime', + 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster', + 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting', + 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues' + + ] + }, + { + type: 'category', + label: 'Azure Marketplace PAYG Integration', + link: { + type: 'doc', + id: "pages-for-subheaders/azure-marketplace-payg-integration" + }, + items: [ + 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure', + 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime', + 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster', + 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting', + 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues' + + ] + }, 'integrations-in-rancher/cloud-marketplace/supportconfig' ] }, From 65142d5228c34f84ad2c6674ee7cc50e3b93cf76 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 29 Nov 2023 14:12:36 -0800 Subject: [PATCH 02/77] Updated to style/grammar --- .../installing-rancher-prime.md | 113 +++++++++--------- .../rancher-prime-aws.md | 26 ++-- .../troubleshooting.md | 2 - .../upgrading-rancher-payg-cluster.md | 7 +- .../rancher-prime-azure.md | 18 +-- .../aws-marketplace-payg-integration.md | 2 +- .../azure-marketplace-payg-integration.md | 2 +- 7 files changed, 77 insertions(+), 93 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index a3c197a2e15..62cb2c4e89b 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -4,69 +4,73 @@ title: Installing Rancher Prime on AWS ## Installing Rancher -Log *helm* into the AWS Marketplace ECR to fetch the application. The AWS Marketplace ECR is always in the `us-east-1` region: +1. Log helm into the AWS Marketplace Elastic Container Registry (ECR) to fetch the application. The AWS Marketplace ECR is always in the `us-east-1` region: -``` -export HELM_EXPERIMENTAL_OCI=1 + ```shell + export HELM_EXPERIMENTAL_OCI=1 -aws --region us-east-1 ecr get-login-password \ - | helm registry login --username AWS \ - --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com -``` + aws --region us-east-1 ecr get-login-password \ + | helm registry login --username AWS \ + --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com + ``` -Install Rancher into your cluster using *helm*. Customize your helm installation values if needed: +1. Install Rancher into your cluster using `helm`. Customize your `helm` installation values if needed: -**NOTE** + :::note -Rancher Prime utilizes cert-manager to issue and maintain its certificates. Rancher will generate a CA certificate of its own, and sign a cert using that CA. + Rancher Prime utilizes cert-manager to issue and maintain its certificates. Rancher will generate a CA certificate of its own, and sign a cert using that CA. -The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](#prerequisites) section for more details. - -For example, if the DNS name is rancher.my.org, HOST_NAME=rancher.my.org + The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](rancher-prime-aws.md#prerequisites) section for more details. For example, if the DNS name is rancher.my.org, HOST_NAME=rancher.my.org. -```shell -helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ -oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud \ - --version {{chart_version}} \ - --set rancherHostname=$HOST_NAME \ - --set rancherServerURL=https://$HOST_NAME \ - --set rancherReplicas=$REPLICAS \ - --set rancherBootstrapPassword=$BOOTSTRAP_PASSWORD \ - --set rancherIngressClassName=nginx \ - --set global.aws.accountNumber=$AWS_ACCOUNT_ID \ - --set global.aws.roleName=$ROLE_NAME -``` + ::: -NOTE: Monitor the rancher-cloud pod logs as the rancher-cloud pod is deleted 1 minute after a successful or failed installation. + ```shell + helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ + oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud \ + --version {{chart_version}} \ + --set rancherHostname=$HOST_NAME \ + --set rancherServerURL=https://$HOST_NAME \ + --set rancherReplicas=$REPLICAS \ + --set rancherBootstrapPassword=$BOOTSTRAP_PASSWORD \ + --set rancherIngressClassName=nginx \ + --set global.aws.accountNumber=$AWS_ACCOUNT_ID \ + --set global.aws.roleName=$ROLE_NAME + ``` -```shell -kubectl logs -f -n cattle-rancher-csp-deployer-system -``` + :::note -After a successful deployment, running the following command should produce a similar output. + Monitor the rancher-cloud pod logs as the rancher-cloud pod is deleted 1 minute after a successful or failed installation. -```shell -kubectl get deployments --all-namespaces=true -``` + ::: -```shell -NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE -cattle-csp-billing-adapter-system csp-rancher-usage-operator 1/1 1 1 30m -cattle-csp-billing-adapter-system rancher-csp-billing-adapter 1/1 1 1 30m -cattle-fleet-local-system fleet-agent 1/1 1 1 29m -cattle-fleet-system fleet-controller 1/1 1 1 29m -cattle-fleet-system gitjob 1/1 1 1 29m -cattle-provisioning-capi-system capi-controller-manager 1/1 1 1 28m -cattle-system rancher 1/1 1 1 32m -cattle-system rancher-webhook 1/1 1 1 29m -cert-manager cert-manager 1/1 1 1 32m -cert-manager cert-manager-cainjector 1/1 1 1 32m -cert-manager cert-manager-webhook 1/1 1 1 32m -ingress-nginx ingress-nginx-controller 1/1 1 1 33m -kube-system coredns 2/2 2 2 38m -``` + ```shell + kubectl logs -f -n cattle-rancher-csp-deployer-system + ``` -Refer to the Troubleshooting section for a failed installation. +1. After a successful deployment, running the following command should produce a similar output. + + ```shell + kubectl get deployments --all-namespaces=true + ``` + + ```shell + NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE + cattle-csp-billing-adapter-system csp-rancher-usage-operator 1/1 1 1 30m + cattle-csp-billing-adapter-system rancher-csp-billing-adapter 1/1 1 1 30m + cattle-fleet-local-system fleet-agent 1/1 1 1 29m + cattle-fleet-system fleet-controller 1/1 1 1 29m + cattle-fleet-system gitjob 1/1 1 1 29m + cattle-provisioning-capi-system capi-controller-manager 1/1 1 1 28m + cattle-system rancher 1/1 1 1 32m + cattle-system rancher-webhook 1/1 1 1 29m + cert-manager cert-manager 1/1 1 1 32m + cert-manager cert-manager-cainjector 1/1 1 1 32m + cert-manager cert-manager-webhook 1/1 1 1 32m + ingress-nginx ingress-nginx-controller 1/1 1 1 33m + kube-system coredns 2/2 2 2 38m + ``` + +### Check Helm Chart Installation To check if helm chart installation is completed, run following command: @@ -74,13 +78,12 @@ To check if helm chart installation is completed, run following command: helm ls -n cattle-rancher-csp-deployer-system ``` -After the helm chart installation is complete, you can verify the installation. -Verify the status of the helm charts installation by running the following command: +After completing the helm chart installation, you can verify the installation was successful: -```shell +```shell helm status rancher-cloud -n cattle-rancher-csp-deployer-system ``` -### Helm Chart Installed Successfully +Refer to the [Troubleshooting](troubleshooting.md) section for a failed installation. -After it is completed, the Rancher Prime is successfully installed. +After the helm chart installation is completed, Rancher Prime is successfully installed. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md index 7931f9bcb9f..45a7a1b1a09 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md @@ -4,26 +4,17 @@ title: Rancher Prime in AWS ## Prerequisites -Before using Rancher Prime on AWS as a PAYG offering, you need the following resources, information, and tools: +Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible EKS cluster. Please see - [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) - for more details. - Please see [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) - for bringing up an EKS cluster to install Rancher Prime PAYG which is covered in the later section of this document. -- An ingress installed on the EKS cluster so that Rancher is accessible outside - of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) - for instructions on how to deploy Ingress-INGINX on EKS cluster. +- A Rancher-compatible EKS cluster. Please see [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please see [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) for bringing up an EKS cluster to install Rancher Prime PAYG which is covered in the later section of this document. +- An ingress installed on the EKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on how to deploy Ingress-INGINX on EKS cluster. - Get the Load Balancer IP. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#6-get-load-balancer-ip) and Save the EXTERNAL-IP. -- The Rancher hostname must be a fully qualified domain name (FQDN) and its - corresponding IP address must be resolvable from a public DNS. Please refer - to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) - for instructions on how to setup DNS. This DNS is setup to point at the EXTERNAL-IP saved. +- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) for instructions on how to setup DNS. This DNS is setup to point at the EXTERNAL-IP saved. - Installation requires you have the following tools available and properly configured to access your AWS account, and your EKS cluster: - - `aws` - - `curl` - - `eksctl` - - `helm` (v3 or greater) + - `aws` + - `curl` + - `eksctl` + - `helm` (v3 or greater) ## Preparing your cluster @@ -65,4 +56,3 @@ eksctl create iamserviceaccount \ --attach-policy-arn 'arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess' \ --approve ``` - diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index 820de8cb018..e5c2695e764 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -2,8 +2,6 @@ title: Troubleshooting --- -## Troubleshooting - This section contains information to help you troubleshoot issues when installing Rancher Prime PAYG. Jobs and Pods: diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index d3e12630f30..8beb3c1d1ea 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -5,9 +5,10 @@ title: Upgrading Rancher PAYG Cluster ## Upgrading a Rancher Prime PAYG Cluster The marketplace PAYG offer is tied to a billing adapter AND Rancher Prime version. These are updated periodically as new version of the billing adapter or Rancher are released. -In that case the helm chart will be updated with new tags and digests and new version of helm chart will be uploaded. In order to upgrade the deployed helm chart with new version, execute the following helm command -``` +In that case the helm chart will be updated with new tags and digests and new version of helm chart will be uploaded. In order to upgrade the deployed helm chart with new version, execute the following helm command: + +```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud \ --version \ @@ -23,4 +24,4 @@ To check if upgraded helm chart installation is deployed, run following command. ``` helm ls -n cattle-rancher-csp-deployer-system -``` \ No newline at end of file +``` diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md index 887613cd569..c687a882f42 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md @@ -4,16 +4,8 @@ title: Rancher Prime in Azure ## Prerequisites -- A Rancher-compatible AKS cluster. Please see - [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) - for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the - Azure Kubernetes service and Azure Container Apps service are available, see the - [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. - Please see [Creating an AKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#3-create-the-aks-cluster) for bringing up an AKS cluster to install Rancher Prime PAYG which is covered in the later section of this document. -- An ingress installed on the AKS cluster so that Rancher is accessible outside - of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#5-install-an-ingress) - for instructions on how to deploy Ingress-INGINX on AKS cluster. -- The Rancher hostname must be a fully qualified domain name (FQDN) and its - corresponding IP address must be resolvable from a public DNS. Please refer - to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#7-set-up-dns) - for instructions on how to setup DNS. \ No newline at end of file +Before using Rancher Prime on Azure as a PAYG offering, you need the following resources, information, and tools: + +- A Rancher-compatible AKS cluster. Please see [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/)for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the Azure Kubernetes service and Azure Container Apps service are available, see the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#3-create-the-aks-cluster) for bringing up an AKS cluster to install Rancher Prime PAYG which is covered in the later section of this document. +- An ingress installed on the AKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#5-install-an-ingress) for instructions on how to deploy Ingress-INGINX on AKS cluster. +- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#7-set-up-dns) for instructions on how to setup DNS. diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index d0882f881f9..cc32bca945c 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -8,7 +8,7 @@ title: AWS Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher integrates with AWS Marketplace as a Pay-as-you-go offering. This will be in addition to the existing [AWS License integration](https://ranchermanager.docs.rancher.com/pages-for-subheaders/aws-cloud-marketplace) which is currently available. Customers will need information about their options and the features and limitations of the PAYG offerings. +Rancher integrates with AWS Marketplace as a pay-as-you-go (PAYG) offering. This will be in addition to the existing [AWS License integration](https://ranchermanager.docs.rancher.com/pages-for-subheaders/aws-cloud-marketplace) which is currently available. Customers will need information about their options and the features and limitations of the PAYG offerings. ## Limitations diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 67f849ea7f6..19d9595eb02 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -4,7 +4,7 @@ title: Azure Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher integrates with Azure Marketplace as a Pay-as-you-go offering. +Rancher integrates with Azure Marketplace as a pay-as-you-go (PAYG) offering. ## Limitations From 126535ff7ae91ddcbec2aea564717e4579c20700 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Mon, 11 Dec 2023 12:26:29 -0800 Subject: [PATCH 03/77] Add docs team feedback for AWS Marketplace PAYG section --- .../common-issues.md | 24 ++----- .../installing-rancher-prime.md | 8 ++- .../rancher-prime-aws.md | 4 +- .../troubleshooting.md | 66 ++++++------------- .../upgrading-rancher-payg-cluster.md | 10 ++- 5 files changed, 38 insertions(+), 74 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index b3a84582593..c3348192ce0 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -1,23 +1,11 @@ --- -title: Common Issues +title: AWS Marketplace Common Issues --- -1. Uninstalling Rancher Prime: +1. Uninstalling Rancher Prime may not cleanly remove all the resources that were created by Rancher. Users are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. - ```shell - helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud - ``` + ```shell + helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud + ``` - Uninstalling Rancher Prime may not cleanly remove all the resources that were - created by Rancher. Users are encouraged to use - [Rancher cleanup script](https://github.com/rancher/rancher-cleanup) to - perform a more comprehensive cleanup if necessary. However, it is - recommended to migrate any other workloads off the cluster and prepare - to destroy the cluster to complete the uninstallation since cleanup is not - recoverable. - -2. When migrating Rancher to a different EKS by following the steps specified in - [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), - Rancher Prime must be reinstalled on the target EKS cluster after restoring from the backup. - Furthermore, the restored Rancher version must not be newer than the version - available in the AWS marketplace. +1. When migrating Rancher to a different EKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), Rancher Prime must be reinstalled on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 62cb2c4e89b..bd73a63c2f7 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -2,6 +2,8 @@ title: Installing Rancher Prime on AWS --- +This page covers installing Rancher... + ## Installing Rancher 1. Log helm into the AWS Marketplace Elastic Container Registry (ECR) to fetch the application. The AWS Marketplace ECR is always in the `us-east-1` region: @@ -20,10 +22,10 @@ title: Installing Rancher Prime on AWS Rancher Prime utilizes cert-manager to issue and maintain its certificates. Rancher will generate a CA certificate of its own, and sign a cert using that CA. - The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](rancher-prime-aws.md#prerequisites) section for more details. For example, if the DNS name is rancher.my.org, HOST_NAME=rancher.my.org. - ::: + The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](rancher-prime-aws.md#prerequisites) section for more details. For example, if the DNS name is rancher.my.org, HOST_NAME=rancher.my.org. + ```shell helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud \ @@ -72,7 +74,7 @@ title: Installing Rancher Prime on AWS ### Check Helm Chart Installation -To check if helm chart installation is completed, run following command: +Check that the helm chart installation is completed: ```shell helm ls -n cattle-rancher-csp-deployer-system diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md index 45a7a1b1a09..26f97589017 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md @@ -1,5 +1,5 @@ --- -title: Rancher Prime in AWS +title: Rancher Prime PAYG in AWS Marketplace --- ## Prerequisites @@ -9,7 +9,7 @@ Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need t - A Rancher-compatible EKS cluster. Please see [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please see [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) for bringing up an EKS cluster to install Rancher Prime PAYG which is covered in the later section of this document. - An ingress installed on the EKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on how to deploy Ingress-INGINX on EKS cluster. - Get the Load Balancer IP. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#6-get-load-balancer-ip) and Save the EXTERNAL-IP. -- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) for instructions on how to setup DNS. This DNS is setup to point at the EXTERNAL-IP saved. +- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) for instructions on how to setup DNS. This DNS is setup to point at the EXTERNAL-IP saved. - Installation requires you have the following tools available and properly configured to access your AWS account, and your EKS cluster: - `aws` - `curl` diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index e5c2695e764..cd9630e0954 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -4,60 +4,34 @@ title: Troubleshooting This section contains information to help you troubleshoot issues when installing Rancher Prime PAYG. -Jobs and Pods: +## Jobs and Pods -Check that pods or jobs have status Running/Completed +Check the status of pods or jobs: - -``` +```shell kubectl get pods --all-namespaces ``` +If a pod is not in a Running state, you can attempt to find the root cause with the following commands: -If a pod is not in Running state, you can debug into the root cause by running: +- Describe pod: `kubectl describe pod -n ` +- Pod container logs: `kubectl logs -n ` +- Describe job: `kubectl describe job -n ` +- Logs from the containers of pods of the job: `kubectl logs -l job-name= -n ` -Describe pod +## Recovery from Failed Pods +If any of the pods aren't running, check the rancher-cloud Pod: -``` -kubectl describe pod -n -``` - -Pod container logs - - -``` -kubectl logs -n -``` - -Describe job - - -``` -kubectl describe job -n -``` - -Logs from the containers of pods of the job - -``` -kubectl logs -l job-name= -n -``` - -###Recovery from Failed Pods - -If any of the pods are not Running : - -Check the rancher-cloud Pod - -``` +```shell kubectl get pods --all-namespaces | grep rancher-cloud ``` -If the rancher-cloud pod is in Error state, wait for the pod to be deleted which takes approx 1 min after it goes in Error State. +If the rancher-cloud pod is in an Error state, wait for the pod to be deleted. This should take about one minute. -Fix the problem and execute +Fix the problem and run: -``` +```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud --install \ --version {{chart_version}} \ @@ -68,19 +42,21 @@ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-c --set global.aws.roleName=$ROLE_NAME ``` -###Rancher Usage Record Not found: +## Rancher Usage Record Not found Error: -``` +When you attempt to retrive a usage record, you might see the following message: + +```shell Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" Check Configuration, Retrieve generated configuration csp-config ``` -Solution: +To resolve the error, run: -``` +```shell kubectl get cm -n cattle-csp-billing-adapter-system csp-config -o yaml ``` -if a configuration is not listed, you can debug into the root cause by checking the pod status and log (Refer Jobs and Pods section). \ No newline at end of file +If a configuration is not listed, you can attempt to find the root cause by checking the pod status and log. See [Jobs and Pods](#jobs-and-pods) for more details. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index 8beb3c1d1ea..8e0d2ff9825 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -2,16 +2,14 @@ title: Upgrading Rancher PAYG Cluster --- -## Upgrading a Rancher Prime PAYG Cluster - The marketplace PAYG offer is tied to a billing adapter AND Rancher Prime version. These are updated periodically as new version of the billing adapter or Rancher are released. In that case the helm chart will be updated with new tags and digests and new version of helm chart will be uploaded. In order to upgrade the deployed helm chart with new version, execute the following helm command: ```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ -oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud \ - --version \ +oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/$REPOSITORY/rancher-cloud-helm/rancher-cloud \ + --version $UPGRADED_CHART_VERSION \ --set rancherHostname=$HOST_NAME \ --set rancherServerURL=https://$HOST_NAME \ --set rancherReplicas=$REPLICAS \ @@ -20,8 +18,8 @@ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-c --set global.aws.roleName=$ROLE_NAME ``` -To check if upgraded helm chart installation is deployed, run following command. It should display the upgraded chart version and REVISION incremented by 1 from previous install. +To check if the upgraded Helm chart deployed successfully: -``` +```shell helm ls -n cattle-rancher-csp-deployer-system ``` From 3712d80f3e686d646dd4a93b53f1d38f363bd6e5 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Mon, 11 Dec 2023 18:43:08 -0800 Subject: [PATCH 04/77] Updated AWS/Azure PAYG pages + images --- .../common-issues.md | 2 +- .../installing-rancher-prime.md | 55 +++++++- .../rancher-prime-aws.md | 47 +------ .../troubleshooting.md | 7 +- .../upgrading-rancher-payg-cluster.md | 6 +- .../common-issues.md | 16 +-- .../installing-rancher-prime.md | 119 +++++++----------- .../rancher-prime-azure.md | 6 +- .../troubleshooting.md | 93 +++++--------- .../upgrading-rancher-payg-cluster.md | 15 ++- .../aws-marketplace-payg-integration.md | 22 +--- .../azure-marketplace-payg-integration.md | 22 +--- sidebars.js | 4 +- ...nstall-rancher-prime-basics-create-new.png | Bin 0 -> 108578 bytes static/img/install-rancher-prime-basics.png | Bin 0 -> 44977 bytes .../install-rancher-prime-configuration.png | Bin 0 -> 22964 bytes 16 files changed, 157 insertions(+), 257 deletions(-) create mode 100644 static/img/install-rancher-prime-basics-create-new.png create mode 100644 static/img/install-rancher-prime-basics.png create mode 100644 static/img/install-rancher-prime-configuration.png diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index c3348192ce0..e4e3f28674b 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -8,4 +8,4 @@ title: AWS Marketplace Common Issues helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud ``` -1. When migrating Rancher to a different EKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), Rancher Prime must be reinstalled on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. +1. When migrating Rancher to a different EKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), Rancher Prime must be reinstalled on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS Marketplace. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index bd73a63c2f7..55b9d756f5c 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -1,8 +1,49 @@ --- -title: Installing Rancher Prime on AWS +title: Installing Rancher Prime PAYG on AWS --- -This page covers installing Rancher... +This page covers how to install the Rancher Prime PAYG offering on Amazon's AWS Marketplace. + +## Preparing your cluster + +### OIDC provider + +Your EKS cluster is required to have an OIDC provider installed. To check for an OIDC provider first find the OIDC issuer with the following command. Substitute `$CLUSTER_NAME` with the *Name* of your EKS cluster and $REGION with *region* where it is running: + +```shell +aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query cluster.identity.oidc.issuer --output text +``` + +A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` will be referred to in later instructions as the *OIDC Provider Identity* (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`). The final section of the URL, `1234567890ABCDEF`, is the $OIDC_ID. + +Using the $OIDC_ID of the issuer found above, you can check if a provider is installed with the following command: + +```shell +aws iam list-open-id-connect-providers | grep $OIDC_ID +``` + +If there is no output, you will need to create an OIDC provider: + +```shell +eksctl utils associate-iam-oidc-provider --cluster $CLUSTER_NAME --region $REGION --approve +``` + +### IAM Role + +To provide the necessary permissions, an IAM role and an attached policy are required. The role name is passed as an argument during the *helm* deployment. + +Create the role with a *role name* of your choosing (for example, `rancher-csp-iam-role`), and the required policy attached to it: + +```shell +eksctl create iamserviceaccount \ + --name rancher-csp-billing-adapter \ + --namespace cattle-csp-billing-adapter-system \ + --cluster $CLUSTER_NAME \ + --region $REGION \ + --role-name $ROLE_NAME --role-only \ + --attach-policy-arn 'arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess' \ + --approve +``` ## Installing Rancher @@ -89,3 +130,13 @@ helm status rancher-cloud -n cattle-rancher-csp-deployer-system Refer to the [Troubleshooting](troubleshooting.md) section for a failed installation. After the helm chart installation is completed, Rancher Prime is successfully installed. + +## Log into the Rancher Dashboard + +You may now login to Rancher dashboard by pointing your browser to the Rancher server URL **https://**, where **Rancher hostname** is the [hostname](#rancher-configuration) you have chosen. + +:::note + +The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](rancher-prime-aws.md#prerequisites) section for more details. + +::: diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md index 26f97589017..54c19783ea8 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md @@ -1,12 +1,10 @@ --- -title: Rancher Prime PAYG in AWS Marketplace +title: Prerequisites --- -## Prerequisites - Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible EKS cluster. Please see [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please see [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) for bringing up an EKS cluster to install Rancher Prime PAYG which is covered in the later section of this document. +- A Rancher-compatible EKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please refer to [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). - An ingress installed on the EKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on how to deploy Ingress-INGINX on EKS cluster. - Get the Load Balancer IP. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#6-get-load-balancer-ip) and Save the EXTERNAL-IP. - The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) for instructions on how to setup DNS. This DNS is setup to point at the EXTERNAL-IP saved. @@ -15,44 +13,3 @@ Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need t - `curl` - `eksctl` - `helm` (v3 or greater) - -## Preparing your cluster - -### OIDC provider - -Your EKS cluster is required to have an OIDC provider installed. To check for an OIDC provider first find the OIDC issuer with the following command. Substitute `$CLUSTER_NAME` with the *Name* of your EKS cluster and $REGION with *region* where it is running: - -```shell -aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query cluster.identity.oidc.issuer --output text -``` - -A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` will be referred to in later instructions as the *OIDC Provider Identity* (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`). The final section of the URL, `1234567890ABCDEF`, is the $OIDC_ID. - -Using the $OIDC_ID of the issuer found above, you can check if a provider is installed with the following command: - -```shell -aws iam list-open-id-connect-providers | grep $OIDC_ID -``` - -If there is no output, you will need to create an OIDC provider: - -```shell -eksctl utils associate-iam-oidc-provider --cluster $CLUSTER_NAME --region $REGION --approve -``` - -### IAM Role - -To provide the necessary permissions, an IAM role and an attached policy are required. The role name is passed as an argument during the *helm* deployment. - -Create the role with a *role name* of your choosing (for example, `rancher-csp-iam-role`), and the required policy attached to it: - -```shell -eksctl create iamserviceaccount \ - --name rancher-csp-billing-adapter \ - --namespace cattle-csp-billing-adapter-system \ - --cluster $CLUSTER_NAME \ - --region $REGION \ - --role-name $ROLE_NAME --role-only \ - --attach-policy-arn 'arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess' \ - --approve -``` diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index cd9630e0954..b5dbe2ac9c7 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -1,5 +1,5 @@ --- -title: Troubleshooting +title: Troubleshooting Rancher Prime PAYG Cluster in AWS --- This section contains information to help you troubleshoot issues when installing Rancher Prime PAYG. @@ -44,13 +44,10 @@ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-c ## Rancher Usage Record Not found -Error: - When you attempt to retrive a usage record, you might see the following message: ```shell -Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" - Check Configuration, Retrieve generated configuration csp-config +Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" Check Configuration, Retrieve generated configuration csp-config ``` To resolve the error, run: diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index 8e0d2ff9825..d7e672223a8 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -1,10 +1,10 @@ --- -title: Upgrading Rancher PAYG Cluster +title: Upgrading Rancher Prime PAYG Cluster in AWS --- -The marketplace PAYG offer is tied to a billing adapter AND Rancher Prime version. These are updated periodically as new version of the billing adapter or Rancher are released. +The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are updated periodically as new version of the billing adapter or Rancher Prime are released. -In that case the helm chart will be updated with new tags and digests and new version of helm chart will be uploaded. In order to upgrade the deployed helm chart with new version, execute the following helm command: +In this situation, the helm chart will be updated with new tags and digests, and a new version of the helm chart will be uploaded. To upgrade the deployed helm chart with the latest version, run the following helm command: ```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md index 4f307449363..86543ed301a 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -1,17 +1,7 @@ --- -title: Common Issues +title: Azure Marketplace Common Issues --- -1. When migrating Rancher to a different AKS by following the steps specified in - [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), Rancher Prime must be reinstalled via the Azure - marketplace on the target AKS cluster after restoring from the backup. - Furthermore, the restored Rancher version must not be newer than the version - available in the Azure marketplace. +1. When migrating Rancher to a different AKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), Rancher Prime must be reinstalled via the Azure Marketplace on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. -2. Uninstalling Rancher Prime may not cleanly remove all the resources that were - created by Rancher. Users are encouraged to use - [Rancher cleanup script](https://github.com/rancher/rancher-cleanup) to - perform a more comprehensive cleanup if necessary. However, it is - recommended to migrate any other workloads off the cluster and prepare - to destroy the cluster to complete the uninstallation since cleanup is not - recoverable. +1. Uninstalling Rancher Prime may not cleanly remove all the resources that were created by Rancher. Users are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 55e85b3d4d3..e6d7a9d3e41 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -1,112 +1,81 @@ --- -title: Installing Rancher Prime on Azure +title: Installing Rancher Prime PAYG on Azure --- -## How to install Rancher Prime PAYG +This page covers how to install the Rancher Prime PAYG offering on Microsoft's Azure Marketplace. -The following is a step by step walk-through for creating a new deployment of -Rancher Prime from the Azure Marketplace page. +## How to Install Rancher Prime PAYG -1. Click "Rancher Prime with 24x7 Support" offer (either "EU and UK only" or - "non-EU and non-UK only") that corresponds to the location where your account - is registered. -2. Choose the plan from the dropdown list. ( "Plans + Pricing" tab more details about Software plan) -3. Click 'Create' +Refer to the following steps for creating a new deployment of Rancher Prime from the Azure Marketplace page. + +1. Select the **Rancher Prime with 24x7 Support** offer (either **EU and UK only** or **non-EU and non-UK only**) that corresponds to the location where your account is registered. +1. Choose the plan from the dropdown list. View the **Plans + Pricing** tab for more details about the plan. +1. Select **Create**. ### Basics -1. Select existing subscription from the dropdown list. -2. Select existing Resource group from the dropdown list. -3. Select existing AKS Cluster Name from the dropdown list. -4. Choose name for Cluster extension resource name. It can be consisted of - alphanumeric and dots, and the length must be between 2 and 253 characters. +On the **Basics** tab, specify the **Project details** and **Instance details**: - --- - **NOTE** +1. Select an existing subscription from the dropdown list. +1. Select an existing Resource group from the dropdown list. + :::note The **Create new** resource group feature is not supported. - --- - -click 'Next' + ::: + ![Create new resource group not supported](/img/install-rancher-prime-basics-create-new.png) +1. Select an existing AKS Cluster Name from the dropdown list. +1. Choose a name for the Cluster extension resource name. It can consist of alphanumeric characters and dots, and the length must be between 2 and 253 characters. +![Basics tab](/img/install-rancher-prime-basics.png) +1. Select **Next**. ### Rancher Configuration -1. Enter the hostname for Rancher, and it must be a fully qualified domain - name (FQDN). The Rancher server URL will be created using this hostname. +On the **Rancher Configuraion** tab, specify the following informaiton: - --- - **NOTE** +1. Enter the **Hostname** for Rancher. The Rancher hostname must be a fully qualified domain name (FQDN) and the Rancher server URL will be created using this hostname. + + :::note The IP address of the Rancher hostname must be resolvable by a public DNS. - --- + ::: -2. Using the slide bar, select the number of Rancher replicas. -3. Choose bootstrap password as it is suggested by the tip. The bootstrap - password will be used to authenticate to the Rancher dashboard during first - login. +1. Using the slide bar, select the number of **Replicas**. +1. Choose and confirm a **Bootstrap Password**. During the first login, you will use the bootstrap password to authenticate to the Rancher dashboard. + :::note - --- - **NOTE** + The current Rancher deployment exposes the bootstrap password in the Cluster configuration settings in Azure Portal. Until this is resolved, we suggest changing the Admin password after initial login by editing your profile in the Rancher dashboard. - The current Rancher deployment exposes the bootstrap password in the Cluster - configuration settings in Azure Portal. Until this is resolved, it is - suggested to change the Admin password after the initial login. Edit profile - in the Rancher dashboard to change password. - - --- - -click 'Next' + ::: + ![Rancher Confgiuration](/img/install-rancher-prime-configuration.png) +1. Select **Next**. ### Review + create +1. On the **Review + create** tab, review the summary of the offer (Price, Basics, Rancher Configuration) and the link to **view automation template** (Azure Resource Manager Template). +1. Select **Create** to start the deployment. - This will summarize the offer and link to "view automation template" (Azure Resource Manager Template) +### Deployment Complete +After the deployment is completed, the Rancher Prime Kubernetes service extension is successfully installed. - Price - Basics - Rancher Configuration +:::note -click 'Create' +On the **Extensions + applications** page, the **Provisioning State** may show **Succeeded** even though the deployment may still be in progress. You can monitor the deployment progress by logging into the AKS cluster and looking at the **rancher-cloud** deployment. -### Deployment Complete +::: -Deployment will be in progress. After it is completed, the Rancher Prime -Kubernetes service extension is successfully installed. +## Log into the Rancher Dashboard - --- - ** NOTE: ** +You may now login to Rancher dashboard by pointing your browser to the Rancher server URL **https://**, where **Rancher hostname** is the [hostname](#rancher-configuration) you have chosen. - In the "Extensions + applications" page, the "Provisioning State" may show - "Succeeded" even though the provision may still be in progress. You may monitor - the actual progragress by logging into the AKS cluster and follow the - "rancher-cloud" deployment. +:::note - --- +The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](rancher-prime-azure.md#prerequisites) section for more details. -## Log into the Rancher dashboard +::: -You may now login to Rancher dashboard by point your browser to Rancher server -URL **https://**, where **Rancher hostname** is the hostname -you have chosen previously. +## Rancher Prime PAYG Billing - --- - **NOTE** - - The Rancher hostname must be resolvable by public DNS. Please refer to the - [Prerequisites](#prerequisites) section for more details. - - --- - -## How To Use Rancher - -Please refer to the [Rancher documentation](https://ranchermanager.docs.rancher.com/) -on how to use Rancher. - -## Rancher Prime PAYG billing - -Billing will be available in the Azure Portal billing - -Home > Cost Management | Cost analysis \ No newline at end of file +View billing information in the Azure Portal by going to **Home** > **Subscriptions** > **Cost Management - Cost analysis**. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md index c687a882f42..fbf650e4c31 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md @@ -1,11 +1,11 @@ --- -title: Rancher Prime in Azure +title: Prerequisites --- ## Prerequisites -Before using Rancher Prime on Azure as a PAYG offering, you need the following resources, information, and tools: +Before using Rancher Prime on Azure as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible AKS cluster. Please see [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/)for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the Azure Kubernetes service and Azure Container Apps service are available, see the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#3-create-the-aks-cluster) for bringing up an AKS cluster to install Rancher Prime PAYG which is covered in the later section of this document. +- A Rancher-compatible AKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the AKS and Azure Container Apps service are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). - An ingress installed on the AKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#5-install-an-ingress) for instructions on how to deploy Ingress-INGINX on AKS cluster. - The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#7-set-up-dns) for instructions on how to setup DNS. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md index 1e777b5ac6c..2c73e2462be 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md @@ -1,16 +1,18 @@ --- -title: Troubleshooting +title: Troubleshooting Rancher Prime PAYG Cluster in Azure --- -This section contains information to help you troubleshoot issues when install Rancher and configure Billing-adapter +This section contains information to help you troubleshoot issues when installing Rancher Prime PAYG and configuring the Billing-adapter. -After successful deployment, it should list similar pod and chart output +## Deployment -``` +After a successful deployment, check the status of the deployment, it should list similar pod and chart output. + +```shell kubectl get deployments --all-namespaces=true ``` -``` +```shell NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE cattle-csp-billing-adapter-system csp-rancher-usage-operator 1/1 1 1 8h cattle-csp-billing-adapter-system rancher-csp-billing-adapter 1/1 1 1 8h @@ -32,86 +34,53 @@ kube-system konnectivity-agent 2/2 2 kube-system metrics-server 2/2 2 2 20h ``` +## Jobs and Pods -Jobs and Pods: +Check the status of pods or jobs: -Check that pods or jobs have status Running/Completed - - -``` +```shell kubectl get pods --all-namespaces ``` +if a pod is not in Running state, you can attempt to find the root cause with the following commands: -if a pod is not in Running state, you can dig into the root cause by running: - -Describe pod +- Describe pod: `kubectl describe pod -n ` +- Pod container logs: `kubectl logs -n ` +- Describe job: `kubectl describe job -n ` +- Logs from the containers of pods of the job: `kubectl logs -l job-name= -n ` +## Rancher Usage Record Not found -``` -kubectl describe pod -n +When you attempt to retrive a usage record, you might see the following message: + +```shell +Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" Check Configuration, Retrieve generated configuration csp-config ``` -Pod container logs +To resolve the error, run: - -``` -kubectl logs -n -``` - -Describe job - - -``` -kubectl describe job -n -``` - -Logs from the containers of pods of the job - -``` -kubectl logs -l job-name= -n -``` - - -###Rancher Usage Record Not found: - -Error: - -``` -Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" - Check Configuration, Retrieve generated configuration csp-config -``` - - -Solution: - -``` +```shell kubectl get cm -n cattle-csp-billing-adapter-system csp-config -o yaml ``` -if a configuration is not listed, you can dig into the root cause by checking the pod status and log (Refer Jobs and Pods section). +If a configuration is not listed, you can attempt to find the root cause by checking the pod status and log. See [Jobs and Pods](#jobs-and-pods) for more details. +## Multiple extensions of same type -###Multiple extensions of same type: +When you attept to install an extension of the same type, you will see the following message: -Error: - -``` +```shell Multiple extensions of same type is not allowed at this scope. (Code: ValidationFailed)" ``` -Solution: +AKS cluster already has the extension with the same type. To resolve the error, uninstall the extension and re-deploy with the same cluster. -AKS cluster already has the extension with the same type. Uninstall the extension and re-deploy with the same cluster. +## Resource already existing in your cluster -###Resource already existing in your cluster: +When you attept to install a resource or extension that already exists, you will see the following message: -Error: - -``` +```shell Helm installation failed : Resource already existing in your cluster : Recommendation Manually delete the resource(s) that currently exist in your cluster and try installation again. To delete these resources run the following commands: kubectl delete -n : InnerError [rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "rancher" in namespace "cattle-system" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "test-nv2-reinstall": current value is "testnv2-plan"] ``` -Solution: - -AKS cluster already has the extension. Uninstall the extension as it suggested in the Error by deleting the resource via the kubectl command. or Uninstall the extension in Azure Console and re-deploy with the same cluster. \ No newline at end of file +AKS cluster already has the extension installed. To resolve the error, uninstall the extension as suggested in the error message by deleting the resource via the kubectl command, or uninstall the extension in Azure Console and re-deploy with the same cluster. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index eeb818170b3..6150bc87ca7 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -1,14 +1,13 @@ --- -title: Upgrading Rancher PAYG Cluster +title: Upgrading Rancher Prime PAYG Cluster in Azure --- -The Azure marketplace PAYG offer is periodically updated as a new version of -Rancher Prime are released, and for optimizations in the integration with Azure. -To update the latest version of the Rancher Prime PAYG offering supported in -the marketplace listing, use the "az k8s-extension update" command. +The Azure Marketplace PAYG offering is periodically updated as a new version of Rancher Prime is released and for optimizations in the integration with Azure. -Execute the following command in Cluster Cloud Shell: +To update to the latest version of the Rancher Prime PAYG offering supported in the marketplace listing, use the `az k8s-extension update` command. -``` +Run the following command in Cluster Cloud Shell: + +```shell az k8s-extension update --name --cluster-name --resource-group --cluster-type managedClusters --version -``` \ No newline at end of file +``` diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index cc32bca945c..15a7022c1df 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -8,29 +8,13 @@ title: AWS Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher integrates with AWS Marketplace as a pay-as-you-go (PAYG) offering. This will be in addition to the existing [AWS License integration](https://ranchermanager.docs.rancher.com/pages-for-subheaders/aws-cloud-marketplace) which is currently available. Customers will need information about their options and the features and limitations of the PAYG offerings. +Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. ## Limitations -- You must be running Rancher v2.6.7 or higher -- Rancher must be deployed with additional metrics enabled. -- Rancher must be installed on an EKS cluster. -- You must purchase at least one entitlement to Rancher support through AWS Marketplace. -- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md) for more information. - ## How to Use -1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md). -2. [Install the CSP Adapter](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md). +1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md). +2. [Install the Rancher Prime PAYG offering in the Azure Marketplace](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md). ## FAQ - -**Can I purchase support for more nodes later on?** - -Yes. Simply go to the AWS Marketplace entry that you used to initially purchase support and increase the number of entitlements. - -**Can I use multiple instances of Rancher in the same AWS account?** - -Yes. However, each cluster that Rancher is installed in will need to adhere to the prerequisites. - -In addition, keep in mind that a given entitlement can only be used by one Rancher management server at a time. \ No newline at end of file diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 19d9595eb02..790a964aa2d 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -4,29 +4,13 @@ title: Azure Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher integrates with Azure Marketplace as a pay-as-you-go (PAYG) offering. +Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) offering. ## Limitations -- You must be running Rancher v2.6.7 or higher -- Rancher must be deployed with additional metrics enabled. -- Rancher must be installed on an EKS cluster. -- You must purchase at least one entitlement to Rancher support through AWS Marketplace. -- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md) for more information. - ## How to Use -1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md). -2. [Install the CSP Adapter](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md). +1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md). +2. [Install the Rancher Prime PAYG offering in the Azure Marketplace](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md). ## FAQ - -**Can I purchase support for more nodes later on?** - -Yes. Simply go to the AWS Marketplace entry that you used to initially purchase support and increase the number of entitlements. - -**Can I use multiple instances of Rancher in the same AWS account?** - -Yes. However, each cluster that Rancher is installed in will need to adhere to the prerequisites. - -In addition, keep in mind that a given entitlement can only be used by one Rancher management server at a time. diff --git a/sidebars.js b/sidebars.js index 9cb4f143494..8bbfae54523 100644 --- a/sidebars.js +++ b/sidebars.js @@ -1150,7 +1150,7 @@ const sidebars = { }, { type: 'category', - label: 'AWS Marketplace PAYG Integration', + label: 'AWS Marketplace Pay-as-you-go (PAYG)', link: { type: 'doc', id: "pages-for-subheaders/aws-marketplace-payg-integration" @@ -1166,7 +1166,7 @@ const sidebars = { }, { type: 'category', - label: 'Azure Marketplace PAYG Integration', + label: 'Azure Marketplace Pay-as-you-go (PAYG)', link: { type: 'doc', id: "pages-for-subheaders/azure-marketplace-payg-integration" diff --git a/static/img/install-rancher-prime-basics-create-new.png b/static/img/install-rancher-prime-basics-create-new.png new file mode 100644 index 0000000000000000000000000000000000000000..38e2ca329f303cad8fcfe33c4b3b61e4ede6d088 GIT binary patch literal 108578 zcmeFYby!@@vM)>^KyY_=g1buy9^4`Lz~JsqaEAa1EGAtLj(X)!o&rd)0&~%1a`_=wurfL6_0jol=zJi260-w{s2OF5i1fPq*hk3{!w%Wk-ufI3HKT=@o7xG_c zNohGnQZ^=57AAHMus#bLJ0B|xA1gO0D=Qx-7at1;So+nsf0gJL(xuae2^b~NTvSw1 zT2z$O&cW8i+zJQ*;g;qdD=5|dj<8o>Mf@$662FxFfMWX522OM>ym$esMUXm?EYp)e zHIj6AM9$hryPrmt2WuN8#R0{nZ+t#AH1WJ`k_vl~foB8=@|^THd&V@oeo|y+A3X?v zm12`xD5f)FtkIjH@tWn6h%5yI`*2cxE+t=dx##Vz2hO%u`uG#?{Zv{nM5Yv>QLs6N zE$X<{0?e-W1}gm!-5Kv$gES7M&sNjM8NsgqFyuI5^8S>7eW)fwP32@?iJ3)@N)MVE z=&k;MTZzNUM#gZ{g@e6=>hpXnNm=UvCmU8qPAu z%8+TmMG_(uybCzG?|fNvtylMP=#qi&^E<)mzr%(0aPgBEwQq|d%D0ES&Ge&h-7cT< zn^%~$WMp)BeQ67YGs`G955?sAX`M!t3#f4p!aR3hdx~s(i-5Qc>Bm`Kzau11@`=Ow zYs)KSWWP#CV7aTCtF5Q)ONRON4b%j#!^pjYoL=MshhQxjU%6%Ao*`xJ}~`@%}h@ETg1sykX#eok3?-9fTSEu z984^X;%??HY~(`lqyi4cCVa|b5`RK~uLQ}>oSf|Vn3-K&U71|jnQR?QnOS*xd6`+* znAzAE!4iy)?lw+_Zj3gL6u%(;zz_pE8abHTIhotqkp99n1lT$|36hh8@00#jK5IKU zxxe9U9RKtJ*dNSphIY)XOf1aS*3AFZaC8!P0fYQmp#M_CQPtfJ$gB)>v~_kc0*bo; zZJa3n31MvXx4xaTgVpcq7#lGIt$@~GQAe;<)_*hkYsCGn@yi9K=GJzTe2L8{&YRJLH!ol$mC}|rM(3 z3S_pkG5vkxm&5r)6r}~p*_i$i{moIdGITNlD+rRyn%g+L{YzBU+#0CjWcbUQtX#a@ zoLoG-T%6qC(8&1@ZFQi7Be*C2!u%aOf2;p$7Cvxgz>YQi)lb0yzxm+0@QFGA4V`Qq zRBdgo1j+x7x_{r60}m%-LnlKqLnj~@^zS&V`d1ugWZ~vx`J({8;N)zL%}w0@JLzA8 zhg1M84{mZPb4Rd!_us5PMwANB{*S9aF0IUe4<%C4--CkB(CCjUI2yVDjenODjP=JY zBQrxAQy@5c{MlXq;+y{$U4fg$kd2Mo2*}98%W1;MVZy<}2w(>{Cl@D+i3tar5rBt{ z{om0YZB3k94IO|YreHsUeFg5Gzh@{?+TRWJ_TQyl&49mJ0qihFRu)E9?!O$y`KQB} z|Ew_cubA;yjRlzhH=hXn7WhYy0qgz20|zf~EM)#W82;(AUt#C};oqNa@&C{Q82Ud( z{zv}(kGuZkuK$q-{zt<9>0SSE*Z;@^|0Ci5^sfJF?t=f4zX{_TxV z>t$TvY^$T`7%%&c*J+xg1gjiK>iaijC-y~{e!mFtRaeBHgp?cFADq95H*m~< zaNdxui~p(mH$mC*Cnqov=MU6>5ubmO|F#o|imvznCH`gbf4BTEga3u)zYYFP{1*oQ zWm%XjAu}(XGm7*gC!K>MW^JJC8#(uV{vm|WU==(g+w`miC^Vu9NxVl&_UZMoPjK6e z3Ew@nBKwSDiOVEgdPh;MyVxQ_!H{58P9Nd&?!n%fYE>x*v7DM>?!Az@*%o|1Gc0Y{ zN6BCnc{*_YH-z80P2in241C?OL>wphMr)={gLa08SxQUIJ{BPN;OY|VB+Tx;>wegb z6E>eY6z<8_g3AznGvRT^P}(grvh5HmJCOUW;Zunia~+B4DhAtA?FrAIg*Ctvgi-?HK8hha>?@x9sZPx3eywhiTM}twaQMepOsmHV64M z|0-L5R5bQN6AZ3CONID%MO7sco0bQP#YA)bz@6X*m)fs~0T?59-LzaN_J!_WO6kZZ zvL2-lyqk_OZCgR_JFvuy>I0{OV8)zrloVq{YmRB=DFYa81(LH5YRHii>eGBw(UHO*ncV_HHNs#tduOhQTevMQ$bYvduw#NXYA z{AUk4^Y8-$jAZ3QLf38Jt*DEJ|mD*b3tLy2(06s`RE0?o7 z+z~}b0;^0N;p}5wI>hgbj#1Gfu1T^%<{PO;yAD^)Q%qYb$pp}yB7EBTW(WA|e%?1q zu{+OMW4tmtaEnEcxpTRR$f!qx-2}Bh>Zi+6@?W%10ujgpZ_N>zQLjf?Ing?ry*c^o zFgJDg*7jUi*OvGt-!5uOd`wFX^;NKyuHKX@HMkM|UU2RC5;6G(HVMUCY`4s4Jj3ee z_z$fcuG3nbZ)D}6En8MP!s6bfAf2(#!fQhGMd38x1FwMYxjj5@qMhw_JZ<6|gY*CneEM=*MI z>QRZ+;$#?|=s7I$PDQ2au)9gYz8pXz_`@sME&+IvACSA!Eix(7h zy$(cJ%{OnwjLVJ2S9IQt*gZWOu2?p7Y^R}zE1%mvq3(-E4H+#{LoF(JyJ^|5KeC8I z%e{w6gf;dOLXaipbQuFa> zdq(G3Ldi1X&lyz}EVX792{0Ey`mK9J6P4yz+ogQkAZs+EM>%Hf*(+O*s&D>jW~g z&3o2E9Uq$Kj=ihcRG^{^7DMuzSdln}Q688Z|kNPA?e?>n|MzUCz{- z*{R179OTvd1{S)14Ge#9H6bpdgb;tA2k znKiX7Rk98{9@kv=;OFaR_tVAz*;1e2evMwhG$y8#L{a8u?;-tdZ@xx+wFd%rK0>j$ z$PI2J4L`4{a94@DDcM`ibYcLJ4L}wmJ!}U?!kepVXtsh}5dHAMLsLD?<*NZ{WG|7p zS2jit=O+|?m*M5$GF(|*uXK&E?&wwbzz4dxum;|n9u5{njOn6JcqaA^pNeEUcmDna+(e4HDuX(=aLjT)X|&=edoNZ}m|lWm0Gulp0rIhDvC? z)ic5O@xJeDot&&WGD=PRt(?;*-|*)?{OCH`EgTVrCueF=>wm1%VDa3{n)Wmze>;fp_ zQcOc1?ccEiiOuffH8}al<1FB%z!}Dj8y=r{mpHAgbq!ij17yMoTi$0VDc8j;` z7~fc;^o~k2+t=^Vt_4*Ic*(Aqtsl*cSQR$rHtw47IDD$NRsJeu7h7L%!SqxV@aI z)-#w=Ar$24aDFz(kWv3U+C4IooE#ONIF(ROeOOr$rK#@@lN?iPEXPQtvIT`-zTlwl z-o7JM(%Di!Hcf9%t#7+;zugpmGc#)}XEI>=V) z2-p$O5!1n=HvQQtw|(V~JEJ&m+m{eCQ|~_@DE|m%vitdUme<`ml7%eqKBds-!dYG? zy(6|UZU_>GVs~XHeSu2?QjZNjV&Fq4C135Qsv⪼`w=%w!Ig0$PkD~+HvLD*0tK= zmHZBXMz3LPM8eluujdw!llTDlZ8P&Y=j;-%Om5k#&~T@}4CJ*>p1w)Of`fP5G%~@x zvVBym)uQEYOxd7?yO--}1~2oTiOPLqgsWwgK=NQeb4F@_o{X6jUBL^R3aglQIJ_?p zdXL{XaKVy&k2*;O$9>)R1uCS>GB-h0F##u}{mT0J>acu*$J!tmJNc+++Y@$m$0~5e+nHzi`N~%jNCa*k*M{J}bv*w*<@uXT_lO(59s2_K9XAX~zoiuatB1Za8CYM z>U8TkKf?hSrPVpgUCJ?|a|u7ESnj>LkA7m;_s9xn)u5)Lml=qh{>dEpW&|1JbR@ST z=;9}0%5~>n*ns2N=yfEAoN*#5Gnh|0J@n&Fw8ilV-TMOOUJT{9wVRAFEda zH*(s>!hpcZ6#0j0414#u0e!8(gE$TW^{>6x+;`_1C=;e~`6Uj}g&qjDUfaAD!OnMm z;A!0+Wz~H`lIP`K1Fz(|7Cxvq!*6oj(Uby-}~JD08y=6trx-Pz2ls; zL*InSTo(%kPB!JA^p7j1#AI3^xP6xmEZiBXKuc#>_lrr&LjH{Pp_1&WIJUpq-zHG(r z{W#$}8busuU2={F;p9nqZ)v#O>9W}{jyUCoK-s44EG0{PIG;7#BZEvZbATV#s;5S& zj~#k%NpV{1%GOf!sp{O}Jihg^C!x{>y;gT0!u&o(lF`K50F+ z>$`m(%6(IE4=K7YuXo=MMJS*mzK@MTfeE9{(P+tCMNI=qG2JCQPM~9DW$I>1=3bZi zC@ziKD>9gmjQu8dNi|EED>~z?aQJvK{ z+MXe2d$OJU!P?n0;zpQ2Y@wh-W52vB<@ixC5>-eab(sThTxYGrby4c}PI#l!S-N3b ztIX5XeLXd#aP?Z8jeUbfzV3%$Gtuzeo1C0@T4ZLUWkFeM4!k20n%th)G{QS?A91!f z(C_#9ZtmuL!D#yH9TE9IT%R>E=JemCX^W!3{3w;bB;b1{)dav7EHnmD#&l|4NHcLR zcQhZoy|x|f7)7+tvUO&;JjYjn&S7#7B&KDCoMOjnU*Z5EOnv11{ zOkSnVrx7az0#l4u?~s=VGk0%DbVQW{v0mKBa}uBVSNSg-RRt56R-3?c_Q}N0Y(D8B zMk8x2{Oe@m1Liurdwyp0%-d9fIxdVDZht!&B1!G0y>|P6m7P~!2(gi)__XuTB}`Gd zP5YjYn;O{jjg~0QbqO2FCaX8}Ild;5V|~~=6d&d*ENQmgi5ZIEXp=4wa`PxRc^&;+ z_0_b}R=S@S>FoKfGtJzTmhFubZ4F&TKGWxe-*e}$$$g+2Yh4Pfn`g-{b7*W!wrmYp z+Ox`SI zCgH2zXd3E(xJeGcGF@Jr*arY*V)-}=P7?Lhs(5!{yeyZi{RtLAcp*FgWWQ=vDx+hB zF@%LIjC-;p_PNn0BaPE1AVqiou7x6ygjJ~eXtV(7=Fn0}HaDZR*` zjv~s(mka2XqQ!U5&t5Ij{JV*?w80{CEJ7a1fEPj)!C5>m_PIu(#6VgE_%#MvO73lR zC@62l@v`1mZW}66a?)f&){^WhQqivHM=8A|Q`Ez*nj$At8Pz}IZmpwMU?3s5i-Hs8mFsUH&KYe;3>`dQr= zA;JYY^F(tc_(i?J-RnJuAjJ`W1f%GkreRuo;r{z0v85Eqy!e_WwGt`sWbTh1a8`qw z7Ah0wTgJU>b;Y<7tUWyqED!m~NXd36BhX6etj1rgcb=8w`YYj^-ZO5pqw;HQo>O)BjFY;Mw3H;?b89XiwSC^P4 zF;(aM&3ALW@j5)*U*5nc?M#c=yjp(7cqi5>BdgZ&%U&;Q-T+V+C~z;u-Ri9lL*rZm zH*eghB}7;tn%;7=4)9Z7fI24PPCraiZ+LOI7EQ1T+LNpB^PE_%|hZyk%fUHk3C;W!TO;N-|R5w1@Cjq6OaR1 zRqF^@6jM4QL)8uM`&c_(-68;y<# z#${Tf_S?wtI^8;gJW)3OfZ>gG;b%|u=$6qe49=FH?Up=B4;<|e+Rdvs5gt640K=6K z3s;PFXT#Q<95WBL`NypnapQ%z(L{p1gE-G|3yu$WkGsOX*Ks}k>P`1&%4rk1*tToW zA#9rISi|-D?H$SNNSL|SWTQd~59>JYX9JuJ`}DMot7AnvG&$v?E#;fmweyt)bm7_G z40Kb3vkwjKlatRjM`AkN`zz_g{R<(&!%ZC5YKjZO{j@LTD~2+TG=i`!0pzpS^go_ z#2iuc#f+Q*9l%plwywt;exH7U+Ccgm=r}uuOWTRoj z<|4Y!I-?fdCLqNw!>;>DR!eMp_2EfNOb!k?=tyk@{3S%U@a&(RC~P=+$*clm?xh7q zkkkc5(8c0U9Wrtw+hMmulP|5d548AP%}^oBRhPWaJ{J1kvGq)HXxgeGXMJqpIo=~q z+O`Ti?K$4G;r(?v~` zkxCPpV)6Kgbh@Zrutx1pbWo6R7#M=FHma&Z>sNr2EeTS0W&Kim)l#%`UG(}*VjDT0 zTB$@aG8b{g`wfSWXx=s{S`_}Y$#iMKPJ)=B%o653UHU`E8?Y`(3nM&sS-wr`~P4vzH~fxF>HukR1n zSGabRJ44)Mzs3%43vEFPR_b!}a*<&@ok8#$7^KTe3HeOh{=^4*frlx1wrte}2|c}o zKt|u`dBFMn<=*bwc`xBw{TI>a^${`)lI6iVeqT?QMrqk-z}b6dYeqpU8QJcOpg8N8c-_W~Dvh>2gpe`2y9Eh#Y|1#}r(6$ZeC%SPL>l~?BDy+f*NcN~ivxH^ zcjIkD#w*=DX@a?zIpQJo(p%#mi;eWuA8FY*mkq%?Q`B%(Np>G-cV}-!Cgw zhDb%+ebp1|WGR}Ud^TbcqX#Qq`mX3TLwFeRj7T-0+8lAUL{j{20ILtPSNtr4sORY# z&ccG9m#sc%b&fEiDCza?J=t^Xqr{1~`L2xDX`8Qq58sqP4KL z!%NwqP~B9SriW-2i$J&_Cq>2rWNw>ba&`>ITQ5VWME`XX6F2fm_Rgq09|P2AfN5{r zlkwx2NQS2)Li>dQGI2z3(I<1ASFIN$qAxizaJZ2h8OJot)FZ>l)8nm zO=yzRxTRVsh?fsoAlD}>IrP%|bejS~NLJqmtL!f9kum7@rJsT~DB%wInhbruT@Xmi z>j@aiY3$u>$J*3?LkAezd^&_8n{>@J(zZcankQbJK9vk>uSiC!Wm2KUx+lA)Qo15O75nydU#4micDob zP@B)t-yTDM(U35heuommDvOm03eWC|PyhPv>I|f#MdVkXo916*S;M8f?WGHqtc8bZ zLS@*j{h%a3X^e$xo09ZOIG@}@dYn10gaa$42^0VHnhOkDIF!o4p-}1k6{i>`xXg%w zW?I`?;uR)MMyOfKipWu{c}aX}R|8waUf@2hXg3!;icG%I#^KSSq zB9a#RX!VPX)gy~uJ%+w7yPWl)Y{-J!%@Qt|x4CQN*{0XFZEBcatlSqikqaauS5-DR zC3x9oG(CXw+m)t}@Zr_<9`0x1ypO|!PWN!)TZ*xXT~_1bWn=ErH~0HT>6B~XRMcH} zqQV6ytMfVU9jTQoff$TLunmfi!TwXqM@$G=gIXr}rb(RrJleBeKLWR5wN>9$syq+m zzrD9DKl|=$f4)`cMc&088D)uS^(fTMj>()14cyA`{puL9(lKn}KoNlGdTC@_W}qg% zj^d>gy|lcP>GNs!r54tDmZXwe8Jbp&NsT%1;D zF2=ml-=+pv(8nMe;4K?MUN|z;;Vrp4lGHFX(LIXmemGZ??O$3ff95c%-C~`dPd?f; z@V%awH-6Y#+u>}k7UkGTY##Kun%O$G+IDIB=)P)GM0XMDN`Ff&iI=K0&}xgKb!Yij z!6O5Mxi!@DMWQMl!6`#{Z2K+BHcB~pch-+*(K<**AOVW4Pmu53fyThocF5c4^9jct z(tH@z0jP?N%iQ>Qn{~5MrH>9==)9n@?+X!^uK~2r1s^MT?G_LpFC1kR#y8p~Mw0J| zB}_LH^s~_MaALNtV6RF`an~Ww<4104zgP8VWNoy!^d&x1`DZR>#BdA9Zk`2jXx5#} zs`26H2m=$jp+{ri?cd9Nscr4rKCpmyB+mL)mG&jUh|u?jsKoDs@)5#i{iRX)(#V3p zQ}$A?)gtPsKB3@1t~LJ)qcDERcK55%6rJ8@Iav4gyYg791sU_S&YpK9+&dWaXLHo( z0!oy|CToN~0d=wIUiX!50xP`e6wZBoFrkbq@73d;PC6Bo6l=F#O87&6N^I0j4D!2gw23}m2>T{)jURm%kTx;|L@I9JpP!!=<`lSEwfY*ya?3`u_2=ccJiIJorm;OzoWau&{STVr*=cmer;Q zBY|U|TLyTkZttKVxCo1pryRsE$S#k%4_3Fq<+b`~2(+6V3)e-d;&Ta3!00b*o_uFH z{yHJ@O5pZrcTQ!EnrA{zrJpG7X=qDpaU<9qO~i}P>h9YR)2aJze?<|MzZW?-BxY;;%C0-dA(!7@zWx8Ca3{WE#7~kuF*zD8{pH29To%zn; z{p&107z>5;+!JL23J*ly?^MP#;@@IwKwQUJ1vQ^*=3;yrGPA`|32b)l0s@}euQ`eV zj0Oj}N9J6LVWcXP_>CX!h}ef!q!eP;Qx zuCagR0?>Z_no1`f(IEKcL+0MvQ8Km(Is3rq7*#t<{J9-LM_6~{ne?EZzgf8_i{fP8eM+5E@MQ#-03L?Db@cM}=G(V#N#`xuylTS+3mnw3 zs4?~xlTI6@o&ZeETwCbtq2$FJ1hqHhG%-Y*vYQYl3)JeK{AO=dfA*BUCnuE8HX@4T zPTLv?bF4wStDrLed{h^!T9vU8h??X5Bny)>SV&9OTl$TM{A>XVku!7M=}Id_;wYDL z?gs^10RuB7XP=x{4T8RcAm{Y%UM)@~^?0`?2)Yk+Vq|KMSeFDzcW!;DFEn^Y(O+n} z*PB@pEGc|r&h@={qDv?*q|DKq%#Tz1L#SFOB4ceKoM6Vrv^eFX*ltVGYm@%HLlOz; zGGkqlqeXt(9;8~JD!4y5G6qB&Jm*Tm^Fp?6WFyuu+RQw@tUUaOo%et@&j z%F1GwP6)L$(e_1Uek<<$$@D|gmGU58Z&dAPb#-8aVnVqjoHQ#f1>;n@fb?+?HVhP+ zG3M9LnHdtwUxJcX=%;3;>?(~?lBP7B*i-y#=?7&lH!dZNGHrHsoRJdy0b07TG9Q(A z8|%>UhG2g#AkfC@6KLDpLcTTXD6>#gJv z!B0?s4Sxss8i^y7sMrD({`H#!>hNsCTDrh)1LwI)b9k~YtnC_RTKl>CVZz+ zId82AE*3Uip-g(-F`gl$5J_i+Uzk5$O76X_PXG?NZw!vFD+aQx ztYF~kDUB7waZX;L0j`+~4%et=ndG($Z!)z9PlFRNE_Jv`ZxMbVl69dFBONXoq>wNe z$ij8K$}$jp7tY*f$ps6OrCY}OZAofUxW7rIq5d->h~r0q&!Zty$goed9JGI6*c6JdB5VXyJt(*+N#>Xm6|j$92B>5rX*d3rt#qRY zPImHg+GQJXvn3Hy5MU*S{pgm_Sx4dZRIb-~C8NKCa!olH@c27hjEMKUIH()>6ETmx%%C=wi%!p*3DyaDta`cl6rA5W8>WJP zWqS3*1Vm>2uIewOKeNUDZ{}?MUGx7_lGuM?`K-I*QI@Ebb-1<(V`|!!)qK$KaHX_l zAhb8@k%Oq4Fg<@|NAu$K_0h3Fl`ZrHy2u}H3QY9n2d$0=<@6V}PIjlkefvfWpE4T6 z%@veZRa-(oOuAq$`qU%ZP5yM1@AlA~-(a))L1+5|{G@Q>Pk?NV{1Lysq4^6>eUL)kqIGr%1FL%pqsk7Z!(YBusNBAX(L8d?jvo|U?NZTyO|Zv+jIVuV!1 z-BZ%fb~am_OEM0l@{=9DD%Da)&?e#_zyurmn>)~dpoIrdUq$dq)Jb5DK{f+4Sx3vA zhq#EEDyEti{QJDHurR}#}{^zESU;8GG8I;OkCpnVr!pxXrP}kusuG+RL#?pPkqFBAHjb!@Yprl% zfH+RvR*#L;Y!doIhHUn)Xz7YvE}W@@%b2GNv$Jve{E}bY?`G4k>WbUMrLIX4I7`M% z{BTRD5KMU-`asO+;{DA>6>!d7@uCF_WZyZi^B4@*wA9s150NDCzc`iEIzv?kx-VRs~`|MnjIK?(d&!n~8Uxrwbe2u!3%g z^`DCC_bMe~KQ^Z7D(MmmFOC%`P%zmdE#54R2e+76!S7{3_j#5(RF*{#Ten7z!gOGZ zcg}>&wF^E)uec`Nb$YC{dVJa`eqtz4GA>^oHfpAqzFL@&4fwG{nixZ}u@%GxlLuvX z!ow!RUG?C1j7h`uW<18>Y|(cxBGKP1{#>h>H$Jw>QC2LWYIlCTN=WaaAg(hxY5btb z`)I71EyLQ>=3YC^3~zH`+NLkh1JCoud8Kh`IMNa;<|HidVTo#i2H|drMAd%td-<7s z49bSfS?0?_yfI8O&rclR(FrAl*!@)ZilMRT_}xaXqi*!X?i6c&&Gf2w-DjIREnHpM z*m5TabS~gG$%ZW$y;E?bE8nghh&W9T8in{m45O&On=z{Kb1B8)1<0tZk{Dp8y4{uQ zZ;h-mcz9v8pXq1j{s4-z;_$xIuI}D>2-gh&h#!t$dhT0Vz0Ocb$Th7wwb`tHWt zAMnndNV=^}3koy3(dOkf@>3hLptIpyOHjNr4e~8C8Muz*Q7S9-bdc#~xNT%*LH$w> zSYzonCL;^uPUT=l=P&$B0o?$>vZK&Vj1E+{Z`xrJ*4dc~we1W>ZSkWnb<A3Mw8MZe!Sbn4)7~RHG^$Dav*M2uWF7VX(XFnoE5|fm6@^{gt)oSm z=^?9Z!UbK?P^!aMZ9f~4pPvaN&3!kS@0gwCBO49xkLRttjxGeMIi+|0n9!x%8Y!9) zGu9XN4>ol3yEe91j1c4<>IDbbGZ(}>YB1DZO{e!Aw2q&PnUE_XNBx*HZ@bSQS6cN* zfs*{_UX^=v4I_uuOrKtw>FeM1lQY`qg5K-!JvhHH(R|-GG;M(E0J*jAM!tR{g2{MO z)N{U)4nx5$PTW=Kj43ENH5Go$i1KJ>BAwn&-#2krzx4Zq1Ut>R%lXv3n2Ckn2El1s zmN#EC(aU~>KqdH9){V&XPWejK`cyIDQf0{MM`y?WuGgYImjjFfcXrUpaMD{6UQ4I< z)SY+sFy-|VH4RdWgP@u#x$MPkT81I2u|vS)4!yULY~%I$T+TM-9LAut*8XkMaZyo3 zOKW>yfcb@v&++NqIsY=^rA31Z$}YVJTgFmNB`f=ODge{!Gdn!(r@E-@JQ7A% zaAO=-Rk*Fe>1toMD4R|_W}#&fOB!^zRC_5|*t-ZZN2*fFehoCzgKni4Dl~-aoi+?9*tb?!9LZ z2$V(O8m3I=t_KbqKY2Gd*qXjwK_l6f=VD`F9U2(m>0EoQp^%y5I}~H?H$PTQNKyx2 zK*mr-^uOrls9k=izpcBH6im+*AQ$rlsbCY{pH*m97lXpgeoS*WCOmbKFx?^C{;ngE z+V$95z}^>npY?}Naqwi}{mA&)&tR*Tl;F{on+YQC-f;T1v~*7{#jL2T>#a@i`qZ}? zi00dBM>_h_9sJ@decEY_>qdq)!Sl(idHjoJrx}z5bIAv`+g*iZQ;mAmI9+=etxi{R zEW7N|4)zb#SWyj}{FMUY3()k>^nv|$-V1)E-iU0)orPAs)uco6n3$? zQOum4?a7*OHU5mBsTUtwe!;SOyP!SQ{vhy@k~Bsl)QTPxN%ZGZ0rDGl>H3+eOFXY{ z?Cc7Ugyku8v_@ie6-#=76TQ0km*8&ZvnwbZTrMN24?j1m2xx~@#3R3DqS`r%FoGAK zk`kM>;J1|YWp8k>J6I6A429b|7(k#`vW#I#fyT<{tqp|m2HnU8OZK}R#Ns+7I5ES1 z^wcR*snAG2x?z$oBBK~lxjH$zZu2DZQdA)5&4FJjwU=_m3s31K@@c}-{4uiyW=PDK zf-EXG?L5Px?KZ|_D67plQ|n4hfj;nPGX(WFpmcc=d2&`X8^R*UrgPSHadAhFFc)nl zQS2idZZ2rmVj_(|oJ6(m8eTizQrcTqSt!AVfv!hF1Ro3#ULQAi?_4NKZw+dyRv@<= z8O2O@2#&DI4*=bKC0Uef6LqpR-{{u~a+@g^G}RJgTdz-1gX)+d(k+twoE@aLyHRf5 zS(1*_#tg}8!LH}yZR0*k1GP4Nm*lLcN$8XX@Gj&|wTU&{J{(g`j7MhUJJ4AU$92r6 zj8~k3aBHHRlKOk`v&amekaoVs-fbh({in+hAGVPr{}^gG5WQ$}7JAV97w{}JlD7+; z7d6D*K^l(L((Vp|gBLiwZr@Vwqu(l%Jd3ye9N|-Dw0;EPSnegY4qw}p`t+V3=((2p z13TC4FwhJGDtY^CE+;_T5`Yv~nYobhigl-zN{*_gnyMto;o^|xMn)V~C7JGpiu~%U z`Bejb8$>SX$Ti673+k0f1`fw9bxA$7(z%iY6dpL8PVJh2e4llYDwY^vqGXQHMt~TW zOHQ=$qLMm=C{$T}st(-o*tr%Hw{zptm+kh|l{TnEP!tHpLX6Ln*e#{MI6SPb zIH^;7=Mg^k>@B5-u$QaYM9UX7Ys$@c^rP`eX}tDvoyfxB6p4(UGiau-D2`0Ck7-vQ z?;{8g;o=n=Giih#SW*$A-+=obd%oc9c44{)j9489%0r{tk=bp>{RGDp?9 zM2ox7|GlW~8a`er4KLEN@55HS`k{x<@8SM%?p%b@BBCWt9n&+yCRjf;IK_dndWkxF zKR&^Ab?WvU4xpiCOvKs_N;_`ulY&Z_hJNV1o68q6su1vIV9CPr^?RypC)h;?{qM(ZI*{3fKzV(3yIO=APa|zKrLq ze{Ro9`;wyMAu)bFBm?_1(M_vCuRDuNxQHV5sFq&(E8fHJ#U#3((9)}VbhU=`kn1VX z%ncLctfkx2^jA#pwogcw5qpI;CTq9cw+jX^ta=3MiI5R5Gbl>-`IwdNtNFOv0#eRK zC~}f|d1pz%)5IcY&y+*zPoLJsD?hhAu?v9qci%Zvv~n_^)jO*nxzJ;KQkoz7#CpGo z;D5?)7}RVGf+Z&IbS;R!&g*WOb0RFB4j)}7HwW!%R@Xh|$SkY9Q&S^j=FR|CRt&hxm(KCPL%v00%i^=LfzvSIek%3YyLGSu^r$I)6FM1;_j){B3 z$Y|4@>vH*CN>D-Og>E?In>Ni!-_!?N1YV9j@Fmgcxt3!r2RYQ;i3*vJrUf(Q6uhGR zgX3#1BT>VtMeJkaVr9&`-%nC1>J+LjU!unB?%g^Z(%wABwMaAO*^e#@BnZlX=tUo5 zBP2N&Cs8ZrzA%_!BQJv)Qqk3j9Lt?(*hdg(WE%f=vhi zIO{cDOGAlOrV9Kdg+P+SWJ`h^Z#d7Pp5j6%LgzDpG}n zZcii=_gM{AUhdUm7n@UD6I_*l5w9Ya`H9>mb+F;cNq>g!ZdL()5uG6(U$7y7wb@rK z;T48pY)_4qn`>s=YsY@TNUQWp0;RFEgt{7sIE>YZv41Y_1B>7MvA0{qT%9bUt|T`j zrMM_a74r@%&uAVyI75t^(Mpw29%*}-leaD?L+YD0mlU0RV(`e(Dx%E$IJGo+BshY_ zDQRjXD`|-dLbIaRGtG-IT1vZ<5OqMK6qr17z&sb}s1U?EC8gb&C9l1EH+E@qbAx#Z z^deBu=CY$-P%IdfL>U4Itp-vAR>(r>a*L=dt&S2bc5yg4b@#lNnC9RRZ?xFjUiRW- z_^gH$Le~wO);@0@2_Jq>cE|L4xR5^jKr{auH^0A`(5#30V3+^?qP6_V^(PHo6aPPR zMPC06@(_54GMFueXKV<*GCH2So zqsAhr|1I}ts>0K;bWxPGR#H>6;cx*ml3Ie#lX*oa8#*NtI4*Q$dBK=hFd_qDv!ccdk!;rh=1357PLJ8(e~2+^ z5O<}p^gc)uQ|C`lzh=(V@roR){$FgpWmH^2(=8kWf+x5WU~qS5f-|_gGq}6E1%kU1 z+}+*XT?Th|*US5@=lSmYgFe*7Q3!DcFpOV$OkqC@1ide(z`se!+_+V zC(d_o+391QUX9LH8$S)ub30M`_j9-Z0dD2da6`p2%E?3hcVBz3rN-OrjP2)h6YTVx z(Qjt(zU+9vrsX>$)i^2fHVvcoe2BZ>ELK7&$&Asehv7jpfUv=D2HUYhTU_|pZvn^6b(RV46Gzj%LAM%phHd{R@N zle^gTe3aD2(V`wHJkyCB7h%LAv#+d=hmCl{b2$R_U6K@?2QEnguqiWrVYa&~^tccv zkdVN)0rC(s8gOv%>_M7sv<&dJt&^`w`91wHFoZ|3Bt08vdAl$>K&< zM16*8QP{aW$5IguFyH&OMr+S^gMplXxXwRi-_ElATw%=1U7n zC19By9sw}O1p8MT0FZ>ph?1xT$}b;b|G zJ}dbWD^wXTsL@b)toaFYNE4B$njvO1p6dQB;gy+2z51WQ;m zB71LN(@b=5IiD^v7(2BNa~A|pkz#`!qpNQC+ntQd{%c19*3~lQG#2{V5Mx5Hm^WcX z+@7$~rT-ZkZaQ;D=fjw`xg_L!4q(MGQC83qONCF>9b>=kCTlrps40$X{PuK(c6+wU zcptJqInU^t-41iq*^$=(#x@U)s=|n_c_cSTL)l=?F;$QuyWY@nH=J&OjiW-&6k4x` zC0af0J~5XC95v&FGAYHs5_=cleLRx~fP~)&E&h6uO27-mIeR1)78}=@PRHgb} zp4hHlFjY25ji+Q4b_DQ8f8_>JmZ}WdF`)$jA%Ht=-W+ znJL15O-rdsdq@d@WdCt8R?njZ@o9MH8#i6}qnd13tu|o^s$74q)cA$-ksV#mB$DA9 z4X??Lsy$rrS9#h#2G}lnsEFhny>+$P=>^6;*G7+J9gpq>Bqfc2%E={kuIW7e}!BEm|L7|tvLK~m7Ajh z*lNmukQ?j|r$04VYW8JA6>xYE3&_2~&6jIS`f8A7Db47*CjU7CWMg<04DIA0JqgV8 zp6b}C-%y}#6QKlJc_atMVeZAore80WF8#+72CUz1^o4~@uexOjb%x}k*{ z!_B0P^69FQ734=Bb@MPODCQ3FFSis_nc*~*lV#FCSqR*$U7)1n zR=Ml#Efg2?d`^#M=&fijuu7_b*H!;iQ9piuF`4pVG{F+sgYJF`8>4A zk68UN??ykJdj32~5iTtqCsFv!+{f=JOm@}vLpPheANv652fK$*zuRHTCyB(NGE+be z1!C}C|F%;$6%|qnv0L%6j84lS4)UAWZ!-e(i^$_~upna#UpHOe9S@~&<7n8% zZf0(JG=%B*hLCRoXv7|UvS12~l8dP>fM#{%-kZ(6NN=9pQ$K&T>~(%|55S1^Y*NJYkNu1l)u~Eqqf-g6W!) zLVBenoTF?5o6uZS6y$J}lu%t4iNeCd+*!<>(KmdH_0`@Yg#nJncfe^65sC>1K9fAy zX9RQHzTPqEfc01cAVd0hKac=e~poqXW0G)uT7`a3fVLF#z$q)PBn|9YUU@d`tZ<)ZcrCK!2l;9ZBuJ{96I70%%Z&$3_T|cfu@4^X{#9>io>7~Sp$0JQbcJ>gc zpE;pgug6SWQSRUWg&7`2bEU2u$dn-PjO@W{X9Y*G^)~f-X^&d$fV=q)X?$37>f=h{ zwdo1ckBH;NVt5^q&+&D0Xb)&xa`1xe{PMDj*unIfL3Nqi$e|cB>=^u_U7L5Y8uI*E zD*dtQW5W;vvWEQBtPl!loQzQvv#Xg&0Qqjo`S!>mJaz_~4Tj>Dv-yIMqBLB>YENQ1 zdTpdg6)W=FiGbY#?Z14Tf>r_k>6M-NitTG1DqUM09}^U`U|etMpS!{YQD{umDmDwT zl(UG^g6gnJbA7o9;21gXPOyAeYILOcu7`4%pqwQEftumcSDh~A6_?Bl>`K`r-%!G;43^*zNc@;1}Xs`G?Qj2X$TNh_K#Bu3=vugr@k_|OF~mC{SR6F;pO~4C_5(iA17KZ@;h`) z_NHPj@{6Q03!aLX5pFL@8Q!vONc-6;iMzUC1`UxfCbq51z8{rZ0s zxc^PR{x8}4-%tM+{rWG&`uO_)diwvSY8M(Pt&12#CV!&ak?3@ICYtQ`8yA-cTv&Wf zy>Dd7hP3G%zKJb%tVvdO_c%C2GT<*%o#?!SD#IB_+FrwgvH`%HSBR0HjZM_r+Ryx3 z9Yb=msVOV2C;w4^l!fi-3wI?bU;z8%}-=htb=TC9w(*b%58;j&@fmCA`C)$kE?V|Pk^td zZDGQwN%bI?!u0vKAE23TY3Re&$+2E?+R1u;54W(lh!M@B19Fb^he57`BNopKPsUl# zh={6y!V$hR%1YX>gYW5yE!Z+I(0eJCSp(!)Cg(;pWaCHYpbLG2@oy&FO_8V87JA3? zv=*yZTou;5gS*j`F&#S#Pkou!4M3j3fLGW%!c;KW#Ah=k8M$2Y1Z(@X4FRekWMWQ4 zWPvWj&5PZ#>!4#~Y%RjE^1N?h$+#@s9@~Z~&Doh8nK$#a9{c1lSP{4#^Fd}i zS4bJIhJ>d%dNj83K>zV54u6=8y_O2CUzg@fdU4TrNJ06rNgeuVJg5h`rpFVDc6K|( zT#E?xb{l2vF2}0ua&n9>R*8@U;kAcN3B1G9UslOsX&$k(!7a&Cw55lrJg>lvJkB>* zZVP>b+VsV~1Ql&VNLGyl6kjtz8wZS6RmcNX8Yx1KVzC!~{vMX|**5s84OY8bYhbbIp2Z-8Yku|BmB8!aGutXh z=9iA+#IwB!ia+*RKX01d1c&_Z;oRMp+WiZ;F*%q%$AVlzudz+h)ac#{oW zK^(Qc7oLr>zrlQ!>_enMt3Fn?>+usS9UK*uqC};g!!Q@ct>rV$$5KFd!?YP zrJ)>Ip&nRvQ_La#p^-B)%WT~7zptaz6s4rpFzAN5#R6b&oTj;%K%-{jPNST zP>8p}xn^)NU=)0-f;@viMF0*D&bYaGd6tG%YIiY|Xj|y!W~`K?E?I>^+M;YGm@i** zgyJNJhwW`7*e-RE@jv5xTQNc%S*&4CebU;OndCzkQIQ`kDa_(wM=zktl0lrDTANVi z2=e`#4YeSbny0S;E8uDAa1;J>ivJcY$Jvok+xy9~Y{tdTkj#&(y_MLG6m=vj8jxPJ z=@s;4MwO0U861NiVruOc%=SsB^7v*CroPk6)`x9SjsfeBRF z3)u`)Sv5KS3~CXZ%Em3h z$MBQST-YIGATq;gDx5<43%_WvU1fO0n=LU2el8ZIC(LTdX%%+J2>tAy+#4yHsZV9} z%aw_ej+%7gJm3L9^0n;-Irz^Jo3!_5bR|-7L9-lbY;qMJR|^bQpAa#DkTP4oMU7ZtK2_bTU8mKe%!Yz^}p zMPpea=HnF5k)bEa!b<3gGBK`bO`j!u}kMa^D&B7vSJ@KjQkRxHMKT}0g&6e-bDpl5+ zx@So7Dl~NPVo*%^&v;E+lB;3d&eN2DCEj`6(B(J-8%DoUz274gTyz%FvbzW@IW0gG zC;l&n!b#nq;3re-a}o}NY*%JVii&KS0spwLpE!qEEx_L#pU*}GhD)f1ZnZtD$3Fha z>&HFNht;x7GYwQ!PKZiB@{@%raCe+uC7V(WQ)P+Rq0eb|s$Yu(#9qi!)8dl^INCHS zFzU~XI_!}B2}7P<pq41&?{VJJT+ay&-Vp*_*@48r~0 zB#?=p1@`O(XK$bMu-PFg$2djq?|m$z+Q77u<3o;rZQYnOW<44`DZH|5e3r-bJniL> z+>`q=HmvXzDWNdyT-?rst-73ud&>bfj&Xm~rBR}sg4Un)B4V8xKBl0F%8m&^rDc|{ z2B2y4@|<}>!`zbavuIO?r9faq+;FJCOA5%sEzI|fAV`prW=!T|r|$-u77l$k5Nx|a z3`YeeQIxY>4G&X}Uv4K99GIQ;jMC zXGTPL^&4PB#L>WwP*V=w{nM1|=p%zR<#tco8~=RMt>51-0M53|T1%51oz<{Ge`Dr01j%(c1cq~0PDf@KdWE++;;>Bo}X zI3mW}Jb{ApZH+J$Qc8Xvo$KjZqy(H271a7&#aOhS@BKwLs=UP;h|Jgu%jn(r*>U_^ zI4UJ95jF*x>zQ;3$fevA8_R305B10lq5-MQoz@$oWa8!4_?x87Y%LxTZ zkX@efPKfiTCU;+8$|@%W@~+9qoPSqH&c{C^h>DdUyuEW(kilrz9`EOBN3ghiOJX<>*}Hf;d`TRanW5yNvw4dL&tQ z=*29Q$&&*ewiL_X*s0pln;Nw_fa*9Phy0-9oRN)wu)SENyFT9p^2}60fcVQ5Z!jU^ zuyOPVhHnC~3D#}=WH0@dR&oRh4Mf@o4gyOdb!AuuiF{pDhEL>z6PutVny47FV*9CI zSrXi(8};Kbz6vtf-DXTQ)2?;`#HY zBSb)p9V9j_W<&y+@!MX}o{=*RILNZZ*hF}O(i)O(8_Kh)0Qdv(&KTT-(Z(GkZ#SuG zN}K)%42kpzHWrsm)c|~9rlf3Z7sjY6##`d3~4!xvZOa zwtEdTbFb8imtC?9t!(@x4pa#zbGOhI1_wv3xSfBOf^d9hCz|j+6b>DHwoql5$VKzVpcF`)WQClUj zxjCfWYuhKTLK+_^wD6?pEQH7-_b{7!`MsNmF6rpD^`*K=9-dhcu$4PfTcAd3>%Do;#b8wsnSQ+hCusUbEHGP3w&R}tvAwaBHZB(bumsR5Wfb)fm zTcFOOkvkG0^6Mzy9q%(w)otX}h8xfnAM&^sDWY0i`Mn`8cH1-;;1sm5&N2EYD~l3k zuxK$ad2Vu&-8kO}h)<=-Hlx z2x*NYY}>uzNU+JUrjxv%{a4zngJ#RMUJi=rsBp|FFU$e`?u{$w`lqqpgS1LsxtGiq zo_CJwTLd0fh)PN!&Owzggi#&JennY-Sxy&wmZAYE`M+G@lctykryS_;mIp2qJ~e0i zRf5>STCMBtJUC*x%^y8%7ZJ%G< zMSB4vQETyzz(6QYCKAlZ%8H`otmLI9P~?ED9fsX?f2s-1iSc?3eU$1u!~J^er^GLN zoqS$5uRk*1kIB`v4)WZe-v`!j%eT(lU^Z2`&YD?HG!-M= zzQQaYi3R)KzjwyH{}o#$Nwj$NE9^5j?gq)n356YA{$d^{PAF}O#~qeZk32DYU(z;0 zL&OHk$&jgWnl{EG6Y`!wo=Lp2-(fHm!7*-q>m+TWuG>p0jT_C;1IK1!sfSyW=GHb2 zy}i3pj8bBhZ4qP66?xs{9nRsTJ^avaE!arksz%w=TZ)IIm9R`W2czL%g)GsR=0gU4 z*-t^Asn$ewoBQn--MzLx9m$DEk$-68=T7y(izzMjlKO(=uGf9|4gkEG{gtR8)yj|w z%VPcfdw@p!J5|P{O@e-JK)*ZrM$xjlJ+Kvg6n|HA4;AA&J7B%PwY-d*(*H8@}Q z804@d@#yGW=_-ZZFAM+d^~O?=M@lnl8>?)ZrRwiMz%>~76F(RdGLy$VyAt@^JaIYs zmGdE&h%TM8t8dMA%PlNqih+|I*q?KJB$mn91MmG#RnBdly-Z>t89BYoBrwwBJ)WrY z5CRi%@d9+TnFw{I$sqW*J8Ifb6Z53D4T<)$3Z?{i}SsfcC z4T{-N6W8;RUY#W^nDT9WU0Ieb*c7jLI_>XVp}ZI&LSG<<1M=26^tO2BT_ilVqO2)5 zUL^ciDm8A`Wj6$bhTykV9-D>RxJR@by-E@VfPF&s<6R&aJJEFy_{s^11P;=oOG7)o zMD5d!ZOgom7?cjiV)0$lc)z!0+FOhfpHX0NB;udP}2a z=c}5s(^=0=5P_yvxK7Bl`vv9O6*n+@>nYGenjO?jB9x0_)ocxgJtUXX;1x;OY9D}z zTU_LNUOV{kcdyEA8~Q0>z~u+-UV5kEAa&hr}U&tixv zpHvg)F)`OBA;Qxgr_?zNVUtZr**O974Y6zc03UU{$Jz{~iSgfu-(L$fI4>`t&xUQH zx0RT5&2pg9_zg|)dFGygVdPsl?61X91y(QEXt-9k_3oPh5r1Jdj>EsY7#!I{&6 z$AyhVh!r2OrJ#MHXiphqE-|X{febQ!SlaxqXQie2hi$GK_q{UKg(n12HH*3RViu|U z{taq5 zCpqOB>+0G6gSI{_=uAUO;+B%=)#|Tc97;h;H6SUH{GD5^!-Ch`jM=uA%k>rVjtoh` z30n6j_^%c~O*T$sIbMNKU3))M=hU$0{Wi1F8^kvbj)Ld*9tCzheA)f`o+f;aq0nkf zE|qw0xTYW2`J4Qdgo>5j=m$@Ye?I&Nhwu&yzi#~&(c1l2RNAJv5~0HF5AVRUn3fYJ za+&on+NqJXOif*#1HpXYB6P^X_hti19naiohq-^-P1e`)&%|##6NGxE_5ABo`w#0A zt;0jR-jc!-lo9odD{ne)KH-5#VYv|&GLx=*KVZhCna{fh8a?^xh8O+Vok$T9E+ie1uz=an~R@;NR}3zkwBd)eEYL;CU9jW{}M zvzeWosOj;(+ds2+jF+)m`RzMjblY237G!1I-WiUwL`J_KWL^dun(8KPy!64=#*ly04W)yedHVh) z9zV|Oynd#JXX)k@eK>4b@4oZyboi6}>y+H7<~h4>Oy`A|ea?uO6!pL;ZHoDs!=W{@ zmNj#KZ7%*H?B}?}BV`31pMbO;8RtHdy%8WbJo6ooeJ=M$dI>&=vc$w<;**V zJYjz`cH$bj;*|WR)A?cVm9-INJK!S=eqEc`GYz;Z@XHVinXlECDmdcIW;^3>qm0)5 zaJV)4nNUNb3^;t4`Qn_hyfhkmWWkg2w}dNu?Aw$smgN+?YwMJ#es*}7cSHQy75U?K za6&Bh@kXclM9p*AHVYVI#`TP*?Fi@XAVh<5R#H+!grH+|^Hubqa?kc2lWjUGhiR!k zHIvu=PyUI(6|+(p7-h9pKitpqN96H2?MrjCW^rJA>0oR22nn0ybr%_3n6b^a z|9y4wXx~mA`{UaX{5h{l9~+7!G->r2q<2p^Ft>2~Rm%ND2Fd+}=km zYOrz_UQwMj-8FdF;Cgu5u&C1!SDp9PghUiFy9HIcWP_{4OwMR_z8gJO7ckL2JWpcD zfy;h<5hQX|`yJmsbMu+|PC-`wx5#Duu2I-FecPa|JF3q6v?U9eIzYYt>U80x=|;p9 za;Z>%OTT%%{)7iVqhCwtl9Ac|NM>CAY+zOjh)xEWDU;l!!~tlhpmtPHTgnDkC(JnZ|xBd!C{KdcjIV2g{rq&l?L@J6gEidZ(=#| zW3%%)z{iivMYO%a89$}dysvDRmRzA&LAquz)v;tod1*v!V}a))ROK>#)WIB&GuGF$ zS=TGgrD-gEzc^8aoZ0P0coD%S%xQ1qn2!_IEY}xTtTneDJRy|amx(KbB;Foh-7Lc9 z1vOm!zhGE2hr|exb0eJ;j8sJov^NInm-yoY*Tt`+V-;u7rlOn-RWki5bU&L9E61dK z>B={L$gIHIzB+=6GhD_B`HouUkg!r6(kuxR3-iXU^K^#9#n+G|JVWk!m`s){`W{-b zq8>=jHyA>@z8!|;_83m)z1;OTH&?dS=4#Z=RPh~Z{6=KT z7}|ud*8h|{f-x=Na-2?}KOTO{;-;L0<#wcSN*T$@`|qk$ViJRe-)bWEcZX@lxZ!EU zlA__84TplLl!TCVT9OgCY8n#ikM!eTBh&6}RxyBySIaYd$2oF^8n-fbh0fu*tF#_4TzIXDS1$~^9-ZI?KkVCQ}T-H1mc$9{B&;4Wv1V~ z%5rOjO6^-BPGf;Yc?vZyM02D|E?U}lds-7)t)|d0`C?euqZ*u|F z#mm2VCevz8=VUn7@-`frE;HAIH{w1)>~%>&frhzUifFqj3bd5D=y9@gTKqv0!q+=; z+6jo4u>Iu3Vk$eaZo+(R?x?UCKz^A$J2sk(+5IRQ^MySa5cR0g+S zN@7%~3FsBWTN_a--G(a~4(XDAzj2;{07t=z|87a z$yOwE+Pav)I_)4gm=Mz25}djma^z_(2WsaEimv@h8<(0QHAmFCd8ib3!3pWdnh%>NCIgdh@Uy=~rgA^ME$tM~(1WV7bw)}Eg zJCoL`pUx9r_3cfusH=>M`=S-J9}QKKgItB@Obn9AFh;G`VCc;r; z%*~CQk?$-|&bd61l)$fNNV*i_gmktt7E-U5T`z7?nD|yH;MJp#6S{X)@MOq>kt7-R z?R#Juvi81>6kVgaN_F<+-(spH-eA*|LW7y~5ejj~EgRR1eWPE&qD>z4@s$Mm$Ai*N zC*1rHn?Ek#KUtS0=lsfrnHf`n_Nzx0#oZ0Z0{KeapSOKY59Jg;%BLS$FpQ&*och)CyfvZ7kc1nirm*>DveptSxc~fpEZnR;^Tc_E3sNtq2qj#f-01MZp})-2lo6Bn z1@1}a=--ynIBM^JKh)(G%qR$%z#gHcv6bdZAGBapYa>QS37nz74bxm4?)0(>H58@A zIZQo)c-V%z06*o~&hBO&`4zsaBTQKpZLt(4Tr}(;Vg1(FJp-5}@51EG!f^+a&?Lrt z7WuqCeG5uad(*P4z}s74p`f7ekOj@hm@sf3Y<=d&i85P0uw7||6-iuZEa(2AU1B^^@}aiDX=>*`uor%V5XU|AxJ&PVhSbn^`l~u z|7f#%^*}K8RM!DtcgTSU+nT&gKExN2DY{yW9>-1kljw!7%(W_P$+ft;!spTaEU%O% zyx?u$KCOx6w?Q~mOxNh_w{3ph0tBZg`7`bH-znQE8JsiS2{8fwpZhgydfwCzso2ot zH!C4V?i~z_wCHNpRhFsL{h%sZcu0n2m{`os-@{rX@9VR0d8Z~@%BvMb9TEG&8c3}a zjfOy|3=zNS%iXEm@)fmB;~ML$S4K+X?9Mw_c#IrzaL^Ep zMnD*0)HqziNMO}Cq%4M+5OuU(VoNa8TV|_{2a_dq>eqk1(tEt|deF}iyVEoFNEf`iaLX}#;N6L99gXBnw=&>EIwiud32`lb3Ubtx$wm#=F!>Y+m);ce+e2BHe zXdsJE9AyR0RokN!<1uF9HN1_Q%O~NBY>WuFOGJ80HOKXp4qGZbevo>LC`96}PX_ka zPN#mjjn*Jm6<*QJRi?0@d{ui$wb8z>Mosvyk@~9JZ&O9E{eFz#A+jm z6_vlCnrc0wNZ4Uv#Gb=HO=j}tYW{dygr44ca3!te>Nh1}1wb05nj)=s*!%9+6QDEx zx7Xgf9q#p2E7+)FF9T-vqZV5CZjM%MJ)+I^GL^;Q>eFEFG#CKsu1$g; zHpcy$P-Ku~zsnx|i!-tOUY{Zo^Ss5;FVA2Rr?}KWovoV3y_h-1Ze`^>>ek-#0Noz;7U)HA_jXGG^$EWtv9d+hY8g6}-}%`$#7^KlXFjJCBwbfsZW2Php=S@TX? z9bmb{5ySHQY>B%s9by6Lc8cR>tU2$MAYHoPm^iW>*EY#MJS+NisaHX1@&v6Yc^xOfB zUZ{<;*V%v}=vIipo_yBZTu;I*(ebKE05VZU&tNBmLNvuu`u0+j{hJge$|4!*Uv_!z zvsZNZkb9yi=uFP#Q?3v$MD!B|-iP z=?U0*UfVoJ*(f)|g~h(6M>P=EY(=`&PUbz+aqag0qE!{sW48eEOjRji*+(Dy`*Fw4 z&k()4C-bFqE${1^1)bZj(#hnqbwg9DS1S#qm~2LO9R-0Y2gw??E(EC&|rUpWNT{ib8kJ~xEq zuXLO=hguch4-*$r;nY}?k|z#K^O`s>YjdzUwO>#Zo)WzTk$&`puw21O`ipYd>K$mXkGWAKv#o4* zqr)Ti*PL`h5r^<`P)-qFt2!CyEYF$6pFJjjaA9<8UP80{Mjk~rsnIhdq3V;cBdp(< zPR`8aF!R)$(6wqPaHTpBN*tJYueEp4Q`)SAwdJHiuCS&)4{Q&?Y5UuTiI|J`t7%9P zTqUEERa6(|gT_x_y)9`^-^3jbB2}1(v4Ed~I$o+~2$ZN!!p8lzUqMW>?%gxii%Ua{ z-6(e4cYNa(bI{~vRo5`ZxfKF&$rEE9Bj?I4slkgGMnKN|3c+t6;lO@2M-gm^N91c`iQc{NAWyB zTjTTf+{Q~3iuKv9xArf=FI>h2%aU<7O|$(Wpdm{Q{ektJs19)ovO11t=bWf=W0H)B4VjmMT z(ynZuF;o*JFw0!i1pj}oAQA1XeH6K16DMqnIfb>R!?h}-l){C`e4n3aQ^wh2)l>sU zaJH6rkxq2|B)bPjF97PT33W0`ven1jFS}Vr%^9lV!jrw*lnj##6C3|9Sy=@4qy8Q# z$tY-ehiASH01e+C`P!?92M@+1R&v9Ft|r~Xoqi(=4Wbon^ui)#NLA-@_%N-G?7}Z# zt8CNI{>_n!WQtn|8PgcZpZ=!teip3Rves1{BX1TubE8CK`1&Nmq>XN_?*q#$5k0W+ zbw5Djd{vk61)YTj+^E&&N4}7VDodMRkUwbtGc?HvyiBD0{#^!RVDa_|NxfXtc+=i= z`fa4PR(oq25tzpxI23VR8}=ZkObYuf0N6rdcXvBD#qB+vnDM&B$YEY<0zJ2V)e@l9 z?j@c`#p81c$tK0-sg|;00=g?$@YCX(@kUx$0S*%eWhP{!G<)^!ahqa*(sE+EcV#6k z4QM(2to_U7lk?0%<$GVhd=e9(gg=&Y!UKZr?V$3A@Xb%iU}O*#>dc62g?+(r+jj7@ zZSa)y`3I&Q!(~LlJFDS41K6#e;Ulz&2aJKy^COysmERQ;W1{-8CyIp3<}bjuG0yGp zB<1yM`u}V{o34vCi2+n!=hpofygRuo+9Gbd?MusSqEptz42^vPBQ3M|&bo)j7?`&= zC_~?_%v-=QG?abo9^v!Ui4@3+D2fFKe4c?>zk`~=-y5cFb<(P5mBsPeY~sh|{gWif z7VJYuR_{&_=~*Q$w>{)ZSWCUk(A7FZS(%5x(&TcvOp_yN=GC#OV7uXu!t-h2ODw_O zcadpkO(F}S@yGyrxS)~VBOHAjU7sr5INiA~)iC9DM_a6Z>abpQot^PLwI<;_@`ow0 z4xnOwGi~0@%=DefJn;l$Pllzjx_q{NLB~@1>3{FOlP)9xV!HB`_Ws=xr31?Jp*y2x zuIHrhUnQqpPjURq^I9JkMfODVn_P}*cOsjeG7T767yCn;*Yj^thMnT-Be2xhbAWx^Q^HHqF>G;x8da@X{r3)eI zbIsPy7Kqgb8yZ-Rq>WgLP5)OiKgv&JxPN)dms<%KPK4`y5L!M2rS1!nLUko^L47`R zwiVrlrk>X8JM@(xX$B?G>lH^|G>hTkkMs{O>O893w*@_%Gn~eli|*LRqSMs7=?VR$ zFhV)!DI~zu?@6tC*iIoQDjK7y2z+Iof8U^hsgJblD$5$gIhz$=OPEL>H=YQansW%q zIdygD)1Mw?>L?BpV({%K54san;jA-eU*!)EA%a(7@X=8DJ$(u7f1rS`$!8mdl-KFv zjro=*Q(es!s&TeAJM?uWsb0=8nl{YpDantUf1uGdB8U9L4%-N4(eap6Jfp>-=|%_Gcw5v%>9iC&ovjN#e1jPj zfXttZFnA^9i+P^${rOiv15D(~w$;Bx+>()!^7q3ks#>|7aS`+=f(z>{BZWMw`OkE@ zZVVt(GI7YUOHr3o1#QxO+ot7PCyDJLm|G=t|SIf zi4t0TU4xQjyBNrJk;1nIeGNa9&|GNT+rfs@%lRR z=SLak{@yMD9sZhV1@6-|^qUWimZMzt7D(BNaN}qy{YD3Ii_x&323Bpx_*}O?@wzE7 zWzo$H*?RrPpctk2EX%`^G%vbIaN|pnYpE(^*q8cwi8Z>jqUWMA42aR2a~v>&QI+cz zu&okVZGUX2nc}x4JyY2l?c-g)Qp`GfYY&5MS)D|1Y+U*v$3{!rXH2F0?N4x9VT{1P zH`n&|H&$u<<)KAVWGblq0mGwAcVALlC;*Hz1ISe>^l-uL!t-`S@yQUZAID0gr?*a2 zezwkEu`Z;5=9h;^WA-OHsl$&n9j3``m*E*Y=K%q0q~&|i7yI#s=YDOJ&|sVOHg}4q zLeHm?(zi3}Klp3dFf?_i#xn*7f?FJzktn=hM){b@C!BE@hO zGjn_X4*q0)UbwT2h?;MYw>_}Ae~f3fHJ#bLe)`NlOB|=&g;OHtXQ?ln^m$uvVg9Bh zrkEl<*sIFhDn~qAR$XJfY|o00U`@1PK(CYOGMJ}kz2fnh#DFVp<&)hXF}hKw5Yr~B!L zKQk8bc9)|C9sXq>N6~AK1PR-wb)(_$-`W3WDxyVRb-s+2<*}vuXfrB&-lDnG5l+_; zvbB>m?pmZ)9V$%fm7C1AOrNneeG02s*C|w(0L6-(EsRaDWD~2kpTgPLhFZbtu0^Si zLyGQnxzX(wgH8PNZbdCbyz4@x+GvDojmI$x-vHCr94?ew(y7Y~<>^}kJ^mIrIFN21 z`#%1|5`;RC{q=SwoGDP}Y&QQRksr#+8l>KowhKS3d9(wh#q+y8F{ZHA|_g*tzdW+HzfZsvdp*$^e+Zt4w?lr7+_MQHQzH6znI~zF|!E znf7ZcQRjR6uGy%oZG-@}tGTi3%VH`P3-Ia^$qA(CZ_K~`n@*Mt7qs=&Va$6{L6%B0S42JYD0>xYyUjh0P&3A(lHBt8fTVlhYaO;rQ9qZn6^mI~h!wt6*x%%pXr%LDfi8J+ zQmuTz1PQ?yMg2Nz)m7%P!+O*coc}}ETL9IyEN!3>+%>pw+}$C#I|K;s?(RVX!Gmtx z-6goYLvYuPySu!dbIv{YzN-J#tD>k?Q?r-Mtm)PL^*3KzcIPk1Msm-TY03FGKmeWe zl4l@F_1q(F1I-pYTB6-MMHwPMQu#mJF)(HaS}6qwVly*$R!?5;b#TKDDYRRE+H-u% zX}N$5Y^=LOYhRn2#<#!~oy4ceBP{_Fj|3M|DGo4ZXJYov_hwq2Vj>4D==|dM=AxW_ zJy7xTGHxjAdpbu9o9P+Yh_^6uC;Vg&bO*8WdHK+)ucepgV)9PNGIVxRawuZOP(L4k zt@#fZ0AZqScW8~&638~i?3!}b(lCW{0aAv-9--YY37~6{ny@4GD##q6MEZTEo}9t~ z3)xodl6aibma*oy*NL!dwJuc>qDc46V2o+OGwtJm7ItKag+A@3sU^au+7T)+{Cff5mMH>W(Mh zm~&GU1_&WNiL1M|(%s&3b}lc0QEAI6V2Gj+IDUl)F4-0XZ3jWDJ zR?1`R_tRX7nmif%eRQfmsR)aC78NdoUXlij2oGvE=yn4+_`F4qFPkgW9U{|1Zz9}y z13u*3OICZ0sn|I!Ya&E2F`Ex>pm4&Ko~9t$y*{?45sNH7n{P)X#+VHVtw$wa-|AhT zP0Y`QU;epEnaKy0CBcR6tEx!MdLSnXDgL$oKE>(hh^;d}>B#XMNMzuG2Nb9>vH_{R zXRZ^kZc^T^?m>Xu6oH&#gyi^;>LXwyH?c~qGrNf|4r_e2>7+8QRTwzF1`Ks#c{0im z$)-s%iPGsvTabR+L{d^sBQ-CP42v2;2dLFX+*s|R&jNm`X}@wUhQXl`9>|kFeoj6u z^)_Dp&WJ&};joF+E16eg%t~!&z!+ST)8Z{!TSuom_gReP+lBsoBf!YL8zUhh4(_m4 zgq96CTNQ`B&w%Z7EZd4d1oDGop9xV0>DeK(Fk*g+% zGL13yVOl)HNv4F(6Om{&q_NA;!dljfAeXJc=**{@6VPm3sB~ z{XdN=rkv*x=eD%oi#XJnZG(CG{X^o18oKb+qS_r^JR_ouUnv8Zyg zO)18ao73#CF-`s?0$S)dw~5M>6crccG&jeK{{CLjaz0S2YHU=Ch$YpJ&X^6@ZBjvY zhwZHa?;k1jXi$TA3UBO1Zn<^gVelKF6T= zR>Ds^Z$=sy7nS5Sd)_8Fw&>jFxE&VqiV&$zOVDWvX|9Ch3@PKfZDwuWKAuZRYgAPw z#>P6*DEr297lww75Rt24bd}Q-HHYZ4N%822k`huT{y=v=DoTms{h3u}3md)%M7^?< z{1Vklo{eq$L9C8WXYI4*On5;f>_DzNBH}a=r54&i!i16{!b&^JBBYgO168b(!4OkdmX6eO$wAT#o4N$K6siRUTOeSLAzXiPcn=NEmEO-0y#f(#boDk zi4Bq)X+gq8g&l+|X{$_hKT4zdGIp7#Y4nC<7ny@cqn{j6HSYs@iF^vL@Zmo zq}Zhg)i0{bIx)SK#pVoxpRgMfF3H$E(gLqcJlJ zTZDlKRi%X7JYYr9jEAKqp>&E$LIssY3mSj?Ot)ZiXcXs=c69!3VT||!VtDi}_ z2`35zM$QW|HI!1!x#THQN%y}fseYVBC)TVBaw$Ffk$RbyeHjbLZYIsEg>79rc3HrZ zSE|;h9yyeOF-NPp++bJeItS-cy&L5|PVbOof9o2T0%JoKMYNQ0KTyxHu^F&z_0lev zaA{~tiy5M}IJDgZsHJIHgHDll=2jq-O=iHW4invvPR_#PgSr6}wYHF)6hh{*Qz0T2 zxstZL6ps|Cc@7mW*p35|DN^Oo9M}DhCBdtAGYboN(0zjRlcqAeq$cdJ1i_#IzJXI% z$zn0R-XEeSic(wD!zK9JE}4>Yke-90w(he(j2Jt-rs5ZADb2(x>fLtlPf}5!A2B{1 zHpd1G)^Dg<(F!%^cyFu<3Dl$%MCevo-{Cn2ej=c&)FmHV7_O&6S7qLlz24-KyE}hZ z$fxRwQ^W1ZU@~;5`bU?53xdMw`eev8jAx?AkRH6!AF%&KI|2 zr~OLP$6vwKYVl?>@(K@7o*0VhR%^cBz_Yq1L^nXyJf<$Z)t+5lg(5yb2`+sW{nWCl z_v*mbqrXSb(=5@sBV?4)ZY9BGpZ$3Z?Dtoy$tNdzg0ilwgN9H@K_q6zp6=9ukq}u7FXei%W z|E{PxcfaTrkBjn zC5;CGANRL@q6SUqLmD%4ugJKmBloC4;!E|N2TK)fLGbrKspmX$wX<+`+4~{CeEBgY z3nMp!*nv7QIkW$cKV1hwe%C>fsg-1F2!bRtlp+>O2=K3}985JcyjlK<6w z6TSRf_Yo{9^Z#nS#OovBTpM^uue=POe$hbp`9-)qEO^>B97LZ(_Ro1pJsuFKWuqOg zj(wx*q6{Y@rhINNLKvKx=!O5&g^2dz=dd2oC@wSEn8z*CmRIzT9>RGjIpgjcVglau~zbm>U03=WJYZ8$SzueO~f_n{}*KKKQP4hm9 z)&Z+?#_CwbbQ?gOZv+HSI*75)eM4cV=ii(VUBfgpP`%3QaX0Gn*iX+_%tPpP$~`yJ zdm#zDf6Y7r+~2J43|+o!CRH-`Ob~pn7$tfZ)XM_Q597TZEF-W9h;JUF1{)qdtgbIh zUY>%Y(y5zMqiXE-V8x9r#I;&N8P*1O>y&t+T6?10CZ@Sfe%iXn7iMVpJpTd;-$CAX z)Q0z9*|Nkt)#_hyx;wbAGdl$wg)~&VoJm#ODH!4~TM~K1OxTr>m35tPzDB&U+_U(- zj(sEPY;OncI!I+OaGa1N0*CwJuDbns^)#9kCVha$M?2jQ>UhpdUzUJ_w@)fP4!-Rx6 zGivbr-&z==mzVY@*F(OxX?(pWqabgO5t%Yv{_bd9pM(xBf#^Lwk2I_~skEm}znwY) zlXzbTap~JN=72_{m=f-(D+q4Q5rL_gq{1 zk^R!Lw$`mX(}v>IL1pd^^bR~+b!RAEYqw|$b`%bvcXrR-f^9K7t`9&dOuge;@)Glklpc=pD1jFfDG8mIg6(SZkbN9L+L?t8PD_Rgd|!}NNE zq~?@)TZgeXG;&wC+>&xZ?9ZF?9r9Ad zl8Px>uf>xL4EX$A+hNiIZNv(Sa$Z_ zbUh`&Oybh$xGOQHgbxj_ej#=?1o^L_Soi6d#PaJnzK^SKy$#!M;esACW5xsI6aiJm9g0b9{t@;X8j+CE zv*#02ot;tEQWIau$i5tFi|E}`(P59iOp4IN+NB&=#!0sY>?l+_t6*>A=f1SvZ~6B7 zIryi}(e}RAoGjLU;0hl$D&j`|zKnDGd=1wCho^zfkmFmPnWmL_#uW|})O)j(-M}YvC$-D1!vs1yWMbepR~@L5+ruS^yqGxH zLr-L3vdH^bOxig4po>BLqtLJRTJ4j1O*EgRq`^j3c2%rQ)3XORY$-srrZpNKfyJ>zq6+iy5Xp17MnxJ_r!@bLG z{E+TWleO2|yTx@|RO#MOuAT)}o+htIN33j77?BtU49uRruE9v=xC!PJr`U4AN9q9{ z0$~TDrZry*9jVJ{BLt+K&IFR=^DJt(Bq3p61noa2D^HZoRn*uYrV&+e7>* zxEQB)ZT%k1c|X5Kw^rurr8B$U%%28>95FRv*X$(91InmiX_%??65)ztFRwu2=FUA<_!uf+rjG*yCe8k8JB^rD- zEgHxu_qrk7aJ_v*dv#B!pG1&ZxcwgX%cq<&-%WCgdYe5gzl*a)o$A;^J@>Hu3tb*) z*)4MB4}^$fi9&bE+8F^2%{b2Z+HUY}ek{C&S-8Qx(xjW>357}cc>31L~=23Y4bed21DFlQw4gGjnE~B6}FGVe{WcP;e4a?ibJ&az7QiUrR^^D z$L9P;KQI;;qM!>n7#I9TMk2*h!}rA5c!m3p!-ltg#EL)id8orDxF$>Jbw%%D{C2WM zOE?y=-NFw$<&{}C;APHVA7Yey^>9ekAsV?juxL|xH7@pfjv0YUHj;%UW#CeViFI`2 z96N3rNs>aKBjk8^qT1sM>TufD*c#3Qj|`h!fAodF$w_d7vA*~@+V94%mIekr{p=hI znpeP3QMEhaib`;;f0os*mfsGgv?Pb+MEvYBdmMq4i={svvoH6vZw_!x39IWHyxJIu z#W5m!ubRL9G$QJ!Tugo5F$O(M~3JvW)+byRqcakY1zV}4T&a4bwHakX*h z^*im|gtw2t5p+fM(`?7iY^EoSAGO>dubkNgOx*OR_i`VsQZmK`@PV6$0j#V;z56I9X7Wx(ySWvV z6eM0Unu-J@>z)BJxwJ^|I@BSO(UX`pM_fzRdNVH-{IO z2F`)@%$p|V2O?#T7w3CNSK>F+E0@SuUo6lva#$>-ySJAnoK8I%$#O-m*P7)feq*!F z5!*bt6>(Z_Wu#HWeLakK$$R@6_5r7Rs{U+eBn z?I1x(h~pevg1)?QO+VnL%VAmA+L+l(lVKxnO`6~j8Ju?``MPF(zewv7T#vQ;d)&Jz zH$i6}%z+pt%0bV&=`CwKUCyuvKhD+w?%Y2MO1Ofxrm1|ltoYV%pzK~Zp6=TWhD(S{ ze0-1uza5iks)?*!=~m=FZDFXpUqEl=C03g4oTOVntqG#ghZ*)`RReIy^^=UT?2Kh} z4F@t#yw4(}^J=2>*~ECVa;a$iAL+eql+6Y*2%h~y3hjTrOYWD$VD$Ba%3^%x^Si%a zuh~2682SDq+J4Azj*;wE(~+rzCAA=rz>5MTWUP1#kpD|F)Y2G7WsA|400?ytO*&}tuBUVlSU zCl&IprkSh2>x8BH7IYA;qAd`p{s92XuiRHMmMO8;7Wnb)etprTiK;|zqChTss>%Q! z@`T{_*e4;*ZaFENE}Td~@eADdF52T|pI|Le)>AFt>u}s?bn`y9Z!$cAE}^DQlmZrI z<6nB1-F9e04r$RhufL46H0qt!QOKc3Xf`Cl8z)F)HZ(qYXbG#Gwdzvo^PVAc*3v_( zsh_n4=VT9~MS(WBJ|#kil@N1-shz7&$JPPFB-AY9qkuS8NJTk>K10hQFpug5)h0Bu z^?6I&vU@naW@$9|vv6zzuSg}~exJQ{neh9g(>qDD1&-K~Y)Pbg69XBz5`-ulBW|>k zoYBQ#5Es`R#7T(na5OTa;^P7>U&q$zwkPyJ@@kZeTX!TNm#X$k47tqrW_!j#Tk9{9&Q~yUD7~=g-1l;(3?j zPfyMkjr2Lb#2N*bWe=`2ys4UoZ*DL(;DhD-23caaN9EVvzMVM=TeLsyRau(yN|K-Qv}B#DBbIn(1Ecnug;`)N z?p5J*3Z_5dGwPOi?w5~f59M2wRTfa$n+XKvkkTUGx`?t7d zZ`bo~rkIg3_j`3(Bl@nCvG2al)k-bDEI({C`tFyWMQ^47$@A{|4uO7!IhI6UKRp2Z zN7!Ef&*Sqb2P!i-sZ&{vSgiVX@=4($oLz02K#6d6=fXZVr`_6pxr}aakPo;` ztw|e6XI^aUudBX^mXzdJ;67-dHk>wuZ~rTt|3AL?=TmMYQRKj}KjCL-#o*LGQxrmAWrAa#7WesEtxSR=XCC3_C4y zOT;%B#3dUM?R31a#KU8&^hLKT0P<#`er$9Ufzx&+t1dsG9}LbHm5C;bL8tv~qbR%T zPrPgz^=1=WmXUth;E5@To(nu|_jOel9N2J=ZHf#uy0?XITHuk@{1^lKi+wxH+8x(d zpX3Ce!C2<&d%xQzM}Zg}(>uq@8$J6z^X*BOa4IB=jxEYX4AX+a5e8YE?rPJ0p8GrR zJ8hix=N>s@fnAtgaS5T=q{D;kqjS`NI(Dwa@2Ci*{Jn>=Q6MG(f$^@7XDqDzW5csn zlKElwP1;;wUa_We4bE3BEpE44ga_e_r6mti|G$^SJwzIxLx3ckG)0`y{Ec2pCs&k+ zo*t3c?eV6J-eWAx8f9i{r|Of^+Vg_|Po!faUv*klqFE!+bAQiu9#=$t`fi%pR@_5f z6xe@}Y>rT7jTmrGf_eh%`P~z7Dc;&W(f*IK{3lls$*AY9)~Pfw3MH$wvAsGnco zMVWxzq6Bw7p=*+QdYDX(0R|>k?k?jBCa=d525(<1M*}dmQ_2w%8UTja`;2HZW$nuU zOx825^}r^ypnJk>sd}yV16-@_88ih`z0LIOY~T9x*g8t2sOW}3`gWgb(F<;QAkq#V zu-eoFQ+Jj`Q0Fs?vvUE?Db7c|ca<_C34pX@15YTM57orGtHzx}tjr5N_r`>HI6dgZ z*ymZ&9A9h$CO4TWt~jWm2>pI$N%T=~CuiUrIeUi%Ack%Bow<=sM6f0_R1<^<6R!AT zWlvek(*KZ%b0`Qoz^i3e9mImuNc>KZb07GAn$k!0Wi0jS%9U#SN1(L?Ckl*m6rn^+}tPtgpR&FsaS^J6cCu#a{j>A=zQZ7S-yR_ zQ`9W9ysVYHe=I!5R-<4o$~+b#Ls(eA<#kIJj>XsnYOz7l#jMkyq)=RG=d(M;1v2?Qo+>y;jl^HwlWGo;h zD#0<>D0iEU1wg`M6B3%bnCX)s z_8!xI5Lp-WyS_)eacyA#7kI~BP@%48SaT;^gTmQH`HMPE%1|I@Pd6fCResmNVEG7G zYa^+a^D%kUztS5gn!g@q=XtqxneD^tySWHpAKq>pZ+qa}MlN5S1NXsg!^7N!Cp9BH z*)lhUL@;&+OR@JgWX4yvo@}DmZ$9)!D=Cix>nHR^FPt4hI@8hje$gD~M6br^*()#& z<3#!s+2PJe3QC{55U^_X`;5x;lx1HZ9qLaOL|Sx3lC9F(Uxg^H=|(vD#t$E)w1-!& z`}CCh&7b7byfYSJ#S1*2VCGbF_a8-0{IwYd%5PKo-nzq`+ zuyJrcnSp`&5uF0Nsuw-T%>Msy0V>~8+Pci{r}i=_O?YIZF_(_Z($D0@05J2zs z5*XTNNNS(?<#Ma?>rh;DWX)A4^V+=M+=nV|eV8T&o2CP!mriTd_X)Hj_^^3jv4bK-gj${d1i{u=Gc>4K{R2k25^GU%!g zg!^6&_!PX&R9`!yW}54My=>7tl96#i!V{AEIasF-4N)WXBwgJN4M}-=dF`HhtBI+x z(~Y2kCn?!zb!p;=(!2Hgq)_9_u?Udh*gGS+SQi0^XV#k8zKJ%h3~R`YJQ@*~iYtcv zDRkpcaG6OBUW@Ejb6LeSyl$t&nIjhq!HDi{x)s_@-N=6TB4M?f?dN@rXh0^))5&ZTUyUW8V-hXQd6o0R8G84XItw8+zM}r zv+jZK^Cp*9S_!h*QYi@LaBOWsOJfFGr5*h#!F0B2-Sq_aP>q|C_hG}uCCLgN{egyi zYj5^=den$F2^fWOjV2-IWZ^K+FRm2`-u~Ycq=XA1aHM18C9;{uwpS;1D9!fvBjPW4 z6)Lhg%E)+OBZ_^$YPs6CH$^`Jiu}12OFU*U3Yn}!rWQzSk?&a9PQTgNDjCb=KKJbj zCI03kY&{?~mJ?x)3|WCh3pQZl=a2MQSFCM`yV+wyD*rG&t%3mu=|BOK$$k5oQpYhM zHXd0d#`FkFXCU5)&g0Z7;+TJ^m_QID+Zg}oqEN$;I&f-(`Il#Rp1keYq*3iiUQ$qf zbJ8$`1!v5Hv*vjvM?*{Naj*mIGollC*@pay!3N9})%@6%1GhVSyi4@@B#)F{n#=bd z4XGaS?oqSsLn3J9$?vDVSZt6iCM>ij`?5@V*P&W>5e*Tik(v-k0< zI>+}=W{Nt)Zh?o-or{Fw%_jxo4GP+gX)j3>6%Kb2aamn7iT;_H)mQbx7? zw#AZ`9jh+P#HzR#YePRC)z#oOg_pVIDY-^Vauq~PVVVo$Ox5)qSeD=ws^zwjdKshJ zZntrDMfC1j44`v+d`k|W_mshWWspzUB<7@r9JvUS!XmyrIqfV~;=xcxB85}}7iVOI zkp^@50vl3dL{ZaQP~lKt93I;YA?}-$p~bnMda05I-bI(bx4iP=dq9%mc6F4FakV?P zH+nGLiw=tx3U~)DhawjKY29lbtg1IAr(R_fav28q*PABo%CF~rNXNVOOkLSf0E-P5 zi(mLUsqBf|E|R*_S2d9QyC*Na8_W^NF(tmQwaYU!viY+(YIJ-7(gvYUQ^+5RO z;S0{WHO2wQNAS5lqfT3)8;Un&Z-3*JnGHR&ktqBWv!bzRcmHNHWfQBLTwRY!XJva9 zz`8V?O6Cy6##b-!fSS8~lsQ#6+xj`aLez+uL!QTRi@} zPu9~a96=%FUYBT|5CHp~DGESHIgctVk1jcuPILFGLj5twes1E(=k~&J;*@7_&8U2b zYUGQyQfOG7B=d&|!*|4JqT?TB$N5*Mi%U+QatomO14D`5q4u8fP8WLexVgB@zC2=` zqC&ay4Y{>9g^y^tQ(Xwa8sk|tZMPdRST9Xg zS&>_^&^xqy9zoofaKpwiql^ouq&+X{WQ5o!v}5LnLqe01IH|2JU3KO{$cw#m7)c+W zgc}0ma>U^@u*3|?tQfpRld2E*6>vR$T-z0R?yW@yN_3KX=!d*nRk064y(3&&y?$2c}K*} z(OgYUc`#W1(?o^WYF@7&>`<8NEs3guxrJ28dw+t!Msp^FkJB~dU$ujwpmFxk%uJq2 zWGvgL%j*PympOIfUTX)ohE(y{Oz|J`KYN)gfGqfv1$I32lU@OdOHLO|iu<7hDpWn4 zN%z`yd-4MH%1|Zxom+yH8IA-?sqPV>^I7Z}d)WzZey2Bn+qLW0_xpB!K}Sn8)tFfb zqoI`7XE_(z$dQ+Ng}3%~-E0U+?&;v}g&ho#=8?B-+lEOki^tNe+M;MCPOfdG$uDS!$Y+{)NS9^=OD8M-sLz+Nu(2Xb9oynU%2tGN z+Ik89^>`Nn^N`1&V!AAjYd zxpagzjOVCrS8ay~u+KKPu*fbg4X?R`3o~NYBmu96fGSCGafySYqx|Bghgh$(y~bVe z>>1cj9bkY9R&8wf2j)#v|EFj7CJe25h4JDgCQ#coau5u(V5M1e$WX-fU-4<;{Czfr z9so818Vm$O(;dUVT!rpF65GA2F2)^0(*FP_45S`X`O4ri*Btrt!#{tmEjuQ6r>oc3 z*MndG$xcCRuG0UP6hZp$;gA0!DgXE3zn2am{yz`@-26Y+{XY+}uoBBY2%#{r<>r!I z-`&KG>=>K;`9U`+EQB>pX$dtoHR>ODi7OKU8QEd0*P%ZSRKo%ubcjuB#h;P@b6bn- zU%zDkARn9F4(FY|bR(uFPc*_^S!F1HhCl;Q?3@DrwmR-_2yxgpfBn1T&^tm}BDBaRe6tgXm5(Zhy_`WFbrwfw%-Kp&eTV=wgo z9FsJ10vLrdi;IhcaS>wND8&wA*gAIhpl$=r#lMFSSkjuOOucn+&-fA< zEKKqN9_RWHBT&bumz4omF<6QiKesF=;zz!5cvI(osPM1jK`I|!SH&7{?mqf4^KzwN ze`WY5S#b#o_baT9tjY#pFu9Dmt!;L8mk{;-!GXzq6ak%uc6Z6F6%`FlEGFY$lV)E$ zBm+P*aCc9-xX^nwc1A=*R8?1>@DsV?Qg|8ZxCmC4)|}~Pl08-=x3cR1YN@N~hj(Zz z_Ir5_Mf4B#OC0#vKxZ6n7EEizFvTo=EmJgK8yMViY(0Oz%F=%^!7D1QB*TvaLoMXniu%_}JpMj6Hy0vMD4=VjRj}Ez+yOtNt4qkz%F1L% z$K1oh#)dp@sFilj9Dt^|fOvylcuVlT#W%Vfm|$S~xbU{!A=qo$`<$DRbw-&Gm?7MdR<2}^7(xuU^Gx>(U(G)I3vZlD6!ze0GfA(>K?Xq||lTKtH z=j7{nXh=l=bzA4V`*g8_&jk`v|5tY)w#qug>%VAWn^RwEkk^GpOTWY ze|EOl`TFvY*ourx&xI!SHQ~8ESU+44{erItQWG?mH>kpnPq7g6y5(mc^;qosID5tL{zw%^#tt z;r6Eo@3k8j@0jDSX3vV_Iy$S(q!@HNJZ~(6>FcB0`J`n|L45;ryG(6STnKYHI1i z)6AVav#z|03$<%iMouuAGPIu2vK2vu)khT%V^*n}mbuGUy{5>7KBMFNx%KM3dd4ft zS&ogL_>Yi+4|fD*Z&z>Kh|bj@N9xbdc*bvkt&qJS zlaa(2SqhKWhZC@Z-9+O_{W1lskbJa^W9#KGE#J*{T-n#UuyU=2;V^U$O$g7lTt@!k zXwUH9Adzd=S^IejyX?i^jR*3+uY<^oDh@=M?(1KNR|H%I@5t%}Uuo!xDooCfDyKBB zN}u~rXhV~r{LR0K?#b)EJm5Ktb2>iJTNS~Y9{4-HLR?J2j?eZQ9}_X#Iw?3%;aZ4w~j3s@Eg#xn(lCWZ*bOKv{s#!1cAxX@`SD_FqD zKObwZA*>Cb>2*Z)7e)H_yWmgtJS|>b5u{ZObGKfZ$m3W%M!Ec6#@rI^;1$#De^PMp z)=$exI9jNx`EEFpOWKguZxaZK7c8YY&9an|YEgukgZvuL$s?@o_r~+3o*{eiLnX^F z`_0=pmTN}u>J;A@FEdzXhNGd@P>Nki1l=j6*at-KN_Yl1EeCu>Ay6)m+A%qz2H%gq z6!T;=55jV96aybYbzWXPIMd?baDnqd<;M|^@sx%3L|o-RYal|As<+wYsLCd_FvB~R z==B`h`#kVYSyOX}RY7n}hOw=eeO|j~tYJl%?o%8l#bu2K=`U?BtUGN~eSOWOO5Z2Q zjAbA6k;=*sj6LrC;Bp{I-%P$?<`%qoo-X|sb=pCbu3w98+hd|sAlTkhaQV&ei9V8! zA5{nwBn%<@5fUOm=tDvGmG&rKv77>D>3S zkXco9=qKF9EJ&MSj@|F!#o`YWM~ZDLO+5}~!mub)Nsi1vWHXU0f2I!nW@3`CqliVo$|{FH7clD?qhx@f_NwdpCdOSHg@paqk*B}pmvmY7a2`YH(W5RJYTdh z$diFE%z~VeDjy~h_#V!Ls#^^+YbHPo@KM{L53}`k$!g^*N&q`T;8bjJhh;Cw==$cS z#&`(r0q$=fMIII^5NtKzmg_yXLMiXZ8#?4%$7ahRb(d;4z4J*@#WAVkrDb86Q=WlU zcp$qC|MaTJ%8InW^pOi8K3hIh&$yx1sb{;H_g1J(jYPOG zv9W<-HD3-q`{x}_`%K(#wTYVr0^#rxrExk~oC^7|4F?E&_q6e^~ZOsJ-`Bs*ghU-WDhH@xar2 z0vD}chLW}#JrWrDsIF!}70&MV24}PW% zbma(!IB+K>*nCxiZ9|?M+H0a*?4JiF(Xaca8;1cJs`7G1tn6JF`~ygn+_4{NCG&oT zJ%YF4h+{6^6R)PHUq=@VdO-Pu`9*k#MGWDnOnl0L>1kZE65UD~{#0V(X#zSUOZhGs zAuP_vp5dY|P+z`;RLg#!Ln`)1io!o5&u~z3{js%V@{1EJ9O2-}8#T$D1SrIGEea|L zrbwK@P>4Y**I~JM->i_H2NqtbC&lPGB1fROoel6jV61FX5I#GJ+Tfz4R_W{JVdmjCiF}lcm?@g zS)SNk9+ZBF$m1)shgCz2oKf$GNea8Vn3c;{#^-ko0tbUrtE+N!pL&p>F7QK~c|@FK zSP^A#i_42iNISgK)c*&EaGm)RijwnfJL~+~Gx$2E89I_32))?ghJ3f;wN75Q2DoG) z$c@j(tNhSoOsWEF0zsu$9coqA&4M9HYoVzkUt2i&O}SsxQtc=CiMn#-ji^qrzX4Tz zfW8Cfm>4FTB^X5*>o?{}WPt%P8i-l&w@cB)PyI5~$AzmhZ?#5mK4+(nvloLe9Z5Nd z%a~Aw6D9|PQW7>=uQ$~31{uj@`v4pqxh?TjjoM!jn1bW9(fA}d7CFW3DMfJTTGdgO z&v(ohy-6{Sxa#p!is!Eh2C}Uj-%%?J4<6x`E`!T3n#GKg!T@mjblv$kbXw~HQ_cD> z=|m3iI}~kAym;$eTp|#VXB1L~6D&)pSz+;2@(o=N>i}?MTXv04skc3w^{x zJF;imTHD0sAec~V&KC~XUu3@6nb=bAsHTMztc)GZ-lN6*e8(~ZD#e*6Vahh8`p$wN zJF+G0V*-YC3Zy(dxbyS#-7`Xtnl%#Dh-1(y{wYcCfx4ET=}Uf+D%ee=?ZAnno{NA^ zi$Z~mi2mz&_uXEKqz&)c+iJ(IYfBJ(Ih+SKGlJlhksM66iuO(T#*y|le}L29MyPTPa1VPS^gDoZ19e{ny= zSh$!zOANq%sj%z-lfR~HWKn|P$NWD&xu49=OGfmW`~!1PGcXuT&w?}QebO=ivR#7Q z$YMDtV7k4+7JZ{*zEb|N1C94FQuGi)?h}$D+Wy09DoHf?FdAW5%xZMw^LBL8MC!(Wahyc|Ym1{5 z^>B~KOdpP6!KnTwY%xfoLkdcf%b#|Y$2Co5chPN{Bphf_#+Sn@vqqXmOPg>J)&CC? z0@2m*(US+n*UI@_6AP5FgF2U(EE-S2efskkA{`r<5mJ;*RxJaLjUpy%6`vg6POSaA zkKOO%w!U?Xf*J{pETZE}C#6y0k}#Hk%9y#I=%)b(=xw7H6%iiBV?xDmt(|a z300R@A+U?-|Jq|_+BFElke3I!<4!P9g(n3e>bYtU7y(XVT!oUua(+sU&g8KWg0SO5 z5D-q7GcK_2FvJW3s{&N}$;wIa*4>2;5pz;W(5?i&Z}H9JOZvlZA(X=9nlM0SNn zG3yQoKirIT$LBd6^KkXUOQn_{8EIp>dK^i{ie!w{(UQ_34%d_X@u{vz%3~pg8mqXt zZ?CN^X#&~AWRG#Iw6t#tBd*eWaKeT~tcy69m2rHZA7K~^5fW!1H8mk9qoOX;L7I*k z6d?EgZ+&5h@9Kg_#(RwTmO;w6wH7oS#bHZjMX*yCYR18F&&FriEd$w2JiR5P(dk|T z?%9kI-P4dc`CUU7Q|(-WM}f`5#HCh&5MC1Z-D?OI08RhoecGAX12b}$`qjgO-rM5%m??>rP?_8_L7^3jN};5hWJvdLiBEy#@od}~6T z5IyHInx>^%)D=JMowVXp6CtXg(7pHUqhcLXAB&{qW&pd!?wcAZsO7LwvbfT8G~B$P zsQ+*QgefqE1`8bVac_!>V5&-1a*EkH)y7DcjG$Hv`#oGbyWo~*24pQ|=#Q&0?5?>Z zwhP*!BB4xv&!L!3$1=^=e{xVDX!WEUt19L8pc^+52}@*2T_TM;{1J+$a50rt(9ZWc zaJb94|s` zbGT%NlNijJ(_eejccAL$jB5ykY_JLT`pBee=+(T7W&w-9jr-5RX?t6qP;k*{N3laq zjf5B>7zuqGrCMQ)<>RDfY@rAk2}`OAg<`_gJ8nE5Whu6y2j}OkAoKe^v5URusH8D9 zS$H==mJq0sEH@f7ryPFrgnn#ZQ(P2XEfqb@|8t{QDYdRnDRBVsjsa|r(GS+B{@~#D zN`$QihQHfele{Fv-A@(Mwk5yKB?(Dd#DWO>dWmka4J)e+Z^XAGLQ}00^Yz3+^awJ=`(E(>g1JsUtxanIkG`;Tg*5h52V=Je9rc zD==ND)le^>oL-1mzN$CiKnUDTG_*aGtjVPfq+w^`?_|=@G15=@glNJsX&n19M4VYs zZ87>a-W+HI8-6tMab`$Y10_i25Ss}z2G5{637P-;w@3{x_-pbLJ5kEY{C zD3J=Jsn7YE2lQvBnCRbs6!8ZRO$zZzdTM@6RZsPE``S78TuJWAS59K$sfE-<=n|gG zbch(m@bUq1te0UVItmIy%Y%c<8|N*WSqp5@0ZKdD_ksZa#M(;HHyBVG z#Mp=+n{Fn9t)U!4Xa;26Waq9;xB~-Zg;+=s0b)6Jg)Mq3c7|Fi+|oNBe@Ul}V~qes zIrRY>L*MjE!FjUF;0%b-f-$rrDE}W9zxIJr4=&V1Cuu?@xMpF|HNO_-xD`x0c@ay& zOU(|W33_{1Q*`vM%zQ~TRSat zbFK`kD5j>YDTTw$WwWOKIQNs+NIMTbcn;n7+3nix`aG)t>eI=Hojn>qLK`l50yD-n z$hCkak8D1rrk^5D-}7{2*|#wnsFj7XCXN{DELvWnB4^cYFRVKWRQx>bVl6l^%{e~& zs02zCN8v|sGz?5X6&w!uVxZOt&f%r^pa03?P zitp|KO?jIU$WRWteVeO1Q_cQOO|?q^s*POde9i4)zMn(4xu>wmC`Gb@?~ zQgTLieXg=W1(N(HsHfxb+9~HaZM=|WU5%dIZF2fyJnOuOxd&+yD9ak@O8k4o6);rt zm!a%m{CD0C|Qwb07mwR;^jx zgBag*{{vjYkZ4)&Wv3p1CzzRHK9hxWl`-MNrpUwO*$VqzS8@46$0-@vhof2e60@`b zSLc8g$FxdIn#}tn%l#fk8Km5_%y-MB@*}aH-{428ZUYo{xPc~YB-3~1|6(rYDo%W z0+(#+3=s^{5F{1cvKO8ePwdnYJ8ecPMn?20kbs+&bI*sJ>##5) zQn^q{%EW&YFT;J^xI!&yMv3975IgJJKv0jE4+3m}DMGjsn>hzP)4g(e`Db$tVoZ!x zI)NcQXEXE2-CdU!;gnVXg|IRSJB5S*TcTseY%FF`>;u?rxYo1-Vb zRa)G=mnCJ>V&lD4>P#DFWQcii|NbNDP}g5ua~J!5Z@6H9mp_@O#M#2!Y8h&2u7k^n zKLQW!>_FsX#sCjS7#KFaj-Q^E*!1JzaY)rIjG1Kqmy9s8Aw`34Zr)XfJq3JN&+z96 zG|kC!*x-zjrvN{ErAk?9%>OK9#%l7&)uyg;V#=WMWpSMP^-g}^z7arBi(txe$6&H{ zp<$ZMKw|HVo1R6+9$CJ+_5rCSwb8+F>t2sM&}_uA57o>^Hk%a?z7GbP z!MI=!^L(LS-Z|3r>MH)h!2y`$)x36**2=lWg~!a{=0TDAW99IbmAqKR5@fwJpt?jah~Z~W7>NnLGUULin;*%0x3 zc`%2&(#`=nDu{!MFbC+0t>m|4yU zmx{IJ7k>f6qFNSXMcPm^vsf`Ym=tBg-eKaB&B`7vVFo}veCvw zOTVEr4PjRd4y0`>WaF&yP4rD(&nz7I6lU9G;UGH}^A-3aAvp_srg`}rr(07@U|_>(_Vixvt$q<2Qm%&Ez83h#2tDU>*#ju^Ufr zKJ%_}xf)*r=Q(ux3zT_r>$Ll~g3B+g%T9*2Kc|2TgzbjA(h^72|nb6%mSJ#RU%dER! zX;^1;*-nERu4L?#Q+Z;Zoh5Cv{ghtFX2r@sY4QGazpNkls_%5&nVGe&*YWP!@#d)0 zX0K+Vf;gvQGc2J`E5#nBsuo&P`%o$$>P(tI1BXgn)YIc1)2LABW>*2<;qHTtm@LZ( zBkDa4SGFc$MVpUGLnGcka4-jf?e`C-B zX1ug)j+=clKkeP5IT{Fv>{^%5xC|aGsrsxju!JvSrWJI=EdfK>5<#2b7YC^1)IioW zDeWL7wY}!2P`UT)0&?-Xyem8jfm5-xEaHy%xlk~+L^ww@4zyrjWQbb?Xh??d)aatm z-rf!|W$`Vu$4zoI4;{z^ipeKq{VySK^Zb${Z&p#6ctpise-3sEpWgz!y}!58 z^}$5&KE&|;r+a#K+Ym$texAmtL_E*G$Wc%N!zeIsEl0WNXe61!wfY=S`6Vm^H9nnc zdTiozo{c3bt7JwJlUiG!FB8Yd1CqbG!+TymC__P6gSOQfjLlx(OrIQ|=OaykxM{Yb z%UKCOP6)g+#)wEH6D!%r#yS3;f28q?@>OdTD~TlERE9a+(@GT*A(&|hvYQ= zzV^^IF+|h7@a#c)+d*b3TkfBnP3qvY2P3k+xUgpoQnIlPv1@P|6+aB%q&R{Px0y|IIeubfYQ-Q$seoUpRv~L^0Pt`K$96qd)>9zZtyT7K-c# zy332Rkjss|K{!YDKKA(qri(UO($J2Y~`9lP3u7?Ph-01hzqb_B`Z$qI_$U z|6fmy9~|YDC%^|$$e1C*pCC?~YC4%hL&=tjdDd#&kTUbS4-oi^Him>I((O4Y0%|GT zPMgfzx=%|R$oG0(OkopjcMzmqhgQbO$c7W_OvXrodrB4bj@r~Aw#=rt+&=;w!ouA) z>-N~==HoGySJ)&rGi#6s;~WyPT9t%z zO_uGrTt?IRujOXMw3x)i?AH9;Z7B@T$(hVNJ30x6U}w=##aO;OQiG%FG50|T7fT%i zEKv`-At-=V295r^phdH^|8L%ZCi&tP9edto(W0B2DIaaIh=;fGcw}i|@qMB9U_iSc zQRFq5Op`BHTul)L43B0R$R^zl7hVWM;erGJy-LtMqrS3`sK2`};nDF*<_6nqQ=(_uLBamx^X- z*VXh8`(J-LkCOyKQ=s3#ZDK6~avLpt{RsU0c%whwCf&VWHyY1hD?|O?I~(onq78o~ zuZ}5Zm0R9#Z<7#Gf4!Sr=Oi_KB9Nv(9 znwafoPl5LLeNhAdqxt2f_h47VAC=PtZM)=6s(%K74=FeqBZ$537aNDUxq2yMBdvRc7vJHeLNpNo z&tfRI5CM#KTn*Or)KjV5H-q$eq+fbC*TV(aED~Pw*{o1(tc9oYZAFo9q< zz;<3a8e1t~QQ?z!HRms)WUBw}L$u84>#-5)WSx^?09t+g?q&-jF!HgyEzGqX#L*ro z{A5VWP?D-6211&b1k?dkP*7ImS~}oqZEhnwmJjMhJcKy?^W!Ze8517@epj8P z>CG)ZX-^jPM7GRkr&#AiaSwHnk2Z9HSpfgd)=$9nzL_y~MP<+oz+3Oe%g*;Td->C{ zK>GN%EM~W7^7|<3nCImX38@$XtQD8sWV*I$;H3vNBNN?qIy897mr|~C8^|KJe8b8j@m~eRs_F}->hu|m zg0jgd#1!l8hVR)C1u|R?;onD%pGl^0f7lKceh_T>-^5)X%?F5f1ssF9p`MS3cY%BP@`4q9VZ7;MUqe|$<$(cR13V2y($(chB9N>ub zU$yGS%GUCy8(YfwOLFE@bH~U*rFHNe-Z`iptQzLY{LXPNc@T6*cN!D3^y6sACibM* zjbF;^qUb3yao4Ivoi1Dh(Q*U&`}gYi`ACNTH^*t42ch;?b?Jn8(AG8k-Sm=#UQTuA zffD2|Zu+I1svv%n@N5IWhW;xrA0m7mgSQhnvarMe`)18%bNtj)-L3tGV?5&u}Jz2C3?}o_I`x(LFumBbNTeUES8WnN1x1rK@%gEJ_A} zmn*xeg%Zlxhj>!@t;?qd2@2YDTRU$&2jj{nVPfiKqwuf@JiO|U1LO4F9!!5RvofhS zHh=?9{o^+W$||leuu~1)q(7@B62*K71<~xpG_ard?^c2?l~KF0=%*`%kB}7Dy(0z= zrKFtAIAZGiV8x-Ovc!$7VtS@Cc)%9^KSz5nlJL@%}y;G+)=X2j0t4CF|Ln)VYnaOD@-2NwXQ zfkp-ci5>4-J1j;9Us${C?`nAi>NEO;1^ONuEM8wLB=o^ag{GF$QSX!L%TF|uh~dl& zX{@Sxt4XpCj_Tpa)7N&kl)rqUYZX76Vq#S*qJLsXoWI&yWWe;_f1O`FokQZ}YHg%@ z*~k0%-Q;%_VuHTp;le(s5|+tK(dUJBF!*Hw$TPjkCE9VAh!NXqfL=kB?s4*I7wy?n zwhtD4icgu!Z(u8x_Ows>48c&Vm-1t+UI=`JlalRhhC<)|fMeXF9P=n{U%|^Vm~HTx zOjQ^X0dWdGZLSIZYcfxoDfwbYDaYz=VZ>}<;U>c120dE-63T)s2an*031y_| z+G<9KueCl8Vf=~jXKf$eU}D?aU}?|YkDxu^Tt4+;bI5XYI9~~fROnkV?u{@fvG*a{ zbFLFf$-`7U7k+8azjTokq(o2EP8TXgj29364repK(k5H@nML?Xx>{OV8ah0*1&mRg zcY#PI@VTSVlS|OQ>-1}Wgf!`Gw{AWQo$}D#k&60{W@hBN1-Tb2?y;DtI(zG$QYf~3 ziq&2raz%tC%8^y~LL4axw4QWE?U9}Ycj)Kx?g>tcR z0zCEqAyfB3i_D}gW=Jx{4kn@%WX*FL7%PJg5;4Bp4l}aCMt2|%3=DkHJ10Q8JIURU z{B9H`cp`XLBK_~SrQs7L=+kTG=#gr;r*y}lb7w#)Tzf72cH5M}Q&hQn~ z_^C3>DXGPNKpvlSaKa!ofil~La5M#Mq?GK}BB98^(*9k%?nL&iR1|&muzRzgflrOz zn~8mKU|R7rd*%;^jd!h{>oE8A!o4&qEn(ESv59zJboYq>T?qi zoSZm-4~s+8PysqOrdruyBLm~E*G4{rvh4FddE(=KQI&aK&n93tUa$WX+h^QdzyV6c zPRoKsraGJOG~VYcnfC)89fAHl^@Qkp(9zt>Cg|Ov{%1;_8F-fB3%Hf#F)6RWb8dX) z)96O$zlRjab)26f^PJz<=2VD{zvQ919X61bq2{rKD-*Y83ApQIPD&x-RsZ~n#=g8D z>gkSs*=2&ym*Jsjl9Riq48mUDz@rU^g1TuBI_Gu#qEM$=52t57YKHym*8=E<*JW(~ z4g%cWSKC0HTWYV z?;iHy)H}HWm#~m5I8m_WC!@`~phaTh-;vl?%y&QlH;vwO$5``oDk=*#x>(rvH6?3- z9%3wde92oY?JkFqQH~NC8OA7M+@sghSH3B4E%OL7 zjb*lC0jt7n$V%?|RNCzw#cSsjVjj=$-g;ZnW599(BGRHD=d?5^&$6(o8b-NT^6fu^ zpF)28{i4GtK!$Aun$vg&a%4JM{cbP{4#82XY%ym{)6^OE1oD6BS+gbWQx2o z_KSHM;Z`F){zf_oI_Oc``DXVW&G#_Mcmz}k;!I03@g+@AGx^r~E8Sfhj!MKYGzM+k zOSZKR7kbYu6R#mryYHp{B~ja8d8ZNEuQl>OI)T%q)n(&H|IB!UQ~AW@{v%mHx|5Js zQdsG&M)2KC|ETy1$*vvf#&DZhHd#RgEQ|I@ZFlvI9OUj7MyEz%Wd}9JE+`$57l;kO_TgM5ZAQdrhK;>SzjSsRv{OfYPLHc`+l0c zbI|!Aj^D&cSQF#or=B{Rv`%2XJ3%D)@toT8{*M8ZAB}2x0;hd@c#HRs^ZwcOZK<`_ z5_gK(DV=fY{S4OoG3d?C;OKIaK=|LMqfiSQM`=lZL&trNpP?2tF|B|pF%zv=s5rdam5l?I=6iu{X{-%T85@|o&x z#eY?LO%pBzBRc(|SZEegWxbtTA=>QYQ{f$qhg#E*g{TbQl6BGT5ulyL;4JmJiS5 z*p-+FdX?_{XvQaD6CP78+?t76_U=TU3^^b^SHd*(`AYV&YFNwi*XpfwuJK-l>})|? z@P3BvF1_$-(6%R|o9vm7tn>VP4p0n#OEvT! zoWgL6eVI%uG$@Y-LIORNL)0|%<)Q`L&}QJ!@p;-i@3-Z+gCN>KH>QE_>+Fxbo8#lc zzP#sRB!c%7iQa+AF%{?67U#d1suMJuJto$D>lTz!cz)?&*^im8nNi-GnOX0c{@E{kXdka>KGM^OIXSy`K+`ROs#=3px5}l! zr{=;>ceNaax#27sMSwWP={1$#A^TNl+0vDe5HxSzY^oRU1ke;agi{fX< zyvg+I^_8+&t#(S4o1UIAx&ZuohEQKEFc=tUh?z^Q*1p%*GSFD~7`R*tkfN>S)fmi< zoi`M(-8i?1*7uxKwI)()`;d;aFU%O=$J8{oHmz&z0BQpMZ8jJ&r6>7h8 zrTKp!eM{xeWDDg%kP?$Hrx}qu2P=wIb_vE5iy}*TJLSfX$$Q){FBu;r?eI-E`+>*; zPt^6R(5hjaUSC3vx+_rMGhaf9#|uHj_x{n7D_J%u4ZW~CuggQE)_)kEpT|uv^^9eV zya(|L)hmztuR(L$e$ta3hSq)kxs2mifB)uD%}?-SP{Ko+B~UV`Qqrh53;lEREojQL z@(InnBoOf{D7;J_7j3hQ#kQ2Crm+g8{z8ckoea^O+_muSM5CB#oM@Y@9l{-ooUrYX zAiKt?PLJN*YfIp4yQRP7>C?0LOVC^UasSg6T%gDza>ybL#-x>atQ5mv*w$9^&MlF6 zBrI(&HdBVED7+7Xu%ov1HMuc7cha2T% zT+n*nt9~{{5g_I8Y!v6aTV_0JuatEm~;#~Hc9hhzN|KG)aiuTYADhGIAjG`)K(TG2F|k% zc$O>2@Y$*?q!XI%>jJSC-YqvOHsI5Y&EHQMM-QP>b&2Y`cyjU};W2r-WAB3DI1rNP z(&IRUNT~8&qtHAR_OfohV7}rm;yW91B5-~ZvJB2o8us)(aTSM#)E`GbNi%$>{43~T z0R1y}_s-AT{hrHD7_41y{P6)D)4=JBR|GH9q(+24wC1D3gTO-WulcP&t7xCg4F2ajl% zpb_KxbT6aae*%#)Zcl#VOet)HGJw;Xh=i~|HRSk&-}hjjw&K^#Y>qk2DBrvqZeG#&?TkmM{&0K0<67wU2wZ0t(xik^%14C;lV@>n$4GiaG$P1EC{4~8h(-6j zkE{YOpg?vq!3Hy9Y@fzl%p#MwrEuN{;r;u{YiL_HGB9j*c6 zL%tIc;qg=VoF3YP8XNPMb=3DNi+wEQ2SXF;Jn~9J9pb?MMkQ=(hw7v|-H#zDLfu&$ z$`xQ^Fj$GdDi5uF^RpJ(b{C0ER4hr;SH)UVK=P>7-Hy?g11xTg?@FXu7>T!LEd2^3 zsUr;;dSJI!e&XQCm%?%AfO>Ri{adzPPL8;e#LXgY_C4#fFE(!c-sD#8IAfxEx9-f$ zqo5OQ!=6Ot+>3KvEwyJU3-ZDvNsF=Ve`$$&U9Y5E*K=10vecyS@qFr|T= z{@Y>mhxyKR=AEl<7d9IaR6}WDuH}cM5lW5a_K7x%-FI@4{pcrUy3D2 z#a+~O$!MH{yITp;R4Ca%UGrngP3`T$J49t}kKcX0E=^1X6vUuJop*0#u*FaK{U6Mm zjhJ2}@=CVk8|y=g)Q`*r6{yXf?esVyj~wJr9luW37xZ3i!z|T7q=`XR2eJTbGMejK zQZgfyo!{-bfkeQhSlOXe#Mt%qlO$HrRueWSYuVgXk`J<**$_f4O}VhSf+B13kUa=! zrXy}eclQiVzJ}n{qch-CswS5@hr99F&bF#< zfNG4NH@&A^N2fH4#`BCiQc4o?leP<&rR?c|191|1Z82E^q0q4%X>^qx&yOwHlV!iY z?((6ZXGGfC4}W!jY~S@LVvo0p^ZIT}TdcLM9o;=@wagPYQ=0#C_G?}ibBPYN1dF&g z$W-c?M!0`!?ztGx``-*Y4hqghP6)Ssv4;s?mzrL~AM9L^7Iz+}71>D}sLhg+# zEA<&@A-|ntY9NELdv;Hp%l_p`r_L`NV|Af|dD-pf%B{m3JzE5U`7KXek5~ABo>-E| z2zs3h9n1OO2p32z^JXY+7c+Qk0o746wxYk0%CI8O6a^;rR%M&8B*!UMCR||2^dT<8t?vPWp<9QxV>&>Zl2IFSc@g z5^L(TvZT~(V$zWkE_L>Ag@U7Cx#-f^-~uXu;N)#pBDDuO_99Npu0d3XGi6C|&FTll$Ov>_rzjM-mH6_y75=bycKa zoVELW{;};6(1%|gr1fePLoy*M#m z;^)+8EQV0!otJD`t?KO~)eeBdnhPL$atb1`O_&fXxNRBdPj@al!IXfV<7f;bep@ND z((IIYA0iEWSd0v_U~~K#l`)s3L{?&bAxzrs1XI922N|z$h$-#WI~sD2z)Z@^6B|l; zX-&_pj*1`7-b>a4oJ}pQ^5o@F9k+$Ht^V0p&=c1?*RmrhIxfUijjQQ;^atAwD=+W> z#?!FJcc*+mk`E6=sl21>7B9^pZC{d!6{&J9s-(6TjR4pl9aA|40Bg;1|lGkH@?y>p$PbNQ?)$Rjd;}j+oxEsns z2rbtwia>LBHy3O(dc;JR^<>f#6&yCBFC`g{7b%&;K}>zohZrhK#v?nB_4i=6;2ypi zCN_%((_q|sWk)GiQexRoH*f=>)GIOqcikf$_>pgaX*3>#b0U*HwqpV)B1sAC(}QZV~jOLuy+ zpF|_*fwbnmvK6-doYeQ^#qP0gE=;|_qrNaN2SpjuR?ckndv4*={DRkBBQOvGxWZ=r zFajg&J-3^(qcn(F)I1e#eLOM$x2~+F895Rfp3>8pCLJg60$T>P&}?oNffyAW5XZKE zC3_Izsq3Z?GVLu*8$Jjo7bE47P4DV=hSj$*jx3XpiwMqTf5IDDrt1h(NNvejquXiU zt#xN$xHBsBgHVh%dB+yt$o4s7&z%n=*Y0_PCcKQdCWM%H*j*0|mCCM9&`ABGv@&Hl zejZRN+do5hZwrfFwOM=n>ho&0QKniy-ApmTt#-F3{F7#Kyw#vnoLwGS_q!@%+Lb`K zJR%Yi7K1cZld`JcdzSNY!UG&xub)xYD98-L)k_4Fie@U$;D z;2j%yHDBYyp`skDzgm)l6o?A;q3OK*GdZEOV-b7>)6+CHD5Ej89JDSoq7jzVU77aG z>{f;j63wG1bI47m<9aFJD@^V2qaq-PcnoO3Qi=D*+ADj~A^?Qx6A?5I519yv9D-S@ zDZt@cY z|D)ggOL8KC;mYV;eB%A+H2*fCi!+F`f1(SKjYo2%QM=hW0E)%KQs)mtLcmGl%Q;Ep z%g``MnsK{~ru%}N&xy6Svo5-WiHL~zKMy4mk@43*5D%PiYhG1o#coU+EA9IX$W142 zJ14_bkM3ah4{TxK7PSKDoA!Amh8Q+>!X+{}Tys!E?PZ0PM?^M4`4ljg1Akwd-+ z-p6&qj*U4AOAilMcwMaoZE28kA|s1`Lx*AH-5J~6`Cz#PFG}uyE71J_rcMahY&ets z)Hf*eD>xAe_+Z&4^A5%NB&IWZ#l2SA8g+V~f@1#pWHJKB_xbN$@aZp*t4?Qnd5tdX zdrb5_c>S3-{t1cl{m8MF!6<@K&x@eYk0nk6+nBzBmbml$O^+ubW~3Nw6u7_>I{UOy zK7td;9&BUMVgVEZcjO!0)wp`vI(jD&Oj2V64kOxE$ zci`bOzvst|;w;Iv>0`xQOW=m5)GJoruZBH0dC37Gp!ae`q=JXFh05qXT)!H#qURjjXkb&%~ zOW{rw{4p;ev+1n%M^Db*dpsdU^u*b)`d)c`@xk=&|1&Y%5kl5w(dA@GuooZ`ITzjU2IX}OD|6^>(H$Anr6nMcL(f2$al=r- zYO}`vqnB(6Z}IG(%m}SIycV3eQ?soL%rDQgvB|kB+6?CJ#p~B&QZcFHiJUnN zW_ucB<02i<_=ko^QF|^a5fVP*u6pCcdHjKS1_4wvGx0jH1hf%zE)=T3QvH>ALN2nV zc%;mxvdT!_Swj;ppIGaXl0vXjrcKS=K@)x$8}XiZb4KNr&iGK5t9?o^@C?#jYG-r2 z$(9Mt8kX;6@XM(rz}p#jDC{0~nvzY5RmsLXiJ>@r&OuL3JR6$t^y;eO@`A$6UL!vy zh9?Q9c2scaXec#PR@`{!{j#AUvcVt5fYn{}TVei=2|j*FaKe`yN6f50KN~Q!u;?7) z2YNoc2;}~Svl+;u<8h&&AgHE%b8G4lEBD$ZrsK2)sFHNDk6KIz^F!(}W{=P)6)G*h zPjA(pSF!U-XA;FxnvYB27fh@EauH(MsA-H1HfLbMBRgL8JBU*nv4xc|ra}@RtiD@M zf<|JQNrxXdAGwD?p0qnwjkYRCkxWKcm1QuRYNcQ;AfU{R!D5W6N@l1)si$KLB?)Sb z4o9+co`Uq%O{xh_-G1hZ_Rm`#jYUozrAJF}ex0B$N@0g?UPBJg%LY<*<_MG& z4z*F}$pgBmmB54z?O#|AtLQLvOzjRuFNq?|4sic<97TY)`&Gq$;wW1!fy+IAQFBfN zgAH39J0h7D>g$zw9IktAAE}Z0D*o8p=?R^jY~>yY!ZG*1wpqe>wN8KL$JfA|SLv~z zOKXY5Z=Ks*^bKap3Fl-uRM@Vuxa%Y}`qt=nH06Z51vZ71w|rW=XwEmchGvu(Iuqyz z|4VOQ>T_L217T3~P_CwS-=xFv&6XgcVX;l_aC0 zxb&S6r|Pl|a=xu`&==9t%2-o|`OeMrHs$@LeL}%{lFTG(m*hx?LrGVlO)LU;J}*}< z0gxufzGTL(o_i_SH9R7d2gJoe&4pN*zI+~51YSGc$Sj$a!MzWUm=2+Q^*jiz9|LKqZuLsCIp0w2=7450&9PE0V1onsK3s&n`(MeTyL3st);*|0J5?+wE*ATp795!!ME@^sae(%#j$8Q z#8a(gcRmT~0&3%cAOEKD4eM)s!3(PMuF1-0tjjlP)uzi9E{u8}Su`dPrtoSH{#lXn zh|=WBCJ##If8-o^j7AKfOH9UddfUdpI0#d7kAVlUuoj5(0Ta>4T@V>&5PQw##>_dL zv@J*)ftWlFp>_Hk>{w^<*+!=?f?$zjbpD;#3UQN1#v}>#57`w3h9}8b1;|o*=Ns~S zTnP?jPSGA6uJWwzu6j&-RS9$&ft=jxDO~yqMv;zUQ##WoICxkMso8woF`dgUDleGU)o7ARQ3euk8J#m)dPfs=j{(-y97lxmWDjR)y8(LZi=pL@sTwPnz z*(+9v!%_QjYJcd0!l`Ak4-ghV0ePK*VU-GhzD`32)@pg*$@004A)|E@`1u&lZq-9sX7P8!;WFWQdLFp_jJAZ7H1*P}{ zF(~V7xzgvNExaQZ>U8*oAirx}Rd$}?*v+EFC&m*&nLT)gN^Pkt?D2g4W(qdkJugp9 zDO}&IOCWgp>xd1r{6IPRxh{CELAHuKKN~nS$Rp6CsSGLeyK&G{({_6QBUYUQkOrJW zENdIrmlmgX9a4d|cnJi93X=cSc?(mxfNIjs%3U6!*&lhP4 zp?sv2dd7W(g6CMxbhf;~SgjUZUqyNC)kUfGPWMGL_kR0d>akb+DKO4yh4D*RkYeHZ~pWRj1*ONt_BLOOIw|_+X;Fl+O@T@ZyaO07>8kz*&{A4>-JPW%bc6* zoY7`7tiNlrJ8isCXGR3!^=7?pk4777+2yID@cIX9+oXU&8NnqHZO#v#_TZ|&r#TU| zvo*Nh@6UBOrM1-@DEhfG$auMyG~=iw)SmC`+1?R*D@KF!vCzx);^-2{s({pI6sWGQ z=|g8-p7X&?#E`Z2xrYHT|FzKsqQrD+m#_rBBx=QxhTxwH-ouVFll!xtZfAY`%Iwv# z;R^PnrIx$lp!(KqNsUz(9v4U86+Kvdsj_-AB7^v7GfUL)gmV4+R+RcZN?b5;RizUD z^mrtysneyIWo8`kdQ?q@gQS2wnc!qdXWv*0yaP^Ur73E88w$*rNkZdxyR|%KBtkly4N;)o+)ef;nLHi zz{rjan3>hxmGpE$`=Gp2z9+Kjb8jWex<&4H03gg!rBzsN)@J+MHO!CYx$(Q)qGEE7D+BHDQ4l3RgJu%BUg?XqM%Na zUr&&g!h+FmmPD2$z%${_)MU=_XO$?`J#>2N5}BFYTOTGHy_V>I+eWCQf??~pBNRvY zZ{AVvvRRd3%KT+JA6wwhB72&O7y<||Yhv*7B*oT(pC^3MOAZg-)WD1jRBom@#G;6R zqeIW-ZL~Bbvh+m4jfIIFjTyEbohX+fBK@9|qoBLCR+vv}Zt&A&Arv>%h=>vrS2@^K zzTiwI&4y2cFNfTEwc62GrdOJ7(=V++UOkM;r8y$=I6YUlzpMa|NfeYFKlFfI>>TDy zErrYLfu!ByXbC4;iIS@rA(kRTEhm^Q+M?4$Px^fwcYZ-FUOFCtiBYY)Dytq27yG4T zM!s=VN|=;_5EUy%A(e5p>bp}Vt%_*6F*y&vBo`qCW_;=&mb5>=mN4B7+)`M~T{@g~ zxiE{-7tZ(?G{>Ye@@QS2V#+(}D8&HbRWo7x7A-fGK>|UdvZCyh!xf6BkeuH&kK3&y zBk_Z7-)vrx!$Tvqn3Hfk?zkVliBX|tb7W6>70?uXI&I16QY)xiT##_rCZZTl^bH*d zr%WP_;DhPSe!U_160ZWMY@KfAY}=_fZqwe9-7x+SRc{#}mz%rq@GT2i@r0R7> zqmJlF4g@5VQ@|dd*yOLJQ(#1bq^YIM#M(?5|8o2_bK(*J-=nie)*185lmnG(EJ4x? zGRciwnB7ygeFakN=Ey|rm8!3NO*V1A!{EaxfF%hgE?>JtJGfkE4!pQWFCe?F_dn9^Cu#zTVUN-MpS7;xUtC7X>!5US7xKX zoHcmSBDFB4;refE)tO4WkL|Y=Bf(ilps@pphbU@3bRDO#rakH*SIFXu9ETBw1ur6A zgYHPDIkf1U!~M?<;bmfccCO%Fu2-*-)tT8Z%4sF}dyYq4vx5$6sG$Yt{5jGNYPi+6s$YW2LW2@-V|RASqe4EOvVhHI>CB$tl`68CgvDun3@W zp;|=ki~7kIMn2PTPr-mZ#Z(J=dGa&~cvuHBF?`$Bg#Lh>4#1*4ceEjHcs}=~3|Q{W zJ5A;qpQKPRGUZh(zyMb~q96r))^a3eZN*iqD5=tm$34o*f2crQoOlVNSy)(fxdb7s z3W^)k9$)~Ad-i?_TLoP-v%HH30Np_r;se@B0h46<5_;kZtO1d%YY(G+1G%Y@%sk)7 z;%RdcSvgB$BTuCHu!HXANDJcW#YBZ_ny)leF|IVxk%|7Ll5ui~0pg1+!ZnGA-vS_f zQ|9T>G{->Uq40w&|5(%@bVcyMR(mHuZ1ZGaaWy&lr%d1t_46kVi78{DG&M=5ms{mDJP?<$!8*J^msFqlqzjn9cZJ{x`$TatIet?C;76YQYqFS|`s~V4(qSCh*ErEr!X+~V}8V0Vk(_T$AJj_k+p_)+rm zmHFr6(=DdX0A-Dc_Y_~uz~8Fwm1Y4J6ytp% zWC#JSCq5W~xd~a>CgfNYDpTkt1dRIr1|c{Z&_Br}`1pi%kfs#(#pl#+$}C0lXpRE| zOq_OVrAo_VcIXOv7~-OX;Up3c-c24A)zP~S>&Yh>VoX3O)8zYd^X}%6qfkfBOKYza z+j;bwQfZ>OslQoS(z~@bh0=^dv*hLF5@sp?$n&bBJC6r8(uGT~&=eX6mlTKZn|Q0K zLBGlO=>$r0%hFp4$k4lT?RQIiqrgb9(*Q)G6~u>2p+H811kUj!X(F~qg#(lybLX_? zli6a6E+!tuLM4E455ZR#hWIo&3+cTgaFnrE6pSJL)F`JX{bVltN1PMg)QUV%Q~mcQ z83^&wVeh>0=x9y$*Ix{6D){3x+)N{M-_yne4Tw6;tw&$fg=z^L=sB$uqv>}qyw7bJ zI8b=ifg}|Ipz~#Q?KMMRJkE4ZF?^>B!brf)7>ezO)yPH1$4ez4C0|QTt*_kb&-r-~hr@RoEM{?uX>#;vBS@|Ju`3qcu+C=!C*OnK#SSx&v`|*r za}W*2`xOKxQ>W}`&Kp>mtw*b;#7TiRJ_W-UgJ!?&KdzYa%_a?PZ^!uV%r6BIhD#ot zCCa8Us4lMkgM{Z(1${A`(5UWZdj3+V=L?^ z1`|$xvPJ4i7h<6_Ra60kQC7*3aQzKN&tw092Rp^#0O{?0GsA;9gEKA9BE9U$Op?5o zzCcbkZkF9fSGUNNg@hhE_{OnM2ZbRoKMEF996-|(gqofYuW}3cXnUqwb3#o_$!KN* zrM>QGwFO^IWCiOz2~>R>MF*C#Z~TWJQ|GJR7l5~jX4@PANZ~!=z3X*n<3t$Q@O4$e$S>~R99m& zLAiJ1xR;ELl!Dl<2rVp>()V3$qpY0uG>Y#bHEqc6JGUE3$34SR-Qh?mwH1C~@#J3f z5Uz^Ko_r1?LzH&FXvonu>B`yB4n0fgiB;3<#j~Iwrx{%=O9DKH%A=TT^EJJe$jOi) ztNBFYK=XfI9K0$2jb#~~aL_Xv(XI>&en$XOmCLS4G>} z@EU(kLj_kAHWNanM%uFh23oB+#PfuXLU5#ab->p1f8!Goc#S2*{6YgakL#2q6+J!q zGyo|iSiXr1aGK>tn$r5bZ?X))ige6cq-;CYy~D$RGO)IzzM3j%8hu|9%#+UFyU(w0 z5Ybvrnw%hG-rv6(qPW^;${^0s?(Xu}db%0s>SnH(7^7ka<&*Xm4{snSy=sMxhi*BN z{UF4x1LDEK8m=~gmzW*8L_Q66D9I`dc436>Y2b@RIB&!41d zLZgR=Xt-axF2lYO`&avZvuV&iJsg7Ld(2E@W23nLZn^S}$3jX84a1>!Fg9hOPp%Rc z-CF><;#;>>`^GD44q8}MueROz)Dhlg6l6YNSNk76e-fa<+T1cz=0CR>9<<;eum!^o z?aSIl6_4N767s=qU%ln{-6{Rmv`szDp9HD9R_gsW?;X(I%*>QeJTMD3Kx0U0&F*q< zH@g9Ml8`T*H@Z$=JGg&%xF1tavCq0M+*Lpi7zs-j4H5Dv|HR=60BKh}Bqd-X09>%85N%vmnNM;4kPwE@5|=Duc1Bj62ap9q1au`` zwJ8Ae3?`QI#UPIIEij}ilFqgu(mtZNQ|P;YYUsBl37W!%^;(o$ZMaum{oK=QZ!OM!5Dt=OG*Dqru^P)R{>ovT%#Ei^P>IdpV4-$29n z$3p5jtSc|5IB)+(v~5XGhcD`(U8ya^5g@cF)pdkUoSsea)`ED2qEw^#Gk-TPK>*q zFhuO2YDwMCX(lgyEEsSXR!*Bvo5cay{Jbt16E193RR~<9?9G<&oF>xp;dlNK0WmbO z_@dF|NvxtaokHbw4<_;mHW<31G^nJWdGe${8ge-Bxtk!(l4twzBe1HXzQN^xZ-P4c ztMXOG%q6K*jzGu=mXV+@v72E*P-)H}aDQhvnxYLOA2E(=RJ29u-V8iO8Paop3@Psw zj5jwHo-k9Ke4kWt9TvwIrG}lWklukqDh+5lYr$tXo%Y*bA%NQ*U0 zg$cMd_;+Md`$Ihir*kzheKbxQFpQ<@EZn_)z2mYH50hlWDo>tNlpA2;vUBfYuL%G; z-yB0EQ5}}qLd5KD|F1@JsUDX;R!m|F#w5(UWi<2XhqpT#!*zv!s3N^7P4*vzJ^{j^ zVed`tkZ&S_Kmq*CP`Cxw4UejB-^tCk z({h~Y^&s`VJT=$?*JHBB^@fRd9#*&QKFq2h`dpAI;lfaab=T+r@_#W&LG&`lOhd$x zB;t>}oZyw2Y)}BtB+ktz52qhxgBDM}^?f+4#W`U0XcjS&-s|V1QC7QY=JWCKp}bN4 zkITNY!xZaj|LT4pW`|y`DNo8G+29GIec2q;a%U;9_9!4R85>Uzr}^dlPpk2Ff)w^0 z$%pIisz+`|+i;8W@GYG_AAPU5`G1V8UnG{EA0Q`?!XyvWfE8io7nOW(U7qPWaTi`8 zf-ebZIj{Pi{o>TQMQPlR*poh9!T$lfQe_VZCLI?s5Z}X4 z?6;1z#EtP(rxhNF95FHe9w!5-@2zhzOoHx35EDib_z!g+~&|?Kgrn&UZKbO&q zF?pP2khOh3G@2`xJ?GIl*lRJvJdQ6rCcC@gmK#4}>|&VAUsd!?YFuMPy*73wF9E}C zBh`X8xPhY~6gjP)=_J2J6eiz#+f5P20F#sOc)ad$Cah8OWQL{q)X`9)e(&@Z#9pCc z$r=XD0X~Knc*UWw+=AtG7O(B~vKI&Kx70j1S|cygh@SPaU+mhtCt|5s*uUv>c2}=G z(p-$t0U=eTfD6uSU(N2Vp0YLrK0h|cJI2CPM^roMu(vh*zI7Y1z{@I$X_x@Tgq74l zt!@qmNAwbmp^`XAZMqpv*01Wxi*P`uti7%eRGxW3De@BX<+eGdXQWkIeKDDkU3`$@ zUcuof+or<@o!{M^G9flRjpN7bXWA#%E62x8g}kfp>!n8t^;qh=*PGZjmW;qF)}t!& z)xhJX(CW=9UtPBh8OuPk=`ySmW-M9OJ?r=>-^*l zJF{-S%=5CiN9i7{T zJiapN@M-)@wOJJwrK8un_0@rXxu^GWahC=#y|%CE*h}dB?jjKWq}6hM>kPvV``AA8 zU2sLt<-WiDl$W%6YnK7Cczp+!!wJ*UuGe?rtk8#^rMhg|7)2oSm3>E)w}&@2nQu5B{Izp9R-uj5VZNO`}DpUrfBg|lrWsi z@e2Xw>G5*|z&wBy5N`_98nALwN^wKmxZ$oSCoABA;|3z+#db8#nCnU0$aDrkfN z|2#repS#CvFfex1|Ds)t6g8(Ph{kaolee6di)95(6mX~1-j`L!$?5N`cNxF6R?`pe z-WJ4WlVPU=$E|Qfa8qI~c9Mun9R4g#91@rJCKK-+Rjr?Svc;ZxX0B=@6p{zs>Co>! zFbQy9J0VquPU&Fjcf%?Bt=k85vR|CNq|_f|X33 z;04~?qci(M|4>E%XK8E+j&Do2xzb2grl#1(6G;#h)#%A*rslsigf)A;W2~GI)U2FoilN+eUQj7+4zD1emmYdHCAJ1YB`E<|c>2=nc9&L?XTQ-GG?Zn*x$=m^uuUV1q9`mKlDm#&#KGPg3=Or?9YPycwRn;H@xhaNbU~GY|8rW z8h1`wg2L>osT^%^s@v}{s?T})HDBpgM-(%kIPJLBK!t-ouzRxe3uGXL2fxH}8MYkGaj69diarl1DLUDzq;~l1oWOW<{1u zztzf<#{-O0ttWRMw_UZ+U?7JNx{YUP4>;~}(A{EFpZw<}b;Rog& z&;amWz2Fu|kFb7+Y_HesTA!2+UO0I8Z>mb7>mW+)st5*>6s*B@sR_54-ORfL%o3g$ z%$%hNuQjhElVP#(lW%iE{y_BhUTjx4vkpPC05N2p0@gm>6tO!tnP!qfM z?CAklila%1W5Ec`VyY@#zk1)%1vSRWVzbpUBn66TI3ACo1Mk92hL;Ko98xhg9cRz? zQb_VmCe;`C-bv?+H*bQXl*5jQ$jPO#O=?oIiAnIW+ocmBL`b=>YF}RRyjuOU|4eSt z8Gj^Wx82|8HBxjf)uhhOKv2%j3hx5G>#1D3vMcN9hy-DY>M78!Ho|*Cb(#qul^<+< zNJomx_3c-gErt=$+?TMP?i@!;J01;RIZWFy_=0G4fHqbb_$^<>QDD&l@Q#kob|VVD zP#he+T7U0gvjku9-fmJnY0czBQRtve;iZzLB&Ep}Yho+mOwz{DuD0**^C3LDl?81Z zQ4_{PwSGKve$N2D32X{2n=pj0u6y0wWs2iQfugkn{TF{Xe#Tlo`RKjDX;xy>=S>PL z{4@pqZ!G{;@2eS{PrOzRgFJP8BZa1mos{2X%Jc1Z`(r4zo`{IjDIyU83zXZj;hGon zWK=*vcZ6I0Bw}Ss%MPmh?!SLn8jUPNqLrL~Z_gW-be02{N-x)+3EZv^>Z)s-SAvQy zX>{k$KDOla++W~{z3y1DJ)VhN=U?R8kE{?jVs;5vT9Uc4KXDZJ9&i=--pQ>SQf7|S zkN8@mvoXSFZu8jHW=yj;G<&I>`v zDP3_kD*p3C-Z(JB>LigPa&1Ej@XvXtq&!<~1P^1yIUb!{ z7#&WW&&{b4XcTsrq%Z}gyQYOpNl`Bs%_wR~6)5zWH3pWXEif|qervI+usBi;C*}$9 zxTQuvEZepSB6uA-j^1Uq-rN-S@S(PKqyBB0;eP)9L!3TcEEGU0Q4()bwQnFr(Qbui zCqWeEMv^Z^bcc$J8wKkZwbQY)0Gsk4iGCQPcukl0EO7U<7Nm7`j8&(d&(H?cWuk^l!uqzGX@P@zy4p|rx|XJ zgG6rjgIR74k3?MdN>xMGqLhhT>?$?yUpSK=K%5RgFl+PCf_$MMVdSC*@QNHhJ2+eL zGep&yp#klw5c#E_lbxUZCg!M@0A(zG?~81&+}763zsW(7jN+zg^?%rl=aMi|(&YHY z6VH~qKTfb)T2^>`?J)@+y`(0`$rw-iK7L?C;FUeaCMzy%OUz=mRB+b)tEWEu02n1x zdNbU!yLj2Z1_oW|CYM69vSKLGHP-r?!^manIEy8fPXv0=e^nr94xcGT>Qu$*-^bfTjBem{_RWaydahvIcqccZ3`adyUx z&H3d^Pyll7q+F}J^-}Y}uWbFzJ|J0WQxlEy3x>@6kA{vLR@+(bfnsr^6P~`2lI)%J zs)#jB=+fUd9v38SDkP%fR?xNhxfRW!E9!y?v+_sZa-Wa?@b(>WT-Ln0Lzp{bal!}k z-_OlcC!{3=6?qeooK2@543Y76KSYd(T9v1axKuj;ju99q+`L~f5`GdCkyP&VH-4A0 z4Op$#9ZCffkmq`gXnl^f0tUZHNu#DmZsiegJjOVcM%-L7s5O!HU=5!%yZ+Yr)SPBIHzPhRu9XQUnMVJ(8eziH}##EugaAv%pMrLy|sAcyjo_xLFp726l+0Dpk7@}2DlfV!9D z6Hf4rEHMSu_)&bm9cuGa;O)WjlyBaE_c5OkEN(4-$;INkwz=GC~Kq4+d#3q(vnBefvmwg%K?jlsik>v?4O39R%b zdZaMV^Vy?BOqhr(=y&}&a9h3|z*O}<>Ix>Yn-brM_P{#mH^vAptuJ;_dHIlOW7H9` zlCIagc}}>*J<2maKexdC4lVLqgaNzVaz9N3{Rk-qRV!-@?K>Ka`6dBl5#B zjs>Rx>UXOOY2D{CPx98j6!>>DiQPOVxwhxcMgoKrz>l=zW zxd{r|-etc8wQu|f>bL6G+q1EC4Lw4nV-LQq%jFxUNu0_IUV6L!#Q=1o9p8y@??PU#W={vLF z9P$cmOwHaE&8o5uA9JS5H2k#$Qo$n*V%W`#%BYGFIexiw66E>A3AMgnPsAzXSo(*i z#9#-oJHq}19Mw`i0Al;m600QpbWPP!gY=#8CJL1j7uk1F!Zj&&h6$6zGJAo{ZcqtW zILKL$z>28+Gw*?eKBGFxXl>6g4|iWw3GMO*nGAkQlYZ~?XQB19G#Uo=oSoYCwloGl z_($`zhDx!SF&9iI{7i&!fPxe*8owQ@KN96-N6zK*gFbX4GF)Kx21NxQeLMw|>Pf4MvSnai>D9fF}eYR`hVDx8JB?SN{I z{%fEG8I>2SOjQI~MLj4Kg(-bmOlJj7eBTW1G7&8iP^{<4L1A+YcsR|6MyT#c`%k;- zFV6a7nWj|w%!5gTurUleU9-m1{gPK(Pjef2{QO#F94139{$VQ#M;@gXFZ;`N>u{VP zr}WTJSoP|k{XJq)xNK%fR0+rR)%Tw5eAiFA&Mq!^JNr>sOzATd+v}###y6Vm{2?xv zNh<2IT|SEmj%>T z5-cZVb*;6z%kvd^oj(3`9T%4_|9J&%vNOnF+OMV}$u866#y`gZ2F^jwgKL^8DjDiL%_F zK^Cs(;A`VoVqko_VAdR_YnfO=Q1BT%z(j%jIk%YG5n*SDmb;%s7I*wllsKv}BVgFPLY_V^f2s4*)(q8GKGJCKED9IzWt!s`OIptIJ$10HHETKzit1kid8V`i2~qQ4Jr`L~oYI9t zz}ou0GwL9Pg@HXbo9!BRd3m|}#j<(R!HP8=mn|Pvg5}iD=|hL-&aWheH8t_oo8EOS z4kg=8aFR2M=_s|0(iDtr8PjYB%q%TQwKG=ft$~Ic(1L>-KGA;XPBj+&YGb2Oy;v(s zm^vXkextHKHkwlO-#=J3*1ZVbgoOF0zvVSqT2~b;6AYHtq;c=(;S6sSQ=IW@N~yT% zFK3X-g*AdBly7!Zquq@k-QT~8iBIbF%|w~SVbW5BJ4EX@`PVp@?F=%RT=(FafG?;o zz2p5lGy~bq7!jiewyl;2tS74rMh^4ZT~SX3mPCrU(#qJV;xn926xq77$Mz^?aH*4S zrw8~6tV&-@K~T(BwpBg$VSSY-Js zPdGdr-FoV3bM4@)p^^6zwumM*%l>0!H6l6^|E_ItH?PI>Z@dX-M$L*%kkKA85|RM* zOVzf4W`~S1g?qa>aY{Vo^z_R;QA2L?=qM~+S(RnTry0@rUCoB*jRj60{%=C@;EJ9Q zb{o!igylrqUbZS>g@?}xx4V4UbUkA^rh-2>?KTD8eEmK>DlPH(`T5`W zKVB^@Ew>+5?WhF>H&dIKq}wdgbJ9WWa~6ysj9rJ+UAznu(cSGJRnB_MBYl79qw~U= zj^DXu)x6F}ZpuiQRZUTsKBxEt86zI2-TF5fot>hVVU8j+Nr5|$1s3XOuE(>7c@P%| zKk!@C@@H?;G`TbK9U{Vw*qdjIK|~CgY)1IACBG@s8*rg-g4j(r-yK5e!!Ie9Z(oOy<0Hu8cOxELrM6olP?T}u1-zKxgUx=n1OH&&P zR>A|6?8TKP)xI0Z&`4h6GJp(skBE4DagO#B+UQQatgR6A7Q1vJz##QT9wqU_pfR637Ye`jT02_ zWtN*&RFJ&V;7HQTxh!0K_VT($G3CR<#r0khdzssztbg?p7x@OMKp%fr_6OJfcYmO< zNO$M^FNE4?r(abF(?fL#Q|oPY&FXP;)hBawu(5b4Hrq9$f!nh#np-y9LsQVE{U*?PQ z)#kT(j<&n7oNLz$=VYH}u*%-BA!gBLLy{1I1S(0<*dy+z(-EE!<<>cs#VGk?C6u~O zygUelh&seL>yN$-Kwf8rGVC+&3`hiRU+@$0^V!n`?Jb2Z@2}t=gRef zJo%)Tqr@*^P&gjjPbMe2$Ub@8%};mD5zRzN8JUu*s+juv`tCsiL-{s6ruO!BO?vFz za(3n?KBdF}V4M9lM#HO*rji^|XdyH))dZvf z()?mF%}P&&6tBw=ms8lu!Q;~EuuESJ9D(L$I8ZPaQvMJIzClb3Rg)K2G)Zh`qVu+U z0t2=#G~LKnq%oU$&ll7q!-$e~4rfvAjO>KMX?^r@EX>tU41H6WgKbVi4rXqdi0EjO zs3mnXQaU8xT5_ z@LK?Bc`+Gu>#@UE#U1CxPD&4il+DaZv2!&WuM0@u&#w`k8=oX5qc5K2G%b%3XheMg zN*3R>#;1!~)juHrV%TYDM0sfO;rohTkG0fWZX;gJ!9x*{yA@`|IQBZIdm z_yILbgDa02^IYo{gCIxlciorrh%6eTo@h1m?!LN{a|BSZ(=dkTh8JqoYyhcL5KQ!N zp#~|Ym~IymHGM;o*ks!CeKi>qs&I0Apme8yJOu?@V&c*8yOfkC{5B$F7`S7Fw5?H2 z8MFa#E+yublS3omJrV%$ex+0J{Qf;6m1nfc7kR=XQ=S?}-A*_^7fii(unxY^5^RB9}E3P=@9WBxtC z`a-IA)!Sq%%}w==f}clJ?=JzU`waK(0H>4I6`2iA}IjeA51N4gXqSu?Bd5SL!8?zzuRH9;uxxN%QtbDdu<%$N0R zj>|PKO+XkTgVZP{Yv|@X6(*mf|Hy!%9U+IL5PIA=Yhdnnkcr=s;7p|_Jbn-`aBDN~spxYzm8i(nfew|h$nC0c= zwfAv53<3f#W!1=T%d^o*)i!66L-(+>!ZRh4B5qi6BxuONBfK$5+Wn_%M!teEASIDo{o9)*u@7&KzV3lYh3D_VO|SF`|KRTeQSf4JH(3>fC)t^QSBniI zsQotnt>I-1oVYFA%w1*|v}^RC=k(9@Yk*i0#vW*l3OLTp;GG@_t6EAUG!{DgHXBnT zMuwq-plx- zmbYp76~OfQ-04AOF_6TUo-b2PrjS_kqaggZlM&CkheZ$iH<{>RVf`d&;lzkEXCD1* z6=7=yRCIMrkTrsShXYA$+by%7)*(5o5B_dREGb%%7Yk5=&oZLw164Wk7m%6~V>*R` zHtny(0D84nJmE1GeN&*`=V;sWQMJcB1A07oe(h*AsY~CX0W%yFIyySo3cj`7%*f0w z&Z}@6|A>!Qf(sPVFsF98cS$^34V(SeUEgyo39`{if`!eY_6fa?WdFJN*oeR6C3k$1{=3{8QosFXwGBLpxJ32D+`wsJHMW6M^ zeA+u1XB`bX^Y&o2&Vi!X08J@b$rL{D2ud8Zm8^YtqE+2lb!d+y=En8*(0J8;**%s9 z$4LOn&&~BR0EB%hDv$IpCNDA1q?*XdCFSKggQEhvJA(vbe>RzqUy`)UsJlC@FuzV~_}FY& zM#0F45Ad)cPw+UwA&^@g`Bc;f(?zyS(@S05SNHx~d^mhYidY3F-Gj34E?rMe6TiU- z&pR0aT9N;?;QN`vlux?(W^0?>`uoE(sn6orx>L!sQHu=m7CXBYAlD711_T6<>47to zNJtar*BEf#ZKA;yIHp}e#*+lUExB9I%;95}>y*Y0grUTbF`4t>xHjOp)*u`ldU1)M!3Ov+<_5+F&w~0Z4Q0*AYY1~Qf3%I3o#bq>x8+c!W z5VJb$e_cb_T>JuOLUD0%b&huSXWgNCY%{Cy*e08g|Ki9G);WDmp9}*GThs>U`xlma zhR>vQ6nYtD`}w->7ry&Gy>8xLwNc8Dl0#`JDYB!hVZ_s`Cl;H%MTXK+6AU|K@B1#F zdkQ3>nJMxR#-+i3Ma}kIqlK;?@IQnhJ#sZ>t=e+(exAO1_NLxzla!n}cGQCg3IpMM z28TT0wXNRV`E2vUPKh}Cz==9=s*Y#4EFH!--9D2!s5?2s%XVc|rDS`#oq&%RAO%bS zVD&(csc9U;AZB|a#E_7@__w!TO^Lp=F>1q3PfO-`Xn+UYT8UZyqRfRh1TxOhIz~)r z$)`+WqB|To1o1I_$)fA^+Or^;6}7N;jZ7&w9*i@A*8<)7x;y3=pvME>n?Hc>!aHIR zkii{J6l-7TGp}x8gcPT%)7skjMBBhC2wp=2?{opc_Ct{O#fI`(0`)EfqxkU|5LDC+ z1#57u%uj!!{~2gJ7%E^unybNZ`@A*sos8-L8q!$!_+r3s5AI-1r!X)2)hR@w<<%$M zNfGY$%o38~aNiq^=|hMKL|!n20iq$NWd#vZ=>X8BuwKQYrZj&2**wJn(NZ@|G<8|= zfGP9L%uEE4t!BmlniGM*xb7!kEv^kF)z)e!Nl`nIQnC<85gJlS37rF(u|?9(==rEX zQH$pe@*7OH@6S)){UkIJ5)5YiasXMHY^g2R$Bp9{509jh(%}and!){-`0y1MtC3_w z!onca%3W{510ZGe_5@X+TH9UHBe}%I%*@<`79#!h`@>k{gV%30NNe!7Xw+{p_nEh!bv(?-cN+}IEY`)rwnp!F)urCiSrOCAlr^1`wrBYOq|68rJ+bo;Y z1t-|a{_6-dTXO7I5b9-ubZul{U=WT2)`|^6{56lGz{x0Rwi$ox<2Rd}6N{GPpKob# zLJK|iN2|pjkJr`xtE!s&v#D-hu%j6)Jg%1bl_$I^A=%Q5GA|gry?X4ieC<`7a zk4c53-_>>_-NJo6RRX zT>|cL^PI0$oaw}6GyuZ0-~u$2gmXJS)-sqo{e@0fDGJBZ9L$UEB7osT&fUK?~n@boOQcsTKtuI zU}Sv-)*KPXviZFsZ@0s)o_6hzrf6ZJp`l~dwn^wT_G~D1+K|FJ#J#p}OUj|wzigZ3 z|Bre9_ifSc;@-FmCEn+n2V&QcA|sBEG0FRrUh=+up)&E z^rwsX0!8&5vE$|&SnShYZ#r$MRRf2a*X;ojw??504yqQAzpyZ)t>^m@nIdpacuh=*qhSfyaF3d?Qlg3F2S%_bN>lhz`?%5 z>wI;VnFv;MMZ3&9;bZFfOGu|8x%OZ9{-4t>(rbg_gIckXn9Nxp zud6b<8T^;&KQ}?~ypCHODvX0q}B z57Bl#mQ0y$Dp)%J!TUn zY+WC1_O>&o!(Mg@-Yrdel!PRus{0588qN>=DM9D{4+Ij|vcUWo3vqp5>q(E`_kECI z24g~y2`2blUtOE7#rZAuXGLI3{GC*Zvu_+dT`vLG-}T$CprdCa;<7{)IrHWg$(C(O zL5z9;HL>u>8O$dJZ1=r*;b+m3{U-mnvHNenPw%+Hg?04+z)%tx3X%Acu} zWE1TaHM(sz4~TO+?v3pN(Qj^?yD<(XPJdYeRT4jp&=%-L+cHtXF{^|GZ!Lgg7|evp zMp?mAx}`8crG7Y+=t^klV(7wHXfWu)XlT%o(87;zp%LqtejTI>gi<}WjmCHvq2d4Q zk=K*-iP0FSX8ql1X>dJlwD6o=MN9zs#d&a0x!Yp|adYVs{9=pDuLLlEJcUnf`x7#vFsbi)D!tBc(9#8f$+;4wP%Y^Z|FE8TC2?PphEFKSfwtLo%Xw|_|o@;{=So#MrEPnMnU6EG#HBxVF za{S{YaCGGq))FtP5^?070-}e+`8#mmQ6+;v?1>bqgh^fovF$0J5zV$~dk$*gu)p2q zd(81{=M&MR{<&GJislsK3Q zT7^s(+)w>w1EV#g-qdTm1zdP7{9= zxHd4Icki2-@9XpXoZh>cAqjzCg$QPh!SyVWH?-6cn~nM zAK;|eu3ZXJAYj`yxuP~$*-STKj~YEM?W{Zr!C@P*g}5i@ykE0xi*m=UEq?7K8I|{9 zUL?}oDmVu(_lC0EpDbg#Tpa^Eu59jR)0})>Grj9xyOG2I= z=Lhys&r?wWiDbZ6SZJ6+I-x{he{jJ|S6FQNCHC0V6vTCtGmb)vd3UxZ&d`l4=A4;V zkpyG^G5G@>bVl7ucz(Cz?^peRnR*|6xZHscPlfJUjSh=Un_Ft)FS@iwAx3Ou2Y6oD z*?lXb_Mby(kGp>Eyc$|flls^z#BO4dW4=@+*yw1?)zdP}>+1&Bl|F}v(!ix4Y3LEF z8<7vxIvPUUUkuAB^oVUZ5!ZI4C~0pHWVpUxxG8pg`0&@e zIX1vm{%-H$taxHR_WM_Go%n(YW}r0zntto7t_y^*K}@Un*Sj+A-9{i(w)^(e?d@A> zaM?Rh>v0=qLySSwT@gm@GZv3KlOClQP*rP!mG(o*kC4=Sm0wj=#{IA_|LnU)*`P|` zYJR&2ts`%>9$erX*W)Y1?_cbn; z$iWia9bEYAcADIr#J2sivgZM<4r~RT!a;Nbp&Tit>PaMtcVRV!X}hn@7i*CpGruvi zjw~-I%GwYig=<6;aXrUovUC~piU4jPSPxz%z;|@zv5|OZVD7dvswUYyH#NOViOn68 zz)~&MRRl>q4mPF*k;ZpUIqbJx{|p+M4-nFZ0m=|aE!gMffbFiX{xGg=_%!@sbKX^< z_dyr}M^~H23=zlGl}WX<=yiA) zBnL()J)&*dxsIk*w6dd)laLL)5NrUxxGE%kf#Smcbe51GMcG~Wdh2E8!nrHPH4l!FYK99 z7FL$YS!ofK<@Q^h@$n=}^MC)ke9(=C{vjOPJ*cZFkD}h`Lgrh!o>OeB$Pt&pogK@n zJAHkS?mB!u#+OL3EvChM0rhRbsN0Cy28W)j=Now}TTjON#iwrlLyM8_j>+7xlt+)vrm9Qh(b-NSKn=zjP6 z$(p}OG`-!@fk6{x{-#6XmDLPtt-es6S2~foie>q6_2C9WerfAAGkCNb*PebhqscWV zXf58pX{WXd_=s>irt=+3yiS|fQADPxqO#KbY^@6+drCRrO=ov^w?U@{QtBMtqoQGs z-SzifX%7&Vc0I)ASufspHR_XF!I9x?`o_dlXK%IlY*%Tepo*^IE_w(8u5lo+m%OBvUb29DuEzs5tQ=)TBtq#l z_qs$tuCK`4=X_b&$P2^c^F=sK3Q#v!`^n0&PAe+mnY*~wF~3j}h+0}^msE6< z&jw;WM4Ya$i{0Oejr^V@E0r>Faaqm3rYinwindBY;{I8C@`~%Z|6O_;Ck;G{+esq- zx5E@i_-VPxulr`peA13-GlAHn#wWCM))<&IRy%Y2?))S5XK2Qe7^mih_rM{=X6WDJ zK~lUgFFSx#@HwcNf{_6faVnR^;jc3ask}i97KBAdqg0s&0!UWFWn^ZiV`9n*3xlPm zrjCk=GFcRK($Li%TXET|*I^+DiH@TDEB8BJdbWYdXtgr|Z5j(z>Y&Q)!gx4^&9Qj) z$8>ozO-AZL@%g3Ce!Vj!p9Ii9+~Fs2WW%y3GgzsK{egv@4P#-1#Y5A&+Cj>a%k4~M zJ}fzMbkLHQHDGFE+W!@ zM>O34T1D9X@JCln;RE^800w+FTfqZ;u^&L(d2_K8Quk+PUbVZ}~FTW>_J04HDFylDrv z#hkJ(>9YewyYE;3?8zoZtgojGDX1Kq;aWg{piZ-iL?f*M_103u%ZtC0cZD_G{h&V-+enV?p@YO= zyK6}QcE!iE&TuFjMp@hz9!yS0_tOUSo*ZyxXQ>D`{mLCB*gVR1r2W2+c(Ua1tE)0= zDKt_}zddNh1>nT(ezu~v?#TP}WF8$8bKEl)gA}?SH1JmmEAIAmJ9PGETM9TI3@8DSIQwlo}eK9&!&r8 zTud73dN!S)x{eM}gi_HkMNCQ&@_+}y-xDN%0*?p_dhOa0zocj!)xzavFaGlfcytct91t6HK)<#2ianfaGlUS|3lg)HEM z_Ql#_uUxI!`32$a@*6&lWk}W$ahtu3;dW$;-jRA1TPqbX>1&%M- zLJxDc9;7xy*7-w94}K{MGA~{)1bzD}b6eL_9nmY&qVCym!;&hsR>q+SQ@DT?Y2NRr z%jroDE*i#Q;=or8#=q&q>OCzvY2@*bU(#=W))`F70k=tl4_Pgznm~`afSZ$Rb=@P8FO|pC$$xp*$IukYe$bPe114rJ2TyVr zI+co*j0ectSZPEzgN2Sh!LMA6;(_BK`#sN0WE~J{guj-q-x@j^X9S;}7Tdnq3B8?l zr7ql2N++6KEE*q-9NJ9HDg{%ylBKLdB1!RCDI@PoWAM%0H^+?Z z=s#XjbCvkjPud)Tsct{6RvBX6HmEVutNKndPVP>S9z&qgjga*tzwsSE03hQSHErmr zO89P){BOG@n(uq2oox=oJm#e?qryLf8rED`j6$r>iCM0$P_O$DLpI+JFam=p-gTV7 zd^u$0bL#(#lK$*bk067|E-Srb*hjv$-XW(99POUUA2}`j*9(wLY|}B>kubCi&wYs* zm7EENp^Sd5b5+VW&7p;;aekARTGuze&8TfTDt^WfRc@8*sHT^$A9&Btdte7W4ny)h zR(+t$KVWD%fiokSO0OaV-`FyLq_^TzsOdJW-`NR9tMtlU&TYAPs?plMP%ZU>QSDA- zE?Y#wK^#46-aDCS-7RzS`|jS4!Zo;{Gpki?M_^hE@(U zuc4g%1k)SPw{N#0PWJI|zpCB;>J)tW#+&)DMm_#^M`#JRwHF)?2P;d5{SFkJZN3!` z@KWP;qcA@uNxWI#R;DdIui4qQIb+zzH?(W~nrU4& zRKR_)o4NIt=1X3G^T!ie_0@s2ZXH;ORUFao!4k3t-TM-4?{)sFr z!}(MmOguF2oY8pbXSMZ4axtA)+O_XM?i(PSr>1?~)McG4L2_Oh`>`SO?!7x7Xeayq zE>Lvnw)pGUw>Mt!*2Eb2EW(CXIs?g56>ekdY^yz*nf#fjPigVn$~~s&>x5(+(<4u8 zHF6f|=vmj>kSFKPQAD~|z#>=mG|^bgthmr9bNPARWMg*V_*5FU(eo&c5ZIYJed`VF z;z^GakL@iJ_}QM8nLjxbN!IH`CDG;Mt9tKyoAHmGzy0}v_u6^NZ)j}Fl29>>m#U)!H0s__d8W&L*Zn4>+js$1n?V9>j>H zvIY^8NvsglAV&Sj4Eutj%iWeLY3X}A<~L>F$89!En%&uT9z z$)~H0I5=jPMF|C6$P`wfFMyG}^ z%}`=y{HMJBJOmo2&kl`P(e+z+#3^1>8EqrK}_h?vgi7u)P6e& zd3{jF=KJsey3e}@IE4i^#E3qRF{L(uZe1G&($Kd&m>;?kwE~sIU1Psvs2Q1wzo=ej zS@K}GtR zHdVD^pEvN{^)Vl|Dk`-#<3NKPIFLBrVSX)z?D#~ay?zZ7@V;%dnmD=B6__m_Ry;>! z3s0XpnPK^@w$ALmK!%gRKQxo^v(%^T?rtgDm_+B|08X_KsnthDMOH$U!i_KiD{ft< zg+Gh4;)&k|X}xVKoJu#yDCrqP5mUl2$%)GD>aR*Xlj@!YJtyTQp_>eeQVPtWeC} zu};8~skX-JP-NDwRRQM|!5yQOME=ZVa|SMVKkTnHX%4>Vb0mWCmgy|iY)0?~?Lj7s z+0}yIEC&~*_shDH=on)06Lt@H<;x%97^nvQB!r6PCc$_HX{Uq5aF8NRE=SsXQMJ73 z)sWm=84K;^UTIN7!jdDJ+S#vy2AogCVNu-QHBd5=jt7?a$2$rIN@@9#&WSB zHVe;A$Yag26S2q^$f`QTOCmBI#O041PRZL#?!ogarQ6}oM%c8Kf=%yx@pzw^*a|pL zF?I*EPjf33byP%)QF@WHSyOWq5nN6gv+;QYhEn_ENCKwgNCxwivqtV76!)Gl(>L+& zA4d?peO0r6Af|2gg&({|;x$Om?Bp#kq5IX=T9np2^3Q(-gV(b~(ot4dF{|;LO&}w9 zw@HnswV^K{(Hot73?o0ahh9WzNS)r+XDhv!xvq2<<6*AJj-a+eBfjh6SSk(zMcv0< zx7!>hC5xv-ET<=e7Vim+T||C=>GR>5AQOxrh|$(Z*?LaP6HLiVphWx)DVRhA@zcY< zA11QnDa$5A6Fmou^%}$#_zfp)>{~nBd zF*Px{go`4W{o-c8Jph>EZfo9|Q68Yqli1E_PpLRAltqcA&_bj0&pNX(dV>kr_Kzb7 z@aJVKnKn7rVs3Zy*`;hKhAj3xEi`?{_c#+6^u;*o%E_us7I+b$MGMJr?#x+XDXVo{ zn%xWr{kD1ou7S*uv~JWxp|KR)%vHD&_va>Dy`JhQIIiA>2fpdI@1MMghCIIJa;M_m z>|8iCy>c+#28!+OD`Zwc%VkViO&;SF^A%qXnwCn; z!v4nxb9-}=J#O-u7KRP?k-ZMSE0we$8643koMKPxq>nBv|Ab>l(d9TX$_w(CP;0ZSkgeX5yQ=@ld8rhO>*d z5PzZ_BYd}=2g&9`LOrTB>F z>--30h`xm2C164LB`JXMs9Zvgq3LfPBr{<#TKF>q6wijLq+bA|hqv zK!M@!52CMW??fL(9ug#PeI9bUPmJ{S6-4sO`sxz1R#zKPFy^^AQaPyFZ*OyG)zpGj z@cUwphxXX{qOcHmEgCec>w%&ROJ+WKM$1PKR6^bfiPPcG z0|W=VSn1lNyDN=rLfy6{e!bjBubM1IG*a>5u30cu_-2Lw#R4EwZAM;(_bT4f-uTtQx&?uGAJH5z5zTy;GJQB!PeNa zsCsMAa(S_(5nLkZ?-!NtWQ$ZdbxDOzTT~Hthx0#Fox#Fr+2#lz^|Yk#=GLBivO#+^ z%O02<1JegC{vV)me-D9ntKMH($yZ-s17FhLF}57^2Lki9lUIHRbbz`S9&0fAn|wrCqG)wlog9SDJ2 zSXjb`$(Nnu7!oKt2&9PU9CmBp7!_&OcfRkarjP#TrZ7EPUuV&03E zZf^H!tIt|L8!BTpJ_}E}8a@ZyRUsJ;SAu%2tM@W6C35yI3lTjH0J#(b(<*syWQn2z za?9i43$jYrG{Uz}0=j_*eyOHr`0rjsQ_St1J3O0y-XsoHCs!r+^)626cF}{bH@Eg% z{r3jKXjlk>vvLX=IZ>vVh;-#qy7p_Y^j$zh8GnETe#`mpaJ<$r$iK;zsR%yDjUOR&CBfZS;Nlvdu z%-Qd6eV0WP-4de|8xk#|GFnF&m4CDT+xRu$>Uj@L-Wt8P9@-EhfNTm1yLwgo0*s}$EW zgRj_BE1ak`DR9YHen`MhkU_#JF0Dahwl$l2XV34vw+y)N3;42V$Xsz_dHnYdS}=~} z>G5vr5eC5R&RTjM&FgKd022!%dA4!&SvH0K)9@dQ)WF2AFbZ|;ap#70SF5fwgLpS` zd_?8v#ZBIHr)+_t#(h_ueHu20+Aj@}2`LWUX)P#~h%XGUVG-dxJJ!pi8jLU#6lINb z7R`1PAPX+i)rQ>APA(aPP3D)BFu9`CF=8Z3lj8q3XvZ#f0no>0DF{4A*n_)99Qp zzM3vq3bZB`ur!22Ehrz?W`WPb5B(|ug%9@`V|9UOp6ef&waq?;>sQwj2SdeE^yK5b z@2w3jRS(Au@9WGAu}5tN2o}u<%Ti*?WR{|{w}$R?cKX~A1Qx&y+{~z~TU!eF`(MU8 z9aTDf~JQo!E31d;o0|JJ>JjKFdV-_OeiFtPY} zRjhk~Xk4<1NvnMrS~*{dy-C{KsHeNR(O*~VbamQNOHc5oguA|CdC zCzr@T&Tjn$g$`IKdX*eM7zpD(nJtF+P&dd3=@c(B(X87YIan-C z?4EX=>785>jwJf^^A2NuqH_uHLtlPHF}{iiMOpC z9>q(juMTGXpFhM!o~MHKN67eJ;i9FtSEfI8ua$k%@y44F(37)3Z#=kza2NU~ZTdxx zJfVE6LP{bbA3$H6{oEJ2S`Q7e?Z&}UFMg|44(JX6;o6@a56}HyhrX^4%Q_lJ_%E23 zccpLdR_ShHQm;4XFzcb5`R-X7Z8gSvc75lrdB@G~F=ylelq8XvvJ+YEEKZcSKnW@^ z{TxYfcYZ1qfIblI&9<~)kL>FVPk4$SQdAuvUe#l|dfu`;Ep1zAJ%#c&!n+~xR0WZk z0hvj>4&rOhMA#JlBvw=7mnt!|x)CU>bu2x5Q|26Z24mkImp!C{pr zauyi%4in^^@QvkC2q-|U*=7?uvMV7PMv}lOp|t6$kvdfBmZ|0i*e~Sk(}z=QE3Pa` z%@v`orC;$`9O*KI2Jd-!8ytY-3G|`Oth)00TF&aKS8};RzrSq=)EcJt_XFHHQSWFg z3>xw#vTVyybN0`t1o_v~gXNe}1ehv7Is=2YiOJ3JbynmGhgy51^!(g0Bo$@;0fLKE z;o0QHZI~tI0SHP;WGqKfDZ-s8yu1#Uzza##XJXw(3v!<1XeHR`w8|4((q&7Kpf4dQ zDQ)@`hk(HNt+fzfevJU zYm4?1$d>0v_kZ5$j;KqUy!p-fKA2_DkF#H*O125z3;BbWYC?lQ2wU2*;$_(58~JO2 zn$-1UIh9gRk3EKw<4mB+x=3ay`lF5r)|?FuI~W~gbdB8qwyE%9XE;3Tv6nyOS5ypW z*;WfT0y}fOZbxz9BS)6HG}nDd78^GY3Ky4`%Z&eg?8W4pSNhpjmhU#-M{PS-H(8=R zOLhb*t7}UiR!B3_3nUj-A-+U$8Nfj7={Z~Pkiz_0su1zp~^wCHlT(`0pLa~An_zN&* z4?!yS{Mq7mNu7&rLW5yQKlttW9)8&Os6aiDKGBf3#zsAc#KtSwLiXHC+EVS&o(x4$9sJB3Np{~ia^iu;Ee7tq3S)f(&VhDVofLlDNr%yE(Kex zwf^nf^nVx#e8lh)D>#EoJ!>#0eawDGPpf-eEz5`7ddrteWBmzyEfo4G4B4F=f7+>& z7H+AVQOdt_e!aF&sX_jYw)-3CVq@aM(8(1f3+gKlaMa~z9FqQ3+M1T_*bBGT`XwR3 zOc%ev`LSACZ-|Z(Ge`~=(Awb2FEqMnXB;B_xDMRb-y$}y7S06)Qb1_thhsT}F=kw^ zgu;nX=bUH!bHJOPHZP)mjPs+15{!ks8xq$gXpce|fJWy}IQBh^<(x{7tIL$Qb6soc zpdQZLS+z%}cO?~J{Wf$wL=yoYr2^|9y!c(xmBe#Cogk(fS4KF3(O`!B9DV1C>aZC< z8HD0S+ibhF+qaW1?4xXwg?7tdoUtV2ys&nEJcqZkFflQ+{mtKUH@tolnl|WUk3NQj zd6dN+2LfDjuBOd-H(*tSd0vcYGEx0r)-I=WVeq#@U2y@`_+yRUg#2vn>%ODl*RQDN^-5$O_`i}N_gwQXV$TGXI*?BgGq|5-~c_nB$$xU## zJNW&KME z7kb%>DyO7N>M%@#LJQ8Zfl!2x`zT={ja&~z6e{z-rYZVA;yO2xN9b4g8U*mK`?7%_ zN1NCd0`{?Vnh|Te&;jh1^5-c(#W&79fB2s;%2ZWewl$A`$S=AL36HzIRkd96LDs#} z(r#Ko4OI!$L&%UNpM7bZq)(a6PCC4CUUR^VKY=nQ_9E0NsnkC<4}8{G;fM^vitbPE zL%rh5Q^%=fEm~_!_Vc6|FJlvrQ;q6>#n_H0CfP-(F(Kgdxkao!om*LOQy!e?^4*#Z zE+JG^Y--*t!Tmbfz?x?sJj~9XYLvpWdEV6R#GJk!ONopqJJ{Uj36WZfD3n=LolJhh^|?h1uiJb6>IGjDDDBgwH@A|MTH6QZx*Q!78xc z0R8O^ba&(aa-Jk-!p~ZJJ;H|TKmuu28ZKtuRmvYzHai-+)J!}|mk4tzg1A)nP!jw4 zliGJ=1jrx5&d$G!ujo$hgRGNUYWxED`c0?2WqXZt`u)_d-#lI}ZUWAR^AS z+lC9rp0@*%t)K{a#bp3smu(p-gqYHC%Y?lABt}|SM8!R+h z@IFlN`|i#Zm$#&uiK+a3FrBtNhYhI37qSJicC&cQ5$ZK1beqg)+ZY+j%$5C)7=|gK zIL2L2iA+Nb2O!lq|8V4J=DESs2KSK7d&(r{lA#ryi59uT7#d z)CJ3%3k&~DMNgpUD_bu+z5x^ys5AR=F#OsAnd(rH338fLr3A6$vFYh|OUl{?vNNbBUUw>dN)keDrsO1Z?`JY-bl{D{r5# z)s#2)$~nQ}s1vaB{c0wBwY53x9@%*k_mKItU>H{v_O16`bT)VovT^4y-_Boqw19aYez@3od^5Xm` z#6|K27#N>T54pSF(GiDtfn?x9Ey;ePhA72bV2~GMqV9suq`p)wbs%IMq$h9mpjewg zHMLWfqo^XY^REA5ws?Q8yPOtm68&{Lh{ATXcC6EdPws;_!|t3q$gI3~Wsp9Q9w__# zn+i1$3JMQZ{oxYuNJ6}ige#GQpZS?S4Aac26lrmh@T$F+{d4@)g&GQeKLF#@aLqbp z;uyLAW=4`V654Rs#qg4HMK#g?5-J=Jc_mLm9m9_VVR@;n0bKRF3U`mq%(pC`{Oa&~ z>Ue?|5V#d6*Fn{;K&naB@ZEyQ)K&r~ZOwl!pV&-cp|6XPsA#(p zslxbVv614kh*M|k%HV(EM`o998t*UZ1DALp7~63u^LAD*@~^aUzPBHz8yvf@b2o<1 zK9n}$6jgjtS<7PTuhuJpnLJsvE^D#pM$UhPU3UgBo*LxXM{I5hNgf`lX}X9KA3SJ0 zWJV&6QTtPcg%MDNVFEpd*l%weDw)_7{Y?!zb>c_wsz9epQ|ArOFFRdZ;bnOtZp3he z386bjQ06-H7Y*io8yoFSE#~+*u!mCsdz%3*_&hG@Al+WlfcFQ}sVuG+36XrqF>piT zv9k5Ssew@XfVQ#eQT#H;IMa7L-YxlqbIz9TURwndcUq7-czOyrzZf|O&7+JB=RE4KvFqzQ`}Z~=$7zt8 zq_NC8qyihi+AzrvM2f&-h(r+}<}^-Qx-GBW3O}5M$s2q-<~-@Ul%90f$)o)5p9iHl z6BadK;h}~=mkIT==oPcY5PZs7Ge<)kNDP1#ed8b%gdc|D>O~&`kPwaV`{1^f$vPE& zJWS)t)@MIGQ7vhq8z-!agX+Y)_C3BY!Cm*F@w;$URST|K2s<{*1VkQr@4B415o`JN zX&EX3K>nHA-QL$ji2u25ufU2JQ%(`?mG?x>`gJUV6Pwj4QxS#|FJx6B6E`c|AcpIl#TyvT^=fEHf z$p^!BcDdtO{pCyrn(~p4-#8m$u;niKMi$Q#;^7JOhXFbrZc6C$m$lN=zcJ#veH%Nt zttnOw(l!b%%a3T=oO{nhDRCn?Qwj7jb7oY=al7&M$@h*K;5C{@xs3&3d@_P?N(APM z*;Rq_{wqIxqU9!-MI~^8>5?THW$+nxwZU?*0hcf<%{Go00-Vr&Px0vNZR^k!Z|qE@ zOIn1a1~Y&g1JdPzDJzabwKy*WgbW3`q5T_y`r`SdDTur1$O#Zk&u(We?;^?b!#47F zchsuKo)1g(gC+NZT3u5?V{KIe)#aI8E^1#Hc-jZ|_H~4h)V)#dKnPq2q!6igq!Fox zo`$2O*w@w?9?k|X*EL`!$A4lXA0v;UuuYzeJCL+Ggzk-+f{fZ<9CdmPKuCL?UU`GA zDD4Tcrz>8^5SGyhCb$e$Igs>sjw>NDMRi6p^=ohc9C?i)`FB;I3UNtiuwZz zzN*)Qp`uVvn;c_56pK;yvLY?^EZQk@hCfD=Yiqoe-*B z?{Wq$!xSDP2%#HgxTJdn>j`2uh357(wjh{9?`Ext$b#u0t$MChB3`Co4n0H1MUs~WRj z+jd1nPY92WJmbz`NU*wgC+*_eWQ4%Q&E1B;ihG-tdEsa%-u`3-`DuRS#y9J3z|`oU z0;&aw%CJYtm$~Cn;m%Q&HiO2(F?Hm3iiLhDqJKL0i64Z+0O?BOA@GQ+1|?d=t-lfFOXb3WfI8~FNFW?)7Cxs@H> zrarF<|DU@yvkDdqGGYHchQm-E$kr7R+a%bosf}aM5;Iw<^k~k3Ix)n9Ce-g{s7YH` z7Nn&$K$F<7z&7P8h0a=#lmjNHPfj*%{LA8E(+>gsBgOp*27i&BX? zWTGnR?JdAS#lu+Cn9u)p0UfQuWK(F;xt)+jsAtWWF$&_+*!oaKpJ&(0l7HSj{c6S6 z)8C08xecJj!`lNo9-{&Jxs-(Fhgw*KCgwJpQO(apfZnLZ8mLyBeDgW738%>o){b0f zyr|&$GvOjtsn-uol2m5FL7R8IxH>`@1_bl1Y91c|tPyz2!tPV!1EHNy1Eoqnl`GrZ z$2E40y7f>Z@80d;@8#7)YRKA*-HqEn_`iplzrP_CAz&Q4%M8D}7OKfyw8Omr)c)e! zfk-Hi6+isV&aSMp^RPORvC9)Q;%>+?G1$nWIG=Or@ifIA*O0Ald)DiAQSk*&gKp}7 zoGWd&f!xlpyW!k1x4(Z+@w|;U^bF0LU*7g?5iMz?n12sCd(aMFM#&9JCL|MI`~VqW z*xdV>Uck)X(&BvZ(|Iqx{@ZMrjcG~Kss?f$u9f^E!NedOa)RW5d+F2%a&kBfWdx03OxJN5Tx1`b88i};8S*30 zvO~!h%6ypMMNpzY>grnT{17gy?H~uqDwtkaMdXWPJx1GEM#kNpR4@3YJs0Jc1DBvX zXiG)Qo#)C6`i7;AB>j^5U$98qt%zkpIy#UtKJnx!QZm2)a8^+7i_t)*Fk%+;-B7X2 zEBS(NFLxNSG)P8v>xCdr#(lIp4PRK;VM8E;JNFMs-^r{N5#Y~<@@Cc%?mMLl4FPNK zVW|Byb%m>3WOgA8o;$Y1p<|O);a-mt9bGjIw6TPu(2di&(_{81=O{)@3i`@9tcV?GX&10m@hOc1oHwqRCXdRElHTX@Pg+Q=ITdx& z&^a3j-8=>%OBeKAZz_O(-WiN`C5zkksQo7K;7C%k z-nHyP&SSejGtebp1@wfCei}1*eNb;t#G+gHke7MkX}XIyx8Rh%$#a!%wfj2R=PXcv zzFG5N{kKEI6J^5U_Ko#Ix17G#uu7k@two$$z{nxHW)AAWwRK$3f=`49xBOOA%oQ%TK#HR-=0rweT_E9c~3MKQi#$ zvu9+_o?U6fu-Z+(UDbHq*q>)%xla^B9?N+n?lm6{Y+DxL8gm-HMkWOJ+BR@o| zijsVkYl?BXl`j*OA>fKjrqyA%$)URuMS=#u=wRk8XQ*Y_bj0jCHVULx@Xt*Q#2++CIiW(O`U`v_dVl*cL_i>%zqVG?1X-E^PZke zYC?b5_<1_cZ2AU9Iu#qay&pWB5=cTtSAOMdt>Il)ESm|?VLU!tD1eZUMoIMpnNMlq z58MkE-uy}5XEDYwFm}9I<>TKC2A*=8-wp!lo1F{nMHnG^@~?=2#I`$kaOk?9K)N&Z z{`h&P)QV}@sD@2KXe4AZ3=@({9&4(IASH?h+)JXy)!AfzU(nn`d1hu(u9>4v>AZ6- z_~kU;%5pP3tyy0&nU9eVrZw=bK{pklU{&Ooo>VS5@;*yP?Y%3l_5Z1YBdO*N>d6%~ zxPyWsVEZB^uF3s2pxuCtq`UP`ZU6H*5?-~jDa!K?DYAs#S8ykwj&x@`l5IT6xT=Q; zmsrDYNZBD&5#Goj4>Izx5q}!W-f_)2PYrez$YR!MfEIaH+t8f?A=e4ZFvlVFYfDf}%!S>%aO zGW#>f5yY_qd7epifV+bMg@0tR-C_RO=&=(RM7S_L$Xf4;U zU7!ITpHaoUS*`vqfy~p{Umi{|A!~j}MZg1!KmmOg1zu#GK61w%JSOH*JwD%I>Bo!W z*tR*4y{U6h-YA9nw|Nr6fo;YDNYP_K^p^cD{~dZ9n1Z7MdELL565EKjJL_6u z<>eiNH@Dz9f<&&`sECh(Yt1Kf8SUFE2-dZ~XAaTTzXEWoK$diYbror#5eUqQj!Y zrMdrf{r|oEyU6Nim>FyE81fvlUjrpWPRafj24j=Du?ZycePlX z;btGj{rNnJgyTkKSK7}I#bXcFNLc_O22)9!o$Uzkv_U--KHErBHB$azLW@8ib$vT) zo26tx+=4@cDO-fPt|3AoeV9Mgi_l)3H_*vs@ zhsrEAP1WU2K%%DRow!CSn zW(i}}ecVRkxsA|8h+27zwBsOg^78eXPgSkO=&yd4JksKDkS** z;Um|$gac|xupXF{DQ1H_q`B@IY=cXD!RWe~mdxe+w&m>T{hB3*cZf$997qIi<{ zrR>gMq;3sIKdtxS={6!QI;>YqOWd+#lcdz^LWSqiM_vh$MdQs8A0}4&cZ!HtQgYj- zg#}PqXj!;KFys1(LxO5B-B|g2l$(#ZlL6_LY{+AzutsLF{g7=s8 zj%MsvNJEI>>@*x^cFU@F$-Ysw26POq|6Cq&8Ywi@&~U%Ip^Quf|I&t1<85WTmx@FI zX1tP;rl#g@cFBt-eTwOPDep?BCG(TSTj)z^IvazUw(RSUByB?OFJQlToI$Xv1KJgx zLNuGMM0<<7(Cc7-*>PF~|a^n4ivIwnkkG#0w?yJSuS-0_! zedKjME8Jh2{_x$R@_)p9+T3jDS0^`cGl@1?T-0#cQ_|e@CU{%b<1hG6_`mCyB45Ji zcZBIhuBD~*U2Iy6KBe^Z2rHGdyrLrW%G`MMl3F%_+;Vsv?~$Rd=`pC>jd&|>L#NBL zptFnUZ%1eWuMvPC9xIDC(OH4HVCgIL;-bLsNASmqp?a27ei4>5ChBMLnW?JIyi>?! z7!53mmn4l&TQsPUGt4hamv+UT?Et(IxbB4&5m^Q>Ww=9h)x`boh_RQq#4Lu#HL5ru zb>M&ZJzaG9Ly_~(*31F(S4`ya{h*v+1J(&a-%ZnR&L&Hj*F!iekYY|iv{u#EDZLVJ zWB(%nltm)Bxo97Ug9> z*E~MA%#AwfEQOFJ1qY!ejjGjEI6J9opvL0&{_hb>Y`6R5#>1v_5g@{TsCV#PN<2RW zLDs2WfRR}(LuzVZDZtz<7y(%lDi{?TU2+as1?$&jT(L&jca9K>-;zUkBUvK zt4)aM6ku}fMq_KTDQY#cF!wU+{f~J7{u~gvrNX zaXouA>V--OJzd$(G1@~sz%Y4ak&%(Hv2_}ale$`5#Ln6J;vB$GFs&ToaNfDm_}_e< ziWSX@Ptjsno|^fqdc31(&gluY?-AwG-so7qkoempQqB(5x*|MpI)E8>#Ll04BBpFvLK?=HEGeZV5{3q2Y}u1+DUqFusBp+7AC%X60&eQ~t+8V7~H5_a16l((Ll z8ERcVpK)MeqWNaw=gyHbFK$7?UH=n9>PCoHeN6{nVVz!tR-G0XIOq1pDGSkLRkhru zVluNHDfH!u-*{nGsG}6Ai@9%m(AGRI{=8I~ua*9~xhK{*B9r7eK2@<_mZx)1TgW#q z!rJmC4E*5agW3HWcZ@yeLD{{Su+kg8qXwmX9n2S+nrO)mfn9E!j-?BYq-O-lDYQ6O z-?2;@Ee1;)4q{sP54;=+q-W)h89r9o{$yEer*wk(Z7c&k?73j{?!u#l@rFCIN!;#L zS#>#j%P*@lUPR2TMr=by( zp68c@gMjb7WfgeIS6tzD_Nbt3D7NI+Bz@p>(4hvODgaR>J=)1nuf^T^;?p~(^8F!b zJoWTYRkWIbYZ^6i*On8KR2jol89d2i`2|(E7WqNNPqlw~p1Wy#uT^p0>vnSCtW3BA zwNc#7pvsIvFt)EG?#Zle7QP>E6mcD35MC>|GJT(%d2(y8Si3Z!rY$SNr@Uu8_)dxBkHirm9cPgij~KCI#3~aO)&dyEId8$#0Fxi zs0riTy3ayPwaGVVBW`$kc#<(Vef!a^@noTl(b~N9t4ltW_kl7Bdx0n-)po2p9^ebf zr0EKZwAubRPfv*a@!o+&JQod-oh;~`9Q`q#piy^WLM_+hJuVYvm;$m&K&qfB;U8Bu zKc%d?xQ~!NdW_SF$x)FZDt>Y`smFXPTP7Dpzc4aiI#-W>sT|oDP*~2fZ(E!C1ghFu zIEbhyq+Z=wHv7}{tQE5}U5j~BPHW}6-I7SdH>E%8OK*P9l?q=N844$?5;U=}hc&-c zOmd`bb7kt=!tWN1ZzT3Nd^g{YfZL5#E^ltFB@%cEmXAtqnqP?_<%(MQPYyz zbPLuL-dXsARpeTU)8kVDVaNpQ;G=fWzTWpF8u15P_XPg3fkw4zPtk;dH}7@33UaU23K=CMPf~`b z`fZTtL~Nu=u#>1J`9LpXdms52Y^uUV=!b0Klg{{ObvHW_gwbwP?$&*SuWJ?zOHE$4 zwT603%(pqb>BHLV=4*H%E^0O0Zho!No_x|t*UVDcHl)Y%ch8MQmzrzGo*`bw&*uIV zydmebW}k5?*a#+2ig#+;2klgreWp4SNQ@-wR_mr)+pue!9L*B%OQE8Yse?kxe`{+~ zmF{ZJ6+0lKEh2f21s_v2m+UykA2W$LBh9-dc}4@}7I^sh!<@zlDyq~J@wthCNzy__ zKdzE^A0gbV=S%SWTd^%Q`P{l@1nJ^qMAC-ZC3?uyru209Uv)VT)dyRjla&k~-@wM% z5H<-V9X%?Z`WSd+A*K;#tSjl!g*GgD2q zt(hKRRp1ywx5L}EmWrRPpyE*_aWl6>oWg~p=EQ{H8`kG|Kk348-S(AoI6ZBYp)1o# zy&g|n*f@LWM(}$v-}`9%scLz_9N>_tSdg8&;g& z3_PWDsJ;t2u0Q71^r_zS&0gWd(uL3K{be&7gle6#J)Y-Ckg6zWNs=|qbbS-7Q1Hjz0DGJyK0-;X5~h05wdiL; zZIyJe@8r&(@XdzAD&Q;hVRVq;nWu*~tMjmKM&-3=1$|tfsg-5Zevk6RqMk$H7lDw; zqddA7hzTM<>|(E$IgQ=YFYwQQ8XN?hHDxL&ihy5_jvnTl1PclY?GX`*_t_c-QqXU$ zGS4y`9!@jw7MK?>?PT=Iu5=$bE^WT=h~PX>si$i+e^#EVnmYKeC8&$HRP>rxFJT_2jRud9sDD6Jp|#)y*y4W5>jk zTA)*bK;rI&UtUjW`NX@215h^8WX;M2|J-9ukuV zr?-rpr>b{%cLS2z8x8Dc%Yl)zExu+>e0G`M`3-=UZ`acHZn8)J&!t_Zuyb;bcK+S? zFMTzyBWq9bE5%Sc*AypX+3H#|{jG5R-E0R_HAX}SiTdFOQTU}#V&7i*-6Ve_+HpH- zdO#WwtrLO@)-vNTb`kkJ>5iZ#?N(M2*cRx?WXn`}!OyK}zfOu$(YbadpkUR>bu^qQ z#=aJVac#b;MwU`)c7Y_1+2ymhC(Nfn`eP}@t^5%EW-rHZQFGc4MYQ{hK9~on5Nylc zw9vK}ZzE1c^D8y0smiBjpwtg0i)Q!%2{EwRY<3Y)&z8F!5xOL=C60+WLUeP(c0);`vYzZ)yW38dx?!!5#6NPi2iO; zL&4t=!o92N47Y81e;o`Eu_d624$h$cR34aeEjY#0?M6#3^zO&1-cKlgMFo0L!ZQ%G zV=~I6H=wB3-v-zxo!)w@J?i5_kX}U!e;_2a`N2tG$4ml*FQ)jA?DSGz>4J_^0`zI* z5%A=lUg!rzugpuWXAIP~@%Jo)@AN6SmXTf!WE0GBh4I6w`q>7718$s(v)`xXuSfv~hy{k0a=(@!7t$6kZ_F zHE6irHGc+Qlw+tjdO(_Ao86mFCBo;>_6j-hW|RaDHzapemV@CFu~{qCJ~_sEqgSN( zHFs|WpPg1B)NZ+{^JO}kW`8ZWy>zZaA#mmG5kS&D;x=zq`vf6ijv{-iNC4iymr`t= z&dIEOBDHgHB&e`j#!wR~7p~6s0eH`{&Ic-`_z+wS!xerk?qSlr#sF9*%E!( zybIOs>J8Ej^d)QViss82+0%uArTGZJ9Et1=b}IBPHDH1qyw5Hvb0Yzk$(*6Zjf4hw zyeKPXbp??u*?coDY=Th4b<_!){j&MS$zE0S z_=go59@`dxFU3l@dxPMCHF;1Gehy}xVRc^S_O2?^8O>8(N2>vr5sJ^A-|@Nl4B_gZ zzDrQ{xI|~e>9h;%*h`#<%jtI+*J|8_0X(-iym5CVXSuyg`&p`Vwx=bmsyAB$8)Osg z^qJOwh%Utj$%q5P=W&MScM;$fF@Rao4Oku7*Jzx{Te7oGC)u*`o$)bG3r-3|6{YYi z^{B0js{nw;N;Gf literal 0 HcmV?d00001 diff --git a/static/img/install-rancher-prime-basics.png b/static/img/install-rancher-prime-basics.png new file mode 100644 index 0000000000000000000000000000000000000000..2186b15a9d7f30c731ea4f71d9bf7db90182ab02 GIT binary patch literal 44977 zcmeFYby!@@vNsALK!5~7a8H2XHrU{V;O-DyhCzb64*? ze)rz@oaejeJl{S4oi)#TR;});UsqRG*Xmxi=8J-y_zP4*R5&=e7m^YpN^o!pWN>is zrO%LHB?ydYuV9y9@CQj_Nl7}mXRsR>C;U@5co;>703-j1gd9GpwCX9T}Q+dJY8JuOjMRYl%FuBU}^PKuaanttRe&nn*+ zpi{*`grfW@J316?7`d)WKRDXhPENF_zI-b9PFp7#TPL&q@vR>&fRy-hbphJ7z}u|H z%r>zX2%m3EkSC(uZKUp3tp0Q)96sc`x?#2eb&#Y>Sc&`9l^fo=#^UA!F~8KH(I@%W zVSt4nfxti$PR5i|0o!<-w|-a2F0J3tUJ2UiI9-R@w-^WxJtx{8=d+FfKvPjV-&tsy z+dkHgDLO&3lxC~3+|Z%HsIGCEdgqs(TvgWZm`EX^k174~%{wuix6uY~qzc4>zF_Zn z@!z$D=~2eX6u-jf##Qh}?K$>&Y&oHpR$>FP_5qx*e4UX*81}dAp-t~gwwr7Q78kUqQ}c_7 zw_KiZqvNV4NL*Y`JJF({2ge5o7mE-4V|$0l{&IH3m0900U_R(#rt-nzgRBe>$l8+0 zz{uJV%;aKe^J~E1_yk>S3_#{!hu4N+6EiD*^27Qj^4DfY{N(B!vMjPT!eCP~2{${i zvYVU=$juzYZA308fXe5>0|T%GI~crnv9z$V=W*dD|BcH7qkk1MlfVAW;$Y5C{sHDk z!q#@+*X&H}Oe~C|E@n=wf&%q*jH7pGw%PxY~f3mB9Aa zj&>lhs1w-Af#P2wj6i?O+c?@;{O*nsh#71FwuG_T!&(LWTa&+L+}{$vOkiSWY4ckO zX6%3CbTBjir?LJ`w_i2CyYsJ#z{LN?{WtD^^!+z8j7wIQN5mTB_)9%W5q|Pt?eiE} zgUpP0ev@2A#s)wTJDAY`2;gR92LQp0Tt+Nxj36UJHX}|WV=$1*_+OwTt?V5PtU%yj zP%v;NGZ>Dc0muN%4m4)uVu9hXa~QEQ8nPO2Ga9fPvH`&yATDkLwts<;w=;uzrGdr2 zYV`}s2nJ=$4KQTo1_K!lx!AcF*;xTBjNB|>7Df=jkORcd&cbeJXz&}#2*e|1ZD(l! z8%{Gz0~0W_jg`soieCoj5mJ!kCue11`DclOg@J=HOn{$U#>~pm<)0NQW|m-O2ZLYM z1aNW#IXHn_Fz@8zVrK{blSvJ1XAkqlUzopR=kJjW49u_wzx)&i@Vgw=7an0d zuz`cMor<-!1wZ-UQTOj^S=e+kGH@^uF>nCGK>v=zD*uSXj4VJNmcP{h1t)85WM=I8 z|Hb`l^1SAQ@xz8(!pt7lzU%Lzzh;y&*!Hixziuteeov*>uYXSp9s|%{U9dNB0vr9- z6NdFy70A@U$^;CH9)H~RALVBMi7OZw8gOy|xL6puKp-PVb}+jEBNrE^AtM_nmmzHI zfNbml&VNU@w>EZgHn0N=nZWD_vlYxee?OsK)BGMN+JEPEHU@A_YJ{kJUe-(vn>@B07ET&VxtPJyjps~~6CW=Uxu zB@njJLNb&V7lC{H_4@|RiGr1&*hpyD!@;4q|2pAg=+TK_g~$$)vZBbFsF<&)u=w8- zzlDQ)4JRogq~bEWx8Uf2)3wxfe7Tt9`xJ!<5w#=b^&3*km+TThejZqL%&yEDcBGp| ztQ@?WfA76g4F6gB{oO&zX82Qy_Y&VQ&XD&n9nm){BoBJ``u9AXoG(5~(fYl7|Ll$L z%l96}NVHFW5wJU7jQ=di85Pt?>$L`y~3WKf7>tXiiaQ2mn?hkYEw9o07>bMnm7?;yQA7# z`3NBahFj*`p;YyY7!0YM?azH8uhLBRC1_sRz#%x_tT&S^&+BGJrc&n6NX|mmGa9H# z)7WyyeQc&Qs=WN}`IzdmUM6?7#diein7=Mua!w?|&^45b^e?=oAK8!dR_QmoGIIPm zUh&Wm+2|M_5HKp2409?)s$`vwc#sZ!%*MMC9PLizeoOf24ZkS8dxlrswVspt*=e=t z?xA*`B1N-G%eL33aY1-kX|&L>6(71HT*ga{DSZ>xy$ zjU(#5i*PM<-Rrs&^4Ve~C)w?Ci=^B5)c(~wag|ebI9mf1uyyNf%Jo%>{~fO%&wJXDL<&Fc-qiH~qT;2lx$p$(7$o?T0d{XqDOmznBa zvgJs8(JLLdo-c2UzrEnknqqn>X+~XQ6))IPBs4>*u!QSaeKsITL(1}}{KtgsNe$=3>cen9vrV_&EifE=5 z=2+*C2@P8dwiroBw|1RtlG`8DQ$jPl<3q6lknc3S z>mt<-JFc4}f}nGryy&JOHltGVXk{JC{!tW=I`?bAF2PtM)jDyoVxccv%pBv-GW44i zS9S)am(^+LCmZR>!{!zQOEEX=Bs2!<&rOEJWOy-AM1D58zgpOd>B@3Zl;U#x$#%`9 z*E)_2Rx_RC6v0E@xOGn$Ef-R8o#s|3ow2D}`~q27ByL{G?l5Dwq^1w3_~yicF+ZO_ z4CysU?W}ocjmp*BFQC{*qc;CVs%XPj$cq>58DDuIwLerVj0H>bOtYxH<(ro{Hn$WafkGXn%bay&e}_5k;+33 zEd0w?JNs9g^a08Z;c^MJ)doyjc|uFN03UI_GwQoqo7V#cHA-csio|^r*|%%_^X@ud zUU747)T5axHL$J@`Px~yXrSU1_g}GLDz49%kqDJcVY%WheIdzP*G)F;SU5W1j;mbV zRV-UqB2Dz}&UjA0+Z&E-IIeroQ@)FvbACdt2qvvdICx9P=F}(Ve^aB_nkVQ^fh`|C z1kx|3tBIlcoZ_kBfmHa@&h(764?AOZ7LQMB0;&FqUoPh|!_BT|qSvOZ`}6unzhj+` ztIPTUI<|QERru{E<=)m|j%&+8(YD(|`TWY;%gQOe;A9$guh-@!0bbW_yIhvXP)i|x z150stsmGe|Vf?gkK91O4bdnFZDp1}gDX;Eyf`vS-s;3=6+)8;fFDG?hAmVgySfNLg z*u@7<%^f>%kVs9BdD{O>y0Ettvm~A^`7$xMiUaG7)%`TqaXK$ad&dNYsd@%`)?ScO zzKo^+zT0Ov&pnepBaJjdF1(U<<{X(XXBa5wdIlD|iqCW4-BF+dNjH9{peYxD2jf>d z*|12CLPq8)hOyb<<30~{jU|cdD!q}T)8?scr%1xSob0D?7 z%{uql7Dp1O_e+(JI9p9U5HWJ+ajce{j`i!@ZO-v-rvx9N3c2tZCW{Vl%Q>+uKGc-n zy=o}idji)#WDy@UoNn)WO@2oo3R*YTbLuaa8~*Gq!%fWbTxsZnrNR}1bEV@*&}q5e z5#VFKzIGmhjAQqefbGtf><)PjIFJpCQ+KQuw7~OR{S%KvmRWQ`*+wh-nL1}=dtQ$= zZ!$NQ%h9>ObUod{6TI_;N_(=gT`<+8=t`!X3Vm9#VD;hV^{(Zlbs1<*cJHGah1NWM zFWuKR-Y`R&b(wULgQkQ-Oa0|R_HnZvsWO*GauiYC$M;05hwS#uLSG`mrcfRZeu$N5 zqf6X>PwQC6%%M>k6S#hw>FVK^hi}Z#wH+iutSiQKCCQZz}`a$NSc+-NJDW@w| zV}0Cc)0QaYfEB*!2%D=8Z+#+7y!O=sk{-$2&|8W-$20b2MKfP4h%?R41DPFpw{osX z`cvK!yH@atb7D^?w6QQ@6uyhS6S#bLQ1@1wj?H`EHg=RV?aj!;^8I}r2Tmuk{^o07 zVUu~!=QarOT@i}LbF#@z*sAO5^4cR@M>KU!Jq`5^^_xcIND;rRl*t#}bnlQ#>hd~2 z%d?*!s2|HI##3Aqm4Obu#?XNxapOWMwREr#p%Lqo#gYJ5TmOh#W7bvEmkH+bpyQ*m z5$bI<#kMC)T36zP-3KEfos}mBh~sx;I1ba3q|wtzG;C@!bi%ugULWPZ8q1a$!FgTc1OJB2De$BNTQ8r7>~>_Je*S1nG0Akq_u9WF>3JC zprz)do~=nZ1vr*hAIk=WI-K4iA$%>> zWY)Ag(SHc*s~AXQ{`e!Cd$h0sc_y;GI$(0z-8Hgo%;`d~M6!sT@TStzqDehy1Bb0c zu9nVMTKa}{&jwQWsLLJU9W%H-(O08TfdaB?+DyR5=`OW}#vk|lka?N=gZ$%&?=88o zZu%*QS_iSe@NUlEeeN2<&a=<#U~RFzL*HO>my9`VUyip+ne(tEOH1wo{56;tQOtV%il5D|-0yVL8x8xSxIeV5tERACnf;8ii)piYKj(Sc z1)btBDJ01rAuf$`wA?N+S3F-yeQho`6NQEx^=5dE-g%rNY-6rp{)ZP$y#C|5Y0778 zPFzzl>B!mH$X5Kye&3s9^lP-<8I9jdu)WCBWwr`5D_U|F$SF+$-rzUog{bFOt3bj{ z7DI!^zR84w8TTDl;KBUz0hBskm8z8-TQh%jJTKV~L?o_MUdODu%aL9yPtYh$=p6lV zW%fξ(fhaVK|^m*!@A!Lzl_KTJO&3o(9nVsB69Mdy`zJg0QIvinjWIKe?T%PeteP zVXasG;AuAF2b|OIhO?Y|^N-1il}dK5w@#@wPG3Alx%PO7#4n8RWwc27VRK$ZfJ$v=A@I#=YiiJzw(RACRC}^yny+=a zN$XMRa@*Hb57)5{!onT-p&yRt#^`DFo%_5G^Nsf}7r2upnt4W8PLqQ-52HF-ycqy! zz43mA9b;_gJC5&ZLO8z77_HCYTbHwC%1P5XM*UPk>}g7N)kUf5=oXoMj|$9>8NqK@ z#ZL$KeovY1CH0{O5l3|@dkxxcPjG~BIvXp7u;7svuHH~S_sO8Q;?A)-yRz3bYUqDZ zu04uZkEr0yv7Oh;dDjdW%(TxMxSf@lW`Y#*#Cu{Y#^LMohyTp&5-Nma%%i3NVzlt5 zJ~TU=Q|7b7&puC84C+1H#4-d#T@ zRES}%x;!Fw3sFrf8T|%L&?q7T-0L#sbL2}#%`O?(e|+VM2Mv6%K%xuPl`cl@`%vNV zmZ;0o=)MlOUwbqz(zYvm8S~qWzQOTSgS$8aRbQ%3^3Hj0c zHqaYJS7W_rpB>AfpE5vB=& zEft1&A`*=Prmy&?Ebxl>^jSs-8$edTH1H)V{1L>~$-e8Byjr4Aic7Gxo6Y#6!lV8zoefzV;l;*KL#UZj z5w~MwpVZb3lS9*~H;(%DmNARzA(h~Z7X$h(^-D;MgVN8~*|GIzc}uY@g1=NDnkP5# zv0N;9>jhHyGu}$5f$2I{Yl(9Ejr-Nm9rRd}Pb5Kc!H$VW`u*Mo=3=-cypjroQFjS5 zDHjCNUkj)C)yTX;l$#|PlD){okD;_d5c;VxVfgg=tGpIWx{^B-b?M;>%1jqMXxKAq zrSfKS?|Ewjv+Ii*Dm5yyX|E32nsx@%3@o=rTKb%z?2EX5gbU$EHjVCurtZPCo3&-}b!rQw+@3N$a} z%LE|4x=Hup6xOuclp7#vT77z#vboDx9>uFgGi8k&1(3!qYq*X}kjX0&{J3g&031qg>0|pt>I!9sU|gC#sUnEW3F~z=tocp)^fLvD8DI%kh)!9s~4UsZ`I46 zexwwRwJ@4wKAP&lFZY{38%#O(y8RUU29Y+>?|8+vd#==D4dFmg>gtnt>TKs=^T`>( zRFuD}lyccSy-m0D&{ka6(2lP$sVyH8aG!|s94b|^CLB1 zqkU|Om&N8zK>q^!MwY+4BNSAzoi<;OKl=fOkRlF-(|^~~0+Gd_b()jn0fC;I+_ zYM!KR!PE>0uK*)6)8V@C=~7b{)V<_!Vbd%SeFst81YLja2H$#Qw8ZXei|vG)JCb#9 z0eLLcF$AA07{rX-`F`>E0#8M_s zmf#2<5@@n_+}33`~0cN;|56dw2zDNHZkY=+sbJWw16hTZ1IzwIEbYCq^z zxd~b5PN%26P`-E({v$0YD;k8Vzx)QQ%$>*A&quM+woVfy*2vsH@$9;MO z0ux40X$U&J4h~;jJC3T?7AOlkrck%xuZz^er40qG!N*!m+1L&RVTO)}4I1&5`%Y9# z{nWi1!)Sj&P%x68jYx##IW&K-?s~=kX;*ym$HjE{m9^4aB`UH}ueXv>=t%)ywrj1z zq)++Y>|tGS!`}B$dWc{UTbF}wm_vvJ6Ag>vHfiUoh#9 zwl7WFQ82nTR<_48@oz*)U%CFgyyG&XXGQ~>>_rbw-w!oS$W!=9oAA{0>5mNc)mU!J z<+M~jOIv~qFH0T2-KOy~SARVrPD}zCq`JG&l1J4}5!xhN&mI2;L}M1yKlh&aIft~G zu*fJlWm1vjR*O2m%NK#r*|2s$jl$Y#ou|S<)e=d zKQ3YQ1PX{J=-KQ~L(r2^Tuzf~+-y@%FGs&NHP<^clOLpQG(Ui}-OZ3da*205!Nsm6 zEam3>4MZ2qmvHVkL)U(@2}{-YlWXQYDeL94%3CAGknKfZp30pu<7RdzLAe1S?Tc?S zE3EpYSRe7HZ$JoqeJ-Oe-RKsCL;A)6?eWQW`| z01d8teMoUu8K$v@2>W!=o#kTGYO|ByjR$=L9&kmq0J*AkoYm*wEc^%^^wLrZb!QBt zb0R(qq#Uyr=YZCC&X%x`1}_2lP3HY2_HGf6y$(F8%)#OVa{Y}ukwT|pO5FET53-B4 zv)>=yShjp_ouD&tzendTP^ap<4SFXn-H~2?-E+<@?Kb(nLHxyR*nE3m^7Yc7UKx{j zlIKed25p-ma7Zz_92b>Wb2<4zwA6)ny@5_5e6ZW{(VL~w;+Yjr8`4#C{At!)_?X_Q zZv)dQe4LsO(1#YDAI*o?f`0s6Hlt@T2Ladcy#C{zmA(kN zP&Iq$xL$_e$c+}bX>Q&-BdnV4=*y<2C>%2RQLCVf_R?2WF*er>m~OWcT=kXC;WMVUH>jqpdQ#~x4ICeRm#L? zN_}yC{=sxUf<*{Vjip9XG&yKy`9rb5J#N|?nvE^s9&UZkMYgS|i4-=YRNkm=#hooY zBwViq5J@4tK&$;)5HWZheA74(VxdGDu)-1V@#feU9K%YHP;N|}rmTZ>mMcYw@M#cA zKlO~YBRP#Va^Ib5q&Ntnqwo2$%?Cbvb;AJ@f)1vpj^|d2h}A1j)Adu|`o@L%P-}at zY)Oup%;f>R?!7?#?x5f|rByv=KUq#87GZH(wtKMTM3E9jV_IokJ?3E#mi*LksS!LX zZnr#U$(LlW^0}71t^IfDPp)Y{v?pz=J3Qx31b`+S+<=9jJX<{0m^DJJ26QC9!}qqA z!@hCts>cnDo(VQIF}b|Z8)4v^u1!gb(C|l@+%~G7(aG{)FYUSOU*B&1{2{JQEKU<-v$77oZomcfo{s6B7~L_ zDQ^&}hRAFV&(yLnYuXE3&9_XfvCPd30y;;nw4Q0Qinw@_#3xy${{b0R}Ng6kVQHh^B)YU+vb>89)h=)4}91xh!?Qt_>!(#Mvz*WSerc2 zI&YyO1d)-P(r#zsQ`}W<3^@;O&3oW`8wpa7>jrWm(F4NefnRz^tzctrMfIb>kBWBu zQ!BBbq@5TwLkn@n&&>qCji(i^c3l|IBvJbM1z-_4AubW{*Hm$%zyzbnCAlInBc3Mf z_60%+XezRi{TSXgmHX=sKnyR1**@e@*^7ndILnv1N}0$lCbkCwQrkUSrKOd_=mvYH zn{IJ#_A`jjr)bYoFk2s2hL6>0*cs4V6*=NC2jUaQOEb``OBTtM;9)zw{)BBG;de(P zW-{}~*ySy;cKce&tvB~x=KW(q$4z{jT@lj9NzF&RpCEg5X(IBEOi$w{f?vp z2#fWJ7o7yRheN0$Z5|ZgR8S&Fq`VKoIKf3qC=1S?O-B&1)Jw0ctE!lBK z@f9MfHJWbl4QxM$Xbef$s|Ij;OvlkymP?X+n)t`J0Qzt$N46I?(Dw#Z`uooy7oMLa z2_zIVF)8q@JDi8m)dp@N^0^tma9eQ(JdH>{P?@8ID`!V_bNqZwd9>Ac}tAi$+ z*y~GKulN{u{d749*hpWe*#3&#iUBk@NnP3&a!rfzJZqZ`MC;Xm@7=pZsoM}CB=2(e zlW9u6aCK8s%f%RpohYa_mU83yQ+s_l13w;C+haT2kUa5X5wR^ga)JYjYWu4rcr}Oe z;JR{s^c7go#jN;Sml5c43O0NXQN6IFRT4O!;=4;bJedZ;+ z2YndXG(0I%>$x@QdR1({xE0DZwJ&GLD}LH;6$%sJ@G%wzl=K?8ntk(6(hPfZAX_JU&GC`>g?r5o#D!M&f}RV)6l z2yJp4UL+|kwdgO%X8(?0v=cvy+R^m=ZouZz+ygR^)zbPR)O5?NZ=Qftn3TxAETgl{-(!o=ld^h+mGL z43}!QQ`g)nQOG+hpm>=K|GtP^ZEc z3$WkIB!UE_MBT8RT`KdjnP<|>N2gI&ze!sUP|X`Ipz%I_mW4?D8NZ!bad^lbzOLkA~=eD zM-Kgy-+B_SET^R9qA#3u!4!ojTiuh>U~xY5@YxKT$5o5V@OlL{%;g9gi^Uo7fyq$1 z1KOF!ZSHhxbUW6}XF!alcj6Sa!FZ(GOOW?o72(G^O`DhH-Za9RQdNY#xmGw=oIS_~ zNp6D&U@aGYB*r|7Mb#$RE8JAKp49aulwlnIJ;$wyEWT@oPlfl}4bI5WDkM9{eV&IM zm8ZyP+t`0C>Uxj7RqaMSwIVw+{B4Vzkk#hVHqQEm`stz3VTgq+OL}cJJ;<*3X0OFl z(h{coqWEauQKhr5vJYxf}|h*VLn*l6Gv_Gd{0zo&=FDNUehs=<=%QsoaHql#+GXBjn5e=#b}qF|kmmy- zkNLL!yktS6g|uqb++n!YT+5pQX=!8-NEbKROF|NsFxGN$iXD!F7K^4$zyS+w>i$yC z7Z$|Cx1!R#O{a;=&I0D$65da?S>QIziQ=o*anm;>Qd6~??-rN=83qX@EUs@|{#qWZ zJr3JQQ|PSgI(%^bI@0wSg`2}?gq}ZPStIbShy4K2?c3O%5euhpQ@KLzt{=q zy*IA=EZe5Xv!Sp@G3&IY?_MUNGb6e#I5$V%Y3IKKC#o-v?ib$4^_$B2aZgf~tNAvd z2F#OaXmljVJZ8`8_scD$hH5N9;MH51$}-Ktu^QCWdAMRW@p77J+$xMI%{qic;`uI_ zCJRC0+Wd~VV9v;vavr&o&94RT9{61RbE)g!b92|DF`9HSoqk@JDs2#!OWlj_3E8Lq z^0fG2Ln=k-{QFWFPH#_J&i6)=#dx2{jNsA>pJznLrvO*;H8ry$Z6-&QW8S{qTic1fz^K?LiK7nuBv8J$`3p( zY{f4lmGA&Ejom#Af5I`RboSv088oNXc`!HrK?}e1hn(!>cd%_g_+0T6@O+z(pwWo* z-gCYujutU?* z%ke%deu`yhzHVZJ44b@2$Okyhcpz~y2tS0-{!k#C%qurg&m#fFGG)ej+OcnA{IxJS zG*za}%EbSDmp4W?!Yl z`yM#;bZ}eA^>-+0_u})|+N4&3+Q4>3-SRD;5owhAy;0BWSRkhy?*%$eWT|B8P!{g; z>_nbnSRuar{_v&$Bw|;|SSBJO-hrfiT=mbMpW>l|idi!_EQMz@zZfm=@X$baY2$3^ z<}4eal2sDfd|TOtN%d4+$* zTAYtP5-(4-i)mr&dX*A)=%X;{KCOG4#mZpZS_DGnldveji`{N?(33*MuGtUyRIMDo<9J`!ZcHn|S!;Dt#>^xj%7g;)!7i~G7|yxP$KCjeOiQH$YNQx6 zSFc>~h;*PG|GvmjR^!z-P#wFUrXQL@*`?e{N=v$~otvT;VJx%g@rs;_V|;G}wXL-t zjjoP%TcDb%4ZUvkt727CenbAL_d-o)jgARNOZW7ii7K5%MwqZoYfHhv2d702QAXAg zZc@yv!&H%Kw{=@um{b_)m5e}`2=VW3AHTg3C*1%D*7iXaSd0cFZh*F3?bp|!TJ@S& zMROaJ0Wm8hliuvN5VR6ImF662<+e$es zjHEB(t-H{oXMA7(LX77Y%f`zMz8JH`8kWvJt$6lFR4Rt0yBNqVhFb+;kDo=Q8Cwln z9zqqH`{X;G1hyYlx3`lxt$F7}u2(uQX5CDvx1mM-HVmhppO2vOZf2wzF z*k+mbV}AqW!ug(&sf+f@27!-qR|;D~7`67BR1x8WrLMitA3|h;JO_G>fbVV2z6r2f z^Tx{O3yUFq)6+jWE8;6FYL35dT8WWENcdt` zhKe*b=PzMkMYsAWHihPhxxG-~57Jc2IZgbwC5XB?eWyVjY6Bi_C(BJxLr5;I^YDde zO|DKkKTka_md=?EbX2L94MWm*qCCl@&KOKxDbtO6u1UVUy2yA(@xtiRRBToA`p1)x zQYpBw!^VBi47_qF*yuJVXB(~8B({USsa%Nlg^d8qf+iNZ4MUq7g$31+t7~_ZeeAJBU z;?*rU`35D4^*?U(<>=VCsy$3>e_@8j6j@l)VKcHCArC>m%wU`Jb5ovVKwT|Mr)PK+ z7-a`Y*E)-`i$5%tBe}1X8UFm|{9;DtUfI{hx4~mIMQlU?*Q^z0yn_=?)CF~YJ@iY% zX4>>8W_glvnr$AgSYz3lnMM%2MD;;D_fgkZ?hOSdCiks^_^dQ+{80Os9v%QTXT;-+ z+FYX=V7_!%%BjY1n#^% z47G)A$Phot>EdOF#Uxz$0OD!?RFgmH%1JT0s=plU1ivv;wnx+C$!Qm7PIQM^tSn*M z8rY=N_OP{LDPTE*bI@Ld@KXd|Q8sIaGlyNnbenaCKa10aSaFtJ3vCiSOJvbQNk7?4 zw9;gp1~2HzSS-m~c6Y1MkDmb4j&;BcBYzX(cwowe7c_8F`lTh!h$kHd5%wF4A?C9^ z&Uiu6y0HTA@&|&JY$JJN*#lqkn|g~>o@9g7jdI@CLKd z=5Lq$82=&l*K_%wDTx2k<WK4!GIxUC%UUra!l?j$_X@A$Lha{ZVE7;c( z&-Y}m89Fiembw^AGO^9MzQVuQ`|+ShBK)R(YF%*gFvzQQlNSh`y{D(RM+JPG!*oKY z4V{=$qNMxkN%3*a{v2!E%axd-kp?&IYOmGLM;uTan(il!&H!&=x2(WDB{(zstk%ot zwgp97nniH^;@o6S=@E)hjBP4ewygbjPTa`5W<4vS?g#byV_cWQ-6kz!;)S0D+P9uJ z*WHjc`a*lVxrEXaf1C!9SOa=ALd`$C2!WlXL|# z_fj{W8c@0~Ci{|T5AM*n9CLb{-%+C7-Y6{2z?)P{RS=dVJa%7Jl=wcVLD$Ykg(?bn z!h)j^m~b>pe~wC5dFq9Ul{1}wRQKxTsUI^FeOIWJc;jcrezY|-s2-QFFpX3F5p=`` z)!m>UWIhO%7gZ-F>HT@S>ShIX zcbsCKZcpX1u4|LnFzgRpfiO{`14uo0s}ahl&~wZt?8fmueUIX+ea?er^0uXxI*9P6 z%K7&-uN21m0wBRduQC_abt8xgG;vE%Oh)tq{0fNh=Ngentp>SxW3r8JOD*bgaG^#;pqdxT_OZ2UJabxW`j8F<{_%cVAZp z8u|SUM=}4z0*Q^&`L~BpG1_S18j&dD6Cz>G4MIoI^h_Dn#eBVAkUb&CcMS933 zHq-8xeRUWjMh5t8T&|rNXC#R;#gf-ecn*^|RYl1T4xT!Cc9uH#e2Uca#yJ*mTHe-% zU7{dTb#p-oTd~|=bje((*)78No$~89UKI?IIgWr?=XNKz*{Rj)EfcraDyIyUHk88T z@kByW@K!a)8PxJ6b_ol&i32SPrRqs;x!GW+!qdF7P}KlV0)rAL3okV;6|oJ4*8Q zx;cQ)2LeTA!Fym*;+-#-S6IHp#B!pWqaICfUj{aNU6!2Xs*^h7Q713Zjo5WdF*Pcs z3Uy-Y8>u0l2QsF_8G_vXg`|}k zm(^7K8)@VU#p#XA@4O5#tH(E57JKtP5KK698#*$)zS}>PsUBa!Wy-(7&>AmNC?C~J zRZ=FZ%cVNCri)UdbC6aCFPWy+Wl&#KQ#o2fu+}w;nlzo)vsh`%QD1PC6bp>RD8VZH ztL?Tbh5eeWiQ1fV1+p3@Lg=%Bf~X6lsyNKc={y4h>8XkRbbA+46B7eM=kq5@2{9Uo zB&7Lt_0=ln@&c+Y4xO6fC$a46=;t}Pr$WYAXZntpqm1XHg(~eM z>Ae}fLpvqiK*aA%vPF5xHwS9VQndW~5g)D8rBwF;^7rTcnbD-VOiTygdTX4NlTzbj zg1El>$IuttSfDFlO63Jo$4yKiXXkoCPqJBtQ^32gifsjsUDAwT%JHBL(;7GX)RjZc=5b zvZz#{pQrs_hB+zu!eU7Cao7wx7QOT7Do1`sMs=bSx102U{CJ%lQ+~%v zy_CF7)AzoPqO6;J6^Ghnt<1W1hPWEW-IO{DDH}amyqsLkLCf)#q;x6TDAWd5jfEGg zQVCZ1qKw)qmGHY0m9KSZ?E~w|&2#hDKgbW%Vdq6ZykoRfeDA1ztCX;GMlh!m9_cu- zx0_vkFPhhzf0&;{r@bvTg=Oj!&Y71A=2N*`$5Z`grPiX3n|F}~9d94QM5)-Wd6f?u znN!aEPFQo_7^EVVphv3U!>==b$qO2938yhX4d&mWmRFxJ+)RXa(N<#8_@t+7qFwL^Fg%_;v_e^)#@AzfJ+kde=M_tniB{+iS6k`wq1ItwTq^!D*hCnOqL zF$_wQp}dwsUJD!TJKmByiJH>2=+mbce8jLIS?oqQ@o2T3AB1*Nc{=BsY}Cx1qulHhI`vleP_AEUt4jg%0x=lKz>vb& zYNm8eM)$jH!Q1ImvlTBgd6F+Og}SuhI;b+E?qi%AzM&G`U99HhprmWqnKEWcxQ-&P zs>vSaxr(~fcKCRw6;rSM_;GcUmvSRu_f)nr(@|r>WfBo5Tc8T&UPO3S>T#+5wB_6% zbm9*(q$W~}ixUO(i9vPgxa_tnx`LL$i%a#r&MG8eGLTn?RvM(W7VMOduF(_Q!A}GG zYivqG!*=z><8=K{GfhxH`07%9Ulw&{{w!p$0h!sZgRSVL$Z~ zoJPz2_T;k^<~C-_BF!kuc6w$t{ZO#N6H3ZsOp$BPMVc zLr9QdNzmZ#l7s}81b26Lry;l#+?xshPzR++%ZM@vW9{nB-DUndY$N#?fo4Go@*#j6bacwvGTMa~~M4D7AN z74FNuHws$X@PA56?@T1)nV;cxyE|1k6cJ@25xQxo^-3k1;iZLYM^z4GPEgnahs6_D zkF@r!4`1&4wpLrx%Fa#vI`G7U8J|a!LY;7uy)C~|wm)|7i4U&8*uSo$`u$i;@r|*O zUCxm&x|tn-Qg&mGqr4<$Kh1}_>~YtaJ&7>YPA#4w*AHeLns%+kyy%E5MOaet?dpv; zi$A{XHTEWsE6U3Io{%Rt0%?$qxPj3T7)*5OUgypR$%ikNO{Aew&JLJ&ZLSM7@^pB(>g3?EG4sk-HbwxfGJ`sO72`G zxXL>C=$*I?D*nv{m`dg3k8qFpjl@BuT`=vA<^L*qbXk_}gErIA5p(MTHo$s&;+S){ zZ8jLSyvJH^_#kp?qCoK65~lh}KzPa5ayeA+%e_~_g0Qc+=hR9nha2X!v0-n`#gtXA z72ohtcBm0p)=jD8GpcDhx!Ulch^U*DlxkrUNyo~^+-Zngy*uY_tKfUdObJ%EMcFnR zW&7@sF%2b>fci6v%9C1snQgLw;4xpzVPPyR0nqt=a0S6s9%hQ1f)km5E~m19qwTH( zFA~})O|_XG^!J@vaeQsDHC3rkG`4Xt-lc@&qYNZP;zD%QPQD8P;Y-fIDE!{B%Ac5M z5%n`$y>N7klZm$nPniE zDah69#vX&LFPet&Hx>?nv#n0xW!rqGYs%-0>-)9KqH>TWMEDffrALp|K%_DCqO}YJ ziScikm_cTRkdS`*k>xbQu$#H7=A82`I>J(%+7tyXKdhRR!>>sj>vQRRvZ|I4-Rfj` zSVlvc^u`U87RzRVt(?dC+}cDnwxr(>u9_!9Z4+v=4kE_7To$}ib{!O{(=O5`@SNd} z+^6vVw(DCEVWvR9p?6%`w{moQxYQV=t%^f=PX@Jais45jUH5~Yh~f9PX$j|+L{sbD zRbILOf_oSjE(Cqh-c_LCiOKe%S$Vz%+J?~9^SZ5ni6$3KT`_zd0SH+1MmNPJU2%#z zV+cmEm06YTvNI7RicoxaZIkS`#hydPrNt4#=auXT+&JWQ-n-e_sJUjF7MZEsv3o*E zt2MifQB5ioVMi!C$r#afcBz5CROf2iIUaSY&6A)%0bE&Zq_Fq#Vmx}Md!n@4E9h9E z1Jy6mh<+j9_EPYTjv?65oR%*}AvENboX-I%Cxu9JWYT#@&oFU#4@Rw#0i=qTlq+QO zKpYfa_&ef*JVM(1PkRAJidJE(L3G4M^=Zq#hD4q z6P4ux3q9GGv?qf%5*~Hj6F)}jdW9yV=+zN3!B{j>o2B+-#?i4$!yX1~6DGA8dis1Q zr6%TCT8L%>{UvQkI9Czr%SY^B&#TVzVtg2R68RVhuK>hql#&HE%!j?4YL{;BNJLy~ zky+Wk3LG)Eh*F0MedJGEm5mzSgEP%r+sqjV*6se1ry*My&l77^qcElNLq<@L+4(1y zTs^P4M9unWfzTEBL`J(l& zSB$G94MJthB)Y9pchbjDqA>-Ot+bhjkC-JJJfF|yC1^xvN1Jdk9bjS+| z=~!K5`X+)K1HwVo(^acub1Qh#p4Td&Z`)C){kuZ!If;-++UsCGCu{zLar^4^)hPz- zCQ-=8c_(FP5!9Mcy^lE_DE_T65}B4z{P>trkI7nnK7sVesF-W`J-B6s{HJ40uZD<4#XqN36-L$5g%eQqzCmv7!QXyWBm)XOq zl~&xqhPgEovjD5owbR>URo7+5A}9#hHz1V}+S8fzH0>IVwR$2|!PJVB>X-SH36?6k zKP^ccYB5kd&BkttEcf0$2dU&2YJNjm+4>e-)!B!QMUjM~v=N13R%7=VJxY!B>Us^b zoMBFqKT-U>)u2PMeC+xa$iyeI&hSyb0n?X}ieK--dgS>S?CFm>XXZnjdP_F;J2t|6 zzVyC$f3oUmCVa}+R_2vh5iQfRAKv4{CSWi!&%m0ZdvM10@}#OrafZ8F!*EcW$QO>d8H6>@i@+YS&SGOUaEf zt%@gJ-7D|gmVsICFh`fewsLZ5!HQ7e<3#66pP{GC$h-BwYvx;$`y)3}&cXB5r|j=x za=@h{s{w8fW0Vuq8=0<|X^yN`hVQ+N;xi}AzGGzat^xy32WEdcwZdj49`E-MoRKP{Py|EVa@a z-E%5{OK>~~w0zY8Ah4g4E~GkSNsBqT@w^%|Xx&@>V_4#Ot7mwDp*SnZlyc(s=7^t6 zR)*kllP>>tcMq_qO$tfOpEAm%e`F9>_40GPTwY5^)1Gff?k{e$cF+t-9f9Gcg}$jE zhQL$8={(v6cksYvs&nz|NfNrTl=3uMvlr-l1vCtTL!@}A&Iyg zm_MG&x1&ke|LwA2dv{lHrch9YA(>i(6`gV!fAkA`;U#3UqyB}f;!NJu zeEOE2A?BC%bRU|UU9#LE2bQnTjj&XhBVTJk3?=NIy#77^gxKf8{d#cM%^cKsM_87h ztJbP_%UG%dmOI)mP6|CZW+NeQ#um3q_i$y^-M6g+X=Y5>hD3eG5ND0bxV zaA7+Jrze34;sVJSwrK$dxb(`9KD_y=fGQW<;>0Nk}FOr-Y+x+%LtaNA+lrEjSiYx=pPt) zmnSGSZs7>u+()$v9qF|hrSUikX9O!o0xuqK)MZ&FCWT6odDzc>TqX{Mj09O4W>{m8*N{8hbQ@sS7WA=Ofc^;?k?S?KDNAjdUDER zd$N6y7&|ky7UgOlT~hE$+jFtE^pXR-H5CW^fYWo3)RFYt#noX8;(7_wx(iY_;5md5 z=DI<>*{&@j@1pjv<>O3UbFAzrEiTpiM`~B?Jb65nW;;6hbnQ61(9W$4YFmfKTRxob ztKi3V#LabV@YY+CRHz*5emWYn05nd&=y*H-;~Tv-|JRf28TInZ$LcQS&|EvCJ{5p; z4dG&*v|?WvQ~r2jO=uyai=eH!L+~xv5%msW($GO0Ddjw008pD$O~4gdz_6;qkP_0b zq2mE1!n>Wr*OM^Toz(fsQ9>kCIQ|3hd5BN_5|>QZo&24{@_zcIIW|MK0cOgbL3^1q z1x&apVw=TgeUyVw%|Xub5X3j61C<*UjdS&@!qjX`fD^(k{fvE_ILu^{x0drG0}N(hgK; zma9p74&PbMzzud2grfJfP)2N+d68-zMam5pTi31)19jT*!Ow^XSeSs2(54oaMHV{c zhPi>^fu8lfpenp_nsV0>o+Gz>cJvrkS6&E?`f+e1pV(=d82f@--eP;oucW91Mo^~T_?c2Palj9J&m+)|6=6+IAI+I?C@_AP}(T6Cv)fL$9L2- zyc+UOc{3&ZIesQPDM>C+ct|}Rw9sIW61l(Cdxqoj<9~AVv+s9|XqD7vT+|vqOKDsfO$r!YznN5aG!e6m})2g&{ z|Hv^GXbk)QWHZ_8*SHgsf78t7wdm%}NUPzyxxkJz7x`hR(z*<6_v)1~O7mgMEjfPx zZ)FRW^OTMsL_5{c6Oe&S*67$5K2d?a|M9b-R}eal{C6&cd594fn`!+betir``|nM{rQ;Z&0Tw3k?QBo$~yBENau^Q(0ur*kpff!N?1WR zAOYIcW+8DO7*!y1bCKjffimlv?H=WiJRe&=qbrPOfPrg{DoS7wXBok}q zr|2ra#InVgto3Iw-o@SsRNZ;56}J1bRF=3&kCf$;Tox#}p&k`&;%;@R`esLzG;Hrp z{R>6h_J&KkJZBHT29(BQ6<^#|XN|Gq(iA`C5v6>}tN~2o$u%B1O`!s?31c|Ta%4Vo z@n^EGHn+?gnSM8dQ5nd$fv#lOA;H9)RNRMu)&+A~CH#sTA6 zS1vx`?=u}ZpV*2yD?atf8mA6m!z4E}S*JWzTNU+<=HZ&F+kmlCFqprX_Suk$4(!Mz;(cZDvFf=CaVb)jRHdwewByFO}h z0qG(y;vIjNziTvGNJs=rQJSX0xUN|lbhN|!+ON&>R^A-5?Bda!Ol)S5^2hmO3-E=C z94#U2hbe9}s6v?1J$6|PGm#9L+Z zBEyvI$CZ#g>u&2#vQzcvJL6)i1MkR!(Wp0X=0oDd-FIp{)2XxPv(hGhdQi{!=V^zA zAhv$&EOXVj58KbfH-97s#UJtZANk*_c^U*=de~M) z|A-gD>$VE9%hAoD07C^4*LQy||CJuRD?U-bEVJa}{x&=4EZ=dSJVN&zQ{0tNZ=oE$ zzE0e;Q4r3)oG!dPQQcEvy=r)BNhqf_LG#JUJA%hYrUyrFag<^4V+#DdulW%EBnW5k zV^eAL@%gCvrB8IAq3+PiDtSqW*-}6rlgCkan7@(kY;v<1cN?#tXJ^`P#%iwH{MJ!W z7YXa(e%$(K$lz*s5IACsRBGb8N%f8p(A7t{4OaA`s`U9;Y22li(vu9`8&psauH)rh zpi6c5f-JWSJ8p^bxu~}J%jpOcS<0>R-&WkDB5jEakrCFD(RK0~EO)!jLNV1gJmC~f zgo6wbk_V-FQf)5Pr1i-t(+ss)zm4~d_U;2rgR3bSbDrv3qaP3D`@|-+jiukNS_6q@ zza?hLJ_+6GkoI&K^-+E9xs=?!a;_i1jrpe7+6U+c^&FW+DkjyM^e?Bai}BQ7tbHu( z_2Uhtu#i7lc@GQZP7L>CZUOEx1t_k$9_|>nm=TUeeE*)faNjFjY_a^H2lxAj$a>&=ri$Ur z%_$z?wTUE6yS*NCqB}{XY{ItT>r7_T01)EuSfaSh5cR~^*133gIcDMlTk0K;l4Q)N zNT($9h&tzVu@UGJ;z&H6Mz?fpaiy0wVTAtTYV-GGZhDIXEm__DWeetQdULIl-Zl4_ zuR{23s!xe;%qH?*rjX1W8;)F#vb$E9#4%i)n)?~9CCQKpXDZ@xsMUD$G`Rvg@a!!Uf-8`5V+ov~h6+ucj>|7&W0~66V(T>^#m4FL!ZYJ2Lwaz2PTQ1z= z^TVC)i*js0uAL*utZNkL~>>7tx{23FrMP>O`5vmwb}IdNJ2$0BzwA|Oj> zo8eg|^XQq7aUXWkgX4|>`~-fiyp{>M);q4U?=6kJjZz&Y?jrmtb%&QrjO}uR=UjV* z3u)vv*xlCf@4x274kvvZ-BOSo)l-GpgX9`?E6;-$VoTa>a^x;LIFH%=#+2a5tyaV+ zPj^L(pw?Z<;{s1`vyo>~y@`li68GnE4Y_#Nw!VK}i-Dw%AXnKkSv*dD{lDRq6RXuC zl+BjgsK3#$rm};N?)ua`glL%nMeKsr7`3h!UNB5-;Q>Vf9!VXt~{S zu-j#hwW1*F ze3G4CQU|J!|{S(_Cx$qkGoiQdy|>AZ?;xvq!GJtJ%>1z`>^2cN@pk{tUaU zWZeBr0;1u0#%!n!GSQnRq+H@n@HPbNV=!5X$WZZjvHJ>!`I&C)UtC@x-Li~mb!3kl{v_u`W z{>6a_0iY0tf}kA_P26`g|Mrs>cT4ur0jOc*7^bc*E$mfYVjX%C!#VS1&9pKiC$%V=@dp9wr@#qcZ7xQgo+(7hF(H$rM_p|Yn`<;9qKy<_RpD&I&AhKF90 z^!W`u60JCi#9%i3UwEG)st=1P&DA7^KkKUOI;q4qP!GY`05~759ewYkZ&8F@^9{4S z4ujKK#mMYrWc{GQ22NBEP*N)qybWHh2| z+2x=+7DAH|9J&G<5(!LyO8^BaOy!6@bdW<8JlHgE_P@DFhm!i5aySh*rS*KTd`abs zH3vrGPck%jp%Y*Ch_Mb&{iwJ0ql z_amAU!f$F6bw6qyi%RC=wAAmmTMlV8M89D8o;0*HLr_^E!{Wik=`Sj4Qw9jj(2V+y z^4&Y0i@`PK?w%iwrm%YZ)9`_=X~!nM5g6fOcgB!uUNTMLGz5cNPFM>FP)0U($I4Sl z_`rNCq#s9_af&mVd^0M*vlTJ+MocU%ju9b%{im#{bQGi!yQ8{QC)H%-_AUqFUiR${ zkuvL|;W|tb03S44K+-32Jt5bSOx#?(#%#)cA?_-(0iJFsQZ1?6!F5w_(YSmHj;Y1$#plvX$xOQB8piQKsKO3D&o>YYxYchNP^&%@!1Znu6h% z{u-=oeIeoUtk&cjoyj=&b=p+Y>`*pS z4c8?>!@hwk`V1PD9GzhS;>$rrMmGSOcV}EVFYl^m5p@^P=Bb**?A_b!J_^c-y(ra< zJi%9d0jYUft+!ry;jt0bR!e8&X0Z<_^M(@3<(lbq7h~F+af>azo-Hk9YH%ZS;h9`B zM}Vi#R^Lvb_K|YF+5>pBLB3xle5B5Iwl8*0Do;I%Q(LUKr*Zm-0_u_@KHECo{BVN>_PdEPl)>=D&YS#vdw4Z!TotYID;NE_@vi~(cZ!Uv#Lrh^CVidk07HSWSQH{L_~qbY2f# z8WQqP@vr=+x}Qm^?ZiG@LQZb2D3XNF{g?_JXAiN$h)6_4D`1G91H8hiI_!4eeRJj>_T zH$!tW1JEB6>ns$nZ`$<&)M#bO4k11icE8Ly0uylqo8}&M92-;7(&Am-$aHp6+BrL; zwogqZlpj8Mo0<7R%mmH0^)6MzAJOi9S*z_>>YUu%1h>oTYEEDV_kJ6x@LoC?j)glc zFsKb#UOD-70B*TN0Uo#tz<4Hf(k#ZT*WwnIhe$+2T^JJfM=y-_@(DY`@Y;Us3-V<# zaFtHXjwLO6oEX|a&L5kb$9rqOTQ2l!=i{ij!0QknSel6)k2=#v5TS57vw_VYI}c;nj6bmj(ekhOvG>H8(1ghpLjPc&*i%f{y_^AXm@ z8Vu?jbCMt#UC`LxO&fiqp+2?!#jeb&*{H)j*(Xo;+u>7ev&Gl$xtc_AOWGarfPFJQ zJ2rHO6A@1fQ*xvS*VC=tYr6G}Gn@R?V2hBzgg0EPwp-)%0f~vzUT1nsikC<}N0vT{ z+rBT?{W2E9shz)!`ZCDk#k&t^Tv&|woi}W@=*b!G(w(tfdonSQ#{z9JrzE!b5#g`f z9l*~deVZQ=>r|wMT$PVbTw$+dwHVu6&G{&mlX+^4x7fC3p`liIAU{AxgYA{Wc`r1vR`o+C6a=rh<0yvnhhcL5@olxmRf%&bLq*i#4fiN!@2PyP{%`wU1DzA&e9pu^a9}>W80S zd~K>b9H9hQ0Z(~t$(z3y7N^ful0dIFkLCmz;7&S^gExmvtbdmLR_K?N-3TVGD!AUF z>g}i?QP}J)z3~p1d&@kewYGQQwu$Z`!d! z`hI_>)g!+iVFR8cubbeK&%E(M+N5{#I5%w7;tuktIAE`o#s#W*SN99t1Oh(yqX;gQ zvX7wIVKt}qky}aaC6@6SFclicj6_|C^p1PJ!q-sk=s^;z8+^RHnL;7FC${56Aw$VR zNhBKxtFACGh3zU3izE4yxMJYrbSGt8I|)$>eHt?2=e;!Gr>}MI8uAS z#r|SSxf5AY9_q=2qx>OE-!hbEAYbb>Gpext`9+@)Wdf%s9vP z?L8U|pOqANDeCc_dXPALOKldk0zs`9tN6UI%&A9bGF~Ud6Ti|W?EY`DsC8f zC-D>2W-|ely|MotI4Z}4hV=Ug`reTE^*KMGAONUwC*iu1zJAl? z$0d;BZK+x=R6`!Qlicy2QJj4JzfqiXGVV1VpLRmp6Iu(fLMtS41Kn)0h-?GvvlAnh zaP`)d-};5=;ijwPI`Xt*F#Ph1RH#p1m&+Ol0n2@Yqe?mOI?z>Ds<*x?5)&2}u+MV*z9^3q*B0bo)Z)(R@Pv!&fgQX* zLOQm6LVj3x-`RkS+xMx}ZS{jrm}JM!-sc95tWzDPGf;83Z^B73`$FK8LH-&4$gm_%O=ZIOq>{I6{K#0eQDN{~wo<3M^}y7{8} zNdy_~XrWVT^LLLasoIS^ezK>sI{iNg+U)0cB!{^T)j2P11hJ7y18^IYqG=*uuYo)w zysojYbXCIsUCcn%cb`I_J-aW$czTGKRM5^B*&j`tyM~^FBW_fs%;5g+7K=pqBa`Z# zvJ7&TprA;6a2Z?>K9ErDrLaMX@WwdUXKibB$uH53$|z*vl}&1AcPL6%(X9lgGb3ch z>Ma;NJUm+3i%1euQaK2y^Xlk(TJHjwh4m=(9sLu8Nxa|Un*H$E+Y+IcuNejXhK6M1 zfV>|z=#`~TA^s1X8-jX0PO5KgeEx#8_yODD;RQzf_&N3kdd+;@c>QpIgV1)c&*$~L zF+t9F1ga}~{ebU&AoeB%IZuO%rE$~4`(>#uW^h_V!xTOsAkD(-VNubi*iCFKuNB~b zE*V4eaia7AYyB6}_CJa?z{3iM4XK3k2MidZb^i}9{4YfC-{N2SFLd$0RR4Q6`Jp*) zk8S@wqRm3wzfR{+LVi?l4PQ}-2yr-1e=qiK=v)mX=MgnCi3xV@IC8TR+1s7vyQul}%8`9=^og?=7NO(edMPe1@1Qur+jPIu zGm1niBqV(!M8T*lW@3UCGdkKmHFdTIEiEk#2o!%tK;A)8##m{Jjuu>&%dzIy(P*7%N1*JU>{JD+x`8t4 z;wRgskJ+@eUrS6co_mWsI6Ox`KQKLxQ)Iy;w^S+niO^)idqFF>=uj%3Kg#umB}O7b zJ8mF}%<7%(AN&sw59!8^&CSi5PuIc)1-!3ht8jP3bp1QFd?NYpn{=WMPI2xP@)O~k+ z{%O2%LJLr#rB;;SAKo~z7s|B$NbTZ8s*aVWrOEHz?cA8diUE$=8|b_2|R|E=sNPOwDtZ8@|qUNv0BUD=YPGF-2FLY4%bMB6X6|d^@+$9t>oZLf_mfgab z_2nxm%eI{76#=VV<`)wiFp~goYq8y>Z1rkNW*;Bxr(W>)qGF}*%18c$7J_G@HNO2v z&;_bexpvv-<~IB6%4NIryXlM_RnsA4MWy1Ai99a50p!wq_W$ zs{Jugt|$7_Dc%C^mnCQpehtB2Ho;wHENGNxyW_WaC2I5k2X-1+!2Bx<>kXKqK#?9eo4^m-RhlMC>Z_{?7dmO9(kd5x&3G^BNY^o+ZLzV zKaRkkH>`%-&J^AOCRIRM9RBV#=pq5o|<~TniqzXCf&smdnDn~r2m@KXWh?mIX){>b=kG1@;ZCkWQk?0 z5S?02($OIjfS1kxby{t*QFa!$*kmK~jUaa}!_;D=o?Vv0uD#%bV5+k&dAmj@{TA5a z$*pD6`u$h|e+xP%t^KY_6u~iS6cAYLeQ&)Z#C^PWkG|-0;9P?7>Jni|VthoA8o>VO zTgpwJIh5D$a9fSMBJr&}%o#a^@4^hVExyhW?`_+6XM{tqzv>rrY3;N_!8>uOu#d|F z;UQ@vh}UE-wF`K$X7^!JPl}|>x-lg1EB{=%u9VrJ|2k3|x9&)dMS(_mb1TG_u4_7U zq*y=o%lS<7@V_P-%i#Xslz6AOmXn~3a?zURif04@)Dl;Qsqy?Lq|NvXX?w*a#jvp4 z+&r~a@MLXZyv8{SO5~13YFWSUSqgsq(EGuc6V8erM@Dw`5g#{vr_DT$$@O)?S3MOs!S&3O9gTsj{&Y(M>nRTMV-FHGs)tlfnqX=DHylDIVWyl|L|938 z%b+?eVoy2y5uCfAN8!XRhi5KprS_KYo^}leLG@Vmo{ce=;?GlD=p64nk7J+n8FIX+ zuwlKrggEo3CNn;9X*)FMwy!WfDtqobwi1#}Tv=85?Pg|Wj$?eF*(!L?C?`ih@Wj}F z^72q$0cB1B#vcg^3=}UnIinYgCiVnFA3$@>-anxEl^9c34CuJ55-gCF>sl&r;0Vfg=!Hh|P^o@!Hl1emY~`a>Lg7KPG*2eC#|YBo?|ON-=S5rsvrh>wh!JNz7Ue>>ZD| z97>t?uanbcZFsD352RIRuOx;cEs+t4oC)N~>`TfoBQ>MEdPblTX{|mZ5uI?w=4wyw zs7ophy)-A%YA%@KiB*L)NB+AsCZ&Lt)#lSZ^}Nw-$!?AjxUy{riV(j7K;LF8p*xEk zxAlsBD0MWXHpYmU^qnG;-#1L?SewHgZ|}ZnzWs9iw&3r5{6{y<1xuw*v4;g%Foj>v z*YsOPJ$d@|4?1Xs+nlGZ1S+bK0nJ`wFjI6ADL%|~A+^Q^4PDx4es`YqzeQ{u# z4AA?6K%#f3$m^YS{lg=AZD5@{2A-z^?=qwFx~`qo?>e3oY9~>+j2d2?)(#!I1&;Pk zZDhjt;o1VO4~o06uz+CqP+q@#7XuUWu;_+Ru)3aO%6J)sVSGf8z9Jsj)BVBg;*r(f zR`Ztma%RtvM_fkst|P$VKI`Y6v|p!AmlqEZydZ)l>_<3H@Mj*90I!EfLQuo&Ecww& zckn}ZU1nvPfP?ES;RtD>bm{-%oL-VjIfmMlxI z39C77Vb!BQk%#A}wG4kzX^f`y$?q@RHfm*mh}>_8J^7R0zey^YTlS?s+0cJ&aygV$ zivRQMXy)Xvq|9a`-9h>Pu(J!#QeCJKiuT|&{1JbV_h0!>wL|zg3&JZH?laLJ#T^)$ zOY1G|790U%!LRGt^W=?blsSKS{b?bh=h3FMmelS2o=TR=SnGzW7V)o{*EqnH(Ac78 z482oiJei(e025M(e&`|Gp@-YlJrO{6?PH}`%7~_57T27?%p_?jswH%Nc_+VeA4j}L zfJ3eEE4z~rK~uv{DgEC%oRk|Mt@}Z4o~guPN0MQTzNobVx^FxdCrRu%wPe@C(kb@r z&lIR)cfUMw)4AhFa>@>E+Ce|mK$kB}X$Qu1glEzo_l{}FLBU4_E5m-R$knp4Z}&2c z0CIJP4%};-t388#DCYW=j$3t)#e5PvfldN2VOYezMig6utg3Y!(*{-vG=HqIh{NY5 zRaQodITU8BHe1HHzi^Ty87=_ob{;4WtMjYEU(`r|Y>17dFL|do`nXjde4wBwYJZ+2 z(bZ#qN~9iX3LvIqil4DwkZ8NTp2YS+(X;y@`kh149!xd6x?X0gc5u+=*E+B5CW(1 zY^C7hHJB5n4=dRZLh3#VXzi}r`o}nsCy9v{ziaqpn#=BV4hVYrgpON;aAdB7VH1l| zg&NO)9mG{ z-=9Z(2&ddEno_A=O|p$&r*Z5RLBumG7mj#d^dpJ!pbvVu9ko5(Fn8Qg9|nRzx>R-kU%0s^CqH-OSjAIHH1r33$@|{cmR&1Q znweKMCXzOk`fbw5<%eOzV{UR8=z=*9`LCbI76?Z9;J32uC!0b=g*5IBqVF-E`Y!M< zd1<0Ki!v7W1OfbZiCj+uEpdoGoXD{DsGShMUL zYR8V;?x>wX`PqRY^7G}I`|HG{TWZUZD9cobI?XQ`^aciucUxr)q;5TMP`GSay2$$C zQm(|AiCxMyOZEhkdtKF`Co1l^bLtarFmwiMe=;^=nd-ugewel?yrvQzFRJk6f6O%w z+C&RNYByh$^RA3JEWvn>fMEF)a34`6LwNj869c|_R%^T0vT{9RX1&N>rZH5WZZ&glXK6xqYH=J92lLp{PR1A%y}BcBjoia`#KgO6Zr?5eIzS^uW` zU(Whl{44*>S^w{<|K(zTi+^Px?z?`m8}ti%(~KaQEB*`qQrfr{$ENW;Sg^YLIL3PA z?Z7jeGMzLx;5PPFJ+dxqRYObrtlDTw( zMLm8!79EAffASdX6yWgd>$SGZa&gDGNbMe2Rg{D23#DReyRAypJ{O68oC;z3n$Rx{)oK%YUSR+j zke|OeIXbjkfR1?ULLHa+N-r88E~tjlMvn z_!`qu2I7?}=_h`yyfgHZgS$9};|V?V!_8r-=KaRU~d8BzdRiq9|ojN_4u!_dkS(=E(hpT3qTf zAu;aOiq5bH5Y*qs?3GiMd6!DOy!qO!+cRSK1}n+Mt2@M8QxeGvT_o?my&T7iMh9_K<7E8DrWB z#8Pq4uc0->tFWcfCoIQ#NC!6h!o5Y!;IjmI!}HN+sWn!8gcEJ^5-NSF+4EbW5qnCh z6CfRELY?dP6}4CsQSph=W=w*_c>h0YE+8Mp&Ct&q6g!Pn+94Na+TuTgZ- zW&M*4ftg#C8ZQ2ehqx|PIG^z%u<&GX{f=|g6j>hAvvq%D+}rbVLM5C%Kg#~?)HefX zogao@h_!qPwnbD#c!7%)UcF0wz}&l&61QHwcCq&Q1Wr%}KBn(t+@$we%Hgg&X?4xd z9~&drj1}%U6nhcbb|7^|uOe=DCZxsjpWOwyL+S)Q`1`_!mPavcrJ}YkRvrQEtq-tQ9(lvy35=!0IcO0ysPn7aXdenz#~C^ z3411Nqp10Sf@6G);dXRi!tyDkDFPsp$#&AWa&kyW0jNq1VdKh6B&_it=@$E zoQ$F{%_tD>%CnZZQIj%L`R+{8=&-d(cLo~I=L2Zv3+9~6N+bj+!TYSBZx8u856k03Zsbc>&&#PWWzIUn>RB|96IeBDS_t2vzQa`_0;tCBwrI zKgPwS;59OO)E;|2o8t^*YG@&DT_^EMVp<8O&Ke>;B?HyTZG<14*^e42*8W0ZT@j!z z#&p*H34-x!d?qfkKU};F17r>iP!G-=AR$qZOMd#G^iFT!TU;D<9NBCIBml9Ff(TrX zG*h~o-bTfPR7Zq zT5_y>lL0dYBwaD3XueqOo5LspZQDr=A9cbD%embOvgM(RV1;*JeNz0ZmiKm|EEs%R zy?03e(d)4<)5!zHsI1+>m(q?E+r*wa(B6&Uid*vve)apwha|1DaH3I8aTBG^L7r`) zZmY2Y631b#G(EF8-(cB$diPLGeE5(k?1P$l*TX)Z- z42ST4a5}t9A4}_-Xt`&bgA?{VCmX0edslsT%(TuAm+9{edl4XOl-J`bPu{KV zD^6iEf85djVBBffJk}OZY7g{=Xtrj-*_}>&3fYVI_T|nC-hsjtTekBIcPqh@7l0{@ zJc=i@^scWyfgJew8eEtuO86xVI!v(0r{fLs2|4OP(lT?$y!&&)t}_KkwKXsQ=;22K z!w6U-{lkcQi<<#+r~0$^zxQwdy1RenKS%$oSNw0P|DJW9nXdE*&pkfCcE0oc(C#II zFQ5u{yN0hob~CB3D~Svvq?q4EOC8pG@d1M(Ullz>qtuP|Q&}B0oj|cjKS8CR)?+G! z1hqO43n8e&xvVC6L8bqPNK}k?v`r1eJ&S?CPxUqzrmtVWei9S=Qd^7;gTdhNtFO~t zqNoo!YG2{s?;FGMVs09|sHeoR+77IXwJOrBHS3$y{y^;s@0W9UL~hK8tg` ziA1)7x*QH1jy#?&l-oFd`3p7^F}BNW2V$YFxb0z)rk$vh_4X=^&-X$A28_KC+O|1g zC6{LPwDy8F1JB8*_d6zHZbH&MCbm^9M_2iKw9ttH3*1C)`29V7V*KpvX&a=T$o{a= z_+l;mGiGRLsL5XaQ#gXH+}XkKEh=JY1>8lD@c`igZo-#lr2v5k>-a(#7Imvcv`k7T zGmyg-0F!R@zQ3MT2*Sq6hVNDp?}34A{~TKLocBUkrFV}(0dPkqx*Sw&z}A5?%DUBdnPCEyk}6K z&z&1~h{psU$3T!>5zGhYz~=D*CDdFd;w7C*|XS5g0hJF@sD+vS0k8wqaf zxYD7KBDh5g4G;M&(>+L=jXxsyymT~YSxHvDpybc_ZzYv37+hOh+h7RdC_Z3utII%C_-(I*mF|=iVHXQqXWjfwDYMIsh zsQZyYDcQ9}7ZZdjSf09RF!$qSqagGyaEwbP+d$m0Pn(AP%E&tDJ;bk!JJ6*&lG3JW zXv4Xv;~hfgB6@6s8s2&Su`mjQFod>B_QEGZT^igdp=&}(YME^|Bl^eRBNDh1DdT-p zMl)^@z)aDT!d^+gH=e?=>|EOo5xX`Vy=v3=}t{-xfP|o zpN~O(j~z%7@SH;g>xf}VkG$08oA>~x%_EPFEgl`}u+H#J4xUK39@tR?@P*|*A5Yr# z>UY*|U70O5f`DgadlOz9x$tc1B}A89DK=o%H>k{yd@>0y4L!UFe=IKGPpHEL;Z6@U z+&IcD6g41_DM8T@LRJ^Zfa&wp(^p7j*pm`M{;Opj5+hJUG~cKfzk8?td;7c6`=Js& zl6o|i3G1CbW4rzIun-nltq9NDaTyI-I2vyz_2SfB6!*{`PlX6zkjlr2$$Y zT>XZp-oHfr42S_klKUhMk&I{C}%)L*(irf-Ou)| zBH{fs^D3D(E;4RF!p1WJT%P3*o?0fs@$+ZtPxpONYGq{8ePeGe?iqVND2Xz=z+@M5 z3WczNHjI{+fS$ac?@(Dd$OZUx|DY??q_6+9V;4rux!$tK7`G}s_h7W!M+sZ1(!agd z^5xm~9RQRqWYgqr0JQ`33_rVF(g{9l&s(bLX?Abm>NJ`d{K8B?v@_ZRvGc2sX%D@W z5fDtafKXXT-fdqjN&&v(C}@%w*k1sic`86n!Du-=1-`IeC+sW!j>`qeu!fQoa9`A0od`MQ(ZmLjZ{De*<4|!8TFFUKL z)TQf=k!gM(8hv}^&wOG4*L!jpBmwH!5R2|!(pnLFIRcB83Yv(tq{V_C!s+#V(zVge zFQ2KC+Zu1D&^Js{0g6WA#EamIXd}^@aGMuMJ|yZ;n>~j^gxf9M(aHDKrh7+cXAD*_ zSo{QbU+L(1JZB1M|9Og-h|eyg_#|n8{vt#yHsVVJuBP_X8xh0R4vBj?#tnD?_Zvjr z67f?dPkiKr<}t;@5EmR&QrYu{<*6L{PnbkHtpo@X+-7&&m^calJg-xE?U@#mPo>YW zD|l^-Pt$JLf1b}zM(UfV)Bvg-8ta!KXdH&p`$AM!&85Ugbh|W9AK7~RFin(c@Vz=* zY3tWd@Z+dkK4650L5FN`S zx8|e6WR365$bvdk)H9~@Ot$z)HU$H(XOVVu50RQsqr&E=>>f_@>I-U9G>Or1Bl-+M*yk z9yjOO?^H>}zs(D-*xIM&bYA@EOWBwDfi&g5m){nC9~fOI<7*v}{A|V$_}H|C60-M< zy4SSXvxv--3z=<3u*CbMht~V4^V_K;_d@0Ndiw)#c>rkreF5fexSv>qSWIfNvK$P} zdMC@Vy3Y=w9~x-_D!7Pl4^Y_}^1G%AsV=AQWGsab9t6dJ97MRt&x1TOGHb2gcle5w zARX$G)?0a^=0qLE3`@ENT{T{H4W%mCcsQI7X=c!O%_^2kGt3+jn_T)Za@_XZTkb45 z!W&a_P%Pzng0t|>b?e@VU!0QH+Iyx5m^t8X&HS_|WI6F_o9DO9f^sGG-z1fdzt~y8Fw5btf4gSPigq% z^BNjwtHj2~l^)0qWq~GqyVqoOr}ciBRF0*ylL)hqdHKp z^HStZ@sT8!U<}jaUl;)R)JZtOCtqQ+02oAVH-{%eTxlh9Z-IPk13+a$GpWjzXj)Ni zixKuPpz+C8{MoOMES+n@*$0_X9?*8DyQIlKmCoxHiF_k`Jlti!s#kLn6BCP~JFT(n zETw11H6{8XPXK{sSVCQhW5OGXCSJ{Td*GCnP2UodN%l$wyyB8;bIv{ijFw! zgt30CFcb#%sW0nM%Bldqn&jtQ!MbiJUkWp0$JY>TCPDrKUAw;CIwM6=)0vq+t@-_c zWO?%kpaEZ4baU%tLM_-Go94SOQ-8o5jK_}b<<=vC0xNwRnkA{5@Z(vXd4lOogQ)$g zCzP|Rp=#1Laz5^N8Fad{fHv1n{ zqLscRZpCkT2dGZF>V>x9=1~WydiM7AIHuaQJB&V=pJx;4cCqB%-g~k^B;G24IC8*A z(k0VIu6o}U5f}u;DXYTEmp#b=zM^2MN5A{LGQct2u6l7S{7L|TE8w?J2V9!oT?Wzr6Lg`Bz@isB(P>kyLDh*%^C#)czU9i$)*F z&hFt*tdDLuzZ@HNj69o%0h~dtT`oe41m_dssdQ7J5qGIKQ@|TG(|)+uGXVgU{*K7R zcG8Jhr<-Xr{+B$BzsBM_nkwf`=Ndco^H+{a zdN*J=-dO@pF^)FT?bKmZ^K*00<539dTwOLV$d=vPg4q>pZ;zNT4xZb@zU+R)^q& zkPl$SRyi(->0*`HpWuqZ%j2&4DEHLU{WVekl{DrnAN6-8$g9YOcO9+aX4;7}VL&Qg zR(AH(iUs!B_2noW9KgfT+;HeX(CwGUJmvfeCZ~?85vL{RaqaRCiKKAp2CYTqKN)-F zi`r35E-Zc1+e*^Iw&eDr?1=*ldIGcS@}F5Uwd|ZAK~yq^1!3BTJWt%OT;ISfJJ+a6 z#3~=gW03_Y{&UhdV^$pq(wP~g+y7|Z$KD5E&9ph2AuT(oB+Em@_0#yF82HbKFZb8f z@A>^Cs^%DElu)%@JtHL{HiJ^nWK;5!E6)Z28zR@gOlRaQF-$bxkK zhN{s}d_ERiV_~05`f>@IiU<%o%+4>McGV+&cR5sHl|xZ;)BO96*~&Rv<59wtWS+Zf^b3KuQVi^U#7Q^Lo0y2gHn|8RM?aCYGE zmKwC3>Tx2HyPljUYoJOGt;l-&GRc~`pE#p;HmQDC{OdK9hGuzeV1Kv8$k=x0ulo+e zbqaU`99s_#MTG0jB(Awwfx_h7nadNYrG%TlPJLsls!3O9{yEsys@sZ%!#Ou;@F#{U zYHhTh!!K{+vj!gKc%2pUWQ=7jxmxq{@KE5q-BA8dr7Gt;rMmdrUT7@O#e>wavt-bB zUe_k;*~O`7`?xWuhsg9aU(`%m7#4EC9q`^t2}#IHTeCqPiyVK6z2KH}CuMDcu?sh? z{jl1wR?W@IQZT;wI_-A-c0Osgdz70{2~+>)z%%j6MIXYW6~*P*pc`&kT}R<`Gx@%v zj{hy1IDtJDc<9fiRb*a&E@$>sGUU^fQup7v#|XNmXO#e4jrBrPLj#Y=3Hv(rPbjJU zM61&+V3&2c0_r5c5b5#hL|oW}h27cwwuZ}!T%4`#QvVlfl?V~R{%t2W6WiS-Qw+Zg z!alr0K8+1slxz={qi^8vqG<@7y3Du2jF0xC-CK23Vna{u%L~C4xhO9bjmcA^e9TonoTy1?> zp+Qp&ZT-eq1rZUGD&2uO&x~+2{jT?g+??b>@{c;6AJgPf7W{uC6BmO*8lBek0;~$|oWp7r|d+NjW(+bwl-HRA<{m z^)2vZgstj}n@<(=v^cz*VqdCx8Qh)(UQ1cs;{(3$eSgxiyU?HWt~ZzXH$uH^x*`J2 z#*lNr;T98@0F^75G8m-KjS!P%g|;uv_Qsigijk;_Nc$If=rZ<_qSk2^^;uQ3Zvl@i zQk3LuLY%TDxrEJYN3W<7<6J(gS1-&60akkM8{3*LpzL!jUFTTx2Qz!8K&N|h&2*T? znHrtS*Hv~Ly^G)RRPXH`7j#tIynIQJp5atuI6D!u&q^ond>AT z-1=Sztz*Cb2i1?0vB$v)wqZ(F72qGm`1tL_3p@wAxoGEg7AjcKmoKYVvYqnf3HarBUH1of?Cn<(LK2Ip%^vp_ui zaJ|lfB77rV!Y47eNyF06Wo=XnE}S4aQ~)MRXp(&El~~Z)^6FbSSUw^h7NX;hq^gV& z93Q=-h|r&yFz= zgYY`P3;QUzH}kDrQM5tiJT~tOHmUw3pP;6yK-}Ak#o=ek;Mefe+;>334@!i9X7RDv zMDFoXm!8-N22^o}-ZgcxyH6r1kfJVy(wvI-z5Ovd5 zwo{#*w8d|Vm-q$?gFoBql7ES0S}uIoxm9bgtSq#(MR1_{+ityT*?Gp-NaxA#G;dM7 zW|%O`!LW^`q_Ut+kBbv1g%QcLEd~@Z3U)vDI8OI>hlQOVjnWV{N?wO)RT1|>T`#_8 zS_Af$2jmt%%sehbQi=vs>g#pyj8T5&#UQe%VUzeepr+MB#tUxshdPp1?%%2pFtcre z=VL2cyRV(vvMyiaTh**)W5I(pg9ovx}f|u7mMEn zt~6S@1~Xu29dGy8g`})xIKw7ZS7PQpP&)HAhgiZ*fOuJPN=FKkn)6lh9WuYFFv`ME zg!ab}g$Gitzb4{~$XzgOWqsnRnKf;c&wJAMYKKOyI1MU}IG=R1Jwx)s7}`Mxld&}9#HUyhk82ra(Oko{~C zX#r9q&u#FkG4R47u3Ta%Pcvfqk!9@5O1kp@9ZaG}fy_Cf8qEBe+1-$mE_G5jHOIioLmZh`k%>aTAZszcQeun1n|tjbR; zyKava(oc=)n6~(o(x~#BI%3)YfZEH(m=bCdqviQ6pzeLECRdG0?_q%-AAWEmC*E^W ze2nPphR(NmN~kW$unh&4`QKl`K{ek%Fs8jjgre;$c0fd{yFM|w)G#+@sVuJ=i z@dA*DGa6!}qg!zJtyEv?{E%Y&!h33rSC%oVZF~s49e`8eJv9<0KNAYQ#;RmmJLjqk zG(c##SUNA2bmeGCfUMw`By~qDjN+r5=3){BuN5j=kU5U!(dPd9E{+q#>mnND7!%L| zlnSr^Xdw@O_G5v}kK30~A`Yr@^Rn8jawj?4sLH8v29S90Eeck^QLRTZ8zxgIhF-jJ zulp`==LqAKo;8|+r=|wEt|z$G5I1YdY`m>3$Lq4Zm>t16ixnFPI$|9fiRqtA!p=_J zWkSR<5A2q#%1HkZizHAsa%@T$C1`4NmEWI>j@MIm$NR+dv1XKOt}~iWOHR$3v3tt+nchc z6Co-qQ?SQ2-l93K-PE)PxXb+C3>-PG9p5=z2l?TmGXe`2RvjI(;A4a5&##A3^Wxm? zxZ*&xU)-Plfljzk7o0~Q1GdJk5H6m>@K5qsNTih7E5|;0=Z=L<1SPG&hA^Yp??CzL zRjVpjbx(6rSr!NvEMaA3HC2AzoCajVZK~fXPBCZmYir*e_;Fmzm@9WO9P0f2;2>cS z^b;(K+-5wW@DEP5#Ko*|0JPE+oQh*BM#b;g>Ho%;&vAb?rEp+kf2o9h Fe*@w@>7W1r literal 0 HcmV?d00001 diff --git a/static/img/install-rancher-prime-configuration.png b/static/img/install-rancher-prime-configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..d4fee301354b4e15ba4f6902f750faeec72a269c GIT binary patch literal 22964 zcmdRWbx>Si(k=OC|EiuC}`{taFAb& zmY4V;2LyX*Ehi`_)c(I8=wy0S0w^d_C>e1PHFy2fbvNfv^L>L?7j}qb!T6=p@hQKp zrHjEI-l=7fl6D}>eB~q8{PIOyErLU$ARr)4RLjT)p=n(11|28AlPb&Yl zR}pPN*gs9-tMos8&@=Pm{^>)`B|#?fPbZrQ(TIQgEPeX_^F|(mq7g^9?ArI!TbUh{ z+RTYV)%H#fQnDT?1t%n|3rPD^VZskI`Pz%!Z6*%hPZc|-8Q8O zULUEHz}ybmh?r0J4FsVUNfw?nbl5cNQ$nT+%@C+}`Ak`Ds)@Do;)%x&hdjt(GOm;I zgDLQj77epydD$DmAVbnGtSCC*qz0|aKy7&$n$O~f%wus+SfDi*Vp5sJNo*UY8tK`~ z{2T0f7K-UXKZ#cT5tKO)e>klR2IzLI)P(P0UtgNpe9dma<+Key`hepT8%cZ`tU~#+eTp5m(VUxLQV>|Uu3x>!0 zVs57`qiTI>a`HFRg^A`vCWS31v)j9Y^E*>iCZee{=yivQrm)H!*M)DnIb=kp8Q`KQ zmxr=$ChlaN_o{1DIo6@v)y}ubk5X&hE+gh@vS7gDf}+6?81~*!$(Hxvv6_039_o%y&y;&xY&@}~Ltl*a-e{Aoy z!R)#+KeO{cF}kvKX&0Mb?%kY#mF_e}pEM^H{Gsxkq_RB;>?hnwl8v$RzQyXfal?+$ zx6J(&z^OpS7yPctsN-+B&QRVxt=j5X0P@)qE$<}@j(C)!x?@%5Q|Pueg$F}b)sxby ztfVPwcvS|RSMBbg8j{(GbDRS=Mv$;6ac7PfghJ@DWdD}yJsR)1j}Z< zZao*Clcfv0&FvAu$%d4RtAHAdIJ6c*Xa)|(Pf`=mKZ9)fWKxaZORtBp9+XR;oMT;J zX;#*iPI>QSkNz%g;AR4+P_|9<==nLVPUqSIZhz(wXj(PfmydpYUBMIC@!}=uqYFkV zJ|i-U)w#hgXN1xF`GdZAIUfAf`qOivaqXc3w6d?2&QjRxKGO+n8*E9V5|PT5(mZaf z%?HwE9Q2A`tLzxs>?o@=WWPYOY-P}4TISSZnecJN=Bfi|bUI=<#$T#u`4~-0?-N)Z zNXU>}9S?Ts8egz`MV!<>f1?}e+c9`P*OK2Pj#drMi8{;V`vJwXwUfan&6>kb(3!7v zjenoaq*&tkeeU8CFA{Bt63x$Z=EP+CIKVZjL?Gb|0Xr|%wJ6CPK`6^Dod9hdkIjMX zRHqdlUZqma5+=}#)p#2hADdY=Iet~<9Y(KEPnE^h(*|0R58!LD=GWtx^;iTJ3B`QN zEAo3k5I?;zP_}Re3%8mqr=6AA8W-2d?GOyN+nptQsuqODJ)PR@Z0sik z9|n9%=JWD;q^uY>X0GnMqbW4eSki93FtDh6e0l`s>bN?NUI`z71EwK)02}*^4(9Yb zMuxqoummv2fvDt^JB`Fbs=|8{KzRHfoLzU7p-M*?-YqooQpAaS6X{d721ZlVGKZ=% z%vSY;BGM-0_L*3MvfF|Nunt4MTOCHkNj5^+vt~KX3h3w$KzB{+^I#TWI@f8*%EUxR z{g&L{#^_@yxqjO}1`-Du+Z`J9k^SSddMNPFPv!4%E>!bX6jtQdBnFG}@ziEt$TWf! zvX&YHky1F4P)fxrrOy4+<;Y+ymv42rHg0|xE_Qm)l_Q_#^cCBB*8J&|VUP999&b*1 z@$cyf95y%aE-`TmiNcjF1687(YKZouIbR5cyQDfQm+84_zfaR*yTeHUl=_W`+T2qP zo_Qp~o#|}n_Ccf&<=SA9wNLGd!u_4*{q-bm4NT7^Nid@P6D6?i8%5}}wC4pEvQNK| z;}cZks!#WCk5K!vr3~T@er5J2UUl!;c-LLm^~E^uT%GQI;hCAOM29GwuVDl_zI%zl zUX^SO<{YYR>S9qE*4Nl~r5q(P3kCGFx~nW%t`v7F%};8gT;)bqLxe#-Gl3~u zsrS)kOAg?XfjYMV{Ja-@WzNJ~^a$fA?z5vNE=)!m2IKXWmK$dD9vr=)+LsstEEw63 z9ZvLbX;2K}K&1URqUQz|ph|a>uHoXHv;eI4utmqwn+(jG{Du5UP3YC1XF)$3&7t0K zqLMhe{XK3cvnxW>Z-isH1cx(~)mPI)d&)Bi>F&-rL!geS!#YvTE)aYM50m+yLqGe0 z9r1=~!*b%&Sk;Y%@ul``1>w#qg25re!#&%GuwlPGB$9I%{sMSYb^igQ!MIAEiIBPN ziX@~N*Y_4&Mt?d+zv*1Mz82aDehh9A_hib6>}3Vwjdt!UdIs{RpI}Run!9Xs`Yt+m zuB!XTVxv*tM;8#Lw5aHH_ZI%XUUR0GZc*_V&cbGU5^Upr|Hh2qm9|t)jR_sd%3hd> zYVO$-;!X`{;KsHYn|nC2m+PDZ(0Eb)B$+h7*tkxU>q>7&hg}X7Hq{)%;4z@yT%Iq- zZ%NJeGPcO3Vf3505BZilqq<+$;yp_$r4rbM`08R^aY7^vX;oxJEl;f`x7C(QEkL@0&6?A~;M zD$Bd|_g4I_qkNYBB|;#!UZHXybbVP$;#e8Y)x=sS^5t_fLJv@r%9ULsuhM|EIgTQ9 zH4x?MQ<2#7quz(qnQz87H&^dk2>ihaql@W3ltj~o-ag(6gXAlp(-uo|gi(%jOpfk_ zTe5~?x7|hFjzM6sNM`bAPDh9>({Vq1>Nw@K%X18m;P~Ym*OItsJOT(0xuBeoVU;Lap~SW; z&+eUi+NGOwU=wy_&Tv+Z8tiQ5v>KfAVAovjL>8fwndubB9=iFVPYtWaQhgnZmfq!s zGbE2i_xdXp#4Gb)(`z)y>c+_zl_60Up_MR+M8lODKA|)pEcg~iv$ArhcoUf;{R-hWfkx@u`AYcb zNcb9WHvrrd+}4A~2mZ+nx|AnW{ytO{hGy&`Zs2Y;oj-;{+p;SU$!lP(&}x}{)57(x z($E#r4ZNVWsVv_i`@)t2)U`*qsCWF}4dQ42OlX!|qeqI^5yKUaPd%*FIGgW^1iqkV za9){?4*L))AQuHB64+Uuu`cm$Wib)ixyr11-#7@#OU07Y5n!UnFRme>(OJSgQY&P| zc8vrFTBmW9vR1?@8Jnf<@E9H}2wQ7bb0l?0DPrJxL=3Zse`?1>D7=ag?jYIiqoy$Y(uRGixBiqo?&f(yx6hGf!7lq-<*p*u(5 z{WTSu7Fz;c89!=TSaf)wP3vfm;9*VkLZM;Bo<9i6E5bch={&iXVoImQVT;FswW%hJ z$$qOFYrN(sa)oxp&k_x%=I((u_C+FEZC28U((67Rj1Prz|; z9q1zZ;MQ6OR`>_gFWjA)UctJzQtTemSZu;~`>amB1EP)ntr(hJa9YH-_u*~noV-z) z5<*4?)oAWxsFza{(Sgxv0;Wt)o9AL9Pa7z3Sy@@#j>#vB7u{m;LErZuHwnWywzqVG zBhKmgtw`%)g>&vsmc8yj)D#3I4Yezd%mjqWFUk+8<~)X@U*7cpD_ z`^ARcCC*gss_Q>`HoQaPE^w+1rwn7HBpnZIKAFk6+6@U?>V8GU9J-VEXgnV5M-}Vk zb|$C#ZWENA&h^DRc&RSy_Dc`DwuPWZTmsWNL@KL%N+H9)bNsQHVe#&D zR0CkUty#X?p&__U@+w3)mLqn1iRTB*?q6+kaE$FeJy2SYfD0*Kk<=ZK#dQs?-q6gR z#v(plWG7mk`uQi{=A}DS3oP4$Y23?v%r%JUd*8(wU%_8F{dv_;6uehFT90p{FBnc# ztl*xrIVj{NymH{t58c`kqI806Xe{srW_odFS=$sd#=ob9FZYEv$v-q}GF-~F4(v+T z3Qq~21iuu&TKCaSm?_s;9;%K1aQSrzM*SjeYiUF^OUNYyS8Ux&OsGQ8Fq51dw0YGl zCVMI4Vy)jZzrdr)D|HC7k~^tY)Mx_)_-66)MPpi`7gcewlP4E&SgBP4*tXQ<_pFx&Lg zM7E6tihtwtj)?X`jgt%RqSd1B{crp_x}zqKC^RMx1E_o=NmA1vqxpd1Vuw(EHwJ@? zFrVX4b}H=`q2GOt);&f&$M?AQjxH@=AsL=wFbUUgTirv+YPrw__qg1O;O1|)h1)rL z!LNBE?|204r4#N(!&q-UEaW?s&{i*ShPE;iVS*#KHQjMrc7*pjzUFHkai*-KqZqIn z*B0cj#CdpoZ+29mEb*H6LesPdmKrSjVXYd|8|ZeTr><=zuq_R3L)jFD^kcu;2Y zMFlnfaH%#XPV67O_C6M?VuM1R)YmH-9+HJ}QjpPIj2|xSqWh&a5tP3OT0l5;suIpgv&W73y{&|v8r7rw{ zv4ctMz_c8{S@+R$+T-Q#bB(t@MepmDdeDvs$t+?cg6p0~6*J@dBK!F&qc|+j z-p?=RJTci3WUBWTF0{$EKCOB?f}@w`5u-y<-Y#;&4MNeSn9L+F^Ice{V0Ro`)A)IF zTifpWc}RXwxbw){WY+RoPumhz-Iz|8cgl;+`gKw+ixLlYijIyJdQQrglGOB3HY5k| zS-Pk{vwvOC0T~zBf5iKO@LviS9QsM_MnaKLc=9UWug+y;@g}!DR@Wtv_Q-%#Y!KO= zD?p5U+@N#hH9b+wm8tL+Yoc*^v(9GmE0b>c&fca}v(2dNT{#+;yDoiWo@ETn;0^v% zY2abA;}vDw+jI2qx^P`h?rc2kJ4evWHzwlMsVnO{lc{aHj_}mJ5=z_Fd2-b?#m=`! zB_@dH=FNwmopxc^sLy>dtiyYpSlQ$E5@f`I(P_&2HS2+WYo{2?>}RrY1H@Y~gz5sg zXSC6_eEfY%1j37D&DYThdA+1Z^35J?_MJH5*zI2@4k$L3`mWtTYqLBBbaG8lrVQhw zOAW-lt9D+d8=pMqAE zdYc+uGXyVrCNbmmz1?oVN z_-%w3F=>1tnoYw8HsuZZE8)#m5mW?}&X^q_jNegNE|B>nFRHWF&r3yRb7dZF-sG(h z-}di)$lK+A$X)+MCFc2=vs?sw%)$5d7c50r?&#k3*&mMUIUhHXI%du9j_C|pI&3lF zW88IACTy@YcAhsMGff7a(?=|T+cx(q3ul7ejqmgCjYbBZdc#G&v2*;N8)XUiRqlyh!p(J#w#`TNsrZx-_bTmR_=H_XKFPB$0NH8 z9>2R+(~EZunzpbwk@n%7ZadFWk-u#WpP~b5o>f3k!!;Z(*3GpZqi8l$slBT}@E^1q%3PEA(Uy=rieT>m{UL9oDOqHro{u}JPcJKL!N?cMLjuBRo<1Vd z*KvI6=k^zU`}Z>@jx=WjT}zIajf5wXkVUhu7~hg+A9O`ZmD)(r!Xg#k88SR#d2DK}^qPu-;IMY1 zSI&r3wZX2QF+0TCx@&utQOkm@nm?J1*hF>_?a%8Ov}`*dm-}tM>_D>sc2nskC`1Bd znbQqsw-e9}J@nkZ{}@*p5h|_INTW*aTqK*q{`_$EA;ga}yW!9YQ~7*TX{}*QBT`#} zK{q-g-+i5Lt>agYd$e`acv}9O+43C8!%?x9AG_+tXe9?&>M2Bq)nnrb+~5#O|Hg=>6x^FP^>|#GA-(EOmYw zaFb#EO$sc$xtB(GwVetVzAht9=Qy5C$K8K^pK@60-gIt21$r^^xgqXN@VBM$dvNJ6 z3l(htQOVJt^(}BywqvTu>P-bG8s5$aa1h_ICkit>hZ);iBR4;|{*1hMZ{~AFUo0=V zVFTjabOCQI?V+~owcua4;z_0Hks%h!@mAk`D$_}H9wPTRIn$=xtlJd{8K1+wgAIJH zWGyy_Embd(YMV-N*kz3Ma%#;Q-2$9r?4I=DkXdus4KEH zA@jp=$IU$I_x_dNHPY^UQ8tJg!ZQzOY*fX?U)hnd$K>##n8>HZdsBX@0r_*Ivavy4 zi@j5ohmsI#Z;xuakS<;$jOu`o`@Ajpj8in#hBPAT6MecA^k3>v9|eNIfT#n=TzieKqvQR7zp1wjHF(tewNA=A@YAj z!~Sto(Z~GyHC3y_kt#kuo{;a;_s~$9^Yioj2l%b+BTGF!@mHw>q&iE?`gF;Yu3cO1 zlfu8l=u(#U7^##X+*#@!NO~&hy3H$Ybe|UG3J#tjZ6>=7B-lAUmAA2BXmdL=InP>l z_w<~pe|TCb3;)XuFBRZ$t&P=R&>wq3(%kLy0sZSyCFsMyClJ(;^nq90KUL(SY3wzaMHm?Q_&vS~#6m|~E4M7W5wcM^?o3Vn z!PO1^0$^^Z=giw|?^}Z-{m$6;8J)uhl|9tC$fs;@u3|dQw~J(3ag>XZdx_tTrQ+n> z*2!5guz_ow$3#}&;$ZY{#2KkF3h2RH>c}n~U!}Tui2uy~2CFueetpe7m!pN}7<;nCi}oJKF)XB*M9f_ZmRa zE})38whS`w&iCvpF;OJU=Yfex>WCjTlhv|d6gH; zAx*q-ONkOdP;0f1cw!X4sLYYMsQY6(39CGJHeS?~x^i<;qOK-Vi=Z<(*?83PvW!{N zlUqKGr_K&ZktAwA6z^J-g)5E%5M_8o#cr^(G^KaM#{C^`_l?r#gll2qJlYRiY^D@} zU#t2vyPkO^m3QA1hZ!_Q(J3i03qXJJhhkz2F~|2f##PN*Jt8KBKLbfVbRC0cOciJY zzb#SA78HscxK3h?G0htZ$u^~S9}Mp>inux_<|-NQnL6KZ%4ZI=Z^D5V2B+?QuWbn< zxbh5N*BNwN;tR}8cg8^jgm<2?t-LBg?wprIzTeiSl0sRn845a$)kcoS3{GvcZ{WI- z6PWNeEv)UnRKId_8DVC-P#?wAnqq`!BfM=Lv4;vJeb>qrC8JWt$gnU0xrNOLF4CM? z>!I1*_0o6up1Zq%#09ZKO!RE;;NKVu{m*3esHO7$ZXVBpa5ay|jOsTf@^y5f;rg?= zvO>_#uV(_`IA*h@x?Y_Cwv-K`mEUIILq|CV*o6Gk1Z5@8%(-=6k7&+qE>NYD*RF0DATA zRepcZ>@KQjP@h<$TqU=?^r7T<%k^HVc6yLb)9}H!jn)-oqKL2`^2@ag188TgSC==G zY@j5Un&FcnqXOwbFkNcT2TA^@f}hU$XdlLHhoWbtc+hjh3Ga$|9k}*8EGdnX&E9qG zzw=L&qH1R++TUWuq&(eO)G98S0kYg874@OQDlSJVlRANOU+lbbT2HZ`|&@lw$d>NQvkbxJ-yWXDcl&Mwy0$$G+>u%h?rmHRyiIE(ROTM>aRzA zEVhCTyJu8ifPLUfhj5W&Wj!v-j`k0s4s9H>sTt0-GiTO=pJs`pCQY#UdJKkLRo(j? zLf*=36s}A0otmnxT{<7y)H1Ol+;)l$LxE;9)+_H>$a#@{EG1c+ty{=Tb>us!F_b*^_K8ct;>Si)SXC>4*{Hb_Ps&U{^_t0$5RJBvU@#t% z?@y;e;XjKuv_n=g2Sd4sS5F$ggs&h1b^Ru&E5fw3^w*y)N1Q-R9d5?F3xYCSmQ%Dm zVzwgw*8>GtAFhxcJ^pQWPfCbEcl6%III)VwA|SBVd)K|)7g`<(W$!j+q(=#QWG$eQ zOL1Pa&CHyvJC9VKE1&V76dPnWAAru2rTEv;VW>R`z1yZ{N6}w4uuyO;b^gi@R z50-1$w>NRpLo!%d7lLT;Qm4_C%`HVqOS^w8C|Oz2k>G0Q+*7;j{A!gP64yjvy zguJ$JheYGKet|0h*CF9H*sT~~B;1~-8xg+7qq^HVW zSC2p0w-a99F*jsDdLo%zkt%N>^iCh{C%zl~;31ZR32Dip$SmH}54^-gG{h#PVh2&p zYR4nT2reWbykvnr`rDY-sx=t*rUQ*A&BoAPjfI55Z8d@NRzBp(^Jad%z42x7;T(`R zgRZb!4!>4p-0k^!0bhuu#!QQLSSxODI(K4UR{F2V)C&|eOvv^a)VENI=xHH`J!CeV z-cj@GiY?L~)wFT?bjXzE&c2xmMxm%4yQ1bD*9dF1>tXVv@5IL%E(}*FQ7HOaO79@DwV*h9giyrIf9vt(7p%ANvl|0F=y^E3f-A72HCN{3#}xz>Zmg zfv}Pq+`1~A?I@@`Jk$wk7Ba1(9xpIRt@ktlPR7_N{zM*=hy$~m>xa+a%S%eo-0b_< zU%$qVW#Zo`ue164SNV5$ETGQqk7GAKv|Tl$MXP0bTi}|QjNoimZ`%-J%Zul(^!3Oo zc`B{O7i$wCo%_W*N>Y1jNvsuGuoAh4VHhRhegzRy!yVr(wey*bh}{ zBg9M+4<#7aXtFrCfYpkEbY;)cF(8wBM|_uj^NgD%ow`iq2A=aflF6*a8H_R+vDwny zTUHZ+mdBZNoE9QjX2<`|u~)eecon%&XYZ~Rr8Ta|>3>~8rI?SuE0qCQkGl9wh< z4FpVD&6Qi~F@RQ_5G|B0*!-?60}V2oPW#=y4qT3c>Mvx>Ki_2Z+E-zE&(@O*b$;jg zBN$83l>01VoLWT%h$$H?lwtg(`xC}DdDHZ=mfZk+iH3JQpfLV;=cS%4{c;4pSnBwe z>$$9GzYZ2GHIwxvyrx@t<%!Sjn=~e8+!xB}{cw>OWv!1u0`LnE(vHvxy}(l+dqMAO zifUipbL#vMVQ4k>#T(Xo_CZ7Hn1eQ|BRlY*5VGl=u0%t<1mnqIlQ$|x`+w%Ash=Zh zC%X)}??QD&Jw-45`1-E-`_T<5mqb@^m6TbnXG*?uQErR-s{APKQGeYKZ=wNpQx7QU zof+AyqJXO+6AvErtOVCq&$Xje^IqT8!cFeYzUqd_Y1va=+e^)Ka*-+U>}- zZs+h=6608DGQDPl<9kl4g;t#nzb%>)tDd52WpX8nnMS?Pr%?%ge%Bmlo!X;Uwjmgf z=Vv$kBBm4ji;gXJ6WB2oMo$9*OOSHMqDd*ZRU>K7$LzHIO-d!(O36U#EXi*=UVn}&@pOnp78UkI0Ho6ztg!(Hit6X>b{;v z%$OST=&8J(-BW+_lFze>O$vCzs}sI&uO1T_AXfe5?v}k8gqAK-#O)|xrWg&G$hXbi z)hp(#?@`}ESqhbW8_^J`e-DL5^aL(x+mmjBuX?aZ4?bQ$&h>4s#*U&$I@W?{JvE%( zN10SyL8HjCTb^np3yoC@7`E37Qt90NJQ%3*s1h;OZhXn|dGH>7dsD!KRJ-ctdHOFHT&{(3kbo8k zE>fb4=9zEl6ZYti1d@Y;L(ej=WyaTN)LC0*Q)>NJs#m zLlB&_7*$utPMnjoFz`=QToq-`PYo$BgtR@s0!XDV*VN)vY%;xQ`QHonc(q%|-$A0* zlN}sU%tML2;8M?-^L};*YVHI`u`s+Bwo_N`KN4o z_!{$HQg96|PN50EeSyf=Yfz)fun_!@7@*T&AR-kXUr0uSl@4<)FTF<4*6}e&B_JZi z>z@F(oiwwr4-oDT1Bu(uQWtjf|1JN&gLCT1$YJ^k8!o5aK@`{XrAdI-ojqtz#>m*% z-qn>1xY3^USuewJze74#NKi7ratt!Gc0@=S_Fl3{jb>P6q%n9hJ1B_ZaHcSlhlj@q z2$X8QIjTvU$l`Gb@O$MQ54k-l(Q89B9ZjaNU8%=KhC7+~J2VtX-FCc&imonUnMQ@d zQ3938a2h%gNHUrX&inEmrn$Kl1CwZCI$vtJ#h4$S0+r3@QLR!pI?pp&n}?rY2dD^H zKASMnQKXMpF6s018W?zZBR|E^-QC@H&d+0V{hJ((M%QS!+*@lZr`2kLkj~z+dva0r695S%AEl#=7T3NauWANd z_}NHIE^g5)lI`>Av|Es6_KI45T#I|`L2+<(rRL&FS#NV?bDOjg5EQgrdGi67ZrGV~{mCfJibTlIo z;g0QL^hIX-Y*!3@id?tVIUaIChxsqwry5wB{Bkxem$uo_Z$1BXDViJE(?E>5=%+~a z%n{?5&NyO9f#lb)L>*s;<>@R>DCA`GsP)n zVsNEu6_T$o?<;URzT73*tVAYgHaiS@E|;AJ-xg4^8r0YIO_DKc$+gQJNO(s6NC0w?0nBx(@KT(@9!52 zCjNYL3k_UHJyLuq+STN<{iw%R|5Ku`mBRu|buvk{vAU;+V1uU~{-frJl`3^DT(|H3 zJo?vx2J{7@?;J^E3;}l7%M*7*ypVBrGbW56m1CGY9xeY|4M~?uO zCpkdv>gLvxFt?0x^+%^Z(P>51KRS0PS(W7`28o99Hwb%?$7brWM`IB-#_3HPsmKU8 z4~OM1s^Ibd!9i^tX#4w1vJ-Nswe>npobX`^9{x51*39tmm{$!EDr!Fbx{;vidmH$) zztwK4A;@^;k$ZR^KLzPh{!ls79f`yn?f+W7V16E)$g66ihwFB>AiI7o`I73}FtTgX zomNT7h>vr4`KX}FMNofi()J$> zSY2vW^5_kZ&|^+3?Z2i0o#5(A-OEE=AFl=}iO+iE8hr>G*C`x!cN!~udM$@RZxNBr zYR+@hHM8sMMtbiE1v>*b(4Kyt(rY%HB8#Q72f}-UIgm|;vvShd&718wMK&Fc-|q@N zMb-jBtDhH39z=z_OY!NL+8TYt>lcGZLlF)E&wz3hgVqLO=;Nv$lnv{B|$# zf&_zpeH=dLya9%X_Wr0>Jf}4mswAPwNebgaB#9N|Kp4d%y->dVdaKv-7c>lb>Ylu| zupRtTdSe3CdhTiV0=27|)iX2ftkZ5@%$U}o$K9G8?Kuslb}lN7g&Kk`4o-Jl5#$%a zpzFo!u#)MpFHJ)epK2(86_QB;Ji$}Gg555dnizRJ)!=tcm>2d#r~Z+3um)t*M#M-> zG{QOi)bM>xPJ9bN(~QifvirT;iiF_1gR9XbMmZasQ&_jNW8urhr`HZThNNND_`g5d$0%2d$((+U))T2cY~V{+?c#8L zKS;iF8c2!>nD=BW@spUr+j6K=i2`yRj9p;dgUWK|h}@9GR-!(60(mg`7k}zBDZ{yV zWV&e8CA54&8BI~>gM-3oX}+Rw1@noN2h!s?dd<4H%OSo-J~aLXtA9147usnt#2X-fqV%q!&4cenfmC6bj)%82D>0(7W`23dk15y7)@GKqt2N*sV zFZ(wb{C^z`FXchlCmU3>CMJj-ia+fC&tSNb(p!~wdYW~v{M)K$JOp0~(ERsccw&{1 zxYGaciW}p1Xf}IelqK)AeFyWR17(>gJ}v@)}&B0ZAc2U|>HI!MW)Q7|SKXL%Dx8 zFi#@#Yo`i@(5of9#>4_AK*LN?2`DO~gcjlMsZ#Ea2NSTu;@Cr$2M7g}%6u@F9^mut zm@?^j=YOBco%rSzX^kFwLI1>kFqy8PHfI_VOBf76f{;fop&-C{m*nH{Wqd9=CPCjE ziC?uggl>flAB&lx018+4gw+AOdAd$CdC}Lw%in^t88oD&@#M!&lrAxJ0H~v%_6+A_ zKTN%&cE8l#slX95M}?;Nuk`(2U`(54Mf%)5I%hhif2qh7Wti?;6u8eI{8-9j+cMn~fU9R*r zc7;MsnBjcQ-#HE6>=|7Sx8#-@A=bff8VQw-Zl|T%lDI6NUR9Ws2o8#&pIB=&4fXcd z&P8CX8|f{7l;Ob0s@r1i+R_-am^QlFG`uj7q_lH3Tju8>tKq>Z^I6Hv1NUThuF@hD z@bfJ|B8w^`>_Nh7#GeJ;`JP+H3aG(IRMr+F(00jJlf5rK7cs60K^K%qj zg;no?Z~kMw=8#b6Qqq!ds&+!VG(1Xgk&6wUV$__KR^DG1?t9PJ5t_pY8*dLX+8{h- zLrdJTnyP5C-PfA`u5NDy)ABJ!;9;k`4IY{QG}6J zhCMmXV~iJyOQ;w2QgN=$FtB%IG#*s_1?P;6Hs`37d6EDt*N2b8 zZLc2pVRNz*#@B&NhG&D(3?A2H_>cF~zB8YN@Yeii+>}giLmK*T%QH67&9%CAKCGKD zn9dKyI+jV{n~%AeJ)6^Owi$A=^AVa4%8^{JwsiSsu$Mo0lDNG-5t;e2q(0O=?zjVS z6Bo_*xM_3xQhM*+6t~VMT#jaH$f#IMity~bY~TPD%hEe}(`tYh@>z}S_cIR%$zK^N z1QJ@xxT+l{%mpy@@Z?x;F`635N}ts+n)csEuaRh6XI~k=Jt`Cske2Jmvfg| z`GG&p&#QEn9R?9_YwzrK4^6l-nEzrv=Z|*(Qg#ynlE0#BoN*r${C1oEL9& zq@6C4jij8t_SIC8i?hL)#H7O9g!@<#fz3A7{c?YEs0w0&K|$Wg@Xdrk<3*T*GgQN2 zcCboSJ-nvu*Xv4j0esgmW}J)9k0|T2m`YCwcNc<^MKwDbhw7zXZCszb-G5ihkz}M^ zL!r?VFMQ#;Y|+>wAS=r-X0Yf zwr5=#Hj*ustH_B5<|{<%V`xX*!ue}9tZqrVZDqo3M&5bNcs8mV~BinbnV--A<{!SF?~_?9nR$b_fkYz(9+Z-m2V3opw6a>0DWT z9_=cUDurPa(9Oo0UwE5L+)W%2$|?gskiKt2DspBru}JEyD7@ha_jYpBi(djLv9MsxPTK2m{;i zj-;rAEkn`ejVGe;`AmSvmrE|SOA1is9)gxT;VX4@o8Tsn>F5c2vQS}S{JJok&R?7wOoDGf`Y*})~S)0>PWjf^5 z1?<4f%*@e)^jS^yM*j6cK{^K=2E8&Gmb3Y)<;?AOi31m9MQp}Sq=Lr49z;#=7usas zI9M7Yo>SM;&`x8883e~@9B7e=mWF`r^73|GoXwfeCBMzFZCx5yudk5<$h^zEnjJn@ zcTj{%Pa++VcMf&#y=i9^7TZVw<$ zT3h@SD5mub3A$;X5Q{0SasBFC8z`p`qB>zS)ya7jx`}|mnq?at-3IINx+$#I4m(>I zcr-#va<)=sy}tnNmALZAk=cnWhiqb}Mzh@gX;W4+R;FKY1DDzV7<^@=i<(G{lD~U$ zgsUWM6>_t+-~4^;;QeoZXrN+nxGL@^_8j?09McoYtM2;6mM(RD%IXb#xvpQP?Vd`w z?ED?Q0Z(YG;3LB*KGeeJ&(qbr?*=#Y@csQ8(PmAzc|3#tB>U@}($^l=v~pAfihOd5 z)_=*|oPvnIeO4>fGNHXKH-EJ-y2^KX;`3(DgEdB5zAT>!c%oJ)1a=4$eXUk&4kZ)A zz{;Ap{rAW6zU4XZfxk=MWOV5O;J2Yk5Ev}s* znd$2TyTV)8k8g^ENIFpk;TjwNrJD2pYHEw}xD^BhAE5N2^xjL5rc@~s1Qi5AF;r;+ z0-*(IBGOb!=sZB0NS78$kdjEvgU~?&1VZmN7UB*RxQAMJl=&`S~~Rf ztWg7w%7}E5x7y;P^JSaK)p&POen=$#!E$ra;+*z;KuAX=BYN4o-fOR0m7U8@p1reI z@s;FWzw^i2i|om=@T;SvlYD1A#`U~QvLfHX0QLtH*Oo<_z$;%#`a{bHRO95x*4;56_m67wFPDBO~aaAVx+-Gjh={k>@9dWWib7r1uhxS!VzQ zDMa{fDmTuaN5-tDrqDnLG(~`4xg}0upl@hUlYVsGmAc60I^NdlYuWwhzq0#3H;n@& zVIB`Y`JVu+m?iRC1m$F%XiR(i?UU0}s>HW^QbOPBn#jTZPOEoEdyyKD@--HVm;7|- z1Gd_RyOFmuryo;S;IB4y+{QhKM51l&_dprX}Oy^I%bEXb_(%qbw-% z)FHt}ePM`Fu(o?E5FJG_oEGho-MczQA~H@ZNPx!}eJ7=NA6Z)`K}S3Cn$0<;Bf6_q zCz@^PS$lfiSoT$Dw%xX;HuA~8-C9xM7)q|-m0&Z4p^2wl3n(!+E1~V8jo3j=|;}U%prNp zt(01vJF=^A2&c}yYmYNId}8xLp(!>a%7PRM0EF;le}2erJlGi?H9Rw1M7&rKCVJCa z3}RlMydz?;xg+tl^i+5{(FrW%tDWFEOjkoFnfDfOl9(K0sj`Zx^|sq>?|jjXXtFML^+Sq=B2yeqw`;<0co$o zV0E~Ty$>cnN=km7?a&!{3^_=Om=M1elMcuoS2jcP5(F2He%9dtQ<1157W-laxFy!oaM*B?)dgN!`183a7g|59M65M*9YRWiq2|~P0o3FvcT3# z=~#QXe>KZZHVwLbS)ZN*HF>Zlbo4d$wu)Tj+q7fW({F@jn2}Oqf1b_${g&Dl-yF6R zAlKS(YQp8B_mGa)U`h;JcmG6$UH#$qeXYfNYDzn@7%(pc>OPC*uT8yPsJ%UY7`%3Y zY)>U$0JF!B20olCC#?J!)wzuE|W^@39$Qf9ohCY{{C zVDfTqkpQIhTE^`^FgnZ<|)U1)F(Lmlf0InN2_7v8dx)o4s@5JnW{923wsOY3Y8=f3lK&z=}xIJd{;U;H7F&`lRe$pg}&$ zD8e=?d)+ie>t*P`s^-O%GtcCd*aPky`5lFN^Qk9i+pX?Mab<+CEEgWNmO#B;^ZKgF zzVYRSKe;wPRDC@tlzp{ZKy9b|5hq#(YR^|}jH__=MrY-D_c2urNW3sJVIbEPpg!%v zv?~->y>{j{)C*~#4XNgFNy=mVE@*Kcj;mg#-J{hcg(+{@PO7Pnele1$*@ z>Pqe2`vE|FXV#%_Tfkj`5fvFil@|+`Lzp`~I#W*mhs~s|5g<-F0gUg9lB&1`bZz8BNAZE9nlrDQ$gd9!-T;&Xh*Bp@T;x`(Fh+ewg$@ z+QnfU=_-f~s|?<`>D8j+VOJ<}sTT5l`d$1+dev3==0OuUt?OtR7dz*wxBe;5$ zn`x$|{4-n#3i9(IMHvId97wA`+p$MKxUI3e=AM-Krk zqXSaFo(&w=b4YT)H2Frl?00GS^pYcLCB`VI~UkwnZ2~ zEnQ{`BRmryKb<~a&;0X;qJXmafS5BQxE>g^elo7NjrJq&Sc$aIt~&cT=^`7fS_MBi zPFfOikng(shOpK}RZ;jHV7OOvCQpb`lr6tY>g)fJoo(iqBe!0xVxOO>s3@J-FEu^5 zcoy#Hrns%j2DYHkO;<}A%NRNF9?U@xm}XmM%vDu5ZY*>jB96!BC&-n-_~a6T(&pK? za}$iSnVj~4Oo$WVW#u-aCmW|V=lxglEvh1g>nNF;P?hWjv-dMNyU!Psoi)bW#7pNc z&H=U7bxwkYB#Z!=rb{yTD6u6AjA%Wb^-CyMk42?8D16^ht%W@j({W~M)QvPj(foO7 zKyz)c1BtB~x`x=-J&NcqmPbR?Ql(4VGlG@A!_J3rc;5>V zwcX9v-X_V3CJ}zrJatE1mNsQ=dQRCipQkN>?fsi(zpE6db$@_2lZkdiwn1LOMb)5`}$X@X(XSIC~}U za*P#`qI*}w^o>MWYAyn_vtFhxE6j}huPJDmH$Tl@%fDV5)vpRA%sy9)%%~OqWdFFp zZ!=ue_J+tv$s0lsE=#3h2bhv-%M_aV`uf__M6H(Kir6-o;F)HQesO%ny zMA@wR91euTV1g5y6S0X=2Td!bZW& zHOcuVg+6`g_N}1p3_Iv&$*_YV z)Mx?a&ThUpq;*ucgQC7irXHs^TDRLWt)3)DJ(@FeR3 z$B&RM=m)r9{8S_u`!xq!6KeOfs8KT~$~s!3vxEjowy%1B8nw~9pW{{-aNOd;%u zMtC0S4O5feI%eaO%Nw2j9LSOn^paolH3jV@kO5gP=8{ihn^ONSp@p;)!zuwZx26-H zKi=oF=92nI7(3~W5u;4lkfYlqzPajpV_}Cb&$5`I3m6zt*Yk`e%l?E3y?Emn{b(6y zO65>GNuHv(GpsX5Z*5T9Fyp7H{B-wU?Jo))kGE#3T?H8NoBix3_@bHsyj*I^rV+sw zs6WGGFuq1*81&Qimm}bt{qFJS(*6mK2j~gQs!L2Z>iUJ;i|u-pbj_Sewb8V$g!di| zbD(mnZ@wWtgS~I^rnFK8P1(LMFFX;Hm^dNkHgRz~5MeUb)_2w2;tJh8Z*g}>g7 zL!3-Oa9_F;%$=)23X?{_;1HFInmWT)c+bIU^Ef>xrv*p4Ne&2cG;eZKey4wsuekB< zYk#RBak||nGy1{#`8$N2KP@0Ev+LNUK5*Vw7xPPvuMo_IS~!+`RWqreZ_t{H{j7fd zq_l@h%)b^=M#KOtnFGi@2LqZ>l*+MH-t_vIz{{QX`(zbEJ^FXB<;I<>1#Z|Q!ydbF6_%P1{HD}M2y-FreR^5Q9S1d*Xq}r2^J{KX!!Ib6Osr1mK15W7>cij}g8=zko!MTc3x;WRe5NWJBeui9_%Z z&NkMeuzVSb!eVtw4Y7Jib z9x|a~U|R81G=~EVv;5NZMWTjoPP1=C`GIw+KCI*3nC~=+PF464(Rf*AU z?T0HV)OHi>nrTubY4~9Iy(Q|UQmn+AF$Z;j_keC%PKB%(M(YI_sCngdE+Q)R)ufvO zlXx1?#Dw88H|yiMN9XWDQ6N?t2||&)RRJH9Qi0r@iPczuUl|h=fS)Jqq6ihu4MCNKBdbQ;e_J?b s-lhI?$p7|#3zhuegE#*_N3<6j?%O}Bh4h&w+c00y(>Bto(69~v4+dPJp#T5? literal 0 HcmV?d00001 From 62a10a9dce688ba78350c39b0c0959c96e187792 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Mon, 11 Dec 2023 18:49:01 -0800 Subject: [PATCH 05/77] Remove Prerequisites header --- .../azure-marketplace-payg-integration/rancher-prime-azure.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md index fbf650e4c31..7051a1d4874 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md @@ -2,8 +2,6 @@ title: Prerequisites --- -## Prerequisites - Before using Rancher Prime on Azure as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: - A Rancher-compatible AKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the AKS and Azure Container Apps service are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). From ffb42a312d5d60e6a7e163730a40b1013c816eb6 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 12 Dec 2023 12:07:43 -0800 Subject: [PATCH 06/77] Update intro + Cross-link to the AWS and Azure marketplace --- .../aws-marketplace-payg-integration.md | 7 +++++-- .../azure-marketplace-payg-integration.md | 8 ++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index 15a7022c1df..92702a6340d 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -8,13 +8,16 @@ title: AWS Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. +Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, with the benefit of a new pay monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes +distribution in AWS, on-prem, or at the edge. To learn more, see our [AWS Marketplace offering](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c?sr=0-2&ref_=beagle&applicationId=AWSMPContessa). ## Limitations ## How to Use 1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md). -2. [Install the Rancher Prime PAYG offering in the Azure Marketplace](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md). +2. [Install the Rancher Prime PAYG offering on the AWS Marketplace](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md). ## FAQ + +For a list of frequently asked questions, refer to this [document](https://suse.imagerelay.com/share/02f3aa9b4faa4aefb829b6d4d3f25980). diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 790a964aa2d..e187d44b469 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -2,15 +2,19 @@ title: Azure Marketplace Pay-as-you-go (PAYG) Integration --- + + + + ## Overview -Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) offering. +Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to Azure customers, with the benefit of a new pay monthly pricing model available through the Azure Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in Azure, on-prem, or at the edge. To learn more, see our [Azure Marketplace offering](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/suse.rancher-prime-llc?tab=Overview). ## Limitations ## How to Use 1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md). -2. [Install the Rancher Prime PAYG offering in the Azure Marketplace](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md). +2. [Install the Rancher Prime PAYG offering on the Azure Marketplace](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md). ## FAQ From 8ebd94f9e88d79854de5c322df712f63837724f1 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 12 Dec 2023 12:13:22 -0800 Subject: [PATCH 07/77] Uninstalling PAYG offering --- .../installing-rancher-prime.md | 4 ++++ .../installing-rancher-prime.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 55b9d756f5c..cf048972d26 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -140,3 +140,7 @@ You may now login to Rancher dashboard by pointing your browser to the Rancher s The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](rancher-prime-aws.md#prerequisites) section for more details. ::: + +## Uninstalling Rancher Prime PAYG Offering + +To uninstall the Rancher Prime PAYG offering, migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index e6d7a9d3e41..2323638e41f 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -79,3 +79,7 @@ The Rancher hostname must be resolvable by public DNS. Please refer to the [Prer ## Rancher Prime PAYG Billing View billing information in the Azure Portal by going to **Home** > **Subscriptions** > **Cost Management - Cost analysis**. + +## Uninstalling Rancher Prime PAYG Offering + +To uninstall the Rancher Prime PAYG offering, migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. From 17dddf1f041a4e6f7641cd6bad7398eb05d52c23 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 12 Dec 2023 12:19:18 -0800 Subject: [PATCH 08/77] Add note about constraints on getting updates to the offer --- .../upgrading-rancher-payg-cluster.md | 10 ++++++++-- .../upgrading-rancher-payg-cluster.md | 10 +++++++--- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index d7e672223a8..567a6e41f29 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -2,9 +2,9 @@ title: Upgrading Rancher Prime PAYG Cluster in AWS --- -The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are updated periodically as new version of the billing adapter or Rancher Prime are released. +The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are updated periodically as new version of the billing adapter or Rancher Prime are released. In this situation, the helm chart will be updated with new tags and digests, and a new version of the helm chart will be uploaded. -In this situation, the helm chart will be updated with new tags and digests, and a new version of the helm chart will be uploaded. To upgrade the deployed helm chart with the latest version, run the following helm command: +To upgrade the deployed helm chart with the latest version, run the following helm command: ```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ @@ -23,3 +23,9 @@ To check if the upgraded Helm chart deployed successfully: ```shell helm ls -n cattle-rancher-csp-deployer-system ``` + +:::note + +PAYG customers will have constraints on getting updates to the offer based on the latest version SUSE has published to AWS, which may trail slightly behind the latest Rancher release. + +::: diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index 6150bc87ca7..c7f293c0d32 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -4,10 +4,14 @@ title: Upgrading Rancher Prime PAYG Cluster in Azure The Azure Marketplace PAYG offering is periodically updated as a new version of Rancher Prime is released and for optimizations in the integration with Azure. -To update to the latest version of the Rancher Prime PAYG offering supported in the marketplace listing, use the `az k8s-extension update` command. - -Run the following command in Cluster Cloud Shell: +To update to the latest version of the Rancher Prime PAYG offering supported in the marketplace listing, run the following command in Cluster Cloud Shell: ```shell az k8s-extension update --name --cluster-name --resource-group --cluster-type managedClusters --version ``` + +:::note + +PAYG customers will have constraints on getting updates to the offer based on the latest version SUSE has published to Azure, which may trail slightly behind the latest Rancher release. + +::: From 44b09fba788544b086d81ba9c3ef377bc49bb22b Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 12 Dec 2023 13:09:40 -0800 Subject: [PATCH 09/77] Small grammary / style changes --- .../installing-rancher-prime.md | 2 +- .../installing-rancher-prime.md | 2 +- .../upgrading-rancher-payg-cluster.md | 2 +- docs/pages-for-subheaders/aws-marketplace-payg-integration.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index cf048972d26..de1ca026f6c 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -133,7 +133,7 @@ After the helm chart installation is completed, Rancher Prime is successfully in ## Log into the Rancher Dashboard -You may now login to Rancher dashboard by pointing your browser to the Rancher server URL **https://**, where **Rancher hostname** is the [hostname](#rancher-configuration) you have chosen. +You may now login to Rancher dashboard by pointing your browser to the Rancher server URL *https://*, where *Rancher hostname* is the [hostname](#installing-rancher) you have chosen when installing Rancher. :::note diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 2323638e41f..958d3f93274 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -68,7 +68,7 @@ On the **Extensions + applications** page, the **Provisioning State** may show * ## Log into the Rancher Dashboard -You may now login to Rancher dashboard by pointing your browser to the Rancher server URL **https://**, where **Rancher hostname** is the [hostname](#rancher-configuration) you have chosen. +You may now login to Rancher dashboard by pointing your browser to the Rancher server URL *https://*, where *Rancher hostname* is the [hostname](#rancher-configuration) you have chosen when configuring Rancher. :::note diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index c7f293c0d32..d71f1ff83f4 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -4,7 +4,7 @@ title: Upgrading Rancher Prime PAYG Cluster in Azure The Azure Marketplace PAYG offering is periodically updated as a new version of Rancher Prime is released and for optimizations in the integration with Azure. -To update to the latest version of the Rancher Prime PAYG offering supported in the marketplace listing, run the following command in Cluster Cloud Shell: +To update to the latest version of the Rancher Prime PAYG offering supported in the marketplace listing, run the following command in the cluster Cloud Shell: ```shell az k8s-extension update --name --cluster-name --resource-group --cluster-type managedClusters --version diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index 92702a6340d..f39fcd9d273 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -20,4 +20,4 @@ distribution in AWS, on-prem, or at the edge. To learn more, see our [AWS Market ## FAQ -For a list of frequently asked questions, refer to this [document](https://suse.imagerelay.com/share/02f3aa9b4faa4aefb829b6d4d3f25980). +For a list of frequently asked questions, refer to this [Rancher Prime by SUSE on AWS Marketplace FAQ – November 2023](https://suse.imagerelay.com/share/02f3aa9b4faa4aefb829b6d4d3f25980). From 25795c11d6296650f97f6525affca529e533bf95 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 12 Dec 2023 13:25:06 -0800 Subject: [PATCH 10/77] Added changes per docs team feedback --- .../installing-rancher-prime.md | 10 +++++----- .../rancher-prime-aws.md | 2 +- .../installing-rancher-prime.md | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index de1ca026f6c..37354ddff97 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -65,12 +65,12 @@ eksctl create iamserviceaccount \ ::: - The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](rancher-prime-aws.md#prerequisites) section for more details. For example, if the DNS name is rancher.my.org, HOST_NAME=rancher.my.org. + The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](./rancher-prime-aws.md#prerequisites) section for more details. For example, if the DNS name is rancher.my.org, HOST_NAME=rancher.my.org. ```shell helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ - oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud \ - --version {{chart_version}} \ + oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/$REPOSITORY/rancher-cloud-helm/rancher-cloud \ + --version $CHART_VERSION \ --set rancherHostname=$HOST_NAME \ --set rancherServerURL=https://$HOST_NAME \ --set rancherReplicas=$REPLICAS \ @@ -87,13 +87,13 @@ eksctl create iamserviceaccount \ ::: ```shell - kubectl logs -f -n cattle-rancher-csp-deployer-system + kubectl logs -f $POD -n cattle-rancher-csp-deployer-system ``` 1. After a successful deployment, running the following command should produce a similar output. ```shell - kubectl get deployments --all-namespaces=true + kubectl get deployments --all-namespaces ``` ```shell diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md index 54c19783ea8..94148df8ef8 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md @@ -5,7 +5,7 @@ title: Prerequisites Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: - A Rancher-compatible EKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please refer to [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress installed on the EKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on how to deploy Ingress-INGINX on EKS cluster. +- An ingress installed on the EKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on how to deploy Ingress-INGINX on an EKS cluster. - Get the Load Balancer IP. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#6-get-load-balancer-ip) and Save the EXTERNAL-IP. - The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) for instructions on how to setup DNS. This DNS is setup to point at the EXTERNAL-IP saved. - Installation requires you have the following tools available and properly configured to access your AWS account, and your EKS cluster: diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 958d3f93274..9d1f3723fa7 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -72,7 +72,7 @@ You may now login to Rancher dashboard by pointing your browser to the Rancher s :::note -The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](rancher-prime-azure.md#prerequisites) section for more details. +The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](./rancher-prime-azure.md#prerequisites) section for more details. ::: From cc6ec6ae31be3ee30405016b335a67b8124a7ddd Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Fri, 15 Dec 2023 11:49:42 -0800 Subject: [PATCH 11/77] Add FAQs to AWS / Azure sections (Draft) --- .../aws-marketplace-payg-integration.md | 255 +++++++++++++++++- .../azure-marketplace-payg-integration.md | 183 +++++++++++++ 2 files changed, 437 insertions(+), 1 deletion(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index f39fcd9d273..908d1cea979 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -20,4 +20,257 @@ distribution in AWS, on-prem, or at the edge. To learn more, see our [AWS Market ## FAQ -For a list of frequently asked questions, refer to this [Rancher Prime by SUSE on AWS Marketplace FAQ – November 2023](https://suse.imagerelay.com/share/02f3aa9b4faa4aefb829b6d4d3f25980). +The following is a list of frequently asked questions. + +### Marketplace Listing + +**What is the Rancher Prime listing on the AWS Marketplace?** + +By selecting the Rancher Prime listing from the AWS Marketplace, customers can deploy Rancher to their Kubernetes environment with the advantage of having monthly billing via AWS. + +**Where do I find the Rancher Prime listings?** + +The listings can be found in the AWS Marketplace, there are two listings: +- Rancher Prime (No EU, EEA, or UK Orders) +- Rancher Prime (EU, EEA, or UK Orders) + +**Why are there 2 listings, which one should I use?** + +We have 2 listings for Rancher Prime, "EU, EEA, or UK Orders" and "no EU, EEA, or UK Orders", you should pick the listing that reflects where your AWS account gets billed. + +**Are these listings available in all countries?** + +The Rancher listing on AWS is not available to purchase in all countries. + +Your billing country is based on the AWS Account ID used to do the deployment. + +Please read the addendum at the end of this FAQ for a list of countries that can and cannot transact Rancher Prime via the AWS Marketplace. + +**My AWS account is in the USA, but I want to deploy Rancher in another AWS region, a region that is in a country where I currently cannot transact Rancher Prime, is this possible?** + +Yes. As long as your AWS account is billed to one of the allowed countries, it is possible to deploy Rancher in any AWS regions. + +**Is this listing available in China?** + +Whilst it is not possible to transact/bill Rancher Prime in China, it is possible to deploy into AWS regions in China. + +Please read the addendum at the end of this FAQ for a list of countries that can and cannot transact Rancher Prime via the AWS Marketplace. + +**Can I still deploy Rancher using the ‘Rancher Setup’ listing from the AWS Marketplace?** + +‘Rancher Setup’ is no longer available via AWS Marketplace. Customers should deploy an EKS Cluster to host Rancher. Please refer to the best practice documentation. + +Follow the steps in the following guide except for the Rancher installation. The Rancher product install should be carried out as per the directions on the Marketplace listing. +https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks + +### Billing + +**I have an existing Rancher Prime subscription; can I use this on AWS?** + +BYOS (Bring Your Own Subscription) Rancher deployments are supported on AWS, however, billing will not be via the AWS Marketplace. Once the existing subscription term ends, you can purchase Rancher Prime via the AWS Marketplace and reconfigure your cluster to support monthly billing via AWS. + +**I have an existing Rancher Subscription purchased via the ’Rancher Premium Support’ listing on AWS; is this transferable to the new model?** + +No. A new deployment of Rancher Prime is required to benefit from the new monthly billing model. + +**I have an existing deployment covered by a Rancher subscription; can I use this new listing in AWS for new deployments?** + +Yes, the listing works independently from your existing subscriptions. Please remember that support processes may be different for deployments using +your existing subscription and those billed via the AWS Marketplace. + +**Tell me more about how the billing for Rancher Prime works via AWS?** + +When purchasing Rancher Prime via the AWS Marketplace, the billing is as follows: + +- Billing is monthly and handled via AWS Marketplace. +- Managed nodes are counted hourly when Rancher is active and added to a usage +total. +- An average node count is calculated for the month. +- There is a monthly usage charge for each node in the average node count. +- The monthly usage charge depends on the number of nodes in use. +- There is a 5-node minimum, if the average node count is less than 5 nodes, the +charge will be for 5 nodes. + +**What are the pricing tiers?** + +Rancher Prime has different pricing tiers when purchasing via the AWS Marketplace. This is based on the number of nodes which Rancher is managing.Details of the tiers are below, please check the listing for further pricing information. + +| Tier | Nodes (from) | Nodes (to) | +| :--: | :----------: | :---------: | +| 1 | 5 | 15 | +| 2 | 16 | 50 | +| 3 | 51 | 100 | +| 4 | 101 | 250 | +| 5 | 251 | 1000 | +| 6 | 1001 | | + +**Is there a way to try Rancher before purchasing?** + +If using the Rancher Prime listing in the AWS Marketplace, billing will commence from the time of deployment. + +Rancher can be deployed manually using the standard documentation and repositories. When ready to benefit from a supported platform and have this billed via the AWS Marketplace, follow the available documentation to deploy Rancher Prime from the AWS Marketplace and migrate. + +https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/install-upgrade-on-a-kubernetes-cluster/upgrades + +**How does SUSE calculate the ‘average number of managed nodes’ to bill for?** + +The average node count is calculated by adding the number of managed nodes (counted hourly) and dividing by the number of hours Rancher has been active in the billing cycle. + +Below are 3 examples of how the average node count is calculated. Check the table below for the details. N.B. in our example month, we are using 730 hours, this may differ depending on the number of days in the month and the billing cycle. + +**Static usage:** + +Using Rancher to manage 10 nodes, for 1 month (730 hours) with no additional nodes added in the month. + +**Bursting Model:** + +Using Rancher to manage 10 nodes for 3 weeks (562 hours) in the month, bursting to 30 nodes for 1 week (168 hours). + +**Transient cluster:** + +A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours) + +| | Hours Active (Hours Rancher is active in the month) | Nodes (Managed Nodes counted at each check-in) | Usage total (Sum of nodes reported at each check-in) | Average Node Count (Usage total / hours active) | | +| ----------------- | :--: | :------------------------: | :----: | :--: | :------------------------------: | +| **Static Usage** | 730 | 10 | 7300 | 10 | 10 @ Tier 1 | +| Bursting Model | 730 | 10 (562 hrs) 30 (168 hrs) | 10600 | 15 | 15 @ Tier 1 (rounded from 14.6) | +| Transient Cluster | 336 | 20 | 6720 | 20 | 20 @ Tier 2 | + +**Are special commercial terms available?** + +Depending on the deployment, it may be possible to secure special commercial terms (e.g., an annual subscription). This will be handled via an AWS Private offer, please contact SUSE for more information. + +**Can my spend on Rancher Prime count towards my AWS Enterprise Discount Program?** + +Yes, it can. Please contact your AWS Sales Team for more details. + +**How do I purchase Rancher for additional nodes?** + +Once Rancher has been deployed from the listing on AWS and billing is active, there is no need to make a specific purchase for additional nodes. Billing is dynamic and based on the number of nodes Rancher is managing. Just deploy or on-board additional clusters to Rancher as needed. + +**Is this an annual commitment, will it auto-renew?** + +By default, the Rancher Prime listing in AWS is billed on a monthly cycle, based on usage. Billing is on-going for as long as Rancher is deployed. + +It is possible to set up an annual commitment via an AWS Private Offer, these will need to be reviewed and renewed at the end of the term, or the deployment will drop back to the default monthly billing cycle. + +### Technical (Billing) + +**Do I need a Kubernetes cluster running in AWS to install Rancher and be billed via the AWS Marketplace?** + +Yes. To benefit from monthly billing via the Marketplace, the primary Rancher cluster must be an EKS Cluster running in your AWS Account. + +**On which Kubernetes distributions can the AWS Marketplace listing be deployed?** + +The AWS Marketplace listing for Rancher Prime with Marketplace billing must be deployed on Amazon EKS. Downstream clusters / managed worker nodes can be running on any CNCF compliant Kubernetes platform, EKS, EKS-A, Rancher Kubernetes Engine, etc. + +**What is the deployment mechanism?** + +The AWS Marketplace listing for Rancher Prime is deployed using Helm. + +**What is the easiest way to get started?** + +One of the easiest ways to get started is to deploy the AWS Marketplace listing for Rancher Prime to an existing EKS cluster. Follow the instructions in the usage section, a Helm chart takes care of the installation and the setup for billing. + +**What is the minimum version of Rancher required to support AWS Marketplace billing?** + +The minimum version supporting marketplace billing is Rancher 2.7.8. + +**What version of Rancher is installed when using the Marketplace listing?** + +The AWS Marketplace listing for Rancher Prime is tied to a specific version of Rancher, typically the latest version available at the time of the listing update. Please check the listing for further information. + +**I need a prior version of Rancher, can I still use the listing?** + +No. There is no choice over the Rancher version when deploying using the AWS Marketplace listing. If a prior version of Rancher is required, this must be installed manually using the standard documentation. Billing via AWS Marketplace may not be supported with previous versions. + +**How often is the listing updated (including the version of Rancher, etc.)?** + +Cloud marketplace listings are tied to a specific version of Rancher, usually the latest +version available at the time of listing. + +Typically, these are updated quarterly, or more frequently if there are security issues. + +To update Rancher to a current version before the marketplace listing is updated, please +see the product documentation. + +https://ranchermanager.docs.rancher.com/pages-for-subheaders/installation-andupgrade + +**I have many Kubernetes clusters across multiple AWS accounts, does the Rancher Prime billing still work and enable tiered pricing?** + +Yes. Downstream clusters managed by Rancher can be deployed across single or multiple AWS accounts, on-premises, or even in other public clouds. Downstream nodes will report up to the primary Rancher deployment. Tiered pricing is enabled and billing will be routed to the AWS account in which the primary cluster is running. + +**I have multiple independent clusters, each running a separate installation of the AWS Marketplace listing for Rancher Prime, how is this billed?** + +As the Rancher Prime deployments are independent, each deployment is billed separately from the others. It is not possible to benefit from tiered pricing. + +**If managing multiple independent Rancher clusters, consider custom terms from SUSE. How can I benefit from tiered pricing across all Rancher deployments?** + +The primary Rancher cluster must be running on EKS in the AWS Cloud and running the AWS Marketplace listing for Rancher. To benefit from tiered pricing, managed clusters (downstream clusters) should be connected to the primary Rancher cluster. + +**I have purchased multiple SUSE products from the AWS Marketplace (e.g., SUSE Manager, NeuVector Prime and now Rancher Prime), does the AWS Marketplace billing method still work?** + +Yes. The billing mechanism of each deployment is independent, each product will be billed separately via the AWS Marketplace. + +**I already have an existing EKS cluster in place and want to add Rancher and have this billed via Marketplace. Is this possible?** + +Yes, simply deploy the AWS Marketplace listing for Rancher Prime. + +**I already have an existing cluster, with Rancher deployed, can I just install the marketplace version and have support billed via the AWS Marketplace?** + +In order to benefit from monthly billing via the AWS Marketplace, the primary Rancher cluster needs to be deployed from the listing. It is then possible to migrate the existing Rancher configuration to the new deployment. + +Please follow the documentation and be sure to back up the existing Rancher configuration. + +Documentation can be found at the following link: https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/install-upgrade-on-a-kubernetes-cluster/upgrades + +### Technical (Product) + +**How do I get support?** + +It is very simple to open a support case with SUSE for Rancher Prime. Create a ‘supportconfig’ via the Rancher UI and upload the output to the SUSE Customer Center. The support config bundle can be exported from the Rancher console using the ‘Get Support’ button at the bottom of the page. For deployments when Rancher is managing multiple downstream clusters, export the support config bundle from the primary cluster only. + +https://scc.suse.com/cloudsupport + +If the billing mechanism on the primary cluster is active, a support case will be opened. Further details can be found in the Rancher documentation: https://ranchermanager.docs.rancher.com/integrations-in-rancher/cloudmarketplace/supportconfig + +**What are the resource requirements for installing Rancher on EKS?** + +Please check the official documentation for best practices deployments. + +**Is there any difference between Rancher Prime from the AWS Marketplace and the versions I can run in my own data center?** + +Rancher Prime available in the AWS Marketplace is the same product, with the same functionality that you would run on-premises or with a manual installation. The only difference between deploying manually and deploying via the AWS Marketplace listing is the billing route. + +**Does the primary cluster (responsible for billing) need to run 24/7?** + +To ensure continuity with support, it is recommended that the primary Rancher cluster always remains active. + +**What if the primary cluster responsible for billing is unable to connect to the AWS Billing framework?** + +There may be multiple reasons why the primary cluster is unable to connect to the AWS framework, but it is the customer’s responsibility to ensure that the primary cluster is active and connected. Whilst the cluster is not connected to the billing framework, it is not possible to raise a support request. + +**My primary cluster has been offline, what will happen with billing when reconnected?** + +If the primary cluster is offline or disconnected from the AWS billing framework for a period of time, when it reconnects, the stored usage data will be uploaded to AWS and will appear on your next AWS bill. + +Depending on when in the month the primary cluster gets reconnected you may have several months of usage on your next billing cycle. + +**Can the managed worker nodes reside on premises, at the edge or even on another cloud provider?** + +Yes, nodes can run anywhere. SUSE Rancher will count the total number of nodes managed regardless of where they are deployed. + +**How do I get fixes and updates for Rancher?** + +To update the Rancher product to a current version before the marketplace listing is updated, please see the documentation. + +https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/install-upgrade-on-a-kubernetes-cluster/upgrades + +### Miscellaneous + +**Where can I find out more about Rancher?** + +More information can be found at the following sites: + +https://ranchermanager.docs.rancher.com/ +https://www.rancher.com/products/rancher \ No newline at end of file diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index e187d44b469..490fa4c2479 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -18,3 +18,186 @@ Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) of 2. [Install the Rancher Prime PAYG offering on the Azure Marketplace](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md). ## FAQ + +### Marketplace Listing + +**What is the Rancher Prime listing on the Azure Marketplace?** + +By selecting the Rancher Prime listing in the Azure Marketplace, customers can deploy Rancher to their Microsoft Azure Kubernetes Service (AKS) cluster environment to manage any downstream CNCF-certified Kubernetes distribution with the advantage of having monthly billing for Rancher Prime via Microsoft Azure. + +**Where do I find the Rancher Prime listings?** + +There are two listings in the Azure Marketplace. They are: + +- Rancher Prime with 24x7 Support +- Rancher Prime with 24x7 Support (EMEA Orders Only) + +**Why are there 2 listings, which one should I use?** + +There are two listings for Rancher Prime to accommodate Microsoft Azure billing regions. You should pick the listing that reflects where your Azure account gets billed. + +**Are these listings available in all countries?** + +No, due to billing limitations and other restrictions, the Rancher Prime Azure Marketplace listing may not be purchasable in all countries. The Azure account you use for deployment determines your billing country. Contact your Azure Sales Team for more details. + +**My Azure account is in the USA, but I want to deploy Rancher in another Azure region, a region that is in a country where I currently cannot transact Rancher Prime, is this possible?** + +Yes, as long as your Azure account is billed to one of the allowed countries, it is possible to deploy Rancher Prime in any Azure region. + +**Is this listing available in China?** + +While it is not possible to transact/bill Rancher Prime in China, it is possible to deploy into Azure regions in China. + +### Billing + +**I have an existing Rancher Prime subscription; can I use this on Azure?** + +Self-installed BYOS (Bring Your Own Subscription) Rancher Prime deployments are supported on Azure; however, billing will not be via the Azure Marketplace. Once the existing subscription term ends, you can purchase Rancher Prime via the Azure Marketplace and reconfigure your cluster to support monthly billing via Azure. + +**I have an existing deployment covered by a Rancher subscription; can I use this new listing in the Azure Marketplace for new deployments?** + +Yes, the listing works independently from your existing Rancher Prime subscriptions. Only deployments through the marketplace listing will be billed through Azure. Support is always direct from SUSE. + +**Tell me more about how the billing for Rancher Prime works via Azure?** + +When purchasing Rancher Prime via the Azure Marketplace, the billing is as follows: + +- Billing is monthly and handled via Azure. +- Managed nodes are counted hourly when Rancher is active and added to a usage total. +- An average node count is calculated for the month. +- There is a monthly usage charge for each node in the average node count. +- The monthly usage charge depends on the number of nodes in use. +- There is a 5-node minimum, if the average node count is less than 5 nodes, the charge will be for 5 nodes. + +**What are the pricing tiers?** + +Rancher Prime has different pricing tiers when purchasing via the Azure Marketplace. This is based on the number of nodes which Rancher is managing.Details of the tiers are shown below, please check the listing for further pricing information. + +**Is there a way to try Rancher before purchasing?** + +If using the Rancher Prime listing in the Azure Marketplace, billing will commence from the time of deployment. You can try Rancher by deploying it per standard documentation. When ready to benefit from a supported platform and have this billed through Azure, deploy Rancher Prime via the Azure Marketplace and migrate your configuration. + +**How does SUSE calculate the ‘average number of managed nodes’ to bill for?** + +The average node count is calculated by adding the number of managed nodes (counted hourly) and dividing by the number of hours Rancher has been active in the billing cycle. Three examples are shown in the table below. + +:::note +In our example month, we are using 730 hours; this may differ depending on the number of days in the month and the billing cycle. +::: + +**Static Usage:** +Using Rancher to manage 10 nodes, for 1 month (730 hours) with no additional nodes added in the month. +**Bursting Model:** +Using Rancher to manage 10 nodes for 3 weeks (562 hours) in the month and bursting to 30 nodes for 1 week (168 hours). +**Transient Cluster:** +A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours). + +**Are special commercial terms available?** + +Depending on the deployment, it may be possible to secure special commercial terms, such as an annual subscription. This will be handled via an Azure private offer, contact SUSE for more information. + +**Can my spend on Rancher Prime count towards my MACC Program?** + +Yes, it can. Contact your Azure Sales Team for more details. + +**How do I purchase Rancher for additional nodes?** + +Once Rancher Prime has been deployed from the Azure Marketplace and billing is active, there is no need to make a specific purchase for additional nodes. Billing is dynamic and based on the number of nodes Rancher is managing. Just deploy or on-board additional clusters to Rancher as needed. + +**Is this an annual commitment, will it auto-renew?** + +By default, the Rancher Prime listing is billed on a monthly cycle, based on usage. Billing is on-going for as long as Rancher Prime is deployed. + +It is possible to set up an annual commitment via an Azure Private Offer, these will need to be reviewed and renewed at the end of the term, or the deployment will drop back to the default monthly billing cycle. + +### Technical + +**Do I need a Kubernetes cluster running in Azure to install Rancher and be billed via the Azure Marketplace?** + +Yes. To benefit from monthly billing via Azure, the primary Rancher cluster must be an Azure Kubernetes Service (AKS) cluster running in your Azure account. + +**On which Kubernetes distributions can the Rancher Prime Azure Marketplace listing be deployed?** + +The Rancher Prime marketplace listing must be deployed on Azure Kubernetes Service (AKS). Downstream/managed clusters can run any supported Kubernetes platform: RKE, RKE2, EKS, GKE, vanilla Kubernetes, OpenShift, Mirantis Kubernetes Engine, etc. See Supported Platforms for more details. + +**What is the deployment mechanism?** + +The Rancher Prime marketplace listing is deployed using Azure’s CNAB (with Helm inside). + +**What is the easiest way to get started?** + +One of the easiest ways to get started is to deploy the Rancher Prime marketplace listing to an existing AKS cluster. Follow the instructions in the usage section of the listing. A Helm chart takes care of installation and billing setup. + +**What is the minimum version of Rancher required to support Azure Marketplace billing?** + +The minimum version supporting marketplace billing is Rancher 2.7.8. + +**What version of Rancher is installed when using the marketplace listing?** + +The Rancher Prime marketplace listing is tied to a specific version of Rancher, typically the latest version available at the time of the listing update. Check the listing for further information. + +**I need a prior version of Rancher; can I still use the listing?** + +No. There is no choice over the Rancher version when deploying using the Azure Marketplace listing. If a prior version of Rancher is required, this must be installed manually using the standard documentation. NOTE: Billing through the Azure Marketplace may not be supported with earlier versions. + +**How often is the listing updated (including the version of Rancher, etc.)?** + +The marketplace listing is tied to a specific version of Rancher, usually it is the latest version available at the time the listing was last updated. Typically, the marketplace listing is updated quarterly, or more frequently to address any new security issues. To update Rancher to a current version before the marketplace listing is updated, please see the product documentation. + +**I have many Kubernetes clusters across multiple Azure accounts; does the Rancher Prime billing still work and enable tiered pricing?** + +Yes. Downstream/managed clusters can be deployed across single or multiple Azure accounts, on-premises, and in other public clouds. Downstream/managed nodes report up to Rancher Prime, enabling tiered pricing with billing routed to the Azure account in which the managing Rancher Prime cluster is running. + +**I have multiple independent clusters, each running a separate installation of the Rancher Prime Azure Marketplace listing; how is this billed?** + +As the Rancher Prime deployments are independent, each deployment is billed separately from the others. It is not possible to benefit from tiered pricing. If managing multiple independent Rancher Prime clusters, consider custom terms from SUSE. + +**How can I benefit from tiered pricing across all Rancher deployments?** + +The primary Rancher Prime cluster must be running on AKS in Microsoft Azure, deployed through the marketplace listing. To benefit from tiered pricing, downstream/managed clusters should be imported into the primary Rancher Prime cluster. + +**I have purchased multiple SUSE products from the Azure Marketplace (e.g., SUSE Manager, NeuVector Prime, Rancher Prime); does the Azure Marketplace billing method still work?** + +Yes. The billing mechanisms for the deployments are independent and are billed separately via the Azure Marketplace. + +**I already have an existing AKS cluster in place and want to add Rancher Prime to it and be billed through the Azure Marketplace; is this possible?** + +Yes, simply deploy the Rancher Prime to the cluster with the Azure Marketplace listing. + +**I already deployed Rancher to an existing AKS cluster; can I just install the marketplace version to enable Azure Marketplace billing?** + +No. You need to deploy Rancher Prime with the Azure Marketplace listing and migrate the existing Rancher configuration to this new deployment. Be sure that you back up your existing Rancher configuration. + +**How do I get support?** + +It is very simple to open a support case with SUSE for Rancher Prime. Create a ‘supportconfig’ via the Rancher UI (click Get Support under the hamburger menu and follow instructions), then upload the ‘supportconfig’ output to the SUSE Customer Center. If the billing mechanism is active, a support case will be opened. See Supportconfig bundle in the Rancher documentation for more details. + +:::note + +For deployments where Rancher Prime is managing multiple downstream clusters, be sure to export the ‘supportconfig’ bundle from the primary cluster only. + +::: + +**What are the resource requirements for installing Rancher on AKS?** + +Check the official documentation for best practices. Is there any difference between Rancher Prime from the Azure + +**Marketplace and the versions I can run in my own data center?** + +Rancher Prime available in the Azure Marketplace is the same product, with the same functionality that you would install manually in the cloud or on-premises.The only difference between deploying manually and deploying via the marketplace listing is the billing route. + +**Does the primary cluster (responsible for billing) need to run 24/7?** + +To ensure continuity of support, it is recommended that the primary Rancher Prime cluster always remain active. + +**What if the primary cluster responsible for billing is unable to connect to the Azure billing framework?** + +There may be multiple reasons why the primary cluster is unable to connect to the Azure billing framework, but it is the customer’s responsibility to ensure that the primary cluster is active and connected. While the cluster is not connected to the billing framework, it is not possible to raise a support request. + +**My primary cluster has been offline; what will happen with billing when reconnected?** + +If the Racher Prime cluster is offline or disconnected from the Azure billing framework for a period of time, when it reconnects, the stored usage data will be uploaded to Azure and will appear on your next Azure bill. Depending on the month when the primary cluster gets reconnected you may have several months of usage on your next billing cycle. + +**How do I get fixes and updates for Rancher?** + +To update the Rancher product to a current version before the marketplace listing is updated, see Upgrades in the official documentation. From dc7d68c3b27250d5b4778c26aee0f383bf2103a9 Mon Sep 17 00:00:00 2001 From: Lucas Saintarbor Date: Mon, 18 Dec 2023 13:25:12 -0800 Subject: [PATCH 12/77] Update docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md Co-authored-by: Billy Tat --- .../installing-rancher-prime.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 37354ddff97..6d714b1a7bc 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -133,7 +133,7 @@ After the helm chart installation is completed, Rancher Prime is successfully in ## Log into the Rancher Dashboard -You may now login to Rancher dashboard by pointing your browser to the Rancher server URL *https://*, where *Rancher hostname* is the [hostname](#installing-rancher) you have chosen when installing Rancher. +You may now login to Rancher dashboard by pointing your browser to the Rancher server URL *https://$RANCHER_HOSTNAME*, where *Rancher hostname* is the [hostname](#installing-rancher) you have chosen when installing Rancher. :::note From 193603e20929591862beb1e7d5eb67fde46d2359 Mon Sep 17 00:00:00 2001 From: Lucas Saintarbor Date: Mon, 18 Dec 2023 13:32:26 -0800 Subject: [PATCH 13/77] Apply suggestions from code review Co-authored-by: Billy Tat --- .../installing-rancher-prime.md | 2 +- .../aws-marketplace-payg-integration/rancher-prime-aws.md | 4 ++-- .../aws-marketplace-payg-integration/troubleshooting.md | 6 +++--- .../upgrading-rancher-payg-cluster.md | 2 +- .../installing-rancher-prime.md | 4 ++-- .../rancher-prime-azure.md | 2 +- .../azure-marketplace-payg-integration/troubleshooting.md | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 6d714b1a7bc..76a15a3f87b 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -61,7 +61,7 @@ eksctl create iamserviceaccount \ :::note - Rancher Prime utilizes cert-manager to issue and maintain its certificates. Rancher will generate a CA certificate of its own, and sign a cert using that CA. + Rancher Prime utilizes cert-manager to issue and maintain its certificates. Rancher will generate a CA certificate of its own, and sign a certificate using that CA. ::: diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md index 94148df8ef8..92279e460b3 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md @@ -5,8 +5,8 @@ title: Prerequisites Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: - A Rancher-compatible EKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please refer to [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress installed on the EKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on how to deploy Ingress-INGINX on an EKS cluster. -- Get the Load Balancer IP. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#6-get-load-balancer-ip) and Save the EXTERNAL-IP. +- An ingress installed on the EKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on an EKS cluster. +- Get the Load Balancer IP. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#6-get-load-balancer-ip) and save the EXTERNAL-IP. - The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) for instructions on how to setup DNS. This DNS is setup to point at the EXTERNAL-IP saved. - Installation requires you have the following tools available and properly configured to access your AWS account, and your EKS cluster: - `aws` diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index b5dbe2ac9c7..1c649e9d5af 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -33,8 +33,8 @@ Fix the problem and run: ```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ -oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/{{repository}}/rancher-cloud-helm/rancher-cloud --install \ - --version {{chart_version}} \ +oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/$REPOSITORY/rancher-cloud-helm/rancher-cloud --install \ + --version $CHART_VERSION \ --set rancherHostname=$HOST_NAME \ --set rancherServerURL=https://$HOST_NAME \ --set rancherReplicas=$REPLICAS \ @@ -53,7 +53,7 @@ Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usag To resolve the error, run: ```shell -kubectl get cm -n cattle-csp-billing-adapter-system csp-config -o yaml +kubectl get configmap -n cattle-csp-billing-adapter-system csp-config -o yaml ``` If a configuration is not listed, you can attempt to find the root cause by checking the pod status and log. See [Jobs and Pods](#jobs-and-pods) for more details. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index 567a6e41f29..52b82ac3f1e 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -24,7 +24,7 @@ To check if the upgraded Helm chart deployed successfully: helm ls -n cattle-rancher-csp-deployer-system ``` -:::note +:::warning PAYG customers will have constraints on getting updates to the offer based on the latest version SUSE has published to AWS, which may trail slightly behind the latest Rancher release. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 9d1f3723fa7..9489e2e8866 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -41,7 +41,7 @@ On the **Rancher Configuraion** tab, specify the following informaiton: ::: -1. Using the slide bar, select the number of **Replicas**. +1. Using the slider, select the number of **Replicas**. 1. Choose and confirm a **Bootstrap Password**. During the first login, you will use the bootstrap password to authenticate to the Rancher dashboard. :::note @@ -68,7 +68,7 @@ On the **Extensions + applications** page, the **Provisioning State** may show * ## Log into the Rancher Dashboard -You may now login to Rancher dashboard by pointing your browser to the Rancher server URL *https://*, where *Rancher hostname* is the [hostname](#rancher-configuration) you have chosen when configuring Rancher. +You may now login to Rancher dashboard by pointing your browser to the Rancher server URL *https://$RANCHER_HOSTNAME*, where *Rancher hostname* is the [hostname](#rancher-configuration) you have chosen when configuring Rancher. :::note diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md index 7051a1d4874..41e45d813a5 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md @@ -5,5 +5,5 @@ title: Prerequisites Before using Rancher Prime on Azure as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: - A Rancher-compatible AKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the AKS and Azure Container Apps service are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress installed on the AKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#5-install-an-ingress) for instructions on how to deploy Ingress-INGINX on AKS cluster. +- An ingress installed on the AKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on AKS cluster. - The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#7-set-up-dns) for instructions on how to setup DNS. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md index 2c73e2462be..3d5e2fa6d65 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md @@ -60,7 +60,7 @@ Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usag To resolve the error, run: ```shell -kubectl get cm -n cattle-csp-billing-adapter-system csp-config -o yaml +kubectl get configmap -n cattle-csp-billing-adapter-system csp-config -o yaml ``` If a configuration is not listed, you can attempt to find the root cause by checking the pod status and log. See [Jobs and Pods](#jobs-and-pods) for more details. From 60dc9bf3c6744b320bb63b79810562335bee2210 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Mon, 18 Dec 2023 14:05:08 -0800 Subject: [PATCH 14/77] Updated overview / limitations info --- .../aws-marketplace-payg-integration.md | 6 +++++- .../azure-marketplace-payg-integration.md | 8 +++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index 908d1cea979..3a7b52aeb8d 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -9,10 +9,14 @@ title: AWS Marketplace Pay-as-you-go (PAYG) Integration ## Overview Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, with the benefit of a new pay monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes -distribution in AWS, on-prem, or at the edge. To learn more, see our [AWS Marketplace offering](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c?sr=0-2&ref_=beagle&applicationId=AWSMPContessa). +distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA AWS Marketplace offerings for Rancher Prime: +- [Rancher Prime (non-EMEA)](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c) +- [Rancher Prime (EMEA)](https://aws.amazon.com/marketplace/pp/prodview-ocgjwd5c2aj5i) ## Limitations +- Currently, you must be running Rancher Manager v2.7.9. When you deploy a supported PAYG version, you will be able to update to newer versions of Rancher Manager when the listing is updated. + ## How to Use 1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md). diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 490fa4c2479..03f7f8f8354 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -8,10 +8,14 @@ title: Azure Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to Azure customers, with the benefit of a new pay monthly pricing model available through the Azure Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in Azure, on-prem, or at the edge. To learn more, see our [Azure Marketplace offering](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/suse.rancher-prime-llc?tab=Overview). +Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to Azure customers, with the benefit of a new pay monthly pricing model available through the Azure Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in Azure, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA Azure Marketplace offerings for Rancher Prime: +- [Rancher Prime (non-EMEA)](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suse.rancher-prime-llc/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suse.rancher-prime-llcpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%221dafcf16-920e-46ea-80c9-dc85c6bd3a17%22%7D/searchTelemetryId/c2300fb7-ba7b-462a-ba57-a37cb5e2822d) +- [Rancher Prime (EMEA)](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suseirelandltd1692213356027.rancher-prime-ltd/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suseirelandltd1692213356027.rancher-prime-ltdpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%22c6b1d79a-b577-47b0-90e5-41e6c49688ab%22%7D/searchTelemetryId/1793144d-e0d9-466e-8e36-dfeddc73163b) ## Limitations +- Currently, you must be running Rancher Manager v2.7.9. When you deploy a supported PAYG version, you will be able to update to newer versions of Rancher Manager when the listing is updated. + ## How to Use 1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md). @@ -19,6 +23,8 @@ Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) of ## FAQ +The following is a list of frequently asked questions. + ### Marketplace Listing **What is the Rancher Prime listing on the Azure Marketplace?** From 574c1645f746ff5b80f40718b62f00a20f4ac60a Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Mon, 18 Dec 2023 14:24:04 -0800 Subject: [PATCH 15/77] Add H4 headers to FAQs --- .../aws-marketplace-payg-integration.md | 96 +++++++++---------- .../azure-marketplace-payg-integration.md | 80 ++++++++-------- 2 files changed, 85 insertions(+), 91 deletions(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index 3a7b52aeb8d..a76229b3985 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -28,21 +28,21 @@ The following is a list of frequently asked questions. ### Marketplace Listing -**What is the Rancher Prime listing on the AWS Marketplace?** +#### What is the Rancher Prime listing on the AWS Marketplace? By selecting the Rancher Prime listing from the AWS Marketplace, customers can deploy Rancher to their Kubernetes environment with the advantage of having monthly billing via AWS. -**Where do I find the Rancher Prime listings?** +#### Where do I find the Rancher Prime listings? The listings can be found in the AWS Marketplace, there are two listings: - Rancher Prime (No EU, EEA, or UK Orders) - Rancher Prime (EU, EEA, or UK Orders) -**Why are there 2 listings, which one should I use?** +#### Why are there 2 listings, which one should I use? We have 2 listings for Rancher Prime, "EU, EEA, or UK Orders" and "no EU, EEA, or UK Orders", you should pick the listing that reflects where your AWS account gets billed. -**Are these listings available in all countries?** +#### Are these listings available in all countries? The Rancher listing on AWS is not available to purchase in all countries. @@ -50,17 +50,17 @@ Your billing country is based on the AWS Account ID used to do the deployment. Please read the addendum at the end of this FAQ for a list of countries that can and cannot transact Rancher Prime via the AWS Marketplace. -**My AWS account is in the USA, but I want to deploy Rancher in another AWS region, a region that is in a country where I currently cannot transact Rancher Prime, is this possible?** +#### My AWS account is in the USA, but I want to deploy Rancher in another AWS region, a region that is in a country where I currently cannot transact Rancher Prime, is this possible? Yes. As long as your AWS account is billed to one of the allowed countries, it is possible to deploy Rancher in any AWS regions. -**Is this listing available in China?** +#### Is this listing available in China? Whilst it is not possible to transact/bill Rancher Prime in China, it is possible to deploy into AWS regions in China. Please read the addendum at the end of this FAQ for a list of countries that can and cannot transact Rancher Prime via the AWS Marketplace. -**Can I still deploy Rancher using the ‘Rancher Setup’ listing from the AWS Marketplace?** +#### Can I still deploy Rancher using the ‘Rancher Setup’ listing from the AWS Marketplace? ‘Rancher Setup’ is no longer available via AWS Marketplace. Customers should deploy an EKS Cluster to host Rancher. Please refer to the best practice documentation. @@ -69,20 +69,20 @@ https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/ ### Billing -**I have an existing Rancher Prime subscription; can I use this on AWS?** +#### I have an existing Rancher Prime subscription; can I use this on AWS? BYOS (Bring Your Own Subscription) Rancher deployments are supported on AWS, however, billing will not be via the AWS Marketplace. Once the existing subscription term ends, you can purchase Rancher Prime via the AWS Marketplace and reconfigure your cluster to support monthly billing via AWS. -**I have an existing Rancher Subscription purchased via the ’Rancher Premium Support’ listing on AWS; is this transferable to the new model?** +#### I have an existing Rancher Subscription purchased via the ’Rancher Premium Support’ listing on AWS; is this transferable to the new model? No. A new deployment of Rancher Prime is required to benefit from the new monthly billing model. -**I have an existing deployment covered by a Rancher subscription; can I use this new listing in AWS for new deployments?** +#### I have an existing deployment covered by a Rancher subscription; can I use this new listing in AWS for new deployments? Yes, the listing works independently from your existing subscriptions. Please remember that support processes may be different for deployments using your existing subscription and those billed via the AWS Marketplace. -**Tell me more about how the billing for Rancher Prime works via AWS?** +#### Tell me more about how the billing for Rancher Prime works via AWS? When purchasing Rancher Prime via the AWS Marketplace, the billing is as follows: @@ -95,7 +95,7 @@ total. - There is a 5-node minimum, if the average node count is less than 5 nodes, the charge will be for 5 nodes. -**What are the pricing tiers?** +#### What are the pricing tiers? Rancher Prime has different pricing tiers when purchasing via the AWS Marketplace. This is based on the number of nodes which Rancher is managing.Details of the tiers are below, please check the listing for further pricing information. @@ -108,7 +108,7 @@ Rancher Prime has different pricing tiers when purchasing via the AWS Marketplac | 5 | 251 | 1000 | | 6 | 1001 | | -**Is there a way to try Rancher before purchasing?** +#### Is there a way to try Rancher before purchasing? If using the Rancher Prime listing in the AWS Marketplace, billing will commence from the time of deployment. @@ -116,23 +116,15 @@ Rancher can be deployed manually using the standard documentation and repositori https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/install-upgrade-on-a-kubernetes-cluster/upgrades -**How does SUSE calculate the ‘average number of managed nodes’ to bill for?** +#### How does SUSE calculate the ‘average number of managed nodes’ to bill for? The average node count is calculated by adding the number of managed nodes (counted hourly) and dividing by the number of hours Rancher has been active in the billing cycle. Below are 3 examples of how the average node count is calculated. Check the table below for the details. N.B. in our example month, we are using 730 hours, this may differ depending on the number of days in the month and the billing cycle. -**Static usage:** - -Using Rancher to manage 10 nodes, for 1 month (730 hours) with no additional nodes added in the month. - -**Bursting Model:** - -Using Rancher to manage 10 nodes for 3 weeks (562 hours) in the month, bursting to 30 nodes for 1 week (168 hours). - -**Transient cluster:** - -A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours) +- **Static usage:** Using Rancher to manage 10 nodes, for 1 month (730 hours) with no additional nodes added in the month. +- **Bursting Model:** Using Rancher to manage 10 nodes for 3 weeks (562 hours) in the month, bursting to 30 nodes for 1 week (168 hours). +- **Transient cluster:** A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours) | | Hours Active (Hours Rancher is active in the month) | Nodes (Managed Nodes counted at each check-in) | Usage total (Sum of nodes reported at each check-in) | Average Node Count (Usage total / hours active) | | | ----------------- | :--: | :------------------------: | :----: | :--: | :------------------------------: | @@ -140,19 +132,19 @@ A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours) | Bursting Model | 730 | 10 (562 hrs) 30 (168 hrs) | 10600 | 15 | 15 @ Tier 1 (rounded from 14.6) | | Transient Cluster | 336 | 20 | 6720 | 20 | 20 @ Tier 2 | -**Are special commercial terms available?** +#### Are special commercial terms available? Depending on the deployment, it may be possible to secure special commercial terms (e.g., an annual subscription). This will be handled via an AWS Private offer, please contact SUSE for more information. -**Can my spend on Rancher Prime count towards my AWS Enterprise Discount Program?** +#### Can my spend on Rancher Prime count towards my AWS Enterprise Discount Program? Yes, it can. Please contact your AWS Sales Team for more details. -**How do I purchase Rancher for additional nodes?** +#### How do I purchase Rancher for additional nodes? Once Rancher has been deployed from the listing on AWS and billing is active, there is no need to make a specific purchase for additional nodes. Billing is dynamic and based on the number of nodes Rancher is managing. Just deploy or on-board additional clusters to Rancher as needed. -**Is this an annual commitment, will it auto-renew?** +#### Is this an annual commitment, will it auto-renew? By default, the Rancher Prime listing in AWS is billed on a monthly cycle, based on usage. Billing is on-going for as long as Rancher is deployed. @@ -160,35 +152,35 @@ It is possible to set up an annual commitment via an AWS Private Offer, these wi ### Technical (Billing) -**Do I need a Kubernetes cluster running in AWS to install Rancher and be billed via the AWS Marketplace?** +#### Do I need a Kubernetes cluster running in AWS to install Rancher and be billed via the AWS Marketplace? Yes. To benefit from monthly billing via the Marketplace, the primary Rancher cluster must be an EKS Cluster running in your AWS Account. -**On which Kubernetes distributions can the AWS Marketplace listing be deployed?** +#### On which Kubernetes distributions can the AWS Marketplace listing be deployed? The AWS Marketplace listing for Rancher Prime with Marketplace billing must be deployed on Amazon EKS. Downstream clusters / managed worker nodes can be running on any CNCF compliant Kubernetes platform, EKS, EKS-A, Rancher Kubernetes Engine, etc. -**What is the deployment mechanism?** +#### What is the deployment mechanism? The AWS Marketplace listing for Rancher Prime is deployed using Helm. -**What is the easiest way to get started?** +#### What is the easiest way to get started? One of the easiest ways to get started is to deploy the AWS Marketplace listing for Rancher Prime to an existing EKS cluster. Follow the instructions in the usage section, a Helm chart takes care of the installation and the setup for billing. -**What is the minimum version of Rancher required to support AWS Marketplace billing?** +#### What is the minimum version of Rancher required to support AWS Marketplace billing? The minimum version supporting marketplace billing is Rancher 2.7.8. -**What version of Rancher is installed when using the Marketplace listing?** +#### What version of Rancher is installed when using the Marketplace listing? The AWS Marketplace listing for Rancher Prime is tied to a specific version of Rancher, typically the latest version available at the time of the listing update. Please check the listing for further information. -**I need a prior version of Rancher, can I still use the listing?** +#### I need a prior version of Rancher, can I still use the listing? No. There is no choice over the Rancher version when deploying using the AWS Marketplace listing. If a prior version of Rancher is required, this must be installed manually using the standard documentation. Billing via AWS Marketplace may not be supported with previous versions. -**How often is the listing updated (including the version of Rancher, etc.)?** +#### How often is the listing updated (including the version of Rancher, etc.)? Cloud marketplace listings are tied to a specific version of Rancher, usually the latest version available at the time of listing. @@ -200,27 +192,27 @@ see the product documentation. https://ranchermanager.docs.rancher.com/pages-for-subheaders/installation-andupgrade -**I have many Kubernetes clusters across multiple AWS accounts, does the Rancher Prime billing still work and enable tiered pricing?** +#### I have many Kubernetes clusters across multiple AWS accounts, does the Rancher Prime billing still work and enable tiered pricing? Yes. Downstream clusters managed by Rancher can be deployed across single or multiple AWS accounts, on-premises, or even in other public clouds. Downstream nodes will report up to the primary Rancher deployment. Tiered pricing is enabled and billing will be routed to the AWS account in which the primary cluster is running. -**I have multiple independent clusters, each running a separate installation of the AWS Marketplace listing for Rancher Prime, how is this billed?** +#### I have multiple independent clusters, each running a separate installation of the AWS Marketplace listing for Rancher Prime, how is this billed? As the Rancher Prime deployments are independent, each deployment is billed separately from the others. It is not possible to benefit from tiered pricing. -**If managing multiple independent Rancher clusters, consider custom terms from SUSE. How can I benefit from tiered pricing across all Rancher deployments?** +#### If managing multiple independent Rancher clusters, consider custom terms from SUSE. How can I benefit from tiered pricing across all Rancher deployments? The primary Rancher cluster must be running on EKS in the AWS Cloud and running the AWS Marketplace listing for Rancher. To benefit from tiered pricing, managed clusters (downstream clusters) should be connected to the primary Rancher cluster. -**I have purchased multiple SUSE products from the AWS Marketplace (e.g., SUSE Manager, NeuVector Prime and now Rancher Prime), does the AWS Marketplace billing method still work?** +#### I have purchased multiple SUSE products from the AWS Marketplace (e.g., SUSE Manager, NeuVector Prime and now Rancher Prime), does the AWS Marketplace billing method still work? Yes. The billing mechanism of each deployment is independent, each product will be billed separately via the AWS Marketplace. -**I already have an existing EKS cluster in place and want to add Rancher and have this billed via Marketplace. Is this possible?** +#### I already have an existing EKS cluster in place and want to add Rancher and have this billed via Marketplace. Is this possible? Yes, simply deploy the AWS Marketplace listing for Rancher Prime. -**I already have an existing cluster, with Rancher deployed, can I just install the marketplace version and have support billed via the AWS Marketplace?** +#### I already have an existing cluster, with Rancher deployed, can I just install the marketplace version and have support billed via the AWS Marketplace? In order to benefit from monthly billing via the AWS Marketplace, the primary Rancher cluster needs to be deployed from the listing. It is then possible to migrate the existing Rancher configuration to the new deployment. @@ -230,7 +222,7 @@ Documentation can be found at the following link: https://ranchermanager.docs.ra ### Technical (Product) -**How do I get support?** +#### How do I get support? It is very simple to open a support case with SUSE for Rancher Prime. Create a ‘supportconfig’ via the Rancher UI and upload the output to the SUSE Customer Center. The support config bundle can be exported from the Rancher console using the ‘Get Support’ button at the bottom of the page. For deployments when Rancher is managing multiple downstream clusters, export the support config bundle from the primary cluster only. @@ -238,33 +230,33 @@ https://scc.suse.com/cloudsupport If the billing mechanism on the primary cluster is active, a support case will be opened. Further details can be found in the Rancher documentation: https://ranchermanager.docs.rancher.com/integrations-in-rancher/cloudmarketplace/supportconfig -**What are the resource requirements for installing Rancher on EKS?** +#### What are the resource requirements for installing Rancher on EKS? Please check the official documentation for best practices deployments. -**Is there any difference between Rancher Prime from the AWS Marketplace and the versions I can run in my own data center?** +#### Is there any difference between Rancher Prime from the AWS Marketplace and the versions I can run in my own data center? Rancher Prime available in the AWS Marketplace is the same product, with the same functionality that you would run on-premises or with a manual installation. The only difference between deploying manually and deploying via the AWS Marketplace listing is the billing route. -**Does the primary cluster (responsible for billing) need to run 24/7?** +#### Does the primary cluster (responsible for billing) need to run 24/7? To ensure continuity with support, it is recommended that the primary Rancher cluster always remains active. -**What if the primary cluster responsible for billing is unable to connect to the AWS Billing framework?** +#### What if the primary cluster responsible for billing is unable to connect to the AWS Billing framework? There may be multiple reasons why the primary cluster is unable to connect to the AWS framework, but it is the customer’s responsibility to ensure that the primary cluster is active and connected. Whilst the cluster is not connected to the billing framework, it is not possible to raise a support request. -**My primary cluster has been offline, what will happen with billing when reconnected?** +#### My primary cluster has been offline, what will happen with billing when reconnected? If the primary cluster is offline or disconnected from the AWS billing framework for a period of time, when it reconnects, the stored usage data will be uploaded to AWS and will appear on your next AWS bill. Depending on when in the month the primary cluster gets reconnected you may have several months of usage on your next billing cycle. -**Can the managed worker nodes reside on premises, at the edge or even on another cloud provider?** +#### Can the managed worker nodes reside on premises, at the edge or even on another cloud provider? Yes, nodes can run anywhere. SUSE Rancher will count the total number of nodes managed regardless of where they are deployed. -**How do I get fixes and updates for Rancher?** +#### How do I get fixes and updates for Rancher? To update the Rancher product to a current version before the marketplace listing is updated, please see the documentation. @@ -272,7 +264,7 @@ https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/ ### Miscellaneous -**Where can I find out more about Rancher?** +#### Where can I find out more about Rancher? More information can be found at the following sites: diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 03f7f8f8354..2c7816911f1 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -27,7 +27,7 @@ The following is a list of frequently asked questions. ### Marketplace Listing -**What is the Rancher Prime listing on the Azure Marketplace?** +#### What is the Rancher Prime listing on the Azure Marketplace? By selecting the Rancher Prime listing in the Azure Marketplace, customers can deploy Rancher to their Microsoft Azure Kubernetes Service (AKS) cluster environment to manage any downstream CNCF-certified Kubernetes distribution with the advantage of having monthly billing for Rancher Prime via Microsoft Azure. @@ -38,33 +38,33 @@ There are two listings in the Azure Marketplace. They are: - Rancher Prime with 24x7 Support - Rancher Prime with 24x7 Support (EMEA Orders Only) -**Why are there 2 listings, which one should I use?** +#### Why are there 2 listings, which one should I use? There are two listings for Rancher Prime to accommodate Microsoft Azure billing regions. You should pick the listing that reflects where your Azure account gets billed. -**Are these listings available in all countries?** +#### Are these listings available in all countries? No, due to billing limitations and other restrictions, the Rancher Prime Azure Marketplace listing may not be purchasable in all countries. The Azure account you use for deployment determines your billing country. Contact your Azure Sales Team for more details. -**My Azure account is in the USA, but I want to deploy Rancher in another Azure region, a region that is in a country where I currently cannot transact Rancher Prime, is this possible?** +#### My Azure account is in the USA, but I want to deploy Rancher in another Azure region, a region that is in a country where I currently cannot transact Rancher Prime, is this possible? Yes, as long as your Azure account is billed to one of the allowed countries, it is possible to deploy Rancher Prime in any Azure region. -**Is this listing available in China?** +#### Is this listing available in China? While it is not possible to transact/bill Rancher Prime in China, it is possible to deploy into Azure regions in China. ### Billing -**I have an existing Rancher Prime subscription; can I use this on Azure?** +#### I have an existing Rancher Prime subscription; can I use this on Azure? Self-installed BYOS (Bring Your Own Subscription) Rancher Prime deployments are supported on Azure; however, billing will not be via the Azure Marketplace. Once the existing subscription term ends, you can purchase Rancher Prime via the Azure Marketplace and reconfigure your cluster to support monthly billing via Azure. -**I have an existing deployment covered by a Rancher subscription; can I use this new listing in the Azure Marketplace for new deployments?** +#### I have an existing deployment covered by a Rancher subscription; can I use this new listing in the Azure Marketplace for new deployments? Yes, the listing works independently from your existing Rancher Prime subscriptions. Only deployments through the marketplace listing will be billed through Azure. Support is always direct from SUSE. -**Tell me more about how the billing for Rancher Prime works via Azure?** +#### Tell me more about how the billing for Rancher Prime works via Azure? When purchasing Rancher Prime via the Azure Marketplace, the billing is as follows: @@ -75,42 +75,44 @@ When purchasing Rancher Prime via the Azure Marketplace, the billing is as follo - The monthly usage charge depends on the number of nodes in use. - There is a 5-node minimum, if the average node count is less than 5 nodes, the charge will be for 5 nodes. -**What are the pricing tiers?** +#### What are the pricing tiers? Rancher Prime has different pricing tiers when purchasing via the Azure Marketplace. This is based on the number of nodes which Rancher is managing.Details of the tiers are shown below, please check the listing for further pricing information. -**Is there a way to try Rancher before purchasing?** +#### Is there a way to try Rancher before purchasing? If using the Rancher Prime listing in the Azure Marketplace, billing will commence from the time of deployment. You can try Rancher by deploying it per standard documentation. When ready to benefit from a supported platform and have this billed through Azure, deploy Rancher Prime via the Azure Marketplace and migrate your configuration. -**How does SUSE calculate the ‘average number of managed nodes’ to bill for?** +#### How does SUSE calculate the ‘average number of managed nodes’ to bill for? The average node count is calculated by adding the number of managed nodes (counted hourly) and dividing by the number of hours Rancher has been active in the billing cycle. Three examples are shown in the table below. :::note + In our example month, we are using 730 hours; this may differ depending on the number of days in the month and the billing cycle. + ::: -**Static Usage:** +- **Static Usage:** Using Rancher to manage 10 nodes, for 1 month (730 hours) with no additional nodes added in the month. -**Bursting Model:** +- **Bursting Model:** Using Rancher to manage 10 nodes for 3 weeks (562 hours) in the month and bursting to 30 nodes for 1 week (168 hours). -**Transient Cluster:** +- **Transient Cluster:** A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours). -**Are special commercial terms available?** +#### Are special commercial terms available? Depending on the deployment, it may be possible to secure special commercial terms, such as an annual subscription. This will be handled via an Azure private offer, contact SUSE for more information. -**Can my spend on Rancher Prime count towards my MACC Program?** +#### Can my spend on Rancher Prime count towards my MACC Program? Yes, it can. Contact your Azure Sales Team for more details. -**How do I purchase Rancher for additional nodes?** +#### How do I purchase Rancher for additional nodes? Once Rancher Prime has been deployed from the Azure Marketplace and billing is active, there is no need to make a specific purchase for additional nodes. Billing is dynamic and based on the number of nodes Rancher is managing. Just deploy or on-board additional clusters to Rancher as needed. -**Is this an annual commitment, will it auto-renew?** +#### Is this an annual commitment, will it auto-renew? By default, the Rancher Prime listing is billed on a monthly cycle, based on usage. Billing is on-going for as long as Rancher Prime is deployed. @@ -118,63 +120,63 @@ It is possible to set up an annual commitment via an Azure Private Offer, these ### Technical -**Do I need a Kubernetes cluster running in Azure to install Rancher and be billed via the Azure Marketplace?** +#### Do I need a Kubernetes cluster running in Azure to install Rancher and be billed via the Azure Marketplace? Yes. To benefit from monthly billing via Azure, the primary Rancher cluster must be an Azure Kubernetes Service (AKS) cluster running in your Azure account. -**On which Kubernetes distributions can the Rancher Prime Azure Marketplace listing be deployed?** +#### On which Kubernetes distributions can the Rancher Prime Azure Marketplace listing be deployed? The Rancher Prime marketplace listing must be deployed on Azure Kubernetes Service (AKS). Downstream/managed clusters can run any supported Kubernetes platform: RKE, RKE2, EKS, GKE, vanilla Kubernetes, OpenShift, Mirantis Kubernetes Engine, etc. See Supported Platforms for more details. -**What is the deployment mechanism?** +#### What is the deployment mechanism? The Rancher Prime marketplace listing is deployed using Azure’s CNAB (with Helm inside). -**What is the easiest way to get started?** +#### What is the easiest way to get started? One of the easiest ways to get started is to deploy the Rancher Prime marketplace listing to an existing AKS cluster. Follow the instructions in the usage section of the listing. A Helm chart takes care of installation and billing setup. -**What is the minimum version of Rancher required to support Azure Marketplace billing?** +#### What is the minimum version of Rancher required to support Azure Marketplace billing? The minimum version supporting marketplace billing is Rancher 2.7.8. -**What version of Rancher is installed when using the marketplace listing?** +#### What version of Rancher is installed when using the marketplace listing? The Rancher Prime marketplace listing is tied to a specific version of Rancher, typically the latest version available at the time of the listing update. Check the listing for further information. -**I need a prior version of Rancher; can I still use the listing?** +#### I need a prior version of Rancher; can I still use the listing? No. There is no choice over the Rancher version when deploying using the Azure Marketplace listing. If a prior version of Rancher is required, this must be installed manually using the standard documentation. NOTE: Billing through the Azure Marketplace may not be supported with earlier versions. -**How often is the listing updated (including the version of Rancher, etc.)?** +#### How often is the listing updated (including the version of Rancher, etc.)? The marketplace listing is tied to a specific version of Rancher, usually it is the latest version available at the time the listing was last updated. Typically, the marketplace listing is updated quarterly, or more frequently to address any new security issues. To update Rancher to a current version before the marketplace listing is updated, please see the product documentation. -**I have many Kubernetes clusters across multiple Azure accounts; does the Rancher Prime billing still work and enable tiered pricing?** +#### I have many Kubernetes clusters across multiple Azure accounts; does the Rancher Prime billing still work and enable tiered pricing? Yes. Downstream/managed clusters can be deployed across single or multiple Azure accounts, on-premises, and in other public clouds. Downstream/managed nodes report up to Rancher Prime, enabling tiered pricing with billing routed to the Azure account in which the managing Rancher Prime cluster is running. -**I have multiple independent clusters, each running a separate installation of the Rancher Prime Azure Marketplace listing; how is this billed?** +#### I have multiple independent clusters, each running a separate installation of the Rancher Prime Azure Marketplace listing; how is this billed? As the Rancher Prime deployments are independent, each deployment is billed separately from the others. It is not possible to benefit from tiered pricing. If managing multiple independent Rancher Prime clusters, consider custom terms from SUSE. -**How can I benefit from tiered pricing across all Rancher deployments?** +#### How can I benefit from tiered pricing across all Rancher deployments? The primary Rancher Prime cluster must be running on AKS in Microsoft Azure, deployed through the marketplace listing. To benefit from tiered pricing, downstream/managed clusters should be imported into the primary Rancher Prime cluster. -**I have purchased multiple SUSE products from the Azure Marketplace (e.g., SUSE Manager, NeuVector Prime, Rancher Prime); does the Azure Marketplace billing method still work?** +#### I have purchased multiple SUSE products from the Azure Marketplace (e.g., SUSE Manager, NeuVector Prime, Rancher Prime); does the Azure Marketplace billing method still work? Yes. The billing mechanisms for the deployments are independent and are billed separately via the Azure Marketplace. -**I already have an existing AKS cluster in place and want to add Rancher Prime to it and be billed through the Azure Marketplace; is this possible?** +#### I already have an existing AKS cluster in place and want to add Rancher Prime to it and be billed through the Azure Marketplace; is this possible? Yes, simply deploy the Rancher Prime to the cluster with the Azure Marketplace listing. -**I already deployed Rancher to an existing AKS cluster; can I just install the marketplace version to enable Azure Marketplace billing?** +#### I already deployed Rancher to an existing AKS cluster; can I just install the marketplace version to enable Azure Marketplace billing? No. You need to deploy Rancher Prime with the Azure Marketplace listing and migrate the existing Rancher configuration to this new deployment. Be sure that you back up your existing Rancher configuration. -**How do I get support?** +#### How do I get support? It is very simple to open a support case with SUSE for Rancher Prime. Create a ‘supportconfig’ via the Rancher UI (click Get Support under the hamburger menu and follow instructions), then upload the ‘supportconfig’ output to the SUSE Customer Center. If the billing mechanism is active, a support case will be opened. See Supportconfig bundle in the Rancher documentation for more details. @@ -184,26 +186,26 @@ For deployments where Rancher Prime is managing multiple downstream clusters, be ::: -**What are the resource requirements for installing Rancher on AKS?** +#### What are the resource requirements for installing Rancher on AKS? Check the official documentation for best practices. Is there any difference between Rancher Prime from the Azure -**Marketplace and the versions I can run in my own data center?** +#### Marketplace and the versions I can run in my own data center? Rancher Prime available in the Azure Marketplace is the same product, with the same functionality that you would install manually in the cloud or on-premises.The only difference between deploying manually and deploying via the marketplace listing is the billing route. -**Does the primary cluster (responsible for billing) need to run 24/7?** +#### Does the primary cluster (responsible for billing) need to run 24/7? To ensure continuity of support, it is recommended that the primary Rancher Prime cluster always remain active. -**What if the primary cluster responsible for billing is unable to connect to the Azure billing framework?** +#### What if the primary cluster responsible for billing is unable to connect to the Azure billing framework? There may be multiple reasons why the primary cluster is unable to connect to the Azure billing framework, but it is the customer’s responsibility to ensure that the primary cluster is active and connected. While the cluster is not connected to the billing framework, it is not possible to raise a support request. -**My primary cluster has been offline; what will happen with billing when reconnected?** +#### My primary cluster has been offline; what will happen with billing when reconnected? If the Racher Prime cluster is offline or disconnected from the Azure billing framework for a period of time, when it reconnects, the stored usage data will be uploaded to Azure and will appear on your next Azure bill. Depending on the month when the primary cluster gets reconnected you may have several months of usage on your next billing cycle. -**How do I get fixes and updates for Rancher?** +#### How do I get fixes and updates for Rancher? To update the Rancher product to a current version before the marketplace listing is updated, see Upgrades in the official documentation. From 9649aa26ad220bb85b04af1f8a1235ef4b0015fd Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Mon, 18 Dec 2023 14:34:03 -0800 Subject: [PATCH 16/77] Update tables in FAQ section --- .../aws-marketplace-payg-integration.md | 22 +++++++++---------- .../azure-marketplace-payg-integration.md | 15 +++++++++++++ 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index a76229b3985..a98e30c13a9 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -99,14 +99,14 @@ charge will be for 5 nodes. Rancher Prime has different pricing tiers when purchasing via the AWS Marketplace. This is based on the number of nodes which Rancher is managing.Details of the tiers are below, please check the listing for further pricing information. -| Tier | Nodes (from) | Nodes (to) | -| :--: | :----------: | :---------: | -| 1 | 5 | 15 | -| 2 | 16 | 50 | -| 3 | 51 | 100 | -| 4 | 101 | 250 | -| 5 | 251 | 1000 | -| 6 | 1001 | | +| Tier | Nodes (from) | Nodes (to) | +| :------: | :----------: | :---------: | +| **1** | 5 | 15 | +| **2** | 16 | 50 | +| **3** | 51 | 100 | +| **4** | 101 | 250 | +| **5** | 251 | 1000 | +| **6** | 1001 | | #### Is there a way to try Rancher before purchasing? @@ -126,11 +126,11 @@ Below are 3 examples of how the average node count is calculated. Check the tabl - **Bursting Model:** Using Rancher to manage 10 nodes for 3 weeks (562 hours) in the month, bursting to 30 nodes for 1 week (168 hours). - **Transient cluster:** A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours) -| | Hours Active (Hours Rancher is active in the month) | Nodes (Managed Nodes counted at each check-in) | Usage total (Sum of nodes reported at each check-in) | Average Node Count (Usage total / hours active) | | +| | Hours Active (Hours Rancher is active in the month) | Nodes (Managed Nodes counted at each check-in) | Usage total (Sum of nodes reported at each check-in) | Average Node Count (Usage total / hours active) | Note | | ----------------- | :--: | :------------------------: | :----: | :--: | :------------------------------: | | **Static Usage** | 730 | 10 | 7300 | 10 | 10 @ Tier 1 | -| Bursting Model | 730 | 10 (562 hrs) 30 (168 hrs) | 10600 | 15 | 15 @ Tier 1 (rounded from 14.6) | -| Transient Cluster | 336 | 20 | 6720 | 20 | 20 @ Tier 2 | +| **Bursting Model** | 730 | 10 (562 hrs), 30 (168 hrs) | 10660 | 15 | 15 @ Tier 1 (rounded from 14.6) | +| **Transient Cluster** | 336 | 20 | 6720 | 20 | 20 @ Tier 2 | #### Are special commercial terms available? diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 2c7816911f1..23b17cf279b 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -79,6 +79,15 @@ When purchasing Rancher Prime via the Azure Marketplace, the billing is as follo Rancher Prime has different pricing tiers when purchasing via the Azure Marketplace. This is based on the number of nodes which Rancher is managing.Details of the tiers are shown below, please check the listing for further pricing information. +| Tier | Nodes (from) | Nodes (to) | +| :------: | :----------: | :---------: | +| **1** | 5 | 15 | +| **2** | 16 | 50 | +| **3** | 51 | 100 | +| **4** | 101 | 250 | +| **5** | 251 | 1000 | +| **6** | 1001 | | + #### Is there a way to try Rancher before purchasing? If using the Rancher Prime listing in the Azure Marketplace, billing will commence from the time of deployment. You can try Rancher by deploying it per standard documentation. When ready to benefit from a supported platform and have this billed through Azure, deploy Rancher Prime via the Azure Marketplace and migrate your configuration. @@ -100,6 +109,12 @@ Using Rancher to manage 10 nodes for 3 weeks (562 hours) in the month and bursti - **Transient Cluster:** A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours). +| | Hours Active (Hours Rancher is active in the month) | Nodes (Managed Nodes counted at each check-in) | Usage total (Sum of nodes reported at each check-in) | Average Node Count (Usage total / hours active) | Note | +| ----------------- | :--: | :------------------------: | :----: | :--: | :------------------------------: | +| **Static Usage** | 730 | 10 | 7300 | 10 | 10 @ Tier 1 | +| **Bursting Model** | 730 | 10 (562 hrs), 30 (168 hrs) | 10660 | 15 | 15 @ Tier 1 (rounded from 14.6) | +| **Transient Cluster** | 336 | 20 | 6720 | 20 | 20 @ Tier 2 | + #### Are special commercial terms available? Depending on the deployment, it may be possible to secure special commercial terms, such as an annual subscription. This will be handled via an Azure private offer, contact SUSE for more information. From cb62042a277afc0a44a493c4086ba612244a6446 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Mon, 18 Dec 2023 14:58:50 -0800 Subject: [PATCH 17/77] Capitalized Helm and syntax changes --- .../installing-rancher-prime.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 76a15a3f87b..951dfe029a7 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -8,15 +8,15 @@ This page covers how to install the Rancher Prime PAYG offering on Amazon's AWS ### OIDC provider -Your EKS cluster is required to have an OIDC provider installed. To check for an OIDC provider first find the OIDC issuer with the following command. Substitute `$CLUSTER_NAME` with the *Name* of your EKS cluster and $REGION with *region* where it is running: +Your EKS cluster is required to have an OIDC provider installed. To check for an OIDC provider first find the OIDC issuer with the following command. Substitute `$CLUSTER_NAME` with the *name* of your EKS cluster and `$REGION` with *region* where it is running: ```shell aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query cluster.identity.oidc.issuer --output text ``` -A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` will be referred to in later instructions as the *OIDC Provider Identity* (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`). The final section of the URL, `1234567890ABCDEF`, is the $OIDC_ID. +A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` will be referred to in later instructions as the *OIDC Provider Identity* (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`). The final section of the URL, `1234567890ABCDEF`, is the `$OIDC_ID`. -Using the $OIDC_ID of the issuer found above, you can check if a provider is installed with the following command: +Using the `$OIDC_ID` of the issuer found above, you can check if a provider is installed with the following command: ```shell aws iam list-open-id-connect-providers | grep $OIDC_ID @@ -30,9 +30,9 @@ eksctl utils associate-iam-oidc-provider --cluster $CLUSTER_NAME --region $REGIO ### IAM Role -To provide the necessary permissions, an IAM role and an attached policy are required. The role name is passed as an argument during the *helm* deployment. +To provide the necessary permissions, an IAM role and an attached policy are required. The role name is passed as an argument during the Helm deployment. -Create the role with a *role name* of your choosing (for example, `rancher-csp-iam-role`), and the required policy attached to it: +Create the role with a `$ROLE_NAME` of your choosing (for example, `rancher-csp-iam-role`), and the required policy attached to it: ```shell eksctl create iamserviceaccount \ @@ -47,7 +47,7 @@ eksctl create iamserviceaccount \ ## Installing Rancher -1. Log helm into the AWS Marketplace Elastic Container Registry (ECR) to fetch the application. The AWS Marketplace ECR is always in the `us-east-1` region: +1. Log Helm into the AWS Marketplace Elastic Container Registry (ECR) to fetch the application. The AWS Marketplace ECR is always in the `us-east-1` region: ```shell export HELM_EXPERIMENTAL_OCI=1 @@ -57,7 +57,7 @@ eksctl create iamserviceaccount \ --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com ``` -1. Install Rancher into your cluster using `helm`. Customize your `helm` installation values if needed: +1. Install Rancher into your cluster using Helm. Customize your Helm installation values if needed: :::note @@ -65,7 +65,7 @@ eksctl create iamserviceaccount \ ::: - The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](./rancher-prime-aws.md#prerequisites) section for more details. For example, if the DNS name is rancher.my.org, HOST_NAME=rancher.my.org. + The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](./rancher-prime-aws.md#prerequisites) section for more details. For example, if the DNS name is rancher.my.org, `$HOST_NAME`=`rancher.my.org`. ```shell helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ @@ -82,14 +82,14 @@ eksctl create iamserviceaccount \ :::note - Monitor the rancher-cloud pod logs as the rancher-cloud pod is deleted 1 minute after a successful or failed installation. - - ::: + Monitor the logs for the `rancher-cloud` pod since it is deleted 1 minute after a successful or failed installation. ```shell - kubectl logs -f $POD -n cattle-rancher-csp-deployer-system + kubectl logs -f rancher-cloud -n cattle-rancher-csp-deployer-system ``` + ::: + 1. After a successful deployment, running the following command should produce a similar output. ```shell @@ -115,13 +115,13 @@ eksctl create iamserviceaccount \ ### Check Helm Chart Installation -Check that the helm chart installation is completed: +Check that the Helm chart installation is completed: ```shell helm ls -n cattle-rancher-csp-deployer-system ``` -After completing the helm chart installation, you can verify the installation was successful: +After completing the Helm chart installation, you can verify the installation was successful: ```shell helm status rancher-cloud -n cattle-rancher-csp-deployer-system @@ -129,11 +129,11 @@ helm status rancher-cloud -n cattle-rancher-csp-deployer-system Refer to the [Troubleshooting](troubleshooting.md) section for a failed installation. -After the helm chart installation is completed, Rancher Prime is successfully installed. +After the Helm chart installation is completed, Rancher Prime is successfully installed. ## Log into the Rancher Dashboard -You may now login to Rancher dashboard by pointing your browser to the Rancher server URL *https://$RANCHER_HOSTNAME*, where *Rancher hostname* is the [hostname](#installing-rancher) you have chosen when installing Rancher. +You may now login to Rancher dashboard by pointing your browser to the Rancher server URL `https://$RANCHER_HOSTNAME`, where *Rancher hostname* is the [hostname](#installing-rancher) you have chosen when installing Rancher. :::note From dd7d91ab2305181305ad54543b70f0f3a8771d1a Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Mon, 18 Dec 2023 15:49:54 -0800 Subject: [PATCH 18/77] Update file name to "Prerequisites" --- .../{rancher-prime-aws.md => prerequisites.md} | 0 .../{rancher-prime-azure.md => prerequisites.md} | 0 sidebars.js | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/{rancher-prime-aws.md => prerequisites.md} (100%) rename docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/{rancher-prime-azure.md => prerequisites.md} (100%) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md rename to docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md rename to docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md diff --git a/sidebars.js b/sidebars.js index 8bbfae54523..262bd6b301c 100644 --- a/sidebars.js +++ b/sidebars.js @@ -1156,7 +1156,7 @@ const sidebars = { id: "pages-for-subheaders/aws-marketplace-payg-integration" }, items: [ - 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws', + 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites', 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime', 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster', 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting', @@ -1172,7 +1172,7 @@ const sidebars = { id: "pages-for-subheaders/azure-marketplace-payg-integration" }, items: [ - 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure', + 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites', 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime', 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster', 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting', From 38281f41da60033d4665766414db1276ced3dd56 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Mon, 18 Dec 2023 16:12:42 -0800 Subject: [PATCH 19/77] Corrected listing names and misspellings --- .../installing-rancher-prime.md | 6 ++---- .../aws-marketplace-payg-integration.md | 14 ++++++++------ .../azure-marketplace-payg-integration.md | 7 ++++--- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 9489e2e8866..2b07e15c78b 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -31,16 +31,14 @@ On the **Basics** tab, specify the **Project details** and **Instance details**: ### Rancher Configuration -On the **Rancher Configuraion** tab, specify the following informaiton: +On the **Rancher Configuraion** tab, specify the following information: 1. Enter the **Hostname** for Rancher. The Rancher hostname must be a fully qualified domain name (FQDN) and the Rancher server URL will be created using this hostname. - :::note The IP address of the Rancher hostname must be resolvable by a public DNS. ::: - 1. Using the slider, select the number of **Replicas**. 1. Choose and confirm a **Bootstrap Password**. During the first login, you will use the bootstrap password to authenticate to the Rancher dashboard. :::note @@ -48,7 +46,7 @@ On the **Rancher Configuraion** tab, specify the following informaiton: The current Rancher deployment exposes the bootstrap password in the Cluster configuration settings in Azure Portal. Until this is resolved, we suggest changing the Admin password after initial login by editing your profile in the Rancher dashboard. ::: - ![Rancher Confgiuration](/img/install-rancher-prime-configuration.png) + ![Rancher Configuration](/img/install-rancher-prime-configuration.png) 1. Select **Next**. ### Review + create diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index a98e30c13a9..d0a3a968187 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -10,8 +10,9 @@ title: AWS Marketplace Pay-as-you-go (PAYG) Integration Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, with the benefit of a new pay monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA AWS Marketplace offerings for Rancher Prime: -- [Rancher Prime (non-EMEA)](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c) -- [Rancher Prime (EMEA)](https://aws.amazon.com/marketplace/pp/prodview-ocgjwd5c2aj5i) + +- [Rancher Prime](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c) +- [Rancher Prime (EMEA Orders Only)](https://aws.amazon.com/marketplace/pp/prodview-ocgjwd5c2aj5i) ## Limitations @@ -35,8 +36,9 @@ By selecting the Rancher Prime listing from the AWS Marketplace, customers can d #### Where do I find the Rancher Prime listings? The listings can be found in the AWS Marketplace, there are two listings: -- Rancher Prime (No EU, EEA, or UK Orders) -- Rancher Prime (EU, EEA, or UK Orders) + +- Rancher Prime +- Rancher Prime (EMEA Orders Only) #### Why are there 2 listings, which one should I use? @@ -97,7 +99,7 @@ charge will be for 5 nodes. #### What are the pricing tiers? -Rancher Prime has different pricing tiers when purchasing via the AWS Marketplace. This is based on the number of nodes which Rancher is managing.Details of the tiers are below, please check the listing for further pricing information. +Rancher Prime has different pricing tiers when purchasing via the AWS Marketplace. This is based on the number of nodes which Rancher is managing. Details of the tiers are below, please check the listing for further pricing information. | Tier | Nodes (from) | Nodes (to) | | :------: | :----------: | :---------: | @@ -170,7 +172,7 @@ One of the easiest ways to get started is to deploy the AWS Marketplace listing #### What is the minimum version of Rancher required to support AWS Marketplace billing? -The minimum version supporting marketplace billing is Rancher 2.7.8. +The minimum version supporting marketplace billing is Rancher 2.7.9. #### What version of Rancher is installed when using the Marketplace listing? diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 23b17cf279b..48dacd7fc70 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -9,8 +9,9 @@ title: Azure Marketplace Pay-as-you-go (PAYG) Integration ## Overview Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to Azure customers, with the benefit of a new pay monthly pricing model available through the Azure Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in Azure, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA Azure Marketplace offerings for Rancher Prime: -- [Rancher Prime (non-EMEA)](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suse.rancher-prime-llc/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suse.rancher-prime-llcpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%221dafcf16-920e-46ea-80c9-dc85c6bd3a17%22%7D/searchTelemetryId/c2300fb7-ba7b-462a-ba57-a37cb5e2822d) -- [Rancher Prime (EMEA)](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suseirelandltd1692213356027.rancher-prime-ltd/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suseirelandltd1692213356027.rancher-prime-ltdpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%22c6b1d79a-b577-47b0-90e5-41e6c49688ab%22%7D/searchTelemetryId/1793144d-e0d9-466e-8e36-dfeddc73163b) + +- [Rancher Prime with 24x7 Support](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suse.rancher-prime-llc/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suse.rancher-prime-llcpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%221dafcf16-920e-46ea-80c9-dc85c6bd3a17%22%7D/searchTelemetryId/c2300fb7-ba7b-462a-ba57-a37cb5e2822d) +- [Rancher Prime with 24x7 Support (EMEA Orders Only)](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suseirelandltd1692213356027.rancher-prime-ltd/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suseirelandltd1692213356027.rancher-prime-ltdpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%22c6b1d79a-b577-47b0-90e5-41e6c49688ab%22%7D/searchTelemetryId/1793144d-e0d9-466e-8e36-dfeddc73163b) ## Limitations @@ -153,7 +154,7 @@ One of the easiest ways to get started is to deploy the Rancher Prime marketplac #### What is the minimum version of Rancher required to support Azure Marketplace billing? -The minimum version supporting marketplace billing is Rancher 2.7.8. +The minimum version supporting marketplace billing is Rancher 2.7.9. #### What version of Rancher is installed when using the marketplace listing? From de01e74dc7b5f50fc24c50e714c33acb40c05497 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 20 Dec 2023 12:46:19 -0800 Subject: [PATCH 20/77] Grammar/style review for AWS section --- .../common-issues.md | 4 ++-- .../installing-rancher-prime.md | 22 +++++++++---------- .../prerequisites.md | 6 ++--- .../troubleshooting.md | 12 +++++----- .../upgrading-rancher-payg-cluster.md | 8 +++---- .../troubleshooting.md | 2 +- .../aws-marketplace-payg-integration.md | 7 +++--- 7 files changed, 30 insertions(+), 31 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index e4e3f28674b..4ca9a0e6b91 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -2,10 +2,10 @@ title: AWS Marketplace Common Issues --- -1. Uninstalling Rancher Prime may not cleanly remove all the resources that were created by Rancher. Users are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. +1. Uninstalling Rancher Prime may not cleanly remove all the resources that were created by Rancher. You are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, we recommend first preparing and migrating any other workloads off the cluster to destroy the cluster to complete the uninstallation since cleanup is not recoverable. ```shell helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud ``` -1. When migrating Rancher to a different EKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), Rancher Prime must be reinstalled on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS Marketplace. +1. When migrating Rancher to a different EKS by following the steps specified in [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 951dfe029a7..c15b3af1493 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -8,13 +8,13 @@ This page covers how to install the Rancher Prime PAYG offering on Amazon's AWS ### OIDC provider -Your EKS cluster is required to have an OIDC provider installed. To check for an OIDC provider first find the OIDC issuer with the following command. Substitute `$CLUSTER_NAME` with the *name* of your EKS cluster and `$REGION` with *region* where it is running: +Your EKS cluster requires an OIDC provider to be installed. To check for an OIDC provider, find the OIDC issuer with the following command. Substitute `$CLUSTER_NAME` with the name of your EKS cluster and `$REGION` with the region where it is running: ```shell aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query cluster.identity.oidc.issuer --output text ``` -A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` will be referred to in later instructions as the *OIDC Provider Identity* (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`). The final section of the URL, `1234567890ABCDEF`, is the `$OIDC_ID`. +A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` will be referred to in later instructions as the OIDC Provider Identity (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`). The final section of the URL, `1234567890ABCDEF`, is the `$OIDC_ID`. Using the `$OIDC_ID` of the issuer found above, you can check if a provider is installed with the following command: @@ -30,9 +30,9 @@ eksctl utils associate-iam-oidc-provider --cluster $CLUSTER_NAME --region $REGIO ### IAM Role -To provide the necessary permissions, an IAM role and an attached policy are required. The role name is passed as an argument during the Helm deployment. +An IAM role and an attached policy are required to provide the necessary permissions. The role name is passed as an argument during the Helm deployment. -Create the role with a `$ROLE_NAME` of your choosing (for example, `rancher-csp-iam-role`), and the required policy attached to it: +Create the role with a `$ROLE_NAME` of your choosing (for example, `rancher-csp-iam-role`) and the required policy attached to it: ```shell eksctl create iamserviceaccount \ @@ -61,11 +61,11 @@ eksctl create iamserviceaccount \ :::note - Rancher Prime utilizes cert-manager to issue and maintain its certificates. Rancher will generate a CA certificate of its own, and sign a certificate using that CA. + Rancher Prime utilizes cert-manager to issue and maintain its certificates. Rancher will generate a CA certificate of its own and sign a certificate using that CA. ::: - The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](./rancher-prime-aws.md#prerequisites) section for more details. For example, if the DNS name is rancher.my.org, `$HOST_NAME`=`rancher.my.org`. + The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](prerequisites.md) section for more details. For example, if the DNS name is rancher.my.org, `$HOST_NAME`=`rancher.my.org`. ```shell helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ @@ -90,7 +90,7 @@ eksctl create iamserviceaccount \ ::: -1. After a successful deployment, running the following command should produce a similar output. +1. After a successful deployment, running the following command should produce a similar output: ```shell kubectl get deployments --all-namespaces @@ -115,7 +115,7 @@ eksctl create iamserviceaccount \ ### Check Helm Chart Installation -Check that the Helm chart installation is completed: +Check that the Helm chart installation is complete: ```shell helm ls -n cattle-rancher-csp-deployer-system @@ -129,15 +129,15 @@ helm status rancher-cloud -n cattle-rancher-csp-deployer-system Refer to the [Troubleshooting](troubleshooting.md) section for a failed installation. -After the Helm chart installation is completed, Rancher Prime is successfully installed. +After the Helm chart installation is complete, Rancher Prime is successfully installed. ## Log into the Rancher Dashboard -You may now login to Rancher dashboard by pointing your browser to the Rancher server URL `https://$RANCHER_HOSTNAME`, where *Rancher hostname* is the [hostname](#installing-rancher) you have chosen when installing Rancher. +You may now log in to the Rancher dashboard by pointing your browser to the Rancher server URL `https://$RANCHER_HOSTNAME`, where the Rancher hostname is the [hostname](#installing-rancher) is your chosen hostname when installing Rancher. :::note -The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](rancher-prime-aws.md#prerequisites) section for more details. +The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](prerequisites.md) section for more details. ::: diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md index 92279e460b3..56e64ec4fe8 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md @@ -5,10 +5,10 @@ title: Prerequisites Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: - A Rancher-compatible EKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please refer to [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress installed on the EKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on an EKS cluster. +- An ingress is installed on the EKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on deployings Ingress-NGINX on an EKS cluster. - Get the Load Balancer IP. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#6-get-load-balancer-ip) and save the EXTERNAL-IP. -- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) for instructions on how to setup DNS. This DNS is setup to point at the EXTERNAL-IP saved. -- Installation requires you have the following tools available and properly configured to access your AWS account, and your EKS cluster: +- The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) for instructions on how to set up DNS. This DNS is set up to point to the EXTERNAL-IP saved. +- Installation requires you to have the following tools available and properly configured to access your AWS account and your EKS cluster: - `aws` - `curl` - `eksctl` diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index 1c649e9d5af..7ef364ffcfe 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -2,7 +2,7 @@ title: Troubleshooting Rancher Prime PAYG Cluster in AWS --- -This section contains information to help you troubleshoot issues when installing Rancher Prime PAYG. +This section contains information to help troubleshoot issues when installing the Rancher Prime PAYG offer. ## Jobs and Pods @@ -12,7 +12,7 @@ Check the status of pods or jobs: kubectl get pods --all-namespaces ``` -If a pod is not in a Running state, you can attempt to find the root cause with the following commands: +If a pod is not in a `Running` state, you can attempt to find the root cause with the following commands: - Describe pod: `kubectl describe pod -n ` - Pod container logs: `kubectl logs -n ` @@ -21,15 +21,15 @@ If a pod is not in a Running state, you can attempt to find the root cause with ## Recovery from Failed Pods -If any of the pods aren't running, check the rancher-cloud Pod: +If any of the pods aren't running, check the `rancher-cloud` Pod: ```shell kubectl get pods --all-namespaces | grep rancher-cloud ``` -If the rancher-cloud pod is in an Error state, wait for the pod to be deleted. This should take about one minute. +If the `rancher-cloud` pod is in an `Error` state, wait for the pod to be deleted. This should take about one minute. -Fix the problem and run: +Fix the problem and run: ```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ @@ -44,7 +44,7 @@ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/$REPOSITORY/rancher-clou ## Rancher Usage Record Not found -When you attempt to retrive a usage record, you might see the following message: +When you attempt to retrieve a usage record, you might see the following message: ```shell Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" Check Configuration, Retrieve generated configuration csp-config diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index 52b82ac3f1e..a9c5e0909b0 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -2,9 +2,9 @@ title: Upgrading Rancher Prime PAYG Cluster in AWS --- -The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are updated periodically as new version of the billing adapter or Rancher Prime are released. In this situation, the helm chart will be updated with new tags and digests, and a new version of the helm chart will be uploaded. +The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are updated periodically as new versions of the billing adapter or Rancher Prime are released. In this situation, the Helm chart will be updated with new tags and digests, and a new version of the Helm chart will be uploaded. -To upgrade the deployed helm chart with the latest version, run the following helm command: +To upgrade the deployed Helm chart with the latest version, run the following Helm command: ```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ @@ -18,7 +18,7 @@ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/$REPOSITORY/rancher-clou --set global.aws.roleName=$ROLE_NAME ``` -To check if the upgraded Helm chart deployed successfully: +To check if the upgraded Helm chart deployed successfully, run the following Helm command: ```shell helm ls -n cattle-rancher-csp-deployer-system @@ -26,6 +26,6 @@ helm ls -n cattle-rancher-csp-deployer-system :::warning -PAYG customers will have constraints on getting updates to the offer based on the latest version SUSE has published to AWS, which may trail slightly behind the latest Rancher release. +Rancher Prime PAYG customers will have constraints on getting updates to the offer based on the latest version SUSE has published to AWS, which may trail slightly behind the latest Rancher release. ::: diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md index 3d5e2fa6d65..f94ad7f8611 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md @@ -2,7 +2,7 @@ title: Troubleshooting Rancher Prime PAYG Cluster in Azure --- -This section contains information to help you troubleshoot issues when installing Rancher Prime PAYG and configuring the Billing-adapter. +This section contains information to help troubleshoot issues when installing the Rancher Prime PAYG offer and configuring the Billing-adapter. ## Deployment diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index d0a3a968187..9672d7dfed0 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -8,19 +8,18 @@ title: AWS Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, with the benefit of a new pay monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes -distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA AWS Marketplace offerings for Rancher Prime: +Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, benefiting from a new pay monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA AWS Marketplace offerings for Rancher Prime: - [Rancher Prime](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c) - [Rancher Prime (EMEA Orders Only)](https://aws.amazon.com/marketplace/pp/prodview-ocgjwd5c2aj5i) ## Limitations -- Currently, you must be running Rancher Manager v2.7.9. When you deploy a supported PAYG version, you will be able to update to newer versions of Rancher Manager when the listing is updated. +- Currently, you must be running Rancher Manager v2.7.9. When you deploy a supported PAYG version, you can update to newer versions of Rancher Manager when the listing is updated. ## How to Use -1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/rancher-prime-aws.md). +1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md). 2. [Install the Rancher Prime PAYG offering on the AWS Marketplace](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md). ## FAQ From c4ad5760e7ac546f7fae9d8a17dace275d8acc98 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Thu, 21 Dec 2023 13:13:15 -0800 Subject: [PATCH 21/77] Updated URLS with relative links --- .../common-issues.md | 2 +- .../prerequisites.md | 10 ++--- .../common-issues.md | 2 +- .../prerequisites.md | 6 +-- .../aws-marketplace-payg-integration.md | 41 +++++-------------- .../azure-marketplace-payg-integration.md | 18 ++++---- 6 files changed, 29 insertions(+), 50 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index 4ca9a0e6b91..9e9259729a6 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -8,4 +8,4 @@ title: AWS Marketplace Common Issues helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud ``` -1. When migrating Rancher to a different EKS by following the steps specified in [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. +1. When migrating Rancher to a different EKS by following the steps specified in [Rancher Backups and Disaster Recovery](/versioned_docs/version-2.7/pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md index 56e64ec4fe8..85ffe57fbbe 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md @@ -4,11 +4,11 @@ title: Prerequisites Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible EKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please refer to [Creating an EKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#creating-an-eks-cluster-for-the-rancher-server) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress is installed on the EKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#5-install-an-ingress) for instructions on deployings Ingress-NGINX on an EKS cluster. -- Get the Load Balancer IP. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#6-get-load-balancer-ip) and save the EXTERNAL-IP. -- The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks#7-set-up-dns) for instructions on how to set up DNS. This DNS is set up to point to the EXTERNAL-IP saved. -- Installation requires you to have the following tools available and properly configured to access your AWS account and your EKS cluster: +- A Rancher-compatible EKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please refer to [Creating an EKS cluster](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). +- An ingress is installed on the EKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deployings Ingress-NGINX on an EKS cluster. +- Get the Load Balancer IP. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the EXTERNAL-IP. +- The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS is set up to point to the EXTERNAL-IP saved. +- Installation requires you to have the following tools available and properly configured to access your AWS account, and your EKS cluster: - `aws` - `curl` - `eksctl` diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md index 86543ed301a..4c7492fe3bc 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -2,6 +2,6 @@ title: Azure Marketplace Common Issues --- -1. When migrating Rancher to a different AKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](https://ranchermanager.docs.rancher.com/pages-for-subheaders/backup-restore-and-disaster-recovery), Rancher Prime must be reinstalled via the Azure Marketplace on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. +1. When migrating Rancher to a different AKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](/versioned_docs/version-2.7/pages-for-subheaders/backup-restore-and-disaster-recovery.md), Rancher Prime must be reinstalled via the Azure Marketplace on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. 1. Uninstalling Rancher Prime may not cleanly remove all the resources that were created by Rancher. Users are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md index 41e45d813a5..4a66f89712a 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md @@ -4,6 +4,6 @@ title: Prerequisites Before using Rancher Prime on Azure as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible AKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the AKS and Azure Container Apps service are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress installed on the AKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on AKS cluster. -- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks#7-set-up-dns) for instructions on how to setup DNS. +- A Rancher-compatible AKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the AKS and Azure Container Apps service are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). +- An ingress installed on the AKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on AKS cluster. +- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#7-set-up-dns) for instructions on how to setup DNS. diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index 9672d7dfed0..4ac4201261f 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -15,7 +15,7 @@ Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offe ## Limitations -- Currently, you must be running Rancher Manager v2.7.9. When you deploy a supported PAYG version, you can update to newer versions of Rancher Manager when the listing is updated. +- Currently, you must be running Rancher v2.7.9. When you deploy a supported PAYG version, you can update to newer versions of Rancher when the listing is updated. ## How to Use @@ -65,8 +65,7 @@ Please read the addendum at the end of this FAQ for a list of countries that can ‘Rancher Setup’ is no longer available via AWS Marketplace. Customers should deploy an EKS Cluster to host Rancher. Please refer to the best practice documentation. -Follow the steps in the following guide except for the Rancher installation. The Rancher product install should be carried out as per the directions on the Marketplace listing. -https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks +Follow the steps in this [guide](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) except for the Rancher installation. The Rancher product install should be carried out as per the directions on the Marketplace listing. ### Billing @@ -80,8 +79,7 @@ No. A new deployment of Rancher Prime is required to benefit from the new monthl #### I have an existing deployment covered by a Rancher subscription; can I use this new listing in AWS for new deployments? -Yes, the listing works independently from your existing subscriptions. Please remember that support processes may be different for deployments using -your existing subscription and those billed via the AWS Marketplace. +Yes, the listing works independently from your existing subscriptions. Please remember that support processes may be different for deployments using your existing subscription and those billed via the AWS Marketplace. #### Tell me more about how the billing for Rancher Prime works via AWS? @@ -113,9 +111,7 @@ Rancher Prime has different pricing tiers when purchasing via the AWS Marketplac If using the Rancher Prime listing in the AWS Marketplace, billing will commence from the time of deployment. -Rancher can be deployed manually using the standard documentation and repositories. When ready to benefit from a supported platform and have this billed via the AWS Marketplace, follow the available documentation to deploy Rancher Prime from the AWS Marketplace and migrate. - -https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/install-upgrade-on-a-kubernetes-cluster/upgrades +Rancher can be deployed manually using the standard documentation and repositories. When ready to benefit from a supported platform and have this billed via the AWS Marketplace, follow the available [documentation](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md) to deploy Rancher Prime from the AWS Marketplace and migrate. #### How does SUSE calculate the ‘average number of managed nodes’ to bill for? @@ -189,9 +185,7 @@ version available at the time of listing. Typically, these are updated quarterly, or more frequently if there are security issues. To update Rancher to a current version before the marketplace listing is updated, please -see the product documentation. - -https://ranchermanager.docs.rancher.com/pages-for-subheaders/installation-andupgrade +see the following [documentation](../pages-for-subheaders/installation-and-upgrade.md). #### I have many Kubernetes clusters across multiple AWS accounts, does the Rancher Prime billing still work and enable tiered pricing? @@ -217,23 +211,19 @@ Yes, simply deploy the AWS Marketplace listing for Rancher Prime. In order to benefit from monthly billing via the AWS Marketplace, the primary Rancher cluster needs to be deployed from the listing. It is then possible to migrate the existing Rancher configuration to the new deployment. -Please follow the documentation and be sure to back up the existing Rancher configuration. - -Documentation can be found at the following link: https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/install-upgrade-on-a-kubernetes-cluster/upgrades +Please follow the [documentation](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md) and be sure to back up the existing Rancher configuration. ### Technical (Product) #### How do I get support? -It is very simple to open a support case with SUSE for Rancher Prime. Create a ‘supportconfig’ via the Rancher UI and upload the output to the SUSE Customer Center. The support config bundle can be exported from the Rancher console using the ‘Get Support’ button at the bottom of the page. For deployments when Rancher is managing multiple downstream clusters, export the support config bundle from the primary cluster only. +It is very simple to [open a support case](https://scc.suse.com/cloudsupport) with SUSE for Rancher Prime. Create a ‘supportconfig’ via the Rancher UI and upload the output to the SUSE Customer Center. The support config bundle can be exported from the Rancher console using the ‘Get Support’ button at the bottom of the page. For deployments when Rancher is managing multiple downstream clusters, export the support config bundle from the primary cluster only. -https://scc.suse.com/cloudsupport - -If the billing mechanism on the primary cluster is active, a support case will be opened. Further details can be found in the Rancher documentation: https://ranchermanager.docs.rancher.com/integrations-in-rancher/cloudmarketplace/supportconfig +If the billing mechanism on the primary cluster is active, a support case will be opened. Further details can be found in the [documentation](../integrations-in-rancher/cloud-marketplace/supportconfig.md). #### What are the resource requirements for installing Rancher on EKS? -Please check the official documentation for best practices deployments. +Please check the official documentation for best practices. #### Is there any difference between Rancher Prime from the AWS Marketplace and the versions I can run in my own data center? @@ -259,15 +249,4 @@ Yes, nodes can run anywhere. SUSE Rancher will count the total number of nodes m #### How do I get fixes and updates for Rancher? -To update the Rancher product to a current version before the marketplace listing is updated, please see the documentation. - -https://ranchermanager.docs.rancher.com/getting-started/installation-andupgrade/install-upgrade-on-a-kubernetes-cluster/upgrades - -### Miscellaneous - -#### Where can I find out more about Rancher? - -More information can be found at the following sites: - -https://ranchermanager.docs.rancher.com/ -https://www.rancher.com/products/rancher \ No newline at end of file +To update the Rancher product to a current version before the marketplace listing is updated, please see the [documentation](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md). diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 48dacd7fc70..31774ba8c56 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -15,11 +15,11 @@ Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) of ## Limitations -- Currently, you must be running Rancher Manager v2.7.9. When you deploy a supported PAYG version, you will be able to update to newer versions of Rancher Manager when the listing is updated. +- Currently, you must be running Rancher v2.7.9. When you deploy a supported PAYG version, you will be able to update to newer versions of Rancher when the listing is updated. ## How to Use -1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/rancher-prime-azure.md). +1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md). 2. [Install the Rancher Prime PAYG offering on the Azure Marketplace](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md). ## FAQ @@ -138,7 +138,7 @@ It is possible to set up an annual commitment via an Azure Private Offer, these #### Do I need a Kubernetes cluster running in Azure to install Rancher and be billed via the Azure Marketplace? -Yes. To benefit from monthly billing via Azure, the primary Rancher cluster must be an Azure Kubernetes Service (AKS) cluster running in your Azure account. +Yes. To benefit from monthly billing via Azure, the primary Rancher cluster must be an Azure Kubernetes Service (AKS) cluster running in your Azure account. #### On which Kubernetes distributions can the Rancher Prime Azure Marketplace listing be deployed? @@ -166,7 +166,7 @@ No. There is no choice over the Rancher version when deploying using the Azure M #### How often is the listing updated (including the version of Rancher, etc.)? -The marketplace listing is tied to a specific version of Rancher, usually it is the latest version available at the time the listing was last updated. Typically, the marketplace listing is updated quarterly, or more frequently to address any new security issues. To update Rancher to a current version before the marketplace listing is updated, please see the product documentation. +The marketplace listing is tied to a specific version of Rancher, usually it is the latest version available at the time the listing was last updated. Typically, the marketplace listing is updated quarterly, or more frequently to address any new security issues. To update Rancher to a current version before the marketplace listing is updated, please see the following [documentation](../pages-for-subheaders/installation-and-upgrade.md). #### I have many Kubernetes clusters across multiple Azure accounts; does the Rancher Prime billing still work and enable tiered pricing? @@ -194,7 +194,7 @@ No. You need to deploy Rancher Prime with the Azure Marketplace listing and migr #### How do I get support? -It is very simple to open a support case with SUSE for Rancher Prime. Create a ‘supportconfig’ via the Rancher UI (click Get Support under the hamburger menu and follow instructions), then upload the ‘supportconfig’ output to the SUSE Customer Center. If the billing mechanism is active, a support case will be opened. See Supportconfig bundle in the Rancher documentation for more details. +It is very simple to [open a support case](https://scc.suse.com/cloudsupport) with SUSE for Rancher Prime. Create a ‘supportconfig’ via the Rancher UI (click Get Support under the hamburger menu and follow instructions), then upload the ‘supportconfig’ output to the SUSE Customer Center. If the billing mechanism is active, a support case will be opened. See Supportconfig bundle in the Rancher [documentation](../integrations-in-rancher/cloud-marketplace/supportconfig.md) for more details. :::note @@ -204,11 +204,11 @@ For deployments where Rancher Prime is managing multiple downstream clusters, be #### What are the resource requirements for installing Rancher on AKS? -Check the official documentation for best practices. Is there any difference between Rancher Prime from the Azure +Check the official documentation for [best practices](../pages-for-subheaders/installation-requirements.md#hosted-kubernetes). -#### Marketplace and the versions I can run in my own data center? +#### Is there any difference between Rancher Prime from Azure Marketplace and the versions I can run in my own data center? -Rancher Prime available in the Azure Marketplace is the same product, with the same functionality that you would install manually in the cloud or on-premises.The only difference between deploying manually and deploying via the marketplace listing is the billing route. +Rancher Prime available in the Azure Marketplace is the same product, with the same functionality that you would install manually in the cloud or on-premises. The only difference between deploying manually and deploying via the marketplace listing is the billing route. #### Does the primary cluster (responsible for billing) need to run 24/7? @@ -224,4 +224,4 @@ If the Racher Prime cluster is offline or disconnected from the Azure billing fr #### How do I get fixes and updates for Rancher? -To update the Rancher product to a current version before the marketplace listing is updated, see Upgrades in the official documentation. +To update the Rancher product to a current version before the marketplace listing is updated, please see the [documentation](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md). From a90b43d804d8e346b3c5c439e8fbdc457f7285fc Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Thu, 21 Dec 2023 14:18:51 -0800 Subject: [PATCH 22/77] Update screenshots for Installing Azure --- .../installing-rancher-prime.md | 16 +++++++++++++--- ...nstall-rancher-prime-basics-create-new.png | Bin 108578 -> 74209 bytes static/img/install-rancher-prime-basics.png | Bin 44977 -> 44759 bytes ...stall-rancher-prime-bootstrap-password.png | Bin 0 -> 22777 bytes .../install-rancher-prime-configuration.png | Bin 22964 -> 0 bytes .../install-rancher-prime-global-settings.png | Bin 0 -> 103854 bytes static/img/install-rancher-prime-home.png | Bin 0 -> 79391 bytes 7 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 static/img/install-rancher-prime-bootstrap-password.png delete mode 100644 static/img/install-rancher-prime-configuration.png create mode 100644 static/img/install-rancher-prime-global-settings.png create mode 100644 static/img/install-rancher-prime-home.png diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 2b07e15c78b..db0cce13e44 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -46,7 +46,7 @@ On the **Rancher Configuraion** tab, specify the following information: The current Rancher deployment exposes the bootstrap password in the Cluster configuration settings in Azure Portal. Until this is resolved, we suggest changing the Admin password after initial login by editing your profile in the Rancher dashboard. ::: - ![Rancher Configuration](/img/install-rancher-prime-configuration.png) + ![Rancher Configuration](/img/install-rancher-prime-bootstrap-password.png) 1. Select **Next**. ### Review + create @@ -70,13 +70,23 @@ You may now login to Rancher dashboard by pointing your browser to the Rancher s :::note -The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](./rancher-prime-azure.md#prerequisites) section for more details. +The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](./prerequisites) section for more details. ::: +## How to Use Rancher + +After logging into Rancher Prime, you should notice the Welcome to Rancher Prime message at the top of the screen. + +![Rancher Prime Home](/img/install-rancher-prime-home.png) + +If your Rancher Prime PAYG deployment only has **Welcome to Rancher** at the top of the screen, please ensure you've updated to the latest version, and reset the branding to default (i.e. "suse") from **Global Settings**. + +![Global Settings](/img/install-rancher-prime-global-settings.png) + ## Rancher Prime PAYG Billing -View billing information in the Azure Portal by going to **Home** > **Subscriptions** > **Cost Management - Cost analysis**. +View billing information in the Azure Portal by going to **Home** > **Cost Management (subscription) | Cost analysis**. ## Uninstalling Rancher Prime PAYG Offering diff --git a/static/img/install-rancher-prime-basics-create-new.png b/static/img/install-rancher-prime-basics-create-new.png index 38e2ca329f303cad8fcfe33c4b3b61e4ede6d088..0d2a6104528dc228350a36b6a9f8ff7186250de0 100644 GIT binary patch literal 74209 zcmeFYbx>W+vNwz*5IhON-2(*K8~5Pu?y}jqyAwiy1P$&G+}+*TxCYnY?ym1np68r< zPTgDe)vbDOz26^~U8|&rmvwDaIo+&&?=Zf==By#|K|C9 z;lsZCQ-(rmg1_k)DE=4~>3Hf@valV|3B5imLvS|KmivTqu z8OF!Y)M%2yAz79eu-L*-QcLG;bjZ zhV$J7-Q%(gtIhI+MxvTj{4{B-yPvxwbkucx)^*G(+gXH7xY^_h$+1z0ik+D0lkiVb z?KP&H25^9kMJaWhmYZ~zOVMr236tt^4RVgCNFR)l-io}>&-?StoWY!SRdqD zy&K<`^S$VWSolkoAA&Y_9nY(-b!t8y1G31yen&WvTUF{o33E*m$1yzG$*!2j#QLcW3UakD;x!D5xuN-j+7DCEh9g zFy?!7?(l?!aF{O#^se1pZB1>T)66fg;a@U4{1TPWFoJ_ln=HZ`~5BR_6xBPTUC<|9{UlVz5*69$`^OL#bdl|AHC zKpvJLE@N^5eq>%ZZm0lju#+LFo3)jVBexqL`5(F5Q2KW@6FKQ07AH$Sat){-3EMh= zNm&_L8JQVG-OOEpvo)!N!r|w}`)Fh=3hI4(4`F=C(GZzhxR4**ZJ%k&{E)N&lgr zwVkZ&KgHWP{*3|@4<+Apm zi@JbqoGAWPgfZx!{q39`tp1o|3}OOXfvusej?hs7|2E|B75C2`zacO+x3>G!3kvqX zaXOis{0CV7rrYn9Kj!?aBGB&tl>2Yo|FHcJGn7kKmRrOY;QH)6Am^8E;d$H23BK$Ap@r&8#99;t0BP15Wr%{W^D2=q9kn`oeXV2;NPO4 z!Wqq>a#&e_CY(mBEDX$G6A%L{7{t!N31Bf{02&z@va+x+GaCcB{zZhmgE`bI4XyrF ztKXuGp`y5eY+S}*PGbgR6BAg89JFjJMfXqnAt@z0Q8Fl~JEDK#u#)eLYB8E<2sL+4LVU>TxVFqSSZsxz#|1D0|*4W&{ z{r`*m_u?Vth4MqET*BNDI==g#s=rp0GT8pFyT5L&%>OJUQqn(*g4+=EmkExBE@0z7 zdO~IW)dVs#v@r!kqsQOw`j2|^|H>7>%xo-%Ktl#2V*4pz#?R?wS4>@BhXOs_*~g-{0=`KRE;` z>HiM$-@^BQ;rd^={#ywAx0wIeyZ#rh{}uxOE$09AuK#OrA^*pT5o`n9=($4AgVrKj zzjF)-M$+OUFweh#KU(slp*2W$5}Jod8;i=p-pCinxt}@Royobl*J@ z28I+yQbbV2ZT?^h?1m+d(|-EAOb|f%`g2p0_E)kFG6}ouwIhW^?L`#pNVpy;d)GQ_ z*C3b$tA6JFP}8^cOD!QN)oT`u?csuTG9 z+Nde1JP841%?VXCfJE!VvC`>Wn6gQm3O6EVQFlS&*NDe zZ9arg(e@8ulwX_v@w3KK;!3hw!oO`RKs#!Ys?G<}|tD#iAZzQHF9ll$F zVLCkucDZK!@BMhu(3?=?j=QOTJvYx z4VJj&tvsFPhm@4qeI+0$sr++S3&msW_sm~?`AMkbt%fTat{-4o5ra97w|O12UuMjA5`I{ojsGlWjsbPQ=ef1_@JGYk6Pz^&hl57zQ^DzsgquT6YQ~aJ zD^1?{b2&7or8*k04QJTxM;%D>MEt?>@ejuLIC8i#a13!a)v~FnIt@yhk;xCDRhVvB z=tbN7H*{@o`+$nFB3-x3mr8sYk1_|aNM6Ocjug$E+-->zt_;#emqRg zW<_I2BUj|uf1efFWd*c?j8fxkj4J!}U-r3oFtEp~6?_(h zNXXW(lG?SclIQ)!u%wlnB@}h&I6z0o86RKqdzy|_8H(zJVCB|V(S(_%Zb`dciX~zt zg)#gZ_PafWHMur_J54MqrJOURQ7iDucfIRi@GP#!jNO&PQoJTZPgZ_$sc6#t3ZN(E z(QbIgH{|-*RjXL7fmc|o-Hr9QPPus)07kV?NsAHLfzOJIfZpShM(E zum1g!o<0CvC-0`ctCP4X`fX&8^Fr9PFrH2-n&dd@#|$_WuP<^ccxF`JFc{1usJQ$M z`B^6Kc#bQNW_VAfbE$@oD3`eXdd|Lef9k82>foAM#+xqoMKa0>%Ax1GvQTSntQn&K zTFqKUzHOp)_fSOht?^uvIXP>Dt1unho{zpAw$ecpjg16U$T+^P^c9g74&4 z5=a4UKIL?b+U~E_42zI-nHnxNnEbaf& zY-{7OyVi=d*K?PB)TKm+<#{G;Q}Qa$$6Kx~FkRz`6f(F0iiIV-G71LEh= zamPqS%X2{L7wIE#aloNMzm#~%G?jOJwJXoX-G+lUfRksYXj)i{-*cDj_hY%T#?*Wu zf*boy+ukNOHx83zS&6N{1F&vuCd(;LKP&VU_oYov{5|Pa5amVoioNp^C-*d?bOCt) zt!gPT=&Jdn_s;cgljc+#J7Z5F@V1yXZSl4G5wel^ab^sj!>9HI6mu13Ceb9OUWiQd z!n@z@{v1q!HIz&f;pTQt-ee+cxa7Z4?_w>Dw_o1B8R&8DrdKlWShs4Lo0@adMloL zSH|pbQ|w~0i-hJz*^b_qK(9hM!^3Is11*gZSLs0Dy~eDHY|H%U&UDLMC=N*d$Z+Lq zGqgCFC>i4(jkELNmftN@r+bRJ}ph4^0A%K=O87# zOaFQcVo6ej@_1*V)@I)Qc?mIbhM5nkalBMuYvfU3!dM~%OkRuWv4?YIdNdjp<~e)m z&9GdCD{&s@=(e!I!+x|lS_aQz@ASZ7e854%O$BC$4XZT^o`O|P!vVqP@5Sb-O zuieZY-?p4?Z*Kz}Rdg@c{>H%&x|8Nr+*wzA#rYWjw9J{Ui~o`Tv^sI#5l*7tYxNbm3vPZp}>P!|oQyLJiYnzl^?W15GerZ^-nuG#Wu4sLf} zxd&RWw%7W_RQ_!6-NNtR4_$=}-_KPQ6X40o8C;BBk1|on(+iH?=Aow*9FmSp8e8pZJDz`B-1xuR=Sry7}9llIgqH~gW0;s4$TM_ zpPv?9t?dv5Ktva3Z^z|^%83Kj#ww#6qR)ryk>lAe&$>nxnGA1y9u{t(nJu!`@O)=$ zivUagiE8U1f0%N|6{qLBtw&p$`ZxSf%jvw`Y!oRx_Gzo-7T;Fn`AE})P{PwM`z_vc zV7ulVR_|{d-a#k!V0~sT)n3jpwBG*2t_!&|Ho14&U*KGoSh%@?>}nA#oFf@D$Ja@e zTx_lBaPUsN)m9KexbrLwx*IyBy73y^6B=c%vZpeEGmFc%KNbn8#Ori5AeC*=EVf*K z&F?_!lFi1I9V%cJ%JB zEa1gWG@MjlX|VXxCb8Kb2xrFW=8{_^EfxAP$_uSP*^O+_w<+W(E{Lbdv}&r9K|tP0 zP*3_(O#So-9zPM>g^C**{ugyditpjIM1|#*5KTtJkG0ttv*mV(yWF<9rkhT_vJ2*R2 z!di2%zMuR+Ss@)<1N*`1pu9>xm`v*(eVg~gg(VDIUTBtkKP3z&8;N*ZQQq$5`--Y3 zQsDHiaF!4)g;9}Po~=NuKukxnN$l3-?V74ke{fhTUu_&dZuIJ^0m(G6VlZCnAU%%5 z2S@d3j5G48H>6xscivs=EY2ENgIM?%w75Q&R3u@ZGZaA#AMtq!+}6f6S-0V}BKwa9 zCG70Og&lR)R}u7UE;~V;xGrhP*;ZWIulT#dTgYNa6tNK*EC`F#n{Eul#Gh6H`1kJLq4{)TOZ^hGBycYWU+_lz6ju9sA3R&X+GUF;=ZnNvv$j;gIJ$7Z1 zH~9_9xp1v-T{ygHnd5c`JTbqApJoo#dyxz(Ch12DJkADpUT2HLEU_-^Y8##KV#&-E zAvXK{YsY3XzMB08Ux%QnN@Lx<&BdNdF4=tdO#I8_+6>JpUd{)2eQNL_;5*n``sD6` zE?0(YO3Y0WQo$ZBXlH+jf>q#3ImmonR;#IQtLIz;k+*ursny)YvGzW~bFRpf2XD z?2C*~Ic;Uf9QX#Wq3pUp8-<@*YGe~t~ddtba)vP@>T_=!D(-_hiS2E?eYTUQlgm_Ak zG_C{hF)bc9U)Gi_3{*(h)jzif-Cw6?Hod?^ej|^)p8vYR;}(D?6;Ca^5ePK-VOF6s z)Zm^BgKPwER*TpFZg=55TDTmgy6Y*1iorFw*%Wu16E)0~aJEUgDy6qimj>yBI`QH4 zA#@jE66F|$YqU*1v%InFhRbLr98)yZh>pP0$lp4Md43+}XQ$KSP#s!uuKP2UWq)O-a_tS2COgo3vkE z3W^>c*t^|dS|FV0hSlB_(Z!~WTAWcwdX2MU^Z!)Cly`p^e6lnM>mnp zahhB3zHE{cuP7-P!sK zw3QNEiEn02Na*OW!`LVx@=TXW{`CIpww;gh;D=@p3dcL^Uo%~kH|}0wrKe#>wqZs- zuJd=@bfad#!0Np5FOmlz_`>$&@DtL@3w(vC`5kgptGHuqlVUF-aKDHEiNrxyk^ZI9qgpn zm%k@BJDWr8t#vQ&Pe-;ep6RXVkD&Dv^W$VEI!R6zJv`o??AHC2d*(ZyqyRqJtWl<# zcN-(|2yMbN_1Jq-85+n^Ir}?W)h;1FeGr7qLm`F{fwUoNhRIa47&Q9*K!P$M@J>(JEkeP%WKo85XD@fzl#* zHd_L@*Q&lD$8fHnrFqaNaAm@Cj8@h@3fsH8adMP)-4g*N{?`VuS8Eesb|~gSPilwJ zl}wm7KmV&<^K-5yh(uc^=mln>rokIXk_L+OV1zfmeljJqtEgoPXB{mx)8Hlflxa$5 zvfOqJ2@UKp^YeKoy|?)il{LpnePI>gs){p#yDY9d3@WEF-7Ldxabpp19`N6t7GqBj zd!nHYGaihFr?0{Yy3!$kpR2oI(%Z5*Gqg~j){(1Q$n-8{ zy&3Um6XpS@MaXqIl9Rc@%eu@42}2KQ10fn{7;)Hg+UO{lym^Ye=J`M{q6ZRUqHJy(e5`na93s5MO5M_HPgzV9W2-XUUHy_3ur@v}d%)xSEqb5& z3{-uqrk1SXv7Y=$W zV593T!TkEn4x=hAjhwQBpgLQm%H>@ve{w4(yWPn4%TW>?`@tDXEM1QJT`9x$*NNq-_ft6)~#S_k;(O2-H zrXZ1TtBNDLKrA|#n?M``eEY45*Z1`MKE&5>?}lv=og_LgU|@~VBLRztO@|L?B+@lL z7chjQR(_;s&l~LhB-HUem-=u|qujh3#)sD_I*-Y_!TUjdI^7HF9KO|Uo|3F#kXuyB zDm`ueCN_`v)LU?@jeiB2r2M|NgMlS}J;!DXRL&hS>JRs%bhRDLPB$5UU-gE;nc)tj zP%;iezq^u)8I7KkBe@Ru#?^pr;V0!aPj>_+0>Ey=EBu#OJf5=on=TUa@q-k+lXcgN z!pHy)#5iWq-L+NIx=5)^9IkS1rdGWa$MawsvcVOn*T$NVj*#_mj3cdJcuJ_H8 zm(&?JqNK{YZ_}%A@zlF?0<_7NuF*nW zUc2wFyT_|yH{HVU?)L-{>srP_s^rwMmzg@gimn&L4V*B^xsLZ{q}IrWH4p&ZQ$KVgcdKjj1|G(vrO z?aR|(P17AudchqOAwc7q;gx=j6#FM5F7Xb<9FFYCWbfrdTWW6?IoipGBs`vHf&)!X zKd=uLo;uB7+jT1OpG-Mz_?Oq;GUuY$H+it-4?B5RuJb7i`c)gL*Rh@NJBGzHYy-_x-F7$DRwnf9M0y%BqQRs45ipHv>I z-Cw-H6o1tHy{IJq&i`j~zWuB1)o&yI-?6PdS8yV){@j?akJ%qeLc9}jBQ!~SSWF_n zm4;^P`}FGw9_a*FUAtO#;Yt%=Cf##Y=s%K`nd?kYX$1UH`zAAl;_=MM0&7V6$;-Vz zU4SGYI4)PI>qutFBjnSlB2$7)f)i%rt>Y9IEN{cM^rt%>i$akj=|n(4pwWc$(A(s{ zjDKhf&caBppx23K)NL9o^`j4uxUMoYutcyudyI~LpsYuo>)oXg7-KCuWl_<>N!UD; zisf%RJ1HyWf9h-ffIQ|tOef5CsF6r7b`eEu%$Q)=LC0h9c2a2)}+GOPZZMur8*;#KT> z&0?1Q$9JzgyWr1p$C{CCdXN>XjWze2@J9pppT3lcp!`}@Fhzc6Ga~;cLjQ9^ntNdz9YMt09z)IC4Ib->sAM+!wV0OLd(We`lt(o#!JK`bs{I zmG#szVM24(6K$ewi_-5h?Evb{++JNrLAm9!z4zgY|2dy6CdK?WO3iJ?r*XGE!o)8> zlY#J+L}T=+8JV5}#a|XpJQW=nS1Iu>@W-gZ*PilgQ{lVXN+P$d%#}O5?3%wd(Bp~l z*cF%qj@Dx241a>>RIwf%3&(TwbV53(cA{eL5zAF`T|10Ksy@16!8iy}XmTcTSm510 zOXYZxTOv^xDfqza49K&lAIp(`2{i5>%?r64;?-G5ABhe(8c_|K9!4>0ZVkf=u{G!f zt|{L=#$MQPq|qntj~g1h5_-E<+I1*2CMj37s$1P7uO9Rc^A2kzmo-;?-xznn_G76QR zt5m-96`^Q_N;$Sl+zx@}omWFkky9*t(Y-J`>IrPNJfnnk0P|CsW+jV{D9x45J^TB@ zAM`xKxLX{=iqK0dESAyruy*=8?XCN)U&LmvWKb%bhmghWyzwQfu%H{Z3NEi-kIo)6C-UNN- zYH)+45n99rJX-E?ntwu3n~7jCTM&~&OA*<`z0OfKTtu+on$3VsNJZjPPDH{PbC4^>tY9)H!=w1%DCxQC6=~P(aCTX_#pJsB)pC>=0yq|WVi%tS};GXJq zMZs18p4ZW*_@+A%@oX{;fW_r6dBw`gj4R+x zHee+t-c{&?fqmiJMSXTWn@twdn*KUxEEHSA%=bV>MS?j)O1P@Fm-~!eWuwOuSr<{b zQVKQg9xH&nF4II@43gklDxe`bn!DcceLlMPl3+cS56ufFS1vb}VX}G$`6n`I_WyLJ9K-Itd*dQM65WXG(}pL1+qhQ;4^` zr6P^&P=tz#+56nt0ba)3(p5;rbt`Vxj$#UdJfC3Gnc8vdT)4| zK$YG>z0aC|o@ig0esJDVcrprA$q`%OSA-~9d)N;*v4-1@mhWyq-sBYtZzFIqi#-#w z53aFVsC~VhWM|G!l?(C6k-*v;%z>wonD(Z9lzNwStIlXeTop0Sz~fMmhKM&MJhCVu zK0|xhm&Fw|q1ff+jpArZlO>|3uBASRc`1!oEWM^nk3tY%YW(x-#l`7J;PdXLSKT%d z$xI7XPnITp<)PkC6fu$8OlOD?`V%i_Q+!cFFLRr)Tqxk6NHF-_>{-%Et@U~+Ths#L zKfVPJ7E3!w84TX%raY17e0hi`T?a3x!kCH{)IRu+V@~bczQ3Pant{F!GkE**pi_<# zTCjbZDhoBha!S;SuaV_C58%cvs!fv%i`zeCgMNNLMY)jt=p|tIZso(`P{~GVOurRO zsId)ebkDlB(!dt?{jBFVCg0Onp!hyKnRy|&LM`*`1THz>$O?`MAIF~;%9;Tw$hI|Z-QRM0M1{& zGLXK0%c}hVbKd6hA;JAZ8AZx@shww6#e5$(k&~?y4oi%Lf;G3^y8IJQ(A2t`j( zD#Z@#A$rfEZ(6gAX~JYRe2C2>2mEwG0rFCi zOO_D=2yUBVe1RTGG#MQ%5lue(pzQtr%Z=-8#J29K>&Zhel%Kxt#1!4>2B$P-J~~_uaMAaa^YtcOZ`;`sbBZ=^cvxUzBaTmI z1;RZ6Tk(r+kHLg{Z8IHGekQ4S@q3AwibW!}OlXkLu?08sR~a{>%E+vTC|uYdqZuWQ ziEnXwQ!dVN824&+&jXSYugmn_BsCDaAF!f6JH4Z%yA3$GSoU7tx)a#n>mC7pxxswe zh^C;>bTFma>9d$#I*9-P3T8|-xXS@px>DqRpb(YQ*=+P#v*dImwQvZ{EsUhlf&KAogg(% zc!gJ5Ara^qG!TV~UgMEu^6+nSM46C34%jH12FY^5#HHrqvSh2i{A%2f}w{ zzWPHyOs4Wz)$q3~mu2|y-imwf{EE2Zsj_?2(3;Nwc=!#16#h`J-!^c-ZG)=Q`i<6` zd%QvxwCBcVGIkcytXxr}{vIM853&6Hdc9|8Sk`N@fIaPqu|9@YI#q6^d|glB#ys#4 z)V@|Db1)U@GTfZ6)Wj1q+7goSxD1&HIz6ChJn_Ctd&UHLxMYU8f-S1kx|bK?HCYN- zh_pC*i!8hm%9^m2uc(h~h~!OeOND{8536E%lkq!@_XlxxUX?Ia#W&88c22x+nbgiX}9^3 z_dUF}vHFI?KxW!gY{j}-VWu-(W3zcQfNlpfo$bP9N9RL{c@Ne0EE(FxmcXj}SY#5$ zZB4F9G`&q7JNk8@9t6Hb&pwV1X~XiGbG0vYIYjVR$ar>@E6G-Z%I1*gm!p+r^D11# zJS{xqKx0?!8W7U=4`olC`D&_mu8d)xnAyr=ZKRz z!qWI^MMCEQ9=Gi0iduwMKIK7)eEZ7%!->EVo1b_s7y>VMM!9agK5D5rLxy|st_Ngs zt2a3G0%)`z`^mO0^5tVI898~>e+*-&zxoDrP{8y%QFB8hKZwKt`( zfCt-}%^wv4Rrz@wvGh(xo0u$gs|d-| zF4;COadc8r3lx00+Y;Zpx4>O&LvBjrIj{ye*VQr@y<5}8Ng^-?{fw4f7wvyIdY5t> z2~#i#ppd8&&9n%KRv$XCGvLeB$sL+$mQg#mB@MMga^3EkUB=5~70Hv5>A97bs}T2( z0=rolvuw`$b_U$!A5%Y3fC|=>;$Rn+;mB?dQYDWAu}^&y1{RJ` zbsCe%!ip3!=6FjJ-;VKTKydY!LTu$ZMGK^Lsz_?XW~Rm$&x?Gs7Q-TFI&X8J|Rf(*yGo>cF=Oj z=$YEl=~LTc*kiQNQ9%hsi)v!#rpln=;FRRbYJ>pGlJej}eW8}Vt@1V8u+%kA(H5(- zDg*Y4Ds_&^YAtc0ah2$vAMuK*?B4Vm_CU#&LCvqgbRcaN@y)ZD(h9Q`M1@y!o@vVwFC7 zwp=0iDc_-{uhHBSG}&tCZ+YI#pC>8j|NP=8I#Hl}vp!Gtrk%mB~zWTetvv z?y**RY69b3qcgf#vr7LaKzOf#IYEy*{$k0Yht9c`uF;x zU*|aaI(tqUs8-ntPC1Qx=Rk0Zkamvy)|p#fI0T+mo$asG9Ls`83T^}D$EH+kG@lf9 z?bFoVn(FIRSJKgJ|FWN0JEj{z3cxt0|L`AN}E z>edv86%}$BXEk2RsSgnTAU?n=+2iI=K`9NO%Mnl%sG}`yEWTFW`kGQ9e91Wek)hf8 zE`do(RT{TqRkS~B4CbBZ*kmDoebC%4yR-da7fUCJ+f?c-G9KTmNzm_ zYB#VY{J6S(@xE$eswugx5H?o#r+N_yo$hVHVN0s&aE163)aAC?Y4+wzaHJw=BPeec zDNs~tAaUxO;zX)s<34ZeOM>V$pLv`Y-l?z9m=yQ?9PQX!v$EZs-qCiRz^D3*cHPAf@+o5+vdCW4 zVpP3e-|I>^>kQi0ys%X69u@lOAJ(F}iJUrBs4ZyNhBH&I0??h&E{J-w-c!6xjF(f` zSf_L@$FE8To!z2y3rTSdRi9PH%K^g2dVb;MQeBaTnuH9wmg(3DSvpF;!>pmvslBTn z)h5+ZiZe~4vbs%77Tum=#xTr>58C`X&8XxW-nDXyacP-6Phus_-Q)48`92`AwR5QR(`F)yZ+O)|UVFk2gR2 zH$S~WORm1{-@VvI*O%4}ld}$q?#wq#oeODX#CNsf?=D`pU)^SyWyh0gGNNTRlFhYX z$hYuLXu;uc*)%J!d?7$$bK5G+K}jZ@_JNb~0;xVOQfo;|v3vX#g6A3gu3z1{y-PYW z%rG*2$j7v$R>+`1xzm8`2&>quusl9gP3X%CIP)+A=H4-}B&?jI+8nnVLHtS898EAh z;ARTZDnCCLlXlAfPx2}%1G~;11|~X3D*Sl4aD>?n2H`jRO^X)*_~~~=D@m1! zVK=vn8#WTi6Ph=6*O6Rn8HHJ#bTiHd_FTn+p9%Vl>wyte z1W2kp}SHsuJ`MkHu%mE^iXOUuaIqrZh`^p%R(LDd$uKibaBbk$ZM3t!+* z>Y!9uR&Ai_fwZYQ3A=5Rn9$1C@u>JL`_y6$!}cE#c7zVsdnt6&{r2w&?iCznl>JlR zO^(XA+)l7PtU%m>n?e;34Yx_-63M~f-EtV#poti!(t7tP#MJKEnncqDUnB87^w8Zk zDJ{$Pgiyj;pdqG1lK%9qVvDanopH5j*C*W(?hDK0psM7nlUb|ofq}1W#|*@+fQ-3p zGI{j8gm_A5{K2d#qUE6b$)-FCH zo~z5m&nTgpM=>EKnS5N*9F=dwf_?~w{m#A;=7aq}e0;UmTB-V7*zki#6RPf=8d-E$ zph;>Zatn{rh+2sAO5oVd8mXVODsVcxMt!UN+O<0Soz?WG2lXqvjRvl1{s#)_wX{P5 z;TgQA>Lh`%UasOU2W_2o;Br&nF=xF6y=0P)EM%gf;zek9fcbbCApD-gj`9w4Ga6YJ z>-XTStpIF*MHNH!t@nOQ5P|gU6?4;!=c|LqqMqq~C`5_k-kVAwUm?5SJ?MG;&F#iS z5%*XvN74`mmDZj~{rk*J=_zpf26<~9L->$4Io+UKfMefNc0V- ztgOlvGrj~0J=l&=8`_4tuD8mZON5Ae0^UN@l-lCIz@Bh%>(w3$LvIO zP=qs3eUQ+cyfE@7qj@*4T!g7kc37p>4j^L1G~23H0$^GWdFqnvAt?H`d;F!k3El?H zk{P^%J>ohTu|6%!dv*|zmlfzk9exgMS&b}{i`&!8st!r@_g*ZzrGPl_Zd*8+cf}z2 z$)qmDNJXD37lHH}r-p+rq4Ol47&|0MZaW)yfv0?O*CRcYEv3;akr=2Fi1GM#0hjgs z;uQ0<&vV>7IM@3?T={+few(mnOt8I-Y0d3Li=PJQKzM&nJlLAG*t+Bu8k=9*Y%Tlw z&a!aS))4exH7=$sT5s<1@~qko~vUc)al+n|<2HvtIJu*LE>j zqsGT+oM}$Go%zMaQjwJj^Y_bUkdYZ!hlC;Y5>{M$3qiDo9uGo}lW88Nhf`(eAy>$3 zIGcx_M*WZINJEjQWgf0FsdVI%yZqN~Dcl@f(W3i3BD!TCeGj@ORp$DVSRJU0gHmg- z_gmK^;3fK|G^LLuHo9h_<|DscH=nClTxED0Z71c1Jh0BCvkt3|zmKr)>;*T+XXEht zWJVW=<-X^@4c!Gsj(8>D*s8=xPnh;EBry~yafyV^2`uw}Ye}QtIIm6bHEp)fIccl@ z9NFc&8cNH@Rb|@S&jbTDe7d3gViF{*BrGygSy6+aY*x%+{pg$C^S!2Ex2hRQGxSqh zeZ>#G)QzSxNcmPER-z-A3iMWAXb6uSYp`MzbOFI|kK;zvj27F2q4zwn&gP6-+rgYR zE?s^%s!7z~vham07L!(K3cN8gUf<0eALjLqnX~tF?neu!7T@MC5N38&u=O{q2kBRs zI&4&s{_!LuZ;pz3(Z(D7Az*IDWs$AD^>vc8rPz4h;0)ywHwKe5{Re-4@?~XM(f0dK z`H+myuaMP5j5({A_**3<(>q|%!m{1>fo_6C9`}UCYR`U7D6(C>N8zW{LD-{B$sNs} z1Q!6s_r5ku9zuIoyIGVzSc4^6c`D&IB))wFFAMk&AQxXCql6O4^H=i4rw;^Ir-pm( zUc?}mT+@x-9u=Zg+4j ziJc(GP)Ob=1tW}o?;Qio-2)VnIig>EgST*KX79Cl&y51*VINDalx(w9dnk4ihsuD<>8z< zr-#c(RYZ@|Dn~x#U_`)?r7uAa*6(lF3M#WZerOtkkp%q=d-OFhTWCJ^oW;P6S%C=r z@%vK=CAC^HnoOs<`E#=gCKHbIDW!nnEWK;P`d5_FD%zHmu2O-|{brBoW|B%#6I-+x zB#ETf-71M35#C60sp&uQ&B8^^`L}42(Cd4yY&|CPB3@d?)luxzxKqY?VIMALt+)+- zXQSv4XR=#RN%O*vJi^s)4bu%*%Vzze?`gDmFA`dVd(S0_tTYSG8^$2mNo2|;kOOQ! z&Akh8CDb$m;|UpLhx{O3l~=e(=8t^aK<182sK>XV_@*;;oErprCab*?8^+l4ib>e%T*HV*9CPxip$PFkC!(}$>3v^@Qe<-PB)_{ z9n_Q)7^6cfy+6tag0;F|l!a^W2v2RY!Pr}8&9zuUEJT05lfmv2_V3v+X4}D)b|9L6sdDZFHFc~$*igbq| zeZlRoQn}3D&m)^TAWa*y(MH`%3CkCcYpi>O?lI-x%Uwx#7u0WdU%z=RXzNDwBQu=h zwCsW=ek$?C`_@>ExUpB+7t>=5rPNAmxT7wBHgV-`$mgj7i?*PK6{2-XW&`xC&DbTv z*4y36&zu65>q2}?@C0qC9e(0|@12%c1O{VGx4t%=<%+wy;aZ@3o}KsiFw#m|r#l|| z2@Du_zI#4o;B6kTGo52)Uv>*Y-#I3+b2zr;W%Kn=-PVs&FWo}1eWa6bn$>&!< z+R!=V?+ec_?neTaGC26=x{~-Jvg8zGOf~8rPz||Q67KigOoLRdo29h``xwGWT6?sk z17+_zWBSr!R)4Iz%~OzRQYC;wOe;reUgdl~nPUk!mNUuID`_?a@s3;pqYAXVgLSq0 zzOboxz7^g*uhv6Br|u?4k}Rn%cUfr;?D9eSkS^Qt zBAG!lsT+7;Gdnf);IY@`&>2&&N;g!pIXUOX0~0V(#3E2>a9{ORTGgocC3{Z(+Edc7 z^!1qvhV%|o1cS*Em2xMDt@TOHY6ZVaxygq;TqeDJWaBbFeun(%d?LlJNa;(mWxT_k z?5tlR@v*_~w8+D7gxiSfHP>)Q5fhTCTK0%~)FQ3Sin=glMUiY+LC_e*_Wv<7?7Qk(-Pa6{@+-!4pxRjL)qN7AF{%yTd{EAIqp3@~e&<2D|ufq)p;5<|il(d}^*tZvFtzO}QC z8^>XuT|E2Up)8)oV?fTP8M*h}L)894>t^z>%TG&7xz*^Z18yG@zUf8VufBwu8<`)&g9w*hc@DNT$B5XAxjOIbw;lp4lsT3JP2?6k z53ddFA8rmri4&n`UbqmU*!Q+AA@1k$C!H_oPWX9D8P-E-!+9)Dd;B^i?!0a#9Bi0^ z^y%7%_LYlfJs9?;y1aZT&ee2Q!_e=N&p)I#;y=?}(pr}F%m?}IcqpCFo5+?7E!h*{ zR;&ZKd+Q-!I0yOLKrHtLFSrmNU%~f3?sbheFW6qVv2}DkG4(Bs=ba&0lMG`wW#h{q z@snyKGVgwCF?p`A^nyMpg^-ZP%Ox#BUK;qE^AvIDfAi(XUVr(3$I~17%j>oRm2Ugy z)JH6HUiHme!q4N>wCo5UeFr+&c-+6YJ5OT=&?$E~Us=`Q&mgZwMzoOsif0;$0B!HmZ)a0 z>VsUC%k3^-HXJdYHnXQJ$ytvwOKvG!cw$-ax%Kvd%o(C|Q)rCYSo)hZ0B?|cd8}f~ z-8tt^{HAwYr-b~Wjpk@(Dp@Ntd3a~ee0y9u9ROMT#idF|(zBU$jdvLuQ8gFl{E0sl zd_NN|;juQ+h?e;Mm`TyRVSBv4HIzvTtrksY&hVxEFlJ;O(Tvoq z4)b9$F7ww0UiE-sXiiI`xOFNj+O3P;t7w|*+^y=m_tKs~E)IjWX7qREcXl)M_H1`~ z-ngUuPm}}^;TJ3ahqnui#nWYmmGo!`K zCn+ZJ02ze74 zdp2sH$YtRdWvbIE_oRQ^I*2bB67TR6ju`qgeD#M7T5FiIKw?c0j9(0GdJv;C))5wjP2aUUYL74jwW*9uS6| zJH4y7h$3yViJRL>C4o^7zEq82utO(2ETL(9?hU^T_QrhErK(;@;x!!;SAPg4%F9y3 z0!BVvabVa4Znj)Hxt(#$Tp>?pzlxi7(w_29XjGwHmVtD_bR40&tZEN?g-*KDZociG zR8X`CW?_AP&!i!e#?avYa(p)xC+h%rAtt8DWuvO`%JQ!gwuFOVb}v~HYsG+2^JD2V zNt0APN&>29X2X*<8F>f&Y=~|cTh-k>m7?>%dQ4RKm7d;?2tv#MXj0eO$w@fZ+&#RxI7nYT?b%W=;=WuV=d=jO=O6m2TOo;J%Sh`r5n)>3kQKgiLFwwRC!nxFGIpL>W|U2UECOYNV%wi%Vsfp!ctI;` zH#hH|F~wy1i01A5shc2(#aDN zkJ6;rYOY>?-D+-3U0Wfk)Y0BNpK=qZmrsd>oV64`_uFTFL)g2ZweyT{`zryh^;DJ9{IZ%hv1W^IixY+G0B6Rp>9xXb$~z0wjA!o&6{Nw^J$4 zxjVArYe(Y$jt_2SnCS0^GB3veVcB9)euAeJS(p$oFn%i#@a>crz=4t!750Ag#QiJ4 zr62~oi^zu5-|Wtom#X)Zf*M=2uNnSoc04h`s<1OfK0fKQh~}FIozBJsocibMN#otf zmQT}a9i53cGK)?z=Y{tLdN1iv8kLe?Ydd^FE|f5VFK8s3sD>AyO3(ZHY}ez-#HTTR zvsV`7g}0dKgya5ch9(qIu2SW84Tg11=bsO|G$um8d9J}4|6Y|k{NGOM1Ps(d%Lr$N_oGhSVMIZk@U8Eh6Vye%*VsEr&*Hv zP){V|*b4KWk+EXTzp(+gr0Jc4LC8h%ckxYe5bDcpBE9}QQ}cd##X13kA}jGD48O<_ zlP}C$pJvZkBY}5n6J%pXGbEI}Pc2KZ+ZNwn@PSvvub#_ES z@Qw#4rqH*iwib?RmQjH)y@T3+8XI+lG8Cvwsls>QFj-IW6{^Rk z**KPsHETZPu@Oe>)E8H}2Wz5Mq%y#hs{%dimQT{JIXKIw!$dL9aX(70_i|UMLGqJ8 zXX~ho$-%|Yc9QQbfBcdOj#H2S%g2Yg2as!OTfBqEx!KOoVM1RA@-i0QKyiP-BRw#H zzAt0Mz1HHuy8r2AXrH8fh=AIA0?IpD;L9AF&0_nx0JbYvt>vcANsP>~x>;SNJp116 z61Q8}T2ndzGd{WR%xI4qHQPoNIVJKKZ{7sK;zxgt?=$h;iEe*}nZKFqIUVRz%2Jm2 z^-J<~U1n{NU8MJA{@(cUr_Q$QMuW#+WeP>tW7&ST>2s-(GqCIjJPexmY$g{Ly!?K{ zg=->JHhoa(I1Q9Z=Oaj~snIFI>!TGyK8qJd0#SW0xGju{@+lFg7TiQv7Sri=<=#Nl zXO%C^4b_x{^xIkyhn~kl(Fmt2GmG9| zf-m5NxB5e}3a4L=aG#JdoRE7|nXuQTuunY4(AMCt?5%s2=kf>?Z=48i7R2%dxxoaOMmSm3De>%hv&^%|y87!*zeflgiCmb*BBr9JB^{gB>~yE#l7F zmRdfon`07FEl-kNAgnZ!0PUT-`{-gK2b7%XATnJ9WiD5-r9p9K1_pUkzZXifHi$6I z+ah=@3>V@FHQR%$MzJHC(U6xHsAHi=lQrELK?pj>TS%oka2}YcLWn9YVW=^{5v{8f z62EmzaWWoEbHJ6W{kLR_6?gQrs?BX7_wRgAqieBVXjh+xn zL(J3B;L*R-N90hstB~R7{(i%>r{!zSCnnJxUvu&kcLag1Fa#=2dXb4w?uwVaf|pnF-o`O- zJ>vsTwjNT}zTOmEhK=bZL}sv=4t~maH}`Jebcd(ud2!a}Psr(iL+WU}ehF?kzxcV- z9aI(RiA^tlmk2n@y1EiS)AVmj976G>_VD%dW4GsOHY0+?=^4lD3?LsXRq99s*lN@? zMD#e84wub@UUerb*Hs+L7jXM|zU)1HiVzxTPW6Sta_*qgv6uj$HjZrRa(8j5Zqd>- zyHImEEU`F0$&*VQW4E4ut^=U%fa)C{4c1EA651w>`jndp7m$>!QL~1c=@Rf3U5S^h z-E%jN*WdJ1i&=z>GU~u%Ghattxk=+4cHtntqNjHk*feKWaSN?~7!> z1z6Tn_|=rq=n*B2puFyxM$zOr1>qGx9U}BS5?!WxBr}O{Nw?(T$$H;o*k?c^B7tw~aBL=HGizQ{xfELLfV1c=?NpwG^QZ9qYPmNT z4c{8GBlj$fm#+QKkuswL=|S}nUFtA5ryl$i$J)p&bUFF*xK|f83o;)KI04L%EaUtW zbj$JNA1575xE)TEugq40L$+9dd5<`e`c4?@Xw`2h4Ka zmdL*WH^iE>H?}6Spd0j=hD_@54?yqe9f5{RpL~e$fyLTu+&FGb`^RDB=3*N7OZd%w zsgXj(@@&rNETc`V#k3hX z(My%Zy4uM^lOl&nK`l2uJY!WDCw-Tz$Jn9hc?AgZhZUH(7yic>wXh0eftnWTkrAHbaF3ymn zyWaLlGt9AO#+BYtu@DxOAT@iTFps0vy^gcwq0sbh(YBRmT)o2N4&}f5G|Q|`8srJo zw?#v{(nuB#2oLr9Yg%hw!_dD!*o7c(-W&PBt#8X!ltaT6t7H)lye+jF(p^C&Q1`Oh zJ6l+HCIv20Axc=gnp>J-@>X12uNooYdm=|#U|*?OPBe+CJN1YsEgZ0V&wCcSmiKK! zahxs5U7w899&WH6++Lb1l-v%LmM}D zMqnz0gRKNz`S)ZKi|%3HOqNrt>q_uq#)gszmF5edSLz`Ma2h(LI)iA!-R{V3x{uoU zkDz5WF_v20sX2gSvlUY(<~Et{ctYA-xPhSG#J3UeS+o%PepC02DXMbkl@$P2B;pq| z{=8Cc?9Ji)SFH8@&w~^PZ0VaL<4f%XOCIzXWe_n$RdL>S|EJwIjX86z-zo>fWZHil?LUa7V$%O7}6{(-W z@dOAO@$gwYKsK4aZ(9Oz-IqJzwj24b$JG@_Q%A2Ifi}TMC@k1m z|4vq4M}LJ{(1}+$THi720ajKr{A)>J+vC+#os3BgAzyrn;cTrGD%dQ#h1wiVb0!lc z!Z+%FR=!0vw~uIVOTwsG4S;@SWbKzfODZ?MdipCa35|J&C}6hEv?+e@p9Aa#$CdG+ z2fQfVT??d6HDcZV09{^}DWrJ8CbVoWH8&klgt!(fjUCNhAX*M~Vde0igg*TCA{E1C z+!}MgEm(kF|J={xT z{Agv22?+_XI5T>_9dON@z>`whZ@FVIKsx_2V*!FMK2utoe@SiL(VcdYJ7VT_Mh76D zD@-t-TB>wXIWP*ye&MIma@g{fZC?yWeD)`$=8XDVoAVG$;`i;me;8}T3Vrn|*)TC1 zyPIjL&gsYahsOn0<2U2mRv|0p6_NlE5$neE9;Jq;3Usg>-|WZIxlA^Hci)^$2>}BW z38S)ouVf@+@C&{_!@e5PuyH_VlK_h`KjN-cz#r?}Y|f>ud}WFq(X$112iF6xuUB@o z*qccA5m&sM z|D?caXG4eo7qG~u)dqR^ArbZ)*ece4d+x43u@wQ(xgcyC_g*|l*|)K~vh^Kwc2zmd ztK>?3$ZC}-N$yLc#SP_{mUIRC+cFAaC|3!l=cRniAq9EeM0znJWmZ4^+-JzY zOL+n=BI!~?@l;q*XL$j_WItTU@M9k$ZUOg2x{HwBJjnaeSTxgiWHK(8{(4@2{6$yg zH{%cRo;uXPS<@TNtM=V}eP2eKO)}f9fxF2W@qNyQ)agWsojvp3yg!bxd)A=LC%z{# zZ@avR#TgaKM=GifS;N#)jp100Z~Vl`!0v_a+8vr9(pKHy#C8uBID7Ct4gFSi!y@w3 zu@q&jZ_e7R`uptorqn5f>ll^B&&G~gCkq7%$L(X+A2p^@3z7cr9jkz%EL^;y*J@1K z=OYHNU5Oc+Qqm+>wv;uJb8~Z#?McNDD!O=$XLj&^+%@R-_k{+$s3k8*y5;(!&~&8{ z7Rbd7WUh040ejv{ursbFrNb49*n<0jxRh<({hQB5Q@D*2R!ns`JqW3u~9$`Fx(0RX8}h}&#T zGWiojs$lyCX?k(0!2Jvurc(%77$K}r`;2AzKGwQWZDTC#B*7~=oM%AWI`^&3g>Ypp zo$31eT2|X(?mgXgT>6wSXPqBskYG4#TLgjxdZyA;f9`q5Z)>Rl<_>i!s$86nSg^n| zyV)OMd$SiLEManUaTrR_+f&}K9fATddI_nh1! zu~rPdS!Q<$loFP}$oQXuN{`w|k?!Gw*02sU0+ewFtT&OHz5K?&pp!RNE%r;l zy1-)P>+tvc6g1UNEYWpp*5;i(t8LH_8U_+UgBtwkVaYy}NcE3H%mpX%eh5jyoRvcM zgHV+^JN@sWT*?N9W4~9-3qR6o)y&$BfagZV7Z_w$n8D8Ps!Qf|gRNOs=M{UNH@7a# zCtc@1m#3R0iwD6b$A&76AbEetF(Bg81n-a%S?+UBwT{{zvc|;V1wi_JTNhr(UEHJWYX1OBtD}km znz%M@rMkL0ii8K-z`!8;eDN~5!UcSyT)R3`EEHv`T}lZ7n?9f8GjXX5=DOJhfkWv# z7*m54!N^pDip4=iMU{-k8>z?=z!kA)%+AjC^z?*8BleF2&plopCNx-y?|3DwXDUF< zaEug;Ezk)F(j5`WsQ|9BC-{*K|*p_d( z|7v*WVFl&6AR!lXDl#&XbL1%W%&>T$aHyw<9Y27WrKbadbc zNXQ>*XyB(_6+`F!{fi6Jd0B`c_6}p0z8NM(}t!5w&;}a#?c4}MkbyEj4yL1==54RCp=E_d$9j8@GU&a%z96Q zZA}e!E9UkR$L=A}?L84?D6DBtR~H4QhCVPz$1=zUkumY1v~29)7m!IXDDs+|{|-i* zeP9+APFo)bBVSAc0$?%Q&c($=Q}rqk_@gUb6lxyHcwNfn;UTZNZ8on6K_9GN;ubJ8 zoyjqgYHM%jsP|V>`*hxUPfQ^hqqZf4uths#w5tq$H$4(iY5o-&(Fq6TqEFx>E-NE! znRz2stfaXR=W#}3f8Ri;ZGjv*CU$>z&fCst@*g!X8#oD_hQV2Ga`GNN-@j;L8~E;W ztlG`Sd`#bU)*k}yiCH-OS2a;c`16_F!2-LQ+#5@YEmXkgxX<%SWYoHf=`Oa2B^G?# zO`vZI_)PMw%9@r{rI~p-{4KhIg{SBEKnRrn04F30e3&?GUGI5J^sdIlxqJC6Z;3l) zA$Cb3!avhZYX&Ea7d1UY-b9tbZ9h5m9_XX$)tZmt@>;SA`M4eo#!;jpNK!~et8~*5 zuK6@H@s<;>d(zyO)&eXRMmwNHcBF2PxUA-VU|NAhG6Bo~8$V7IC_e5h5dCU*q*5#C z2Kq=a>DK#=FrtH)^B-cqr1Y<+I-eVlOJlkSFkuM)a3|(FDfquE2e?baE%ns-|MBGR ziaqj&;3R2IvVr*wS;Qm%+alpZ>GPv%(d}n!5QfZhbw7ALI=F4AgP99ds#e%w6#^j00?)yuk~AEPYmObQ3W@UyLgTh# zeFPYaqFmy<$C*;3QR-^-<%{Am6dF2uTz~|4x>Vt9=|p0Pqvvn6SDeItHuu1r!inCqu#}&ht&GM^#=En zg9%HH=_X=}tWZ&2|wnm3JCnscw&X&NR+_g(}7A!jZ z9zd^y#>|GI&T|^RzTDS#EmOOpI=9xPb_)hTM|=X4nEuWVMT2|?u|N(159WqBdF_E; z|8!-M^4kd|%-G{c8+;oYNy(ak6R6>iCxq9XfnQ+Y7rs|^cEl7N9j)N<7)KF0qnpi9 zR5|_;JfOXHKgNHL>zR5n5g92W$}W^ot9gJ`B5fNR@V#-y)BS)Euv=DHF=c5e0(s5* zLsik*)n4?Kr18q692y4)k?kPH>8=zxLC0Pedn9Nn%=kIw_`=g4SEy{S2d~PML8>U| zbg;pWsx_BAEe46hOxrbAR)Zr|LEQHmkHFc@VwQnxa0fxN=4-ht#A+06hfW*z{hipM z2Acr3F5P4mCbF)_)u}^?N$3y6jFjpkPo5B{l&%pZ#SZ_QlbKZA{hK?xZr--<1p$v! z_haUtuGxPKWkI?b6n%^4DAx+W^`S=P11z&lcH}?bzO`WI-ClDwHQ5o+OfLpT#-cJc z*yZYOtn>J@%oSYw34NM%e)o>C-e9w75#dboV3+f6Vbq`K+AdnUdHvAuU!Rts0LU*V zz@0ka^|%!jxrH~aKQ!;E;-^Q$J5^lC;o##jWB-^jPN6fVc;nMf0MUW|GpkYcw-bcQ zxQE4%PGDP1mbmViDKC5T&hhaNIx9d<(fGC&XlR8d+)*6OT{y<1RX}BDhTssUbx!`2 zR$$Xtj+ftKUobluF@d7beKcF&Gktq{iDz*l6g|6^71{x>Wk<0CwA75@1P_~L<;1p? z#dORBo832qxR5HHdp1*5s8S${>HNeAjfmB<(}Iq^Wz7fXpyH&sNg=?&AsA9;e+3T_ z?+%43e@FtQtOYbzgS=r2gWD_mfFF)IC)-43yu;);y<|nw^j|&sg}kLUZOB;3%ONdDrvl7 zyzWthtG9zbfMvFiHZaxBea_&$MjS`3;;H1;8qUB`b;-u>AVsM6L6HA(`W4_0);sF# zA7-ZUzC%zaj^nE_l#72P>_RDL1rad93UGOBMqo&D27=%|<%?eXFKF9bI)?h?*}dt5 zod?qZD2*=vQ`C;sn#9Gz(~?8vWOAiT(^36~SBz+g#c>Ct!(>*%Ln$5v9$SgWA1=7h zdnCH`Ka8R`V-1ur9EN4b3g`H$9ofrXBYII5^TZbKPnC2XS39zD>yNK`QAyZtSH5Bd z_FfC5Jzk<1bI49BanU@46UhUbVldfIShwNVxRdxq5_9dYF*N0c6B)BoC^r10Qi)h| zAFoHS2%8GN0e&!KSa4XJOO%5t?S{;7Kz3K9`pYwR483}VyshntUF{^YpUooE+eW<$ zELo8lTsdC8%jfq=`7kiwFyHa!b93TZf7P8kb~GqV1f#9wabNyvcYXL*;j3CDvGh)g z$ZiU*h5TYu)r(Nee2HRo`mLvx1h+oXEhH5q^}jrf?!E^jPgc>_S3yh=w~t&~-%0nY zCq$twG9GU^dndAu%m_->A>S4n6=X#Gl%2&G^fH^329DqY^6&5fH*4XQw4qk=Dii7j z7n9UGLB>P%SbTqf!5QBVk#9BIrm_@&6VJMzDL}k@)l{Nf*<|2XNf4lU$N`b6Ph;VV zR9;s7YU%xqzb%9UAR&*Zb`mtd7bz9`i6R{(ad}hXx+&&>X>t>SYsu~MZp?>dxuF{1OV=uT$XD|>e z*R3X0Qc@BW6oi07?Uat(Otxn8hND*SOzC!LEBOwd-js=+*JF9%IWM<$ZGFGrK5qR14<6;} zm+!RYAcZt0d)T0uDg|j^G(m^5DEOSu|>*Zz9&OkGQnfxA)H8t#>-quJmbbn2Dj)v+#n|XLE-b| zFkn5h(tEEUTk6W0153`lz*sxh5%)sLInrq7uLMECd0n~@Eh(6i2MrXz$1j30yzA-i z5idbhi(lvHPDgjb4zf@cU2>h789PI2=Mt0VSe{jcnUhOwCOA$j#dF87=`{w&GDCzv zu@T_1v9)!ck&^(VcjM>*5DGpyg*jk zb@X>weylvvzi~)Td4*<5RfVP;s2`cl!jM=qw+B7y2<9wcH2+NsK0I|+-Z*~ZS3am< z^;CcwnONx_OWJq4Vy}-NNV&_*Jpl+4`qBv~rFOZWktbP5ps%*lQe35XVT%EV4hEO2 zaZLbUS;2gT*W^D1b4vO`cIvuyvvgAJ^pgU|_eC%dmkXfC+MQKm#LfMkLXd$5ye9Pxi0z{hY5C(Qn0jG5Ds%meWuwV@ZNXFc0 zSkm{E-SeNnPEk*sqMY_$^%AjEw#Mj-AP> zTxW}-Eg)6Be zz;K@@lIe;Yi=S@^EM$a_D7xJ!*=A4tVX=$nJv}_6L~ZjYi`$ki$vzxk*yu$b`wLU)MdwGZ!H2D z-S&okq$j1(O{zGa*0aGGl>-obrHgE%#GK5By;1>v=qWte$RRi!^i7VI2V4yUUQUmx z(fp!kO-GaOUhG}m%UFXyxXniEUSHW^M|Sh0s9w_k$`@t?aQN`YjW8f`!0zW&sFprs z^I@cRyh2)xU~L&HeA5k5ZB?q?E_RZ$NpzyPNFCZU>gn`%YIqPZkzwnn{R59zAwvC< zlg=l^9XF7~j7EU_J~USeUZCiKb}~CzfsEo1#63<|Yo`KcZ4zW5`R~=Q?1Q zQSIfymb8CZdq*}^CC;r~T-583WV_0EDw}HSPYxe<{q06b{aIIT`xSuyO&-Y$2*+QX zIQ-mB9g6&lHLa~J?bg{yc-cD+9$=6wmq-L$3g3Qg^K94B_<&?j^lYNJiaSrnb6zeK z`qs)_ZhkSgH}?BLkWHT1wIm}t>sV36s}r-iebq{P5i138f#jUEdAdFXk*MP}613!e zpuk6SJNX-mrLk!ij0i>O}QobyC4QYjx(t-OmHyb z{G7QHJxT?Xv3`zcHwwvLpm*NHI-t@%L{dkY~uMEE{N*efvgO?Wv zO>lDAkN8v4AlltqUnI@a+8Eu+l!rfIt!G1jE77J8*FcWWw;p>Lp?cq zpO0#46TRnoGsYz4<&oCc*R6zOXLD%yaMQ;2U3Gq)&CV%eHHQrffgIDv z>u(enH1&Q+fTzJ%^)1?4=TKmrId6+9tt?Sk{F_7LO11W%rsigJJiPFf6dZ748e}=# zHf8Xl*fHZ(LK)S^$;t0oaLw)_Y4rm3^#84wZsySD4PmOl=GT4ydZjdM2xVBWJ(R{l zb9Q#t)YJqXe?dh>G#X{M4G5g=fr(EWi2+J4i=!I5uK9JIF9U7l%fAbXo*w01krMA9Vm878>oc8(}y)%w0Rkg)S($S z+L0=a2n7pCII(zEg}c9agT<(sH`_h9NO zBuC{W1b<5A&*2(?)@|hLRn4yBt|M>Nl5JCKs|jxZ28txu$d_!X1qDILY*OHwwM~A3 z%_@rCOud(!+$uC7svr9$3or^rsh99>z{JwL!zW0tRtkMtH3Z-fAPkM1xC;;y6W>$f z7NAH|Cxl1hu&iT8sKkiMX4jG3B6*ZBxPZG9*NQ4_r6)CGUDBD6;acQ|JkO=|K9GZg z^G4;zvb+hwU1Nxgivwe_RZm;(+S$jaC*x|(Gp%=%vE?QpBO|kd$-B{xR#6)LRrCFu z86)}C#NKEcrh|jS_RbE6kdLMIAL$n2$amZM^)=C1OB;f&{jf>30cmeMO9vXf3T-8O z_LRBwJXwGud8AL{F;Y&B7Ux6sn?3y(nb|_~E;a=?e69mOKVQI0N&7bHABjCnnpk5j z%Rp-8iunzESwKcFAfKySN!#t~u(vE_tt+M`dUKHx9S4)-JMrwyvqh_Qh1{mPUPUn7 z5m)}Nio}09E?W^hx|9TuA&>Z$4r!DxR`qBFNRlB&w6sHds$l5aYym;XAu0m~!Qfh^ zkJ7W&c`4kAFyD=#IEeNS0v*Rap9(lfI<6I7>M)v1wi1i3{Ymy6SQA?s%CdYa*#krD zS9@Mry%bYw+<)%vBdQplx-_0&D-C$ir?u?cAH|Q(D!lXP&J*9iYA0z(CgJ|tS1^4_PQ3n;#+X7XALN_3?Ngr^VKqMh4(RbCi81}6bd=r zSRMSE8f^IE(m_)1%FKcJJqndyM_;|$UH9JAD-ZMH))jBL_hz2i7|Nb!OO@t>{rLGj z8{XQAw5as^O$IobocsU%F)|LLaqlt%G0<1fb{5_8fJHt!%aB&0s#f_=mho7ck^vlP z@}*tiS{xQw(n@UJA^dJ!<)F&AN)duQxIu-&GL`p1N0{#bM2Z{E%-v66hY9RJYqS4h zk^uGK!ay(^gi6o)Pf8T3PFAJr=;+NjWYT&^;#+?Wy1O6ySX4UX%|d)LJW1{`M^F>e zx8CGgl0z1Q#2Y&I22}U>ua>md)Kp*f-q#z$j?lfzd*WUu=mhUwtxDUglYFq@39BKNn?{v(~VBx#-Lp=A!SsJI*r{IQ#$grK9eT zPPFVE!=?fF%TD(+&}`3q?tZ+14fWuio_w*6>hQW&h0qUSadz-KnF)ul-O5y|jos4k z(z~N|_T7xZWar9Cd2Gp-#;x-!_acm+Og@q833q5Vbp0-3Au}E2h}3dy*#ztn zaX->kdQV7=@0}Y4L?j#m9=I>&0ukc2dqA@DYN4m`y=?s@>xbMhLHCn^$2yk}Ooi*- zr*p>vaD)dBZ7vf0qo`XQcVV$Q12#$cSFa9l`4hoeKV~vin(t+E*)bvw<$QicTg}LcITIU+3>VNtE8DCJ7$w1jBc2h29=`M?JrM zkUIG@WY%&m9BB&}3-!qxTyUla#8yafV}5QtUbva8Ol@cU*>);o24dKAggC-(9#uNs zuklueJ8i|;N}dwB`@#5p;*;BU%zBo0Z?$g&nTNcW3CNqc+Lg0|eBPfhaxngIE{`X9 zO-S8El0xC*Y4SpUhm5CmO5H7POEeKr(Of*6kNhWIU)p%&(08p5wlN>kwPeJ{Qt0^` zN@kU6>naiRBVOX4!2k`Az9f%-I96~-_3IAG?v!9wENm^y9zKi-OXfLSnm1RR99fDZ z!!I1A8H(2@yKj6hQ{u0_T1_4v3>;ytj>&(^p)cI#w*J&$c#ZbNEj98=)Pgs%2QOZa zTlI&9QO`q+t7}izJWykgTPh{ABU|12;_!3QhAXvv^WfOOX!qr};SeF>A3yws_Jw7c zb#+^YmGp5q^Htc6aODm0+mKXkau7Jhf%w zC}=WJ;!X73nc8l2w{K=Ia;pxMlAq`tBJ$ewlfoUA;z+|#d>EM*aPTExROPApMZqa^ zFJsBzdM$_|6ApgM))ESZ0`)T7!~U)LxdzJ%)OV)W*BHKZ@nFWak!dBh@Fjh8x7zS3 zM`b`%&0AhyarOv;GgBw(u}uHKY9tTz^ydVB>L-r^<|02o+JR4<`al}=jb(M(QyKQv z7k_nadWN_GMnWU%zDAkC<4&3}1&6DW?n$aLc-@9yeR3LXCY##H=b5A1)whFb{e>rF z29xKH)u7}ulvC~cJgceIOi(^5$J-!C7!w1ddp9OQ6@SBNiHO%R_a;)+t2OSNY2!QJ z0j=Z_|FE=tmvt&@bIW$R^PbNBI#1O~cjlf}$oPrqQX-Yz6?s5|YllrOvFV*0Q7V>p z6g5%$Oo^G%DyqEMU{6^ZsQj1cQo3u`NWd@jp&0cIBd-QjrhtH0uH%^NFXuGP8J?!N zhTgN|0I6*mJlvrL?Z*SN!>R-z5FV!$+19;ksiJdYNF?UdORGFJD~%s5cShx#CL>S4 z*|Cwip~oT{D0oL(gb)ob^rtb|yFy%5 z6U{#|e#OWYCu=>gsf3(F+-ahEE0eTUq|BEdF6vcZ^G(@w2`v_@_fWT0X?n@~=xnQ9 z?p!G!hm(tZAM*i4fLv4m$`yKlmxk}V_iRQ&SFoWNVDjDhqH%}k*-z(6xx5%w@`jF? zH>s_8>}t=mMc&9cA5=P46>r)4>U~nwSbNLD(8nKTq}z!DXTPar?{c$tyVW7K6agv{ zcGiDQo@-qznQ6jOAV}VvUFISjbqti8_WY@jxWrb86J4tD`(=Qp+62wTlrOK9`?n-` z5`ecB?bO=9%oY?Uy`wD~xFv0JSEpAm@2@2?cP8}`xr6i9zQAVTM)>XA?EEliKV&o0 zh@LJ;GP;FosoczCqkiIV z#+AMZjMcjI&&b$ejvq+!ZAxQ-^)nonH=FiF>N#`cqc)L zqbNx5^euO2cSBX)*<|Oy<5&gE6CB?U%Hg}PIqhhe-`FTQCbU2a%_Qn4G-4#LKPP!- zMmj}rV86vOD|{@`&Vl5@zcZeycI|hh%rt!IU9T%qjYcqIK%2~`QT5Or-PAtboPM3~ zeD0Hk(x8{>v#$5@Kk6X3l>uGew!K-)9jP%WJw|X@uI>>fgNV~O*Et?jwYy@JLMPkp zTte-ufJJw;Jra1lP`wkG1oA#%r=$#gd5Q*# zakmdJOhA7v(S?T0xZ7+WvxuiYl{sHj@`}<0$p1~k`qtc5F0dyj;&%LOEi|%!ub&$p z08Ot^Ce?V~(aL8|v&P=(k9jMLOnqgu>JQ$*Un~uwF&nk9odA7Bxh4tNTHbLX#> z+UUO9ucj+90{d+ew3{fYHE|pn@B?x6qaaemB)PfYZg(e5F2R8L$^#1kD0721K|<=p z^tH?Yvm@GP`mUBl>%oadziBdAQt8q0^n%&=Xw+CU3)>a$A!=)7;7a99wGNp+kPgJ! z%1tx9KQcAzCR5M1Ko2GIEleG;!?0K25f@GOXDW$^#a%M3eS@BtO0Aepgl+ajkzXt3 zTnU|-pD`TY1yiVO)Hd*}uiB7WC&o6_HsE4z7q$AEXN0z!%dfGa&91XKTfhF8iR#L< zmLo_QzE>~skUijSs5e&9aTsXfJk z5Vp|mAn6wTdb~B+dCDc({veOMm(K^Gyo0J6rp_Dh#dYGF?Yqmz<-4|OPl3Ly?g2Qn zzTY^w0Ts+*G%Pg5fx(fTZ=>oon2Rx&hh=^b{0;{FOc|nVGi=GxguOO-&b7`eAMG95 zV)lxLSU5~=WMJgAB!J|OzCg8p#b-otE<*C*Qc@%@=*V=wJpn5rA&p@rbjEEGf*zH4 zBHki$$NllcNPnjS;9EJPE(oE3W959fsjGA;0~hq_n~dW&;O#C1Y(+K?yiZ{~Q{IkA z0WA_?{=M(kT9()EeO78gb9%t3D0DgH$bH@IDnPi&WKX?%%;IY>B&|fwknM}!@$BEZ zyEVB}%6T5K8JaQSy{1W`u{mM8Bf6F!wq(FtbtA+f=m6HK2Yq4g(R-JZIR}82+8gz|{UXfw>f<)07i$56kx=4lU<{0b&v{-(2`_sNWb-KB|5Zr0h3p z$Z&Lb?y;>gQHmNcsyAwCHe|<3{lm>DNxm3wO#%!8?#svMdJQIxq~x-(Y37X^qh59y zL;8TQmD7_a1$j zn|z8qGR3Rxm&vs|xzo&mOoUIKXdk7bi`w2op$>jBtVpfxUE+?s(h1?!HS@k~7)a!i z!whgMnyl94@x=I17$Z|WvGmM(;LBO;4)~vWpy*_A1XL`aI|{G&U8d=4@v*l_?uAZP z;$2;RBG-vB?|x1ia(ib?K0vC@gSv!Bt-G}%`L$iev-lv_fGNDuM@v2@;=6kqwt#C3`Ben{=1Aod|A~BfGJBi!oM{^l z+zi(5sPl@(UEBuQr5n);t^MqV%K)B*Qo%sJnYFZs?uGIUwsfpFi}SXfJnA>zS4HQA zW9GVolkcO+REh1O416@C556WIjTE?>7c2KsWy`0OmqbSDi-$$V7uZ;cupgE(S%7`pfl63 zEai*u8^-3A5x2ncQLl8OEAG!lBd$`k5|d6(`0r|4yy;mqAqj8xmUHhG`?axX{k3Lv z>~Pg3QtOoKKDn#DA~9$ap(z2aS9QkI{R(483KP~-oj1I~4!2~KO1~i`ileEH-_Iu3 z+u>VcB?hBSthF<0`~S%WC?I+a3l62fxC()HWwO#$_tkb~B~Cnf$;3jpOKmP^am#}6 z#bYl;BnYwJ|NMnud4ug@)+As%(oM!Sl_TlZ4aseDCV;*&gm7!`Sj%5VJ88Xbxf+rf z<9G1YW4waqliyHld+83;=GylyjseHg7u|V6@0cM41p1iYPl460bO+y|c$2J0Mt*eW zybLR3`q?ARCAHxw!lBZP=aIWvCwC7(`{LtFyku{#gkRROi{N-Q2ylI?*i|c*y$%$3 zm5wwV>6xQ+drWO+;q0=^YH?-ESm&8%H0pelD<@e1zl=ZGZYf|4V+Ok4!gEJa8B2t- zjf^cdysRQU#xKUeR*+DL7E?+B^I@Mdka+@o%LC36PYbhP=ww1PAV%}QeCapgo20@M zq9YzN?V+?PPDfU+{XNJJ-o?5A0n5ovnUonFK>tybbqlIhDNE{)CR=C+;FS4CZ7VFZ zIsB(@f|byCx;bCnVFtd~y4n#cI(EFU9V08pKE`2f^iP@Jslm*;HQv8W zS!i?c3$`PQgVS90feE*zDm?>8!c262I0x3l>-Sf}BnlogA}-bpNvdVn|BbD84vw_j z+J|RiPHZO~PHaw+i9PYewr$(CZQB!cY)ow1*4NKD=Y7xnRsE{Es{iVH_q`YQx~{!e zyXgJ?Lrad`@F(Qo7`Jd{xL=KQHPY>qGm|=@9zg=O48S-AC)Nzv80X)+yOHbO!F6ih zO4)iAaxApF4inp+%}%cL7KztZ58OI$ckan;=akiX@4`b|1lamMI=-I}iTP33>>cvS zZV&KrCT#99>Vh>AkZX2_H;(C7pD2I9d2^o746k$~sq6h+PL7XD&0A9skBq>iDc-{}~}STW{tj z^2Q(UUd*^jG`X<*Qhf7OX&5`{WF|1PO?14@#kJh~AV|E0B0;5-Fs_{i@fE4?F0|!{ zYmf2$<*`U3BHWcG_rp8gq1imL>^#}%-8yEGwhnR0)?!)o3ZPSVLIQtWh|L z&J;K215#z6#h_%>A(umMKrYHxHD@6j%>;ELv?Z@&D0Q?R|MMKpz#9xWu2$x;r^M?a zz8&0c_8Sy2R1tNgy<=qqoCTK5i}%;L5-GAbEeEbacU0AfDoWQyrb(S{NmEm*#o10+ z@iDVpk7OM=E=3<(^_F+SS2l_EV8gk{RB}c_ur)^fFBA2V6eY3og}N*mabGTXVrFD!;%WjFxQ~3K zuNr?zG`|Ot`1||l?vG1*)FX*R3K>(26i1kiw!5KvrKT@6Ll`kWqVpHt_ zT=P0(*=vF_l7NLXVZlM0csVJG%JrWm=Q<7cKnvckO7`89F1g1c>E(gleFp8^O@$=q z0QZ^qG85`um*6%&)xA!Ax+J9x*p^Jxm%>7nd28CLv9aOpV=^cT0z4gXcAjIXIRl?`Yjs-&1uqU z3(_WZRc5T%HF@7mUt4h&rz^G&j4M|cn*P8-8j4J&V~=bwUDQw9eqbfi5=<%nw-%B*-}8du+TGt&%mCoGa~^_;28;5DydhqeH!$4h066{tLYE zUDS`iNvyTnqZK+a$Q{%M_Y{NJ8Kg^`T2?yeKloIL@P`{|zA9~@eIu01wt=c=Am)YeOw}1 z=bD0X+Lp}O!G+|(nY9@qE|(I;n-6#5db@*gWPgn5DCV^osWySjZ408=w^xbgXnj;6 zQe8{CSS5s>mS{St$U<&zzbReK#`%Qp!ICHFv*Fa$!;}kM0RBBm(?L0POtDNFVUwsk zv`G+SJRR!#8W|7XtSqtYcMvNZA{{U|Gt)8@TV{-BS6-hqFu0G%=g&fg?LJ&!2wpxF z*R##qg3Q)AA}~TIjrmt|B~ubLc=z&c?`V2(X1X~HxqyP9VFH?Zxqtp?Y^*K}6B3e; zYnrq(N`-}sd~M?wEBddfG$)(X?dpF%Qun24)Pmzrpy)N_&9u0LQ~(aov-g#-SO6?Z zjnO(=WS96_jW1T+z+=feg!A< zP@Z6ct*a*yVq_S?pYcdmh9-u@S}$xx_P}tZM!BY=HoVcu77Ns!2Y<+< zM|0=kT;t8|N@^p!Ie`>ByC98c73{SidTKu>2oCCdInOy&9&FK z`@N8JHX_-{AV##+b8y!p8*lo3kwYHeI8I9_AC?U=hId#&1{UM>-0oiDn+)|r^2L4r zv+=Bwzg!TS(=Dn8W>-I!Nm8ex)A#)&?m}{=?}JR&r(~K@oiYPK>$GmSUb0GfqrSu} zy7`jt#EpD9D4ygPwW!^vLfxF6CH!flH4&To+j56tp`C-*O$n*>+9l@=1n|WAY^2^V zkyAdLBS{%8ZP%~V^kNxQDr+3CQL@e@zx2>rCPQq;pxkH4{rNwFW7pPJ6X6_*X8lP! z4sBf*VJmw+qj8<1=35~gGs2h6fovpD&kt5YOQu|R6{S>5P4EX(A$t9}24dJh@Qo+@ zYr6ddpb_KlTmn(Bs~tIP`bH9J?Z`auP$F@_*E@t3tFI0+YTel~xs6;p9Pp8;%7dlM z;S`hr%^Dnaz@a>HN+Ib;k}XnFVy>jV?hQcJkKr0U4%m*Q)Sml1kYc$#@6c)OAAO9i zA;5#CdceQxFhn#jXx*>%G9ppX(!;awH&^M+mCpRg<|HP zh><50W3V|$6js9)?_AWt|M%W>Hj90uf2r}F89Z2(Dz+nm>k9I~r;z3LJq9_GC=poO>>h*-&|ZUd3t0*= z{1Z#hWkOR_by`6q?Oe0MQ_a5DS zN7)>1&!+7fx!JcY>^%>2YSlgindAmXKj@&=8xRDo#OluWtwpyuP&dvu3~!D(($;Gr zb6Q`wHjmWY8y^jt4cd*%u;qH@vrFYd=8lzEWy$?bKQBS(;qR&R)MiPkWzf;CorHYh_IJ&efn=h1}-HWpb)8ED9?$DH;HoqWt=NFv$j6(AA+t}GdomT(c8l>pFVLo*cn{ZIBJ z5XN$UCXf>q1_G?t2cIwA z>T+UtWtY!Xd5-9D0RFAkkXvW)NAEnn(J#UzXK`^~jTVHu+|yuUN%3JqvBL6Nml_lX z$BVW81t@ln;@7MgB*#-It#)h)oG)q|;Zx=87!$@qQsRul3i|rSe|gmcS>YkTNdEOg zS2`m0d8szMITK!SLEErL)!s^#i+*J}(YaP}V!F8&4LJE!{oIMEroSUD&_zZ@uKJO# z?ia5PbC7&GghhI1i>{szr^_)Au)lnK2(*)rn6s^&qoPj7$0Nj{6WO$`v~@(>N)jW# zJz9s59*7eo?}dbNq4Ex7tqu=3zcycQn9In`c!@Pl%q#tF`KD6EEIh~W7b13GSm(P; zGN-N(Usoj|(FWi4>X(mw;XK6$?X4E^x`GZV6Bmb$7M_7u-_k-7FTKN6xm81^9}V%z zx)V;03sPME6#`lvVJCAq9**}$dU7PDj00pcB3ERlc)|HR z{PT$o3csit;Uuv(4r@?JNKgU8ajvCEF+nTyZoz;YwLmOGUzP0DbgmgPPFh+v52b~? zBdh0IogTq+M{5TjTVOgX6Z4<8HX}6tc7WdeHmf!ZKu*wR5~SkL>rb>r@RZag8lC01 z5`c$umP&m+Js%(bv6K*1ouG1MmJHlq6UL6PfCL=i7<`*FPTY*Ft?ECk{*!|Wgp&Df zdFwXd{3NEEaPBKOsZH63HCZ1Vj=DmBQB!WVM zBQQR5j_&i#ZK-Xpbn4DUA#RM>@eGEcGZq*%Y0R8AGMGF}PoGMoG)#dC`H!al#E1Py zV*@!~4r7egn38+$zl}WxZS(KosUTH6nHC<)N-*i$DJ_IDwJSmhi}jDEiJ~m_NIu_8 z7eF^!nxTuyh>al&yHE!MU@gNWOsPjq&CEa_V!QyZWqm>CdSVS)D$GOLY8M1Q2ivhRRB4*HX2)A5uvGr3MmIqXe8bLy5f|AP|-sc}JXh zAWnc7^c`B@1OI)<*irYXESlD}hU0@i8~xsH+mDFwsLm2^E`9MEtKP+ATjO=-7+rJ( z%T5II+R;TL908{;OhIaDk1bXbLQC65SDs2$2bOTV>`GMzKpT;qjsjQ168~?YtL0HC zI|f@z&^_xs`Y+AQSimoIL~44dG}zbjenmZVfJ$nI?b-~0>fnn@7CE# zWJ3!Fq0#7;W;HK`D#tXNhiAO3ab|q}soHL$zJcDkI$6|nR-GCo2_y1`7gjiilnohd zhJ;`W0v;wNyeymf5@e!4Yyu~0a)HNG^!ci-iwhbUHMDRu$fB-F#d#eIp{FGCPuon$ zIu1XL`i&tYfXDm|Be^JbEU9GV9k-IxDjP@}BTaJ4w#{I2kzUPu2w9+% z?!!HBZ#&x3PLy3rQ{6j0LBXV*A1@TFbVS0mtZWGtRlLJ4pz&0%R9^l_z+M4vL_$wk z2R`5(8q{cQu;I+WRi!F?c?jBZnhg;ETLCa?qHuG=Id1oO3{Luvm}l6uF)@sp?L$Z* zFIA(ql`THX>#VnimSOE!Th^p+#kbf%rtXT4^?TsKoh+zwcXX1P|dKf<~8_ zG&P^UNx6Buur$e9xe&ZOWaTTn^Xw#zvlcAcWd5sUc`j1DHAe$SEi-|>-tOhr5j4Rh zSN-0#esc(4j!5y;&g3_b5mi>kLh-?_AnPe_WLgG&TxNHvyY&ybMei_~Z`vB}^DPMQ zCxiJBgG9d{<#OG2IetIx@JLL^ByN}y- zdp00doi5}WcY(%6JVH|L%;sF2*1a{qSV1{i{#;LIGn;qjte`Jj&e&angPJ!VTicB1 zVl9GPC~q>lu%Xcs4ON9O*N@YbQ219HL*3@F9|&V z2um#x3wyn19RVr4X#5C#l@_#Q_Y=PSYz=MI6R&a#ZQke}wUX<#TRuJA&he$p6RVxx z^;3%Lhb~RTH&21nZ3d=2Rhw`=qQ+sPwF%q1WSavpF-}xci7E_X@W&-xe=^TZvQ~GrnroKFT__Q^o9A4{&384ns%8_A>g*ke2CFuNAX!{b7S;Hj ziCOw{wxZllO;yyl56TP%QUSGEJGY-vTOB)OY2D6W_lu+|vsjZ;D6x$C&)9!IOzO|S zS=?o|gtsMShVr`jW2fL}2PPd2#d|qDc^-ZF*7%wnaoa&RYpUfT*jM&~E>KABQw3)=juD*aX-PEJi-k+D>*#b^*L zzgn96n^yEpdMaC&dEbn>ej}Rnri3Vz+XJU9m7_2?&h~?*-Nj84JUlm6dS$_3Ad^q7 z4-c($wH7tG7NhemdLZ$Fk6K^0w|#IN152(jQ*&b6$<1r*$BB&jl#&r#uMOM4@=kc) zL}gC{s2%%}o~V!3b9YydY<69Y`+G7|p(k%xN%ziZV$;BfTgH_E$y3sGfo+vKX9{&h zU}UvLX?SFLK)zWpd6}U^D))l8=Jm&`=*+TzZu!-W7&0zgfv8`;ZhhI3A;Cl;F;7|@ zAs<|md7i6#xKxS&@zWx5G8xFDBNrs76mirzSNgV;Fa&9_O;&3EgAa{k&nDW7bW(q~ z%85SGja^rDwB@P&AB3pnH{^+vsVEnu!h_Fb3Dzl-^W>+g@(5B*Us36@7g)ke>veyM zMyoSNSeKgR)nNT)UOyp#qHXugMj)ucp>^+_fq1=e2`oj9RAtP7E z?!|Vn$VO1Kc(?6cqmgd! zBCz-3&M{wOW$N=&sW!^&JjG|cOfG`3F0(xW_nz6P8+u=bL=`^uZMO#)$^?5Ws!7YW z@uV9o*Apg4=>^kUC2D$`je%tZq1X{fBqY#1LB2SK%0F$h$Y7(-c}tbZI0?$wR%@V6 z?weVRaB%(%-M-yky@o%N9GcOKGlezNW`y!~;( zd$hmV!T2dugX%sZ3Y>2ozi&^>Z?rl1F&gAWRro2WU;pib%hKV5iQNjmKtJbiqI~2o z&Qdd?(GMi!-D?!3nhfgMyH;?`)?bw7nZ+cpNSKP1IvQd4=xy7b6eZZ0K7qT8z(D?Q*-U^cBhAyj3u~FX32I4*f4` zMi>*y5%Gbo-vuW3=D#~zx3Y>Y)l!)u-`;1wvO!D5v2mw|ZaEEzh>*Ft>y;@JDegHb zRKH8y%TWh@>7|ORiwAjEZC@8h3@H$g^b{(+Y55_ z&+d@kooOl`9xq=53_x+aukgJdDZS}W*)I}16f{u!Nd-F0#!}9Z9CC779c-!(1>c{h za(Uqvy}#o;-+cFM-jNdReuGN_2m9S+PHv%6g^oz~6jJTFk?2v0+(NGJ7fGwp;!4J{evX9igGloOGuV8qF65(0z_&w@zI7?X<&Ai9PrIpU`egn2tHUoY z|HB11xnXwbQJV-Q^-ybnU~Tqq3~A&2YP8Ggyhj>+{Piw10l#NQMmJaIs|_mqXRwgXL6j`wQ>re6<#IzZ1sTJp)~B6wH-RShcLzBJnCJ8DFiIc6t1sqYSVD_yrTG_nuC?U#HLcJtf-E$8QB>3|Rz_zmCmM2PUn><&T`5(X>-9Lw~}8(jhHPLdY=6>yc=fh zL-7sXMOqrYzAHj%c=wkn*^&_vQa(|X+G;$>K5CvdN9&TO_3r@FfOOKW@k zY@rzog0eXYiTqu@b`H&U6twZ7W0cR{%Nm}Y3>e~D)1xAm zANQyz@^PA64sjagM8G%nwe)ZKK4Cea#1+gN0rt>YiE3z3Mz3!XR}RT4CI`X3j(eWk zEj!908o9ua&?i|r$8yL02Nvn$LBNrQCsBj;du*0Te`vd1kby?G-lY>_jIr0TrYVxc zAf5gc5KlNrXXoeuQu^(Vlb!Yd339aPV!0IIgOE;uF_4qO+bgglt|hFsHiO)zdn(La z2nShd`Zspi&mj2Td*n%=c`nfIBtmWp|6#G_kNX`x`$fY{t_Q=3Qn@&&=A>wZ`*13f zHQ!~q=7mS6kJR4A96y3na>O(1RHJ24m_tv+=l+N1(l-LWoYtVDKZ>47_oV*ZRLb%=ph_pDOp&6zHIRnKJU$0K5L zP>a54%*`^I#{UEDv7E3!r9V5BnLQ48!*x!m)d*X@NP;}Bc_s?Pj;>A}2hE&N%4Pyj zaVBVeTj$=1CSZXhqh>D8$F39C-E+BI#X6V>@TX9Qf%R+Is2?IuV?&f+Gt9L(o)z|a z$2eIZ2nE%edILzK8&6l4T$>^G6`RpKX)oc^?nhf9@j9aFZRiXw`+tfzH_&Gwk z=^re1aM~IY_2xtti(G43kN>TxBwCHwuCP`#836lx&Nbevg{OAsE;ib+(f@a5cZsD5 zub?MlFMAYY8NBAmCbjvF73qZB$0CK$@_aU6>@+|E0e<%no=roZ@@j{=7$}ZS1_e&n ze6l#pLj;qL#N|!({Hf9yw1M=0rH=vA(ftquzvg325VXpetG+Z%&b}kB&4m5MNQtj^ z{k_ZV(aAR=VZ-D%1|;nQcDEr@Ksdhc-`wU#(}jS=9@)Z)OgRvK-EXU?P|j%h zVmeBIFZFs*b;M{&a((U|S2Ji^-5Uywz*gG((g5AG8}{&?cD1g|%Ce=BvxqrWT+o=* z;=wOC_5kkYF@YheOdS;&sMZFQbI>mII8|{ZsPlh%Xh>V>Q2NSn!R&or(%@;2maiI< z=TULs=xY5<>>Y%;1pGL*`vIw-_Vh?NHI@|3Ty3S8eRPFCR%PYZzM^x#_P6!gixGOi z*wLHRqgQpg25~)u`Uu(w@SM(qsvFjm1xiBK;ovdXfKF=c%(D`rxE2dD>V;)%2-wb+5%5?d+4*z~D#k!ihAa=9L~i2wRLIyMvaKEogOj;n z1wBLEp1Bo;CwEk{$R2)Bu}cR>+8R^X{=540O<8qk9fvRBIYE^xoU(gNZUO3egcZ;A z;DK#D4ki4o&MhATlO}g#idRpNLBnsVl}el><4Hi7DN}XT`(Q1pL@qU)%8(%ruV4w5}3VLmSv3OtvCJGUe&erD8(9rG0Kv@3v z2UL9Z>7(vijlG$?O?D4=Bz4f?wd@(5W!hh`SKB3!Go>rpX7l-8lf*Z0XR^7cun6>I z=0r9T=y>1)=eaDrA57xakeqz%`FQdq_UbMhf3?`ii&K?Nas3WW(PW%He;)i62;waNo~)1G^>KYMG*U&rimUou#kT~v0Z2?OD*KBmNl zz9?j>N28qidd0~a|3{zAEmk}>X0*;aHv|H%z%gYG)fIO#otE^kUj+WrEQTZihdAF0~o(6lmknO^!mx@-U#`; zCJ^R)&eYb%XFrjHj4L@Xn)LKT1!{3G@vtWDyuUuQ=o7y_a@N%7#fZA4 z$#NrCdU96AOsxYn-1)|z>?M3w)e}gSXs-+%yotScLB9tCzIq#S8rLj?x$^h5@yqR4 z+@Dt~4)fS=q=;Q`vt`PYK5I!7Hs^!cED{~P>Ag)j59?O_MGX23pzh#@WyXkQIz8k8 z$yp*z7bfZ*(VZ@wVFi~?xpoQNv|J@%Wt!_hBJ>Dw=W@M;Ky|w$49cD9uXOt40VfD1 zBQMmvbKT@wCiujM+&kRK=KXFZCZstsTEKlxUb*;5&;Eg40<-19uZXzK`hWJS-qJRH zP_KfTB|kcLziqLJBAg3_{MB-E+Lxfee2--kg1(hrWOu~B`TBZJ@6H`YV&UeprN~;Q z6GKt;%Cy}94>+7Pw=R;@f4C!NqRmv0YaGBOlACdNx-8eogohoWh-5z4ln~G*&dXB; z;!q>Qz=;|bl0?QQG{6 zwiQS%fOA-J93nrA_H-bDJifo_A} zxA>93lo+Hq{!iK$&{*37hr`KE?gzGDKK{hp!>LUcJwWT!4%PhQ`ZGVb69Lfw94l;Uzq@!yhZs-^ zU@LcXu(|Wb-<)#KIv3H|Kh=WfY(4zGVX1~bvKD&1%6{w4r+U)a9i-!}-Cz49EfBl` z`^P)4Q;GFXicp6d({JO23Wq21g4&jIY#t$8W{){~|Dgp+RU6!qq}&vW>E{RiVjr}0 zAoLa~u`#k8L94#>LjT;jhATz=P{eeZtFh4dN68NaoNU^d@2 z@qAvV32yToi)5J01zV}A>b%{d9B_OKwSxXu=b-0d?R`fR;WMVzT?7PPpEjx~eQrju zW^yGpwsO+fz;{<9%Z!r8KD<3Ua7{km(~*L1=?cX1!@>qD_Zfo^rE|{AFnYhOFEH5~ zet3E`HzD{X%J&b|$nba)-41mqQi2WkL=73lgnbPh5w63eyFS~D3FY&cu2hK?V53e0 z8(Cf+)?aKi>s4ttgvIC7t<+hRXVyIL?2MhtA-mWSnfZkLNeruZmm5(a{LS*|>!Nd3 zsUB1!bK@!gpX;r2%_&mb%q!~skoz-jZ^Rx&IB{1)tJhN7yJhDuW`pWwea~dFUiL#UfJr#W5^zLL;~zbUTacae?sVXZ;48dq+nC>&;1SpPd2! z#g!4O^~>%I5n@nnwh&Z%*2!>o#kv==bH*I%y;f1l2atmb!FLP4ERR)q7YcPJkj0G~ zW~veK4tkhnSTsp%G?^|OzTup$Rj81=-_t1I$8-o>g~9_!A_)cT3WqL?`(s*KuOv9i zp`m_}*TTuk@(K4{BU(Q9>n+ixl`-nl&!uOZtbA_l3dmAxXGzWNwc&U+J+rtktK6(q z5{32bn#7AqNVe)6_FaxVp47{Zar`hYok9Z9q%pd5bov-j+MXWF;sQkg4rXdTxC<3h z@9s`zo3=0(eP|M)a+|8lDf!)yQTFjyrcZD-O|1hV4b65e5kDk%?XMtSemn!Zbh7&> zH{S+=IH#3D46CcH(|~kL2F~`q{p*H0EeQ!Ymh6`8gHg3G3f^8ZlZdk|9olGv)>6bw z^gk92(Lhe>;Hf(o0s;cny-C-flKCe2Uu7guYff%qVQlcDr>9C-Y)o3;1j@^(r*&eGuXjOqdH! z;ysTTRtw>^`(wiXP=3hbhg0x+ce>$ZS;LnBTuOHMJX4vwmf|mt4~z~u2nG&U%au*+ zhD7NxIaA`7GM()1kcW!)%cVb?juxw+!muV2CUSR_BG~0x>n_J?p4ZiDt5|u`YAH&L zjc;cX#HB|QAr!XL?{eNCS6#eE1xlhK3Ev@A=PO^+y7ivWn}1o1i+%&e^}K#DPRA!I zu^1xb2gONed3)7suXrq(p-#bmMTgWDp26-)!j7!RlC0c^H7m<^b1tF@T(Kd0AGW4I zVUnD_)~3`^q=)k#ecJ|UKJ2)g=P(wX~$n^RKE?g+x(LjEEGp^l0kwAUJMLi zgCES#SK5g}fBO@R_;}%SgCdUEfGpm&Jy%E#0TGLdqK75kjNoTjhkdPUG>^Yi9@)klQYyeN_<_8Fz380E@w6I*Yjl8MSkSCSecb3C#u@Sy&Ml>8d zIal)gaM&z3uZqFuvg1LaDfO{7n2D#uhmRsrZbBt`f&b2tIY?Q`Ues{>RTcNc2JE~5 zi}}pwcG-@?UpOP2?MG%T-{#FOkSA*ZT@nIn$9+faLFCw1^lrOm$(~-T`PeS=eV@^X zqHLJZ2)0}e&cVDsu2ayycU^{bC+3%e6CQgNvJ4OV)=kPSOgC}}Tq$fG{>wELM`O=M zWc(vqq!(Q%SwzplW8_3jQG9utodcTzK=CQvDP-3{;BqowD457?3sl0J>Z?PvFD3jIF9%Oi`Id+^ znr(DEJjq(67T_*-w;eSlhmzAz$i;!%JMh5qoNHt9@`EMS#W^Kc?>;h@9FOB+T+g-w ziq(82o#Yh$wr2!(tDA5mUG)BRu5-*(MWVJpB+agRcjzj>Hgr8tlDE=>})lr^8vkI=Qo~x58&YU4o(LB zxYbCG!m=A`^j*e)>m+IBt<#3+mjBIncvwTNTS`(=f1*6;Y^^RJZwd*`q(FdpIBQs3 z=nD|Ie7c=`Dq7oPpb)%vGy~pj=|{k$dw1j?R_Li88z?YJAT^WE$!6t`i)Vr*{;(ns zI*eliC`;Z{SzW66qNQh8ry~t?_QELJnhlwnHBmodAY%LlQ2UNPY-3J9$eP{OG~65RFLnKUyv3=$IIa2=Ux$i%_K4!>pQK%V{N5)7Xy^;DqyQLSqeH^6p9cJ}-PP{&F!cw-S`*^wxE%S%fJjZAR zIJEAgHHdm3GB-^QDFYpY8-w<~fV*@07g(UlHM0bwJ7yC{P$0i0fGR+!$k32AmNrN4^SV zZaXlz_^PuYtUsGXGVy2E^xSKTeukJ}Wx8Nx;wXhX_4x)C52wN6(kS`n3Ek@S1|wb#5d|-e z+QvYHH=6cN)O3?7qlaL?{F|Hu;)xEJvoX&Zp?gl~4t*2I|omME>aWN@sq zppoxz@gogz3=uG&{z4&(PVfAvL9ATrdv;(90~l()SbzruyV3rwd~RnPUrlBvYWLeg z&!#it1?Bo(cIFS5;Me6kFT5yR4ot*2a8ivdkojQ6foM-L4yVZ|Ht2X3F>EAk7*Ghc zCC-yc+x>YqIv$boP#gh^4yP+l;Y!t^pv2}lD{UO&D{=kOJ6d6(E|1GMI&vJfImYE# z#fBVyB!=$Pv~oTUP_#Z-m?5tnforEVkdoedRIZ@nH=w8nhKI3xhr+MhR#hwCFr z$He0!D+^7E8cYfk;*3VJ(ty-yQvSuN6+?wIFI4!^`Wpe#%wZ)j)G{fV+; z1xCU`c&1%0h-}SokqdDA;UDC7&-1C`L$3#+O4+lNl*)YQ2Gi23$EltnO5 zDtLT>E~e4Em($)M2o3}H(`8r|8u`9oc9xg-EN7xfO1@qQnm3)j%La^EBR-g~16Vh~ z{1O`{l_+56B9_7k*8$er(Vr{$%<#FO`p}#_BRE%!P8Z&hg2mwyz61hr|3{Ufc6Je6 z+V}PVC08P? zh2`{|YDZuHJSVF{1z4f5-?4&E68oVClFOa2vxAU>kKt_(|GK{<6{htuy!lw*)=b z3xveWPyiy()CW7`$+xeEZndqa2tB}%sI`cx>FHbD+tC^iNc1x%w@Ie1&Ah=Te0-p7kxj)txkB;z(9D?N+^!F;G$aY}3X@ zu|V<26-wnR@xz{kUG%>=pa0OVuZYmZqUoKWzwLEJcJR!XfyYuS`7UjGk5yXi9ZPJV zEL@IIz+rXxz;JNH0t~TI#s?6ptAEvKZ;ZX)NDb!I$r;<&fUM2#^|7G1DC}1Hf43VN zKV!nSL~)@qNM{bZqiwd9Bvo2X^TaYN3_xK-;do`e_>G)Dq8}U(8yG<#s&3=rf*t|6 zKGRe!649B`VFymH#SF#nyvS{Peec)EidwCSa+v<#-R8vkOFBgPih?20?dI?)-Z);b6e*vz25W%`N>yh{o7bxC5Un=8#Nr&VJUXHT`nttHywjVYta(O=ToopC=e%$+krlimBnBFLg)hcyD}%Q26#QvNwoJ&to`%!=K*~-$(UNeCGNPX%Uoa|NoNj&_M$-=AOZ$FCiM;i;NhpG{gXVsoCC%kQ>1-LkUFK>0ESHwHAqY&JSx;xzPe z+BS1zrOtKI!(?&6O%G_u3{YB>Ea83MSe}aGTDF zU==H(jsAji(1U;f_8X8d-bF85Z#M#Y%C^~_ZVf`2jCk`gA>wyLtPWZx@#K&-AiWm; z2zX_&O|E}bI4qR&_wZ63___`>a5N3UqPSRvYZ!U%3(n}%)zz>~ zqK1wZ56w7!&W))d14162j-2J?srf^;OZVIR#oq~O)C69Yp=9WN9g!w|I7OaUSF4p( z`FoMdwdok38EQAjX5*>vbc#^>*S&mGj5V!qJlW(qOcmEwowo~9QoTkLt{$L93jx`-SFr!ssx>$j9Wh5}PT+2N=@2^Fr!~8_)iJtRsz|w9n zyVs9Ry-9slO06^e=$p!bZdGMSn};@Y`n7KQM~?e8^{Xs8wl5BqOwr*T3?1FA!5=036GSiDYM;q1QzZ$HJ}nlDVLwVVM?bqY#lrA4#4^iw z*uJqE8@#0GTrH6y&6V02RQFs{Yhiu)+t9Z!;#9+x>CyOEM9a+u%q3%nX^^}T9j!P#g|+2~3z!KJ3m616$hsnje0hpOQBj7rk7-ktgWGRsSy{gO4geJ~@VcKvSYoR&n?KSr1> z9dcTo_h^75pPVz*qvNT}@fbFBPRnTJVznbkgM;l+dE?Z&vlCt3gOikPx1@Q7KNJv= z)nX$pQ}KWe(`UhT)3Kno6&l(&Rd=q>g$j`ue8?PPxQ61!JvHT?_?7+>6|BY}DZKpt z(&7AFEz;vrrJb-@p^+x+*dQ$yTWYNT_r>4kN1wNs*|dQpx3||ZmNoWk?re)UL>Fho zII=UCn|B{9t0#<&9J@2a1exzarP0fJ-B)*@n0=6!ohPpUj zuW>UiL^hotG&bEIxT=vI3f!OnA6x$zU0JuZkHfJ$R>vK?W1Ah@wrx8dbdrwIv2CNn z9ox3GW8=T?^PKyLZ_RU|o(PV_P^1PJ3Rw#Y-L($38loZO-%!$^^qQyMJmn{XKa>l^0p@^-u6}ASS zgnQ+&$HE=~D58eq&G+YhbZ z*){e!A0|UrXbZvT{RFtE_>=H5Swe>dY;{E4Quz*T!uWBYoxXY=#{4) zoZp6y@?Z)#Gt{L0GMU*|VjzEn2)sLJ5xkyT+q2XIKo$xyt6GGiB@N+04-#N4{$}Z? z^M$Cf@OEMj_XuiG5}nV;9)AyjFC;rQ)+j*$yu6Sr5-cRe)V6wVHEivOp+fDzMHP(N z`*Oee9tpv0awqB{3R!H}95EZ7|D=E4mX^o+gkSUU9d+~bVcxF(ngphP>Acwms(ZM< z6bAlEY}<-|vU~IH zocp)T))RjJ(q&)Eit&rs3avnfD-GGpBW0I{15B15yK?q7n8K)w{udu z9L6MmK5kSd17hZvb=GxRFg6AR;)9_p2SHnhi~{YIbQ=DDVaFc3B?SQ`Q@Xt;RQE@d z#L{3Pm0S8pv54WbEgC4^#W{Ud2KN1xdBBjewzw#bfWE>p2_~ijoG$O20dW-nDQtd2 z!R$vkpr8xyQY?SYj;Msw*}U2t@1vIeSD&vY5?SLBblFBmu?MMcY7Yh!A)}&bHO%j0 z-*LH5$4QJ-vB)H|MtTo0$=l4oK#hUsea<*oYLqi6UiJBnS&r+ZyZw66!cbaiK%)eCiO;z$3N4Beyepg)gP1 z8rnXG4wZ;I-TNKQy!S0VfePfMssfO|kLwJa4~3(f+wS)3R3Eu46?L-PFeCoWkzEob zGVFsrz{cGJrdL`zkxg}93*`7Z6H|?U5>HLiLfxcuKO_6gwk2CN_?ygR#5?W_n@o!*y+`LMaIb9 zoZQCoH{8q@f4l0#T@9yeTA$2d<{009l)!jCU((`pcg8KE%Q+}tGe->ooQ*%(!FNx1 z#?)mMC|b`vVlC>*5o;ywYc+Nps{PGsh=4ZOkP2Brxqhp>q3ZKKByE07A4YWW9Y2~v z+U}-eG+DQxS-+ZH>->C%)&2TF6Zf|TuOR%RVmL4AABQcKTCGQ?rytK@Wo5hBDOF8A zgsQ!F+j=zmGM@25*5SA3%$~5!1-oLyIlE z@cv=r{LKT4bt|nW`gXmZ3|WjojfI+HEFluZjSACTKZgt}9$)9-ntzZ7X{6~nEX(OpzhN`Hp zZWE_&`t~0chch3)!w&Ikg@f6h2m@)VN0sVojAqR4g}0jdBDnDxVV+7Vr08IuuI83lXGoV_-J= z7W|s8CLV1%MT96W3lVV__~!i~mdwGrc0YH3U(|R%SZGhz-d8`e;ZXhU-xk#S7-Su7?6apkGx`G3ZInkyMwiLu*>hfJ^9TQFSG z)V*^9e-*bXDlLc{{{5tRSxIcQQ^e@QR3yVoT%^Zq!1gn^t}Sbi!$g0{9BSK0WcF|{ z-N2?A83EX?ryXqBR{<0y++!rbMRZE$_-DkISSNGK5Eb`MK*=E9&lMpjxpxht3g2ry z!Wv>=j)Tid+Pgq@G@a83m}ZB&T+tW?M&iD-v+PbTAkC+(u`P0qHXx1lyczy(g(Xbs z9oBg?Ol6sC``mBi^g)BDNDpv3r6;?)JJfoY^pVN)Vy9EOejpY5A$MUT2QX9QHR>Ojt6M-saECliIa>hCW_+Z5~rM|pY_pnEcz7h9ZJBr8v3~w!ymd4&Aw)c3@vBVP z>l@sgPgG$MrKQeBMWLwJ`H2QGy@M-2BlB)Hh^f)Xw#P-3XJu5`t(@wv-PNrd!M4I&wFE(Y(vU{gJ>bw~+}N|xG)7BT8=QFtg3 zYXEz>g8{{rk!1?rEXJ95T8l{+9n!Kh20azV%f6fhN#`u4EH=VB zWwl-PKH~bl3cfKtQ`-Ms>7`Qnj)J#b5h*orXltYcUnrhZ<2Cf4n~+gRkoi^a%eS^O zEZOYFAQvkBffg!(v6FjDV~pJhTt`;c9DI3IiU~ZFzo3b}aTZInEv-j~bYAoyR79l! zcOE@tK8j1{JX0(cRa>=rCh#>JQD1u7t$M-`Y+=%-;=fzOm7T<1FFVPueiyLzX9UQY zR}*f6SC>JAn(Pl-JGpXy*f<r6m{eaGTS2=aR!sYgH%)Nmlu*;3(&_B%+j2zL5kh+?LAK`Cd>*K_hV!L zVq9wXh9jcrGjL*N;8>+){Zf;1m)3{-f=4-;Np&?K0gSm1vM(7>*r`;unw z{Ea)V{v|^m4J{ zAnIA}$WA`HMXm-uwn=q3{gEf_%UT}6EWQRL)I*+6oxTDcLCAYc0CXKeyT!g?s{X{l zzjr!OA%!lIgrJlf0aNnZH}>ejs0w&oIJ(t33(z1PM)x68?2b|6xpBNu`7l=?>bXA+ zT(ILZAYSc>eaXX0^5?^5*;uk~c2n{RimZA62u5qZA6#Bm_5Ng#jn{5~L0vyo)xuZZ zRR??p8>(}AZWV9{O`6GEmUgOe6)byPe(wi zlkVd-AXD*L;KXtQ>pNe6M7~Fx^ACqv)^MiFDq{)$N6aHm0WnTBiui9W8?rymR6Ngr z+9sLfu$tW%*6S1W_hj=+5qly(`gLHjK}RhzT|CT<94Alq#G}+XZIi8YaMi1?eO*1$ zru;Itn?6&*>OF2Io0%mIM4q$`)9IUr^*UHIr_W|f_@(cM>v>7;zrNecQ~I~2v^U)8 z{l4tY^};ICWrt$@#fe%EC4VzfUGI~SvfcGU+R5o!Kes} zB;@nQ4atoFr+t@H1YGJ0a69_jqebCU@R2aWu~Q> z5@wb0p|NEOrIq-_6?E0~KG#cb?uU#_BIKoKVJ)irWg~2RTiYfT^6gHxPq}?!1_H4k zlu-JTv}vo1=If>^*l8T0jI_ic^BRRe4lh`=GY)T{c(nDAF>G_u$eA&$Ax+d40J-O4 zCXNuNqmq7j>SveF*clH0C!g@At8q0VYQ=Gf{)qQkdvh97c_xRAR$_CIJCB$9+!^w1EBX%Rv^?Kzd`8{wEL zV#O@Rj;m_ulxpHRJ+y@yV(8mLv|U$Kq7XK#1O{*GmmGEgi5JMI!Xk0K@B%crmY9OW z+}u>%3A_fJ$>D+{$b`8pLHkBl;2;qGwUrTyuE$+EL!WY`qtOJk3Di@MwQDIuq%EImJbppz-ICiGptG4~Oa za4A-~YY@r2EGQtho1GQIh40J5mJCWM2n{`5OQSqrF^SF(bo41%!kVCGsKU@A3p0ki zip&?XS-IR;XpvfP!L2Q+75WE}iGh3o3Ea?cuBg~*uj!m*vu>EsUhXawhP&W)Rxp8e zt#defOrJ&s^8VTqP_Eb7h8y7==09#;W}r$QHI!#8_}N9P)iB6)Kxyl#%Ruzz(ky6`azYHF=>h0Sy1`elMDLcAq*f}Eo#ac6V=9`(~eI3 z&w22M3Z)<|)z-H{1#g~{uL(`}ntLV00l5m^?XIDqO+byMGE&vlBv1E@HRo^$uV)$0 zC&k_< z$&)$p^5SY(0p{&JBmNP}Uh3_8+@Pt1+Gvu&Bm@@py0toIM|H{LPSZ`}H5HECEARo%-S96@?Z?3jUWck2WZ9uSbE2D)@q5?l9L_#*hIC z(`Clp!Q5#i6I&?84FoOg1X6Vpg0Lrgz91>w&X6_Qm3jcN%kG$Fi6w2`j=LRx3+Erb zEX*G#Ut8U}tb^{Z`eBm+^4zQS%g@HS5P+GN`-K*(#qlk{j|JPUog9y%;!!WE|C}BW zM?gJrQ12kNxuhLQHWwQ3agBWHH%2eg^>tL*>+i7Kz1#BieF-{fqdH9^lxzmb)Kzy}dRn1Pzqg`#R11JURWcfI>RhU^?L;k;? zZke&=jmee6o7Wq{87f zXulM4YV`HGw-XV~Gn3IFfTm|$`J?fXTuA=^tXvctwo(%W`TTHE;m}~6eBm5M=wS-3 zt;uC%l!xo%OjFhGBqBeql>jnEwQbS5g(z3RFdq z`tjRE9u?{zwS((ZlC~`Mn8*9=-y!<*bPW^h;!N8jU5v9S-HmJ1Qpm|5=qW*0%;k}Sf0iwKkY4xwaEnuJgShc~t{It$bR2gd`dna<3}2=u?pG%Q4+P z)8TP%*X#hgKyrbfZZ$+`BBJBOFI zaO_laVx}-VAmz??GT~nO-!Z`79nQ(@rHb`UDJ)N8?*AL_)v#!kG2nV0THLd#RuMZ^ z&6f#r5@A|*s}S~wn1>po_&d3nW4%!y9~d`u5so z;%I_QwLm?(_<>{Uuvc>my+FFXB$YtJ)b>6%8z#}wxT4a5HQj`3bFTGb^ zoC^xR@prwr%cS(AFg$!=AgS`$jigd;bo^G-;SnvwgAJuD9F*mmS2$p>jWZTJC0O%U zPYmkrtR;?X6p3vf=*qHpph55)Prc5<(_V2Uc<3}r+urp z;}sFrJJ;_#ZUwHAr2{Slp_FqMsC%$t0ntXcho@`VuIQnmP-bPUW24l=j5q-1ldsBK zAo>2^S*zoSimNve6}?I=KUo0{K`D25-0=9F3L9vi;jSY7txQJa!S|8h+t9HauCU;{ zl&CN`$Q4+1LY}F}Wof&tsVFo-$Kx5YYd2$#rGleHSS`se!Y{+|iYj=ApiTyT zB037tnsLf6_f$SFu1GC9FR2C70DGW5?_g;w*Ru89We0l;|EI5x0rUV~vYCa7?Gr{H zhM+68wA_6?Na+8EI3y|R>K+Vv=_~n|MO878i1qzC`b4_%Q>?Y9Q=n7CHTMR^!njtt zJnQZ*&`^K89vB~8FP|(k&~YtVj-bQ+C{?7nKNIct*Tfo7nyg_}f~cPdxSf*o>i#Qw z=BR#fC8g55yxzqEmq}3cTfWyYWw^!x#x^H%ZC)eul_hCou6PHYAP}T7&e(u-^SaD+$CH616)y@?{?=MWIKkhI1h&-RoK1uYN=$T|2uN;+Eo6Lq31f{l!z6D{L z3M0U;ECs7-S}uLR@eDr0_50+nG%$DvQc%7yL<*}HtaJ;x%04f_WRvqg!(GkA2~L+3 zC%pzcBIRkOeD_vEh01fL)u;3YGK}@r)634?b-z&dGX+!XEzP*`Tk6lTfjTlHuepCu z6HE<5#2!ZGgZa8a6*3S3H$RK6+rCu(JL?OMJ{&s$MJ^ku%X`IJYOWK~GCIH@AbIO_ zfokZiooX5B3w(iG+~r>*aK`@H4fI}YzQ-+M0u)s&wfBi1bLh==ht)5h8Gbm)z zcNo7h@@2Zrz3wWj>4t@s7IR8i0`*&u^9^x2MqA(AahV}R)!wU9Q;e>bLOZDM?Mu*z z24}yCGO0y!@~q!UDNykjY#HeUn443E8*MvsIdTzLW?-`sgBs4A=3t6nchhd}iNT}J zC3oTc=WxwiIgu0eW8(BbTzERWD9Omo_zrDHe+ShLs%~*`f87iq77?w(gpMl@E;dd| zskPf7&De5+wYH-t9YTY?Jwn?(!$7RD$!wXzVF>mCHdXP#lKgi42|30K<95cQ#Gt*p zm>(Q$`0Z|(Ofk`|Mv079E2Ma5hOJv>BU`Isxyk)YiuvbHP{vPQy4%0rSZ{ElIqygNhxFhmB3(<2pidaR0lUln!yzdyME!Glij&ep;mehwWl$<@0S}03B+w zQcSd7jXsmrY@Sn{3m20+usKW}5M0A*KHvFKXCgeu1YsN_8~3xaDEhtc2RtH0o(|_q z*}q5h6g4u^^4qsu>Vxz%QZl=x_Kc@H70o(`S{0v);)@KN%}VaY*)5vYzj7}v`9eG* zZohx^_1&yW7!DE3r5jUOl*S?xf^OmYvCLn5JX2K$Y8HgYi^KSFh>WivB{o*2R) zNBV!D@|4oa$#Q0fIs>x*D-%igDJ?Ino?Pb#Po=Ka)*U_K#F_q4#4mDkkMCjZ3kzsL zu9i@`;oC)dX9|kG({4xLD#g1mIn=D0MsJqK z>isYG%gVM5uOs19Mop~s6X&Ceyn&sYZja*Pgyn{kbEbc-@enu~TIuz5sXR`&D4j>m z*)keqYwqF0^Rwd+p?jWEjgYb*M43MS9fi!5ryvF`+7Gkra_HH9l#n^Cj^rvWlO?(G z5o4(7^5m>`{AtKa32&osyocX~;J@4lH0@B}6twBqH~hQP1XSddyAhG#;s7{;Uk2`9 z=Zn*>9xj-SAd*rbw&75JOcsjWQAE$&-WKN2Vf=W1Awdcy;l07MAol9O%(ey^XP-AI+@xAXylk(ObAta# z=NlTD<^5?M7eShJPfwdZzvpq@>X*rYPeLNkp4gBwlHc>cQSZ7x`bx_#W8n(>seUuI zf`uc&$9{(#t#_}px#Ww8xce^Cb*HRbS66THKS7j`Q|1E(R-uKnVz-|PbR4QScn&8J zM^g@&MiRwlF zx8e{rf^{Ng=?)qguDr$bw(l|%E_c2AnO5Vl`xY%dlu!dbff-S4Pd)wk#Tw1ncw@r` z{3`;vK{r%87X%UkoErdj{*oeE1IjcHmHh}=PDB6D9|H*`x z5hwO=0t5~m-jsxRfcW;cu*Xe1ae~{cHt$wNYCUCV)Wy&#@LpcW0iPENyCj}7ZuuE4 zLeUY8(Wl;enD6H`6*|r=vgr_LXt?EgNzFb}Z(jSCtC711*WYb?C)iu9F-$;cwKj*q zb-!>ZP#GmH#kH7ZUX8xu<}t-gq4*?=^TKNms=txA^_6M^`I_n1%@S_e5;Xx5NR{tZ z>Np$*`@}rB9FNbT%{O1QBWmm8tp91}ZMLn)l!1RlW` zd?DXpJ&zO5;#$=DhF+#=0_2WT`)zTM@m8-aeSa}F*%_hwMq!o%g(QBq)ZlkXFkguI zSs$uIM!~yr?LOQlJa^&9A$R-N`{+HvwgO-{>_ANww^w3)PK-}6B;tWbiv$N`yJMfo26<`#|tso(KY{!hc4wi*)4Ek z_Uq4x#^wvIIvEXureO(lE$o`k8y3)Qix;D<>X$mFPS?HrLUIZduu@v&xzOLJYk00} zcE8iLZlgv=wxYr3~nbV$gd79bY(dJAaNiX-Eb!|E(h&RXpDCTfZs92d&T+EE5$ z@rM>P3__gA9XgAxaHb|epDIQa$8Ru`eEAC8IVrjDudHIq;QOlGRL>v*-ZxCmXue1H z-FQ)kfw;DieD3XLY{pv05yYp_Dq&u~l-E1ZkMWdNkI==-V}`c>OJ%xmw_B~=7Dt|B zAeR_4jlj)TVHu*z*Xy)^)@f#LgYBHvKv85gn*E>&74=5`HA&w|To9 z``#@!c}Z}Y#dRI=Wm^V^K}5}NCigU);df6gPWurNZ`T7{(WwM5F@@w~?P%)%AwBc+w}DvLeXLVG z0RIqgc=(3n)u@5AJNUfcaAv7v_IfXNX!5czWp?+8O!r+N8WG#nfNc<>cBYV>5* z^*;H4FW5Krylj&Wi#Nly^*w=JkFPuEgR}H~zbF0mufc+A5_jTqyg!cAI^EPD;m&f; zI98D_dq;31)c1lOjQi&=H72JQK!{iQjJDF=n@J ziI`W*lGtstxh^%KOS!UZd8DE9X|xt~d_8cm}0y#OD+0mmzI?rOh&ty4V*7oFMqzhfbMK?M1?Za%9!OJx?8{T}T9 z2LB`kaN4HilSKT~I!wfpx&$er{U+30NRZIml?}N@qP%~yTEJ{$aAABOzK*AXry3xa zPg((t_<|A4&25EB<~?zxT>n`;zTGBP^o za~eU{!L(bh{p|L7SZRiqpJP&Gr`BuHQXd?|$tf5>Lnr@*E)kR8JDuk&g!o@bf{J{4 zh)o!?(tu-jd$cPp-#e?y7Zp6mq)0#3Y}|Q=E}LoD(Z7)L=F9usgJaMWhSRs*>%Qs; z@;_{Gu_rUkGSbYtjPtcjY@nBj$X|w_p&!rIttLyoT-d9FR&uK2hmIm{S<_cni@Hgs z+u86idcJx8+?ZD6)!F|24eS^Tp%V`Pczb-COA-gF(IC7{?gE(HXy2ZXg6w3@7TuXQ2V?3w?OlVszVrJyFF&1*B>^a)C=7n! zawmkB2fvp7s{VGera8hFzg7iM@pKXn=M3wC{C=e&0&xvkw&&yh;mGe?{i%NkmO zsCf6m0aR{VuC_S=N=k+=nA3#FZ2h$iJb8JJuNTu5ID8+ic3)SCLAf29R}geX!iOP~ z6cJKqpQyL3Q&tSrQViU23>*tX|A!`7-7PGHy15x$Dx+=|a^|sH;#X@*^#b(mpE(5b z`;5-n;Dv!S}VKUCEILeNWL!Aahi*dGvJ zYvBM5WRmpcy2jBTsP@>R5UBc6-XF9x&E)2&nQ~#i)bhR2$^<7!uhH_8v$Pgf;2BEb z9h1ksv0?WMu3^WFmy#c;_)=agE`}}meijJy>0mx1RC&{WH`wYhk<=kjTV*cp^3O56 zkyDHOR@>d-TtukA?ooYV?2%hoylUJagX6P+wHpogFrL-_@O-O?&xW9_A8@WI^%rD< z{z+DZw)00#nY`b0ub5EGRtLaT8T%oWP)sPNuvm-)RO)U7_Ub7Ie;-z7{*(GS8BpX@ zcz-5hUCJl*9XMy_d%X?m+t5U0A?uY451CLV#c9ombI;iEt5QLbf`<`X(zcRQDI~I= z&Ca8xkUWj=D`+wYj(*@q$78@6J)(M5eThYO5D~v^{Cr1CR?;^xELt4lsNjnYXB;`av6RW$l`w< zi#mH;h{;LQeD)mVU*9juwA=p|JkI;sHKsFoVH-`X&609B!quQI=CV&1H{U!yRGnWY ziFDnl@7EZNj$Zs;?V_sM8!*M3FTwwNa9acz$o7Tgysr_#_4+vIpvo~l%@kZo+oL2e zA{4F39=0oxRJmH4O6&ek(JrH**c%cR9%k-c^#c-iHUBV%bGxF(I_IW?6m)0>4ksF_ zL@!oXu#*|}&OHfIE2M*p)X7|R4Lb%eYAn}UXXMLkecKp*(PF#uEAqGo>Ntd%Pk^my zo6<`EW^x9uj-+^O_7Z-L#3R%ZfRmCcKKa6lx{{kmu>4>9Q+f;e+y@cGkX-n*><4=- zP0l=nr|$nv+#a!Wr2W^rtp8Sqf@btzS1Ziev^IZB9+2s8Xw zSNFij8h=Jf7okhmK~7;ovy(82I*FqmPMSIzkq;;H)JihD_E&%3cT{B{Ad}xc z9D$^s*qB_bTC-Zu2VdQld+S&T6muNn^4fibve#|=bvS{KvDk{1Vr4{)P@JFltb38c z7W4{iVQubuISsO~uZS>Oz7M8dL~`aLVV=R3ii|wCj~5YnTe*6}#9H}!gn(#=({pY+ zJX+2}@t8+S1JBqtATN|>rJ1A?4Kag=xXf|SA0<7esC)|Rm%?OCUe+I809^XgkIN zH;AJV^DqNtJfD^NqARu4s)w1y4$tvJK(Anj#Xp5?Hqwxi9M}jFLi)iAGc;+OTe3Tq zIU}DBtmrVvqKJsFSgxw7V);KPN z%zfB4s+S@lj=!H-bh#8Z+MT3X7pMeIC|}~aRvRTFzkUB z2Hia!717H}D^;P-H3EZom79Dw?^Cj$R}4hN8_hS%+R_~&fJ}`zk@^5 zLnDccFRAj@1uA4doSKzf`rpcRG{^68c@8d@W39Wy>D?YzHh_WxQMD^eJPE*Zex=^q zv)X+f@4#I*15sLrG&z_#CJEwTp-bW;|9vVJLttcV6rDw}{U+2}u1 z3Fk9)ccc%8SP2@n2`vKJvR`M^s#)rlSh{Iz-JHNTIQ_(=xBj-Ca`uP`EA=R|B?-wW zkEMVpj9>V$f^T4gA8>2U3t0lO5w#8HU+`fr)_e~5(vr2JzzSN^DuLZbQvvu&#(N>_ zgbP=Wrv}c*}1O8IwVxO{r#7?Wx!R+bTQM-%=X{-Le8=1zR|!_a0ndVmiqfy zxgKh@8k-!{VnOXJxAto;_7-jhb&3)^KJNtkR{MEqRCVWU^87*>EJ4ShR49Pjaa6iy z+3|7E!cH+W$|&Y{$Vl59VfunZW;pBSsyD=h1gwykZI#g0UNu@deBAVkW}V{Eao_xQ z7(FGpw=46#=GsTEBXhX^fG&3B)5??2bmEWX;t(-LPJ*n+=LZ)lS=S-P9Nmmi6TRw~ z7(Ac2>&B#Xi(wG|#j4xg$IO)@ubr27`vnWGp1mF`7C`XAMQ+*+M68)CB>+${LW-aT zZQP2BXRi{XBdr)1UHf|f|A%beXTdb(QTfylo%y+*aYjXbb(PfU<6ki-hcv}wX~$-A zbk>s*3h)(T4^E;JG}}fddL)|@G<1oSIt=aLJru?ci)2(x9YEwJ+)t>9lfn-vDzt#z z$n%#2oW+2rZ_G3!fmr)=wp+#pDA*-a2VO`J66*xEHKHp5Di@HDRt7Kr6 zbsrSbuwksM+=C@nORukF9#67gtgf;~(dnF<00OcHl;7no+^ktMF@B=dI)m`FsLpW-`2U z_&pC7ztgRjNLE|XK3=CL@-Q>FOOAEZof;lH0 zXB*x7q=^BrtcYv&`8M51_kGh`R$LfSZZ{NM!})asXO^QL=GJ<~mgws{>4=JexvdSS z;Kpo@0nF6lwGmqK+qiNz&n@$A_DATLHq?4Vl>bf;D<#I`{^R;IP3A$%;(6LU0&2>mAgeQ-*-dg%%^#z2qs*%)+IG8urAmF(Ldf_ zoU%Rls1|{0WlKKv9-BV!7X`GJL#K;q(-yoI7oQI{3oW;m@4sP*y#J{2-cY-6P`pRI zw!NP>LuuDd1TXmB?vtmu`9#A?h`~a$XndrLZ$@#Zzb(JgZxvyz?eN+AZS%AbRcJ!X zcscBn$$t9ahg;h{M+SRb+UDT5mpX zxHoR#IFT-6ds{r_*NmPvtzhCT?h?C-OUR?ti%#K*+37!m{wt=-2fE9XY-mJ2YO(ikc=k+6)74(l{0 ztsjih)Cs}Eho!aV0;!Gi$dQPJK^Ysaf`S7fG*Fm5lefE;9H!>~aM|g*nU!i__uAdu z{&S?qqWQ88D_G0)wJVX^6qkr#tPO2U(mLv_!%3s|Z6 zx>cs~j6AKuYVlY8B})%Q8yDP?VQRZwhrdx^{Qmy#3(#?D-?-Y}o^LRLBI!#&MqIW4 z_)+r-AKM3qzTG`T%RL;RYuAg?uhi*4$K@F3gVRATfFVu+*rQ_MX8d*(!1C8OwCD6_ z(!Bnbo`^ovkYt(1ga)t-+RL)So=5#R+2ChC6a`hw0 zdJWAPqJZc<0~SAAvGdT)zWWed0Qm3?hkc=E^e7I6XuAyMBe!R`*lQ^;ruvYzVp}7- z3kZ9<^+>Vh#;nD2p#1S@ieD_imPDOz833Tm+!BBu+N9|8oVe$E^;0O$jE7Te#t-#b z*^?b7m{9S!`=+d03!NvOpTYLcdYwyJBG&ZLp*#NmqQ$gIPeIHT)2V6=b%x^$1KT(@ z^Cm=3c+2$nW#bX51PBACw)5ZyxeS7OyQbQW{j11ayaCieGd#>{J<-jZ158ukAOZ@k z#<2jvz3GVyJ^Tw*n}-7d8k(~qh{3VovaZK{Yb&yLniFLB^(p~y*(!Y!eVS4u$cT=B z>B61mO@7;GOJi?R+O=dQ$ts4$>ckda50eiKozw zNoB1{HQAkue`fwRdWn!_fAJh&Cdg@g*JkIWzBbu^niD|bJCKZIj~RYiuJF=|Sju_i zqn-j?UDw?0m%C=5$Lq*(A-@!ER9Y&QJ)Kic<1?~yMwp>#AGPrC%g+mM$+bGyxZ-V` z)M4_7-pY*z$0J&D4*kSw#S-uPOLmcXu2@r^%}-1b%;{bELWLnX=f`~$^)-1ivnM;G z^(!Res$^@PU`71Cgak|1my<@HUHF9Wop2tOxH_ryW*Z&AI;T@r=fep=R$@$1*|wZP z74@bsa#V00^>KNWq}sJ59+BMbk}8WTmWo<1I;kcWWka8-=h{iR-k*_fc{OnjRV4A= zN)g<2d(P(y_4z3Iq`8hA zm6Bx$djcCBF9lhHUZ-Ta_PZ;9`U4(_JB4|KP7r3@>*K%A1cx~N0S$pe@?8;DYvbF` zewU2g^gesujCiYwiLg22a^F8C?6IurI$ssN_a}@#1O?m*8!netlFTw?f1-kgY;^Na zU09T`78*EA{`F?Lbzj|LXURFtZy?^@(->rVNmA-;9G!^ON^Cnh2S>u64w+;0i(F`b z^f}@aFMg!rTMIZ?(2;N+%-zi7vt-f`e1boVstk0K-%V@*?jBZ5n%tdOFkLsewSt>m z$msf?%8f5K02vmRZx{@K-0AUD;a(1JLDH2;on7|%#`#Jy45rmz^4zqeJ_8YXzs0=# zS*oKM25cJcrK+qM^dl$1ZbIWODx{Bp!mL4*y6b69$W** zQ8aPgc|>PBA4J$A^>K71B<8OCvPae5(|fxEs>q7$bh^VNV(aZlJ<)cy6(?vCeEe&ow z;=jLxCFk$K2d#IFKnUC~V>-d2>|dL#lz@7!0Tngw*JzJapUgc!#w=;RF8;CAt550- z7Wp;pm-E4$koe>8m58=Nx=6(zhi`c<7HlOd@^Hear{qIcSZX15#BqCfHS|%pW2KzC z0kS8qOd|xc^?%z^UoDEAk6v$wf6yBqoN+o2*+(BH`|;;{c+)N^g2_wl%RAu z^d4^QU}fxi0`gyWeR8(*-LS{Gx!*kEYq(6A7$iR2QSXAW+Avn^>K|kg|JkE{3xjpg zlJ3CyyLZxv>ioIUS+nm}vpeyJ*z}^-!plLLDqni(cH&*bX=$#kGr$2RFR;yzF@Umr zYOjVvY~=}iN$(m{Fz1e?A1`}AT*IwcPZqG#0oXK)rn&UzPxkuSzSKF@D9Fot+6;wx zOYHnGn1Ei3%uX45oX?I4h4ACixj3MJ)m7SKt!a9^tT-#A+Ryvg=o?bmXG;`$OLHN7Mz__=GRZ2Z6q}Iv5RP>uKGZ6fgB&?$7m1zWlX;6redp z%5o`$`;ksy@7DL6{up3Yk*3Y)NDF`eRWY8TvM6s@TK37j&m$)XuAik2tn^9dauFRU zOSA{V(TQ~L-!L<&+)uPYr_}GBz4K;t%=N-~*J(*Xjv@N8{iit*$_No5JIPcF9Y^>u zHUqrFazung44hn*f~7QVlxPopN-r1~DzB87u&Ssq4UQbPCTtra0ygM+Da}S5#$zmD z>+OSbJyj|TTrC{U_Oiw?mvTa+)D%gv9&dgIhxkn4-;{rN(^zUh?XWsWy%Dq*_Lvt7 z*_}2z?Si99vj-a#=L_=W79v84d2p)&`a}QjVE0scN`3$|`SkNF-SE@-GcBIjw4EX` zQGf~dpBhW?JvTwtE!IF@o_4U1FM{$G8lN4lg*Fg)(;uA;mfY5i0ZFm>f`Jvh{Zp1! zh;S2;Dq|LF;aN$IR>Howhx*SrOqu%66oS+i*8}2N5i@}i7`RRoZL-~`KI$9s!U{r> z_`}0_Uz{M=q)T*e*cKgF6yr34e*r))A4Duagx z*sy{T3g{51t$)YTy}#2P4j}Kf9cBdRskNv?e04=Zv2D*evL_g2H5+jy#d+y-d<{i+1Zqz&n~$z8+&y=Itw{I;qB%)qjc1!?&ynkRvw&*D=Prrv{Sz`O z-*JNdpO?8FaudWgGXwQS5&Jk@*k{lV{p&&nqxd^fMp&M)@(ofPykstD4l9_94@uGz zck-B;U}uLqDheGBAu9OL51L6@rj8z?V*X2btiEPwNhw@cEo#Ad%uqpr&nOeE0F-jM zJ1)H4Qf!+2Muh!F)YVIwGNi;mcdtHkTrDx36?ds=T|fDt7HT!o(GzCS6SzMYna6p7 zHrP0squY>pHJ8R3@(?k2;z=Ds+@z66H7|qcn|{%-|n_=U2zu7swi;VC4FPC(kQ9tg0l zk^vpg6XHuN34>!h zJpeVI_pt`iiE*wfqM}>X`*8*Bu`T|-vaU(Sl(l8y$$OUmL2rRZW1&V56}_RJJRm&` z#faeEfx?R+h@=wC$+ughUTuu;TL4v}cj1jSQq#@R(9Px59uM25jfr~>#fmjsiJHz8 zhjLm5lF60}gQ8Ia_Fc=jTrT~0Gaz_NH_1DRas-SiTHi_EiPK(PC*m(-X&a=z2y&Ln z-*(SDPvM=}d^d;;yXDsCGk=2kiMB(ux|P|6L+$E!Q|bQ`*42k|jDUa48=Wosko-D@3^vvzz?U)R4ZP~46y9BM}#Om}@ju-ui zK->-u%$k4Z}08cwDHL{$VGgL`J4()W7%x8a(~T{k$(bI4Ud&$Cf0f|GGe;ue# zCZ^+$b(6gXmhFB{S0tMQrt~JUO8T2QN6EW^&m%GZfnJZ(+pTX-%3}MhxgG49^;gvA zZz|y~BwSD&kSZ$dfA9yO8mwSWr%Mx=SAM`*2bM<%{5X_dCcuYz7agf@3t$>U=a4ug zb}3b3o3ke$Od$mzV88Gge70_GxJ>a+xhNnmZ8iZlZuYAsfw8(ffBm)|z5Y&J#+8l4 zGd^?{;(Q9ocvNO*UEyYX$9?{Pt)2Nl)Lk3L&oGt@Nr=kQZC~!2Att#iBU`ALp@%Ti zemLiKUT3-9uj`!8 z`QiL@Ymc(pA6RX30s34=XsFx`%vfM`v#jkiT8LhrwOBm`8 z_W$LywX($1XUiRs_(tEk9~|;UFY-0lg{NEBw~)un8$Lj{jci-~%A(-AHI+Vzd*=>p zC2XgzueqCEFtg7po=%XG*N5H${nL&+NgVaHJI4Kh5CF{>Zsy8$)6LYS&543Xv??CL zeVDym`Z+>is$lxtid$qo)t!@bT-U5@VZO$RBX2twitlLU&~Nwp2CqLu;p(8&R>u_e zHw?S0L(ArQ)fT*w9|&WHQIR*>uHWUHLxu}R>X1}N6b4*a*cJ^e|><`RNlY23< z`{2rIX0PtwE;IcvqFsDecW#Y;;?TX=sJV4MgH6A~?CyJqA8b82v`VeFJ?9X@UzT{0 zJ*Z%luxD*ag!k#_r7tuWmaDM`!#V3#Sk}C|v*t&a-+U4J?+-d(YHm=5CX|}?&PcN6 zdZSl`+?KelfLpceYFzq z)!)L0jqqIu=7u7k&i-?O7P>s5`eJr=&6#t;MY(o*Ybe~s#s{UhdM7=rVUR;94E<=` zHCc%V0BLo+f2hN4pYNzxSvE4LfzxzH_03ciQQ0eVK#PMbpc# zJ?Co^5wzA@v@Qk&#~r-)`Cc9|qyNsF(#pw=O76D4zKv`umAk=~Bwkyz*c_=j8+nNrlqA9Z15!kFC3=+^Td9d^)Um5TiN!+(FsOIVV?e1 zopGIQ>YWNOpdoP7X0oLdQ~vNb@g0qBtyp3V#|RZ&Pt)s8_U!Ut);R*i{Kn!Zz7M(D$FxQAhU;HloD>Ei!3b?x~fvtf^Q* zAQSsJaaxU{+VJC#D6|4ho-=xIZms1n=Cd!q*u(m)rLS9=5j66*>#ZF zd6FU)%0QTjT!xQ}*589WVNa-EXI?do;%>{xP^IfJ^9qHP){ss{2$kap5G8y(xF#KDg5 z#hCRin`)%sE-hZvDwZm-_YTTG<%4A$W#R893byaQ7E2kx0b9+GMf7BuRU_R?}1^yN>W)<1gn zWDrliCL5$D&sqnt%tR0d0KH<3UHs^Au6h23P=)oFqgdCWWHEJ_o9CuN!;=1>_#Z5bvJ60>4SVq1dmF$&h))fLS4{(eLQ-hoY~Ro^WVqDDrE4|R8V`a z+=fuy&kR_-ZRkE#+m2(M2)R?17o__6tQH=M=g?i;{JpYhuRW46gBM?pURftJR!_y! z;*kPTA7#&As4`rl-h3LZQs`ig(qZUuIyaBXiN6{RAU2@I^oJG6G%wL|@-g7NmbP!( zG$1;z68AkOTZVob*VDrV1o+G1yB>Wy#4-Muxq%5@Mm*=o204b+a9SK7!v(cAOy4cqag_8~3pzoem=bH~k#M?BUUn zd<-tj5JxZ`YC?=k?}VJ3cr*koWlf+O4gED+4j{={!LcZ>@$N*Wy)>-mtt+9XAkBjy zBWviVqCLyH%aF3(mD&K1qaU^v+P`IR#smgnaPn}SEz~Ba%F2eww{ElW>(#rzMyY>qns literal 108578 zcmeFYby!@@vM)>^KyY_=g1buy9^4`Lz~JsqaEAa1EGAtLj(X)!o&rd)0&~%1a`_=wurfL6_0jol=zJi260-w{s2OF5i1fPq*hk3{!w%Wk-ufI3HKT=@o7xG_c zNohGnQZ^=57AAHMus#bLJ0B|xA1gO0D=Qx-7at1;So+nsf0gJL(xuae2^b~NTvSw1 zT2z$O&cW8i+zJQ*;g;qdD=5|dj<8o>Mf@$662FxFfMWX522OM>ym$esMUXm?EYp)e zHIj6AM9$hryPrmt2WuN8#R0{nZ+t#AH1WJ`k_vl~foB8=@|^THd&V@oeo|y+A3X?v zm12`xD5f)FtkIjH@tWn6h%5yI`*2cxE+t=dx##Vz2hO%u`uG#?{Zv{nM5Yv>QLs6N zE$X<{0?e-W1}gm!-5Kv$gES7M&sNjM8NsgqFyuI5^8S>7eW)fwP32@?iJ3)@N)MVE z=&k;MTZzNUM#gZ{g@e6=>hpXnNm=UvCmU8qPAu z%8+TmMG_(uybCzG?|fNvtylMP=#qi&^E<)mzr%(0aPgBEwQq|d%D0ES&Ge&h-7cT< zn^%~$WMp)BeQ67YGs`G955?sAX`M!t3#f4p!aR3hdx~s(i-5Qc>Bm`Kzau11@`=Ow zYs)KSWWP#CV7aTCtF5Q)ONRON4b%j#!^pjYoL=MshhQxjU%6%Ao*`xJ}~`@%}h@ETg1sykX#eok3?-9fTSEu z984^X;%??HY~(`lqyi4cCVa|b5`RK~uLQ}>oSf|Vn3-K&U71|jnQR?QnOS*xd6`+* znAzAE!4iy)?lw+_Zj3gL6u%(;zz_pE8abHTIhotqkp99n1lT$|36hh8@00#jK5IKU zxxe9U9RKtJ*dNSphIY)XOf1aS*3AFZaC8!P0fYQmp#M_CQPtfJ$gB)>v~_kc0*bo; zZJa3n31MvXx4xaTgVpcq7#lGIt$@~GQAe;<)_*hkYsCGn@yi9K=GJzTe2L8{&YRJLH!ol$mC}|rM(3 z3S_pkG5vkxm&5r)6r}~p*_i$i{moIdGITNlD+rRyn%g+L{YzBU+#0CjWcbUQtX#a@ zoLoG-T%6qC(8&1@ZFQi7Be*C2!u%aOf2;p$7Cvxgz>YQi)lb0yzxm+0@QFGA4V`Qq zRBdgo1j+x7x_{r60}m%-LnlKqLnj~@^zS&V`d1ugWZ~vx`J({8;N)zL%}w0@JLzA8 zhg1M84{mZPb4Rd!_us5PMwANB{*S9aF0IUe4<%C4--CkB(CCjUI2yVDjenODjP=JY zBQrxAQy@5c{MlXq;+y{$U4fg$kd2Mo2*}98%W1;MVZy<}2w(>{Cl@D+i3tar5rBt{ z{om0YZB3k94IO|YreHsUeFg5Gzh@{?+TRWJ_TQyl&49mJ0qihFRu)E9?!O$y`KQB} z|Ew_cubA;yjRlzhH=hXn7WhYy0qgz20|zf~EM)#W82;(AUt#C};oqNa@&C{Q82Ud( z{zv}(kGuZkuK$q-{zt<9>0SSE*Z;@^|0Ci5^sfJF?t=f4zX{_TxV z>t$TvY^$T`7%%&c*J+xg1gjiK>iaijC-y~{e!mFtRaeBHgp?cFADq95H*m~< zaNdxui~p(mH$mC*Cnqov=MU6>5ubmO|F#o|imvznCH`gbf4BTEga3u)zYYFP{1*oQ zWm%XjAu}(XGm7*gC!K>MW^JJC8#(uV{vm|WU==(g+w`miC^Vu9NxVl&_UZMoPjK6e z3Ew@nBKwSDiOVEgdPh;MyVxQ_!H{58P9Nd&?!n%fYE>x*v7DM>?!Az@*%o|1Gc0Y{ zN6BCnc{*_YH-z80P2in241C?OL>wphMr)={gLa08SxQUIJ{BPN;OY|VB+Tx;>wegb z6E>eY6z<8_g3AznGvRT^P}(grvh5HmJCOUW;Zunia~+B4DhAtA?FrAIg*Ctvgi-?HK8hha>?@x9sZPx3eywhiTM}twaQMepOsmHV64M z|0-L5R5bQN6AZ3CONID%MO7sco0bQP#YA)bz@6X*m)fs~0T?59-LzaN_J!_WO6kZZ zvL2-lyqk_OZCgR_JFvuy>I0{OV8)zrloVq{YmRB=DFYa81(LH5YRHii>eGBw(UHO*ncV_HHNs#tduOhQTevMQ$bYvduw#NXYA z{AUk4^Y8-$jAZ3QLf38Jt*DEJ|mD*b3tLy2(06s`RE0?o7 z+z~}b0;^0N;p}5wI>hgbj#1Gfu1T^%<{PO;yAD^)Q%qYb$pp}yB7EBTW(WA|e%?1q zu{+OMW4tmtaEnEcxpTRR$f!qx-2}Bh>Zi+6@?W%10ujgpZ_N>zQLjf?Ing?ry*c^o zFgJDg*7jUi*OvGt-!5uOd`wFX^;NKyuHKX@HMkM|UU2RC5;6G(HVMUCY`4s4Jj3ee z_z$fcuG3nbZ)D}6En8MP!s6bfAf2(#!fQhGMd38x1FwMYxjj5@qMhw_JZ<6|gY*CneEM=*MI z>QRZ+;$#?|=s7I$PDQ2au)9gYz8pXz_`@sME&+IvACSA!Eix(7h zy$(cJ%{OnwjLVJ2S9IQt*gZWOu2?p7Y^R}zE1%mvq3(-E4H+#{LoF(JyJ^|5KeC8I z%e{w6gf;dOLXaipbQuFa> zdq(G3Ldi1X&lyz}EVX792{0Ey`mK9J6P4yz+ogQkAZs+EM>%Hf*(+O*s&D>jW~g z&3o2E9Uq$Kj=ihcRG^{^7DMuzSdln}Q688Z|kNPA?e?>n|MzUCz{- z*{R179OTvd1{S)14Ge#9H6bpdgb;tA2k znKiX7Rk98{9@kv=;OFaR_tVAz*;1e2evMwhG$y8#L{a8u?;-tdZ@xx+wFd%rK0>j$ z$PI2J4L`4{a94@DDcM`ibYcLJ4L}wmJ!}U?!kepVXtsh}5dHAMLsLD?<*NZ{WG|7p zS2jit=O+|?m*M5$GF(|*uXK&E?&wwbzz4dxum;|n9u5{njOn6JcqaA^pNeEUcmDna+(e4HDuX(=aLjT)X|&=edoNZ}m|lWm0Gulp0rIhDvC? z)ic5O@xJeDot&&WGD=PRt(?;*-|*)?{OCH`EgTVrCueF=>wm1%VDa3{n)Wmze>;fp_ zQcOc1?ccEiiOuffH8}al<1FB%z!}Dj8y=r{mpHAgbq!ij17yMoTi$0VDc8j;` z7~fc;^o~k2+t=^Vt_4*Ic*(Aqtsl*cSQR$rHtw47IDD$NRsJeu7h7L%!SqxV@aI z)-#w=Ar$24aDFz(kWv3U+C4IooE#ONIF(ROeOOr$rK#@@lN?iPEXPQtvIT`-zTlwl z-o7JM(%Di!Hcf9%t#7+;zugpmGc#)}XEI>=V) z2-p$O5!1n=HvQQtw|(V~JEJ&m+m{eCQ|~_@DE|m%vitdUme<`ml7%eqKBds-!dYG? zy(6|UZU_>GVs~XHeSu2?QjZNjV&Fq4C135Qsv⪼`w=%w!Ig0$PkD~+HvLD*0tK= zmHZBXMz3LPM8eluujdw!llTDlZ8P&Y=j;-%Om5k#&~T@}4CJ*>p1w)Of`fP5G%~@x zvVBym)uQEYOxd7?yO--}1~2oTiOPLqgsWwgK=NQeb4F@_o{X6jUBL^R3aglQIJ_?p zdXL{XaKVy&k2*;O$9>)R1uCS>GB-h0F##u}{mT0J>acu*$J!tmJNc+++Y@$m$0~5e+nHzi`N~%jNCa*k*M{J}bv*w*<@uXT_lO(59s2_K9XAX~zoiuatB1Za8CYM z>U8TkKf?hSrPVpgUCJ?|a|u7ESnj>LkA7m;_s9xn)u5)Lml=qh{>dEpW&|1JbR@ST z=;9}0%5~>n*ns2N=yfEAoN*#5Gnh|0J@n&Fw8ilV-TMOOUJT{9wVRAFEda zH*(s>!hpcZ6#0j0414#u0e!8(gE$TW^{>6x+;`_1C=;e~`6Uj}g&qjDUfaAD!OnMm z;A!0+Wz~H`lIP`K1Fz(|7Cxvq!*6oj(Uby-}~JD08y=6trx-Pz2ls; zL*InSTo(%kPB!JA^p7j1#AI3^xP6xmEZiBXKuc#>_lrr&LjH{Pp_1&WIJUpq-zHG(r z{W#$}8busuU2={F;p9nqZ)v#O>9W}{jyUCoK-s44EG0{PIG;7#BZEvZbATV#s;5S& zj~#k%NpV{1%GOf!sp{O}Jihg^C!x{>y;gT0!u&o(lF`K50F+ z>$`m(%6(IE4=K7YuXo=MMJS*mzK@MTfeE9{(P+tCMNI=qG2JCQPM~9DW$I>1=3bZi zC@ziKD>9gmjQu8dNi|EED>~z?aQJvK{ z+MXe2d$OJU!P?n0;zpQ2Y@wh-W52vB<@ixC5>-eab(sThTxYGrby4c}PI#l!S-N3b ztIX5XeLXd#aP?Z8jeUbfzV3%$Gtuzeo1C0@T4ZLUWkFeM4!k20n%th)G{QS?A91!f z(C_#9ZtmuL!D#yH9TE9IT%R>E=JemCX^W!3{3w;bB;b1{)dav7EHnmD#&l|4NHcLR zcQhZoy|x|f7)7+tvUO&;JjYjn&S7#7B&KDCoMOjnU*Z5EOnv11{ zOkSnVrx7az0#l4u?~s=VGk0%DbVQW{v0mKBa}uBVSNSg-RRt56R-3?c_Q}N0Y(D8B zMk8x2{Oe@m1Liurdwyp0%-d9fIxdVDZht!&B1!G0y>|P6m7P~!2(gi)__XuTB}`Gd zP5YjYn;O{jjg~0QbqO2FCaX8}Ild;5V|~~=6d&d*ENQmgi5ZIEXp=4wa`PxRc^&;+ z_0_b}R=S@S>FoKfGtJzTmhFubZ4F&TKGWxe-*e}$$$g+2Yh4Pfn`g-{b7*W!wrmYp z+Ox`SI zCgH2zXd3E(xJeGcGF@Jr*arY*V)-}=P7?Lhs(5!{yeyZi{RtLAcp*FgWWQ=vDx+hB zF@%LIjC-;p_PNn0BaPE1AVqiou7x6ygjJ~eXtV(7=Fn0}HaDZR*` zjv~s(mka2XqQ!U5&t5Ij{JV*?w80{CEJ7a1fEPj)!C5>m_PIu(#6VgE_%#MvO73lR zC@62l@v`1mZW}66a?)f&){^WhQqivHM=8A|Q`Ez*nj$At8Pz}IZmpwMU?3s5i-Hs8mFsUH&KYe;3>`dQr= zA;JYY^F(tc_(i?J-RnJuAjJ`W1f%GkreRuo;r{z0v85Eqy!e_WwGt`sWbTh1a8`qw z7Ah0wTgJU>b;Y<7tUWyqED!m~NXd36BhX6etj1rgcb=8w`YYj^-ZO5pqw;HQo>O)BjFY;Mw3H;?b89XiwSC^P4 zF;(aM&3ALW@j5)*U*5nc?M#c=yjp(7cqi5>BdgZ&%U&;Q-T+V+C~z;u-Ri9lL*rZm zH*eghB}7;tn%;7=4)9Z7fI24PPCraiZ+LOI7EQ1T+LNpB^PE_%|hZyk%fUHk3C;W!TO;N-|R5w1@Cjq6OaR1 zRqF^@6jM4QL)8uM`&c_(-68;y<# z#${Tf_S?wtI^8;gJW)3OfZ>gG;b%|u=$6qe49=FH?Up=B4;<|e+Rdvs5gt640K=6K z3s;PFXT#Q<95WBL`NypnapQ%z(L{p1gE-G|3yu$WkGsOX*Ks}k>P`1&%4rk1*tToW zA#9rISi|-D?H$SNNSL|SWTQd~59>JYX9JuJ`}DMot7AnvG&$v?E#;fmweyt)bm7_G z40Kb3vkwjKlatRjM`AkN`zz_g{R<(&!%ZC5YKjZO{j@LTD~2+TG=i`!0pzpS^go_ z#2iuc#f+Q*9l%plwywt;exH7U+Ccgm=r}uuOWTRoj z<|4Y!I-?fdCLqNw!>;>DR!eMp_2EfNOb!k?=tyk@{3S%U@a&(RC~P=+$*clm?xh7q zkkkc5(8c0U9Wrtw+hMmulP|5d548AP%}^oBRhPWaJ{J1kvGq)HXxgeGXMJqpIo=~q z+O`Ti?K$4G;r(?v~` zkxCPpV)6Kgbh@Zrutx1pbWo6R7#M=FHma&Z>sNr2EeTS0W&Kim)l#%`UG(}*VjDT0 zTB$@aG8b{g`wfSWXx=s{S`_}Y$#iMKPJ)=B%o653UHU`E8?Y`(3nM&sS-wr`~P4vzH~fxF>HukR1n zSGabRJ44)Mzs3%43vEFPR_b!}a*<&@ok8#$7^KTe3HeOh{=^4*frlx1wrte}2|c}o zKt|u`dBFMn<=*bwc`xBw{TI>a^${`)lI6iVeqT?QMrqk-z}b6dYeqpU8QJcOpg8N8c-_W~Dvh>2gpe`2y9Eh#Y|1#}r(6$ZeC%SPL>l~?BDy+f*NcN~ivxH^ zcjIkD#w*=DX@a?zIpQJo(p%#mi;eWuA8FY*mkq%?Q`B%(Np>G-cV}-!Cgw zhDb%+ebp1|WGR}Ud^TbcqX#Qq`mX3TLwFeRj7T-0+8lAUL{j{20ILtPSNtr4sORY# z&ccG9m#sc%b&fEiDCza?J=t^Xqr{1~`L2xDX`8Qq58sqP4KL z!%NwqP~B9SriW-2i$J&_Cq>2rWNw>ba&`>ITQ5VWME`XX6F2fm_Rgq09|P2AfN5{r zlkwx2NQS2)Li>dQGI2z3(I<1ASFIN$qAxizaJZ2h8OJot)FZ>l)8nm zO=yzRxTRVsh?fsoAlD}>IrP%|bejS~NLJqmtL!f9kum7@rJsT~DB%wInhbruT@Xmi z>j@aiY3$u>$J*3?LkAezd^&_8n{>@J(zZcankQbJK9vk>uSiC!Wm2KUx+lA)Qo15O75nydU#4micDob zP@B)t-yTDM(U35heuommDvOm03eWC|PyhPv>I|f#MdVkXo916*S;M8f?WGHqtc8bZ zLS@*j{h%a3X^e$xo09ZOIG@}@dYn10gaa$42^0VHnhOkDIF!o4p-}1k6{i>`xXg%w zW?I`?;uR)MMyOfKipWu{c}aX}R|8waUf@2hXg3!;icG%I#^KSSq zB9a#RX!VPX)gy~uJ%+w7yPWl)Y{-J!%@Qt|x4CQN*{0XFZEBcatlSqikqaauS5-DR zC3x9oG(CXw+m)t}@Zr_<9`0x1ypO|!PWN!)TZ*xXT~_1bWn=ErH~0HT>6B~XRMcH} zqQV6ytMfVU9jTQoff$TLunmfi!TwXqM@$G=gIXr}rb(RrJleBeKLWR5wN>9$syq+m zzrD9DKl|=$f4)`cMc&088D)uS^(fTMj>()14cyA`{puL9(lKn}KoNlGdTC@_W}qg% zj^d>gy|lcP>GNs!r54tDmZXwe8Jbp&NsT%1;D zF2=ml-=+pv(8nMe;4K?MUN|z;;Vrp4lGHFX(LIXmemGZ??O$3ff95c%-C~`dPd?f; z@V%awH-6Y#+u>}k7UkGTY##Kun%O$G+IDIB=)P)GM0XMDN`Ff&iI=K0&}xgKb!Yij z!6O5Mxi!@DMWQMl!6`#{Z2K+BHcB~pch-+*(K<**AOVW4Pmu53fyThocF5c4^9jct z(tH@z0jP?N%iQ>Qn{~5MrH>9==)9n@?+X!^uK~2r1s^MT?G_LpFC1kR#y8p~Mw0J| zB}_LH^s~_MaALNtV6RF`an~Ww<4104zgP8VWNoy!^d&x1`DZR>#BdA9Zk`2jXx5#} zs`26H2m=$jp+{ri?cd9Nscr4rKCpmyB+mL)mG&jUh|u?jsKoDs@)5#i{iRX)(#V3p zQ}$A?)gtPsKB3@1t~LJ)qcDERcK55%6rJ8@Iav4gyYg791sU_S&YpK9+&dWaXLHo( z0!oy|CToN~0d=wIUiX!50xP`e6wZBoFrkbq@73d;PC6Bo6l=F#O87&6N^I0j4D!2gw23}m2>T{)jURm%kTx;|L@I9JpP!!=<`lSEwfY*ya?3`u_2=ccJiIJorm;OzoWau&{STVr*=cmer;Q zBY|U|TLyTkZttKVxCo1pryRsE$S#k%4_3Fq<+b`~2(+6V3)e-d;&Ta3!00b*o_uFH z{yHJ@O5pZrcTQ!EnrA{zrJpG7X=qDpaU<9qO~i}P>h9YR)2aJze?<|MzZW?-BxY;;%C0-dA(!7@zWx8Ca3{WE#7~kuF*zD8{pH29To%zn; z{p&107z>5;+!JL23J*ly?^MP#;@@IwKwQUJ1vQ^*=3;yrGPA`|32b)l0s@}euQ`eV zj0Oj}N9J6LVWcXP_>CX!h}ef!q!eP;Qx zuCagR0?>Z_no1`f(IEKcL+0MvQ8Km(Is3rq7*#t<{J9-LM_6~{ne?EZzgf8_i{fP8eM+5E@MQ#-03L?Db@cM}=G(V#N#`xuylTS+3mnw3 zs4?~xlTI6@o&ZeETwCbtq2$FJ1hqHhG%-Y*vYQYl3)JeK{AO=dfA*BUCnuE8HX@4T zPTLv?bF4wStDrLed{h^!T9vU8h??X5Bny)>SV&9OTl$TM{A>XVku!7M=}Id_;wYDL z?gs^10RuB7XP=x{4T8RcAm{Y%UM)@~^?0`?2)Yk+Vq|KMSeFDzcW!;DFEn^Y(O+n} z*PB@pEGc|r&h@={qDv?*q|DKq%#Tz1L#SFOB4ceKoM6Vrv^eFX*ltVGYm@%HLlOz; zGGkqlqeXt(9;8~JD!4y5G6qB&Jm*Tm^Fp?6WFyuu+RQw@tUUaOo%et@&j z%F1GwP6)L$(e_1Uek<<$$@D|gmGU58Z&dAPb#-8aVnVqjoHQ#f1>;n@fb?+?HVhP+ zG3M9LnHdtwUxJcX=%;3;>?(~?lBP7B*i-y#=?7&lH!dZNGHrHsoRJdy0b07TG9Q(A z8|%>UhG2g#AkfC@6KLDpLcTTXD6>#gJv z!B0?s4Sxss8i^y7sMrD({`H#!>hNsCTDrh)1LwI)b9k~YtnC_RTKl>CVZz+ zId82AE*3Uip-g(-F`gl$5J_i+Uzk5$O76X_PXG?NZw!vFD+aQx ztYF~kDUB7waZX;L0j`+~4%et=ndG($Z!)z9PlFRNE_Jv`ZxMbVl69dFBONXoq>wNe z$ij8K$}$jp7tY*f$ps6OrCY}OZAofUxW7rIq5d->h~r0q&!Zty$goed9JGI6*c6JdB5VXyJt(*+N#>Xm6|j$92B>5rX*d3rt#qRY zPImHg+GQJXvn3Hy5MU*S{pgm_Sx4dZRIb-~C8NKCa!olH@c27hjEMKUIH()>6ETmx%%C=wi%!p*3DyaDta`cl6rA5W8>WJP zWqS3*1Vm>2uIewOKeNUDZ{}?MUGx7_lGuM?`K-I*QI@Ebb-1<(V`|!!)qK$KaHX_l zAhb8@k%Oq4Fg<@|NAu$K_0h3Fl`ZrHy2u}H3QY9n2d$0=<@6V}PIjlkefvfWpE4T6 z%@veZRa-(oOuAq$`qU%ZP5yM1@AlA~-(a))L1+5|{G@Q>Pk?NV{1Lysq4^6>eUL)kqIGr%1FL%pqsk7Z!(YBusNBAX(L8d?jvo|U?NZTyO|Zv+jIVuV!1 z-BZ%fb~am_OEM0l@{=9DD%Da)&?e#_zyurmn>)~dpoIrdUq$dq)Jb5DK{f+4Sx3vA zhq#EEDyEti{QJDHurR}#}{^zESU;8GG8I;OkCpnVr!pxXrP}kusuG+RL#?pPkqFBAHjb!@Yprl% zfH+RvR*#L;Y!doIhHUn)Xz7YvE}W@@%b2GNv$Jve{E}bY?`G4k>WbUMrLIX4I7`M% z{BTRD5KMU-`asO+;{DA>6>!d7@uCF_WZyZi^B4@*wA9s150NDCzc`iEIzv?kx-VRs~`|MnjIK?(d&!n~8Uxrwbe2u!3%g z^`DCC_bMe~KQ^Z7D(MmmFOC%`P%zmdE#54R2e+76!S7{3_j#5(RF*{#Ten7z!gOGZ zcg}>&wF^E)uec`Nb$YC{dVJa`eqtz4GA>^oHfpAqzFL@&4fwG{nixZ}u@%GxlLuvX z!ow!RUG?C1j7h`uW<18>Y|(cxBGKP1{#>h>H$Jw>QC2LWYIlCTN=WaaAg(hxY5btb z`)I71EyLQ>=3YC^3~zH`+NLkh1JCoud8Kh`IMNa;<|HidVTo#i2H|drMAd%td-<7s z49bSfS?0?_yfI8O&rclR(FrAl*!@)ZilMRT_}xaXqi*!X?i6c&&Gf2w-DjIREnHpM z*m5TabS~gG$%ZW$y;E?bE8nghh&W9T8in{m45O&On=z{Kb1B8)1<0tZk{Dp8y4{uQ zZ;h-mcz9v8pXq1j{s4-z;_$xIuI}D>2-gh&h#!t$dhT0Vz0Ocb$Th7wwb`tHWt zAMnndNV=^}3koy3(dOkf@>3hLptIpyOHjNr4e~8C8Muz*Q7S9-bdc#~xNT%*LH$w> zSYzonCL;^uPUT=l=P&$B0o?$>vZK&Vj1E+{Z`xrJ*4dc~we1W>ZSkWnb<A3Mw8MZe!Sbn4)7~RHG^$Dav*M2uWF7VX(XFnoE5|fm6@^{gt)oSm z=^?9Z!UbK?P^!aMZ9f~4pPvaN&3!kS@0gwCBO49xkLRttjxGeMIi+|0n9!x%8Y!9) zGu9XN4>ol3yEe91j1c4<>IDbbGZ(}>YB1DZO{e!Aw2q&PnUE_XNBx*HZ@bSQS6cN* zfs*{_UX^=v4I_uuOrKtw>FeM1lQY`qg5K-!JvhHH(R|-GG;M(E0J*jAM!tR{g2{MO z)N{U)4nx5$PTW=Kj43ENH5Go$i1KJ>BAwn&-#2krzx4Zq1Ut>R%lXv3n2Ckn2El1s zmN#EC(aU~>KqdH9){V&XPWejK`cyIDQf0{MM`y?WuGgYImjjFfcXrUpaMD{6UQ4I< z)SY+sFy-|VH4RdWgP@u#x$MPkT81I2u|vS)4!yULY~%I$T+TM-9LAut*8XkMaZyo3 zOKW>yfcb@v&++NqIsY=^rA31Z$}YVJTgFmNB`f=ODge{!Gdn!(r@E-@JQ7A% zaAO=-Rk*Fe>1toMD4R|_W}#&fOB!^zRC_5|*t-ZZN2*fFehoCzgKni4Dl~-aoi+?9*tb?!9LZ z2$V(O8m3I=t_KbqKY2Gd*qXjwK_l6f=VD`F9U2(m>0EoQp^%y5I}~H?H$PTQNKyx2 zK*mr-^uOrls9k=izpcBH6im+*AQ$rlsbCY{pH*m97lXpgeoS*WCOmbKFx?^C{;ngE z+V$95z}^>npY?}Naqwi}{mA&)&tR*Tl;F{on+YQC-f;T1v~*7{#jL2T>#a@i`qZ}? zi00dBM>_h_9sJ@decEY_>qdq)!Sl(idHjoJrx}z5bIAv`+g*iZQ;mAmI9+=etxi{R zEW7N|4)zb#SWyj}{FMUY3()k>^nv|$-V1)E-iU0)orPAs)uco6n3$? zQOum4?a7*OHU5mBsTUtwe!;SOyP!SQ{vhy@k~Bsl)QTPxN%ZGZ0rDGl>H3+eOFXY{ z?Cc7Ugyku8v_@ie6-#=76TQ0km*8&ZvnwbZTrMN24?j1m2xx~@#3R3DqS`r%FoGAK zk`kM>;J1|YWp8k>J6I6A429b|7(k#`vW#I#fyT<{tqp|m2HnU8OZK}R#Ns+7I5ES1 z^wcR*snAG2x?z$oBBK~lxjH$zZu2DZQdA)5&4FJjwU=_m3s31K@@c}-{4uiyW=PDK zf-EXG?L5Px?KZ|_D67plQ|n4hfj;nPGX(WFpmcc=d2&`X8^R*UrgPSHadAhFFc)nl zQS2idZZ2rmVj_(|oJ6(m8eTizQrcTqSt!AVfv!hF1Ro3#ULQAi?_4NKZw+dyRv@<= z8O2O@2#&DI4*=bKC0Uef6LqpR-{{u~a+@g^G}RJgTdz-1gX)+d(k+twoE@aLyHRf5 zS(1*_#tg}8!LH}yZR0*k1GP4Nm*lLcN$8XX@Gj&|wTU&{J{(g`j7MhUJJ4AU$92r6 zj8~k3aBHHRlKOk`v&amekaoVs-fbh({in+hAGVPr{}^gG5WQ$}7JAV97w{}JlD7+; z7d6D*K^l(L((Vp|gBLiwZr@Vwqu(l%Jd3ye9N|-Dw0;EPSnegY4qw}p`t+V3=((2p z13TC4FwhJGDtY^CE+;_T5`Yv~nYobhigl-zN{*_gnyMto;o^|xMn)V~C7JGpiu~%U z`Bejb8$>SX$Ti673+k0f1`fw9bxA$7(z%iY6dpL8PVJh2e4llYDwY^vqGXQHMt~TW zOHQ=$qLMm=C{$T}st(-o*tr%Hw{zptm+kh|l{TnEP!tHpLX6Ln*e#{MI6SPb zIH^;7=Mg^k>@B5-u$QaYM9UX7Ys$@c^rP`eX}tDvoyfxB6p4(UGiau-D2`0Ck7-vQ z?;{8g;o=n=Giih#SW*$A-+=obd%oc9c44{)j9489%0r{tk=bp>{RGDp?9 zM2ox7|GlW~8a`er4KLEN@55HS`k{x<@8SM%?p%b@BBCWt9n&+yCRjf;IK_dndWkxF zKR&^Ab?WvU4xpiCOvKs_N;_`ulY&Z_hJNV1o68q6su1vIV9CPr^?RypC)h;?{qM(ZI*{3fKzV(3yIO=APa|zKrLq ze{Ro9`;wyMAu)bFBm?_1(M_vCuRDuNxQHV5sFq&(E8fHJ#U#3((9)}VbhU=`kn1VX z%ncLctfkx2^jA#pwogcw5qpI;CTq9cw+jX^ta=3MiI5R5Gbl>-`IwdNtNFOv0#eRK zC~}f|d1pz%)5IcY&y+*zPoLJsD?hhAu?v9qci%Zvv~n_^)jO*nxzJ;KQkoz7#CpGo z;D5?)7}RVGf+Z&IbS;R!&g*WOb0RFB4j)}7HwW!%R@Xh|$SkY9Q&S^j=FR|CRt&hxm(KCPL%v00%i^=LfzvSIek%3YyLGSu^r$I)6FM1;_j){B3 z$Y|4@>vH*CN>D-Og>E?In>Ni!-_!?N1YV9j@Fmgcxt3!r2RYQ;i3*vJrUf(Q6uhGR zgX3#1BT>VtMeJkaVr9&`-%nC1>J+LjU!unB?%g^Z(%wABwMaAO*^e#@BnZlX=tUo5 zBP2N&Cs8ZrzA%_!BQJv)Qqk3j9Lt?(*hdg(WE%f=vhi zIO{cDOGAlOrV9Kdg+P+SWJ`h^Z#d7Pp5j6%LgzDpG}n zZcii=_gM{AUhdUm7n@UD6I_*l5w9Ya`H9>mb+F;cNq>g!ZdL()5uG6(U$7y7wb@rK z;T48pY)_4qn`>s=YsY@TNUQWp0;RFEgt{7sIE>YZv41Y_1B>7MvA0{qT%9bUt|T`j zrMM_a74r@%&uAVyI75t^(Mpw29%*}-leaD?L+YD0mlU0RV(`e(Dx%E$IJGo+BshY_ zDQRjXD`|-dLbIaRGtG-IT1vZ<5OqMK6qr17z&sb}s1U?EC8gb&C9l1EH+E@qbAx#Z z^deBu=CY$-P%IdfL>U4Itp-vAR>(r>a*L=dt&S2bc5yg4b@#lNnC9RRZ?xFjUiRW- z_^gH$Le~wO);@0@2_Jq>cE|L4xR5^jKr{auH^0A`(5#30V3+^?qP6_V^(PHo6aPPR zMPC06@(_54GMFueXKV<*GCH2So zqsAhr|1I}ts>0K;bWxPGR#H>6;cx*ml3Ie#lX*oa8#*NtI4*Q$dBK=hFd_qDv!ccdk!;rh=1357PLJ8(e~2+^ z5O<}p^gc)uQ|C`lzh=(V@roR){$FgpWmH^2(=8kWf+x5WU~qS5f-|_gGq}6E1%kU1 z+}+*XT?Th|*US5@=lSmYgFe*7Q3!DcFpOV$OkqC@1ide(z`se!+_+V zC(d_o+391QUX9LH8$S)ub30M`_j9-Z0dD2da6`p2%E?3hcVBz3rN-OrjP2)h6YTVx z(Qjt(zU+9vrsX>$)i^2fHVvcoe2BZ>ELK7&$&Asehv7jpfUv=D2HUYhTU_|pZvn^6b(RV46Gzj%LAM%phHd{R@N zle^gTe3aD2(V`wHJkyCB7h%LAv#+d=hmCl{b2$R_U6K@?2QEnguqiWrVYa&~^tccv zkdVN)0rC(s8gOv%>_M7sv<&dJt&^`w`91wHFoZ|3Bt08vdAl$>K&< zM16*8QP{aW$5IguFyH&OMr+S^gMplXxXwRi-_ElATw%=1U7n zC19By9sw}O1p8MT0FZ>ph?1xT$}b;b|G zJ}dbWD^wXTsL@b)toaFYNE4B$njvO1p6dQB;gy+2z51WQ;m zB71LN(@b=5IiD^v7(2BNa~A|pkz#`!qpNQC+ntQd{%c19*3~lQG#2{V5Mx5Hm^WcX z+@7$~rT-ZkZaQ;D=fjw`xg_L!4q(MGQC83qONCF>9b>=kCTlrps40$X{PuK(c6+wU zcptJqInU^t-41iq*^$=(#x@U)s=|n_c_cSTL)l=?F;$QuyWY@nH=J&OjiW-&6k4x` zC0af0J~5XC95v&FGAYHs5_=cleLRx~fP~)&E&h6uO27-mIeR1)78}=@PRHgb} zp4hHlFjY25ji+Q4b_DQ8f8_>JmZ}WdF`)$jA%Ht=-W+ znJL15O-rdsdq@d@WdCt8R?njZ@o9MH8#i6}qnd13tu|o^s$74q)cA$-ksV#mB$DA9 z4X??Lsy$rrS9#h#2G}lnsEFhny>+$P=>^6;*G7+J9gpq>Bqfc2%E={kuIW7e}!BEm|L7|tvLK~m7Ajh z*lNmukQ?j|r$04VYW8JA6>xYE3&_2~&6jIS`f8A7Db47*CjU7CWMg<04DIA0JqgV8 zp6b}C-%y}#6QKlJc_atMVeZAore80WF8#+72CUz1^o4~@uexOjb%x}k*{ z!_B0P^69FQ734=Bb@MPODCQ3FFSis_nc*~*lV#FCSqR*$U7)1n zR=Ml#Efg2?d`^#M=&fijuu7_b*H!;iQ9piuF`4pVG{F+sgYJF`8>4A zk68UN??ykJdj32~5iTtqCsFv!+{f=JOm@}vLpPheANv652fK$*zuRHTCyB(NGE+be z1!C}C|F%;$6%|qnv0L%6j84lS4)UAWZ!-e(i^$_~upna#UpHOe9S@~&<7n8% zZf0(JG=%B*hLCRoXv7|UvS12~l8dP>fM#{%-kZ(6NN=9pQ$K&T>~(%|55S1^Y*NJYkNu1l)u~Eqqf-g6W!) zLVBenoTF?5o6uZS6y$J}lu%t4iNeCd+*!<>(KmdH_0`@Yg#nJncfe^65sC>1K9fAy zX9RQHzTPqEfc01cAVd0hKac=e~poqXW0G)uT7`a3fVLF#z$q)PBn|9YUU@d`tZ<)ZcrCK!2l;9ZBuJ{96I70%%Z&$3_T|cfu@4^X{#9>io>7~Sp$0JQbcJ>gc zpE;pgug6SWQSRUWg&7`2bEU2u$dn-PjO@W{X9Y*G^)~f-X^&d$fV=q)X?$37>f=h{ zwdo1ckBH;NVt5^q&+&D0Xb)&xa`1xe{PMDj*unIfL3Nqi$e|cB>=^u_U7L5Y8uI*E zD*dtQW5W;vvWEQBtPl!loQzQvv#Xg&0Qqjo`S!>mJaz_~4Tj>Dv-yIMqBLB>YENQ1 zdTpdg6)W=FiGbY#?Z14Tf>r_k>6M-NitTG1DqUM09}^U`U|etMpS!{YQD{umDmDwT zl(UG^g6gnJbA7o9;21gXPOyAeYILOcu7`4%pqwQEftumcSDh~A6_?Bl>`K`r-%!G;43^*zNc@;1}Xs`G?Qj2X$TNh_K#Bu3=vugr@k_|OF~mC{SR6F;pO~4C_5(iA17KZ@;h`) z_NHPj@{6Q03!aLX5pFL@8Q!vONc-6;iMzUC1`UxfCbq51z8{rZ0s zxc^PR{x8}4-%tM+{rWG&`uO_)diwvSY8M(Pt&12#CV!&ak?3@ICYtQ`8yA-cTv&Wf zy>Dd7hP3G%zKJb%tVvdO_c%C2GT<*%o#?!SD#IB_+FrwgvH`%HSBR0HjZM_r+Ryx3 z9Yb=msVOV2C;w4^l!fi-3wI?bU;z8%}-=htb=TC9w(*b%58;j&@fmCA`C)$kE?V|Pk^td zZDGQwN%bI?!u0vKAE23TY3Re&$+2E?+R1u;54W(lh!M@B19Fb^he57`BNopKPsUl# zh={6y!V$hR%1YX>gYW5yE!Z+I(0eJCSp(!)Cg(;pWaCHYpbLG2@oy&FO_8V87JA3? zv=*yZTou;5gS*j`F&#S#Pkou!4M3j3fLGW%!c;KW#Ah=k8M$2Y1Z(@X4FRekWMWQ4 zWPvWj&5PZ#>!4#~Y%RjE^1N?h$+#@s9@~Z~&Doh8nK$#a9{c1lSP{4#^Fd}i zS4bJIhJ>d%dNj83K>zV54u6=8y_O2CUzg@fdU4TrNJ06rNgeuVJg5h`rpFVDc6K|( zT#E?xb{l2vF2}0ua&n9>R*8@U;kAcN3B1G9UslOsX&$k(!7a&Cw55lrJg>lvJkB>* zZVP>b+VsV~1Ql&VNLGyl6kjtz8wZS6RmcNX8Yx1KVzC!~{vMX|**5s84OY8bYhbbIp2Z-8Yku|BmB8!aGutXh z=9iA+#IwB!ia+*RKX01d1c&_Z;oRMp+WiZ;F*%q%$AVlzudz+h)ac#{oW zK^(Qc7oLr>zrlQ!>_enMt3Fn?>+usS9UK*uqC};g!!Q@ct>rV$$5KFd!?YP zrJ)>Ip&nRvQ_La#p^-B)%WT~7zptaz6s4rpFzAN5#R6b&oTj;%K%-{jPNST zP>8p}xn^)NU=)0-f;@viMF0*D&bYaGd6tG%YIiY|Xj|y!W~`K?E?I>^+M;YGm@i** zgyJNJhwW`7*e-RE@jv5xTQNc%S*&4CebU;OndCzkQIQ`kDa_(wM=zktl0lrDTANVi z2=e`#4YeSbny0S;E8uDAa1;J>ivJcY$Jvok+xy9~Y{tdTkj#&(y_MLG6m=vj8jxPJ z=@s;4MwO0U861NiVruOc%=SsB^7v*CroPk6)`x9SjsfeBRF z3)u`)Sv5KS3~CXZ%Em3h z$MBQST-YIGATq;gDx5<43%_WvU1fO0n=LU2el8ZIC(LTdX%%+J2>tAy+#4yHsZV9} z%aw_ej+%7gJm3L9^0n;-Irz^Jo3!_5bR|-7L9-lbY;qMJR|^bQpAa#DkTP4oMU7ZtK2_bTU8mKe%!Yz^}p zMPpea=HnF5k)bEa!b<3gGBK`bO`j!u}kMa^D&B7vSJ@KjQkRxHMKT}0g&6e-bDpl5+ zx@So7Dl~NPVo*%^&v;E+lB;3d&eN2DCEj`6(B(J-8%DoUz274gTyz%FvbzW@IW0gG zC;l&n!b#nq;3re-a}o}NY*%JVii&KS0spwLpE!qEEx_L#pU*}GhD)f1ZnZtD$3Fha z>&HFNht;x7GYwQ!PKZiB@{@%raCe+uC7V(WQ)P+Rq0eb|s$Yu(#9qi!)8dl^INCHS zFzU~XI_!}B2}7P<pq41&?{VJJT+ay&-Vp*_*@48r~0 zB#?=p1@`O(XK$bMu-PFg$2djq?|m$z+Q77u<3o;rZQYnOW<44`DZH|5e3r-bJniL> z+>`q=HmvXzDWNdyT-?rst-73ud&>bfj&Xm~rBR}sg4Un)B4V8xKBl0F%8m&^rDc|{ z2B2y4@|<}>!`zbavuIO?r9faq+;FJCOA5%sEzI|fAV`prW=!T|r|$-u77l$k5Nx|a z3`YeeQIxY>4G&X}Uv4K99GIQ;jMC zXGTPL^&4PB#L>WwP*V=w{nM1|=p%zR<#tco8~=RMt>51-0M53|T1%51oz<{Ge`Dr01j%(c1cq~0PDf@KdWE++;;>Bo}X zI3mW}Jb{ApZH+J$Qc8Xvo$KjZqy(H271a7&#aOhS@BKwLs=UP;h|Jgu%jn(r*>U_^ zI4UJ95jF*x>zQ;3$fevA8_R305B10lq5-MQoz@$oWa8!4_?x87Y%LxTZ zkX@efPKfiTCU;+8$|@%W@~+9qoPSqH&c{C^h>DdUyuEW(kilrz9`EOBN3ghiOJX<>*}Hf;d`TRanW5yNvw4dL&tQ z=*29Q$&&*ewiL_X*s0pln;Nw_fa*9Phy0-9oRN)wu)SENyFT9p^2}60fcVQ5Z!jU^ zuyOPVhHnC~3D#}=WH0@dR&oRh4Mf@o4gyOdb!AuuiF{pDhEL>z6PutVny47FV*9CI zSrXi(8};Kbz6vtf-DXTQ)2?;`#HY zBSb)p9V9j_W<&y+@!MX}o{=*RILNZZ*hF}O(i)O(8_Kh)0Qdv(&KTT-(Z(GkZ#SuG zN}K)%42kpzHWrsm)c|~9rlf3Z7sjY6##`d3~4!xvZOa zwtEdTbFb8imtC?9t!(@x4pa#zbGOhI1_wv3xSfBOf^d9hCz|j+6b>DHwoql5$VKzVpcF`)WQClUj zxjCfWYuhKTLK+_^wD6?pEQH7-_b{7!`MsNmF6rpD^`*K=9-dhcu$4PfTcAd3>%Do;#b8wsnSQ+hCusUbEHGP3w&R}tvAwaBHZB(bumsR5Wfb)fm zTcFOOkvkG0^6Mzy9q%(w)otX}h8xfnAM&^sDWY0i`Mn`8cH1-;;1sm5&N2EYD~l3k zuxK$ad2Vu&-8kO}h)<=-Hlx z2x*NYY}>uzNU+JUrjxv%{a4zngJ#RMUJi=rsBp|FFU$e`?u{$w`lqqpgS1LsxtGiq zo_CJwTLd0fh)PN!&Owzggi#&JennY-Sxy&wmZAYE`M+G@lctykryS_;mIp2qJ~e0i zRf5>STCMBtJUC*x%^y8%7ZJ%G< zMSB4vQETyzz(6QYCKAlZ%8H`otmLI9P~?ED9fsX?f2s-1iSc?3eU$1u!~J^er^GLN zoqS$5uRk*1kIB`v4)WZe-v`!j%eT(lU^Z2`&YD?HG!-M= zzQQaYi3R)KzjwyH{}o#$Nwj$NE9^5j?gq)n356YA{$d^{PAF}O#~qeZk32DYU(z;0 zL&OHk$&jgWnl{EG6Y`!wo=Lp2-(fHm!7*-q>m+TWuG>p0jT_C;1IK1!sfSyW=GHb2 zy}i3pj8bBhZ4qP66?xs{9nRsTJ^avaE!arksz%w=TZ)IIm9R`W2czL%g)GsR=0gU4 z*-t^Asn$ewoBQn--MzLx9m$DEk$-68=T7y(izzMjlKO(=uGf9|4gkEG{gtR8)yj|w z%VPcfdw@p!J5|P{O@e-JK)*ZrM$xjlJ+Kvg6n|HA4;AA&J7B%PwY-d*(*H8@}Q z804@d@#yGW=_-ZZFAM+d^~O?=M@lnl8>?)ZrRwiMz%>~76F(RdGLy$VyAt@^JaIYs zmGdE&h%TM8t8dMA%PlNqih+|I*q?KJB$mn91MmG#RnBdly-Z>t89BYoBrwwBJ)WrY z5CRi%@d9+TnFw{I$sqW*J8Ifb6Z53D4T<)$3Z?{i}SsfcC z4T{-N6W8;RUY#W^nDT9WU0Ieb*c7jLI_>XVp}ZI&LSG<<1M=26^tO2BT_ilVqO2)5 zUL^ciDm8A`Wj6$bhTykV9-D>RxJR@by-E@VfPF&s<6R&aJJEFy_{s^11P;=oOG7)o zMD5d!ZOgom7?cjiV)0$lc)z!0+FOhfpHX0NB;udP}2a z=c}5s(^=0=5P_yvxK7Bl`vv9O6*n+@>nYGenjO?jB9x0_)ocxgJtUXX;1x;OY9D}z zTU_LNUOV{kcdyEA8~Q0>z~u+-UV5kEAa&hr}U&tixv zpHvg)F)`OBA;Qxgr_?zNVUtZr**O974Y6zc03UU{$Jz{~iSgfu-(L$fI4>`t&xUQH zx0RT5&2pg9_zg|)dFGygVdPsl?61X91y(QEXt-9k_3oPh5r1Jdj>EsY7#!I{&6 z$AyhVh!r2OrJ#MHXiphqE-|X{febQ!SlaxqXQie2hi$GK_q{UKg(n12HH*3RViu|U z{taq5 zCpqOB>+0G6gSI{_=uAUO;+B%=)#|Tc97;h;H6SUH{GD5^!-Ch`jM=uA%k>rVjtoh` z30n6j_^%c~O*T$sIbMNKU3))M=hU$0{Wi1F8^kvbj)Ld*9tCzheA)f`o+f;aq0nkf zE|qw0xTYW2`J4Qdgo>5j=m$@Ye?I&Nhwu&yzi#~&(c1l2RNAJv5~0HF5AVRUn3fYJ za+&on+NqJXOif*#1HpXYB6P^X_hti19naiohq-^-P1e`)&%|##6NGxE_5ABo`w#0A zt;0jR-jc!-lo9odD{ne)KH-5#VYv|&GLx=*KVZhCna{fh8a?^xh8O+Vok$T9E+ie1uz=an~R@;NR}3zkwBd)eEYL;CU9jW{}M zvzeWosOj;(+ds2+jF+)m`RzMjblY237G!1I-WiUwL`J_KWL^dun(8KPy!64=#*ly04W)yedHVh) z9zV|Oynd#JXX)k@eK>4b@4oZyboi6}>y+H7<~h4>Oy`A|ea?uO6!pL;ZHoDs!=W{@ zmNj#KZ7%*H?B}?}BV`31pMbO;8RtHdy%8WbJo6ooeJ=M$dI>&=vc$w<;**V zJYjz`cH$bj;*|WR)A?cVm9-INJK!S=eqEc`GYz;Z@XHVinXlECDmdcIW;^3>qm0)5 zaJV)4nNUNb3^;t4`Qn_hyfhkmWWkg2w}dNu?Aw$smgN+?YwMJ#es*}7cSHQy75U?K za6&Bh@kXclM9p*AHVYVI#`TP*?Fi@XAVh<5R#H+!grH+|^Hubqa?kc2lWjUGhiR!k zHIvu=PyUI(6|+(p7-h9pKitpqN96H2?MrjCW^rJA>0oR22nn0ybr%_3n6b^a z|9y4wXx~mA`{UaX{5h{l9~+7!G->r2q<2p^Ft>2~Rm%ND2Fd+}=km zYOrz_UQwMj-8FdF;Cgu5u&C1!SDp9PghUiFy9HIcWP_{4OwMR_z8gJO7ckL2JWpcD zfy;h<5hQX|`yJmsbMu+|PC-`wx5#Duu2I-FecPa|JF3q6v?U9eIzYYt>U80x=|;p9 za;Z>%OTT%%{)7iVqhCwtl9Ac|NM>CAY+zOjh)xEWDU;l!!~tlhpmtPHTgnDkC(JnZ|xBd!C{KdcjIV2g{rq&l?L@J6gEidZ(=#| zW3%%)z{iivMYO%a89$}dysvDRmRzA&LAquz)v;tod1*v!V}a))ROK>#)WIB&GuGF$ zS=TGgrD-gEzc^8aoZ0P0coD%S%xQ1qn2!_IEY}xTtTneDJRy|amx(KbB;Foh-7Lc9 z1vOm!zhGE2hr|exb0eJ;j8sJov^NInm-yoY*Tt`+V-;u7rlOn-RWki5bU&L9E61dK z>B={L$gIHIzB+=6GhD_B`HouUkg!r6(kuxR3-iXU^K^#9#n+G|JVWk!m`s){`W{-b zq8>=jHyA>@z8!|;_83m)z1;OTH&?dS=4#Z=RPh~Z{6=KT z7}|ud*8h|{f-x=Na-2?}KOTO{;-;L0<#wcSN*T$@`|qk$ViJRe-)bWEcZX@lxZ!EU zlA__84TplLl!TCVT9OgCY8n#ikM!eTBh&6}RxyBySIaYd$2oF^8n-fbh0fu*tF#_4TzIXDS1$~^9-ZI?KkVCQ}T-H1mc$9{B&;4Wv1V~ z%5rOjO6^-BPGf;Yc?vZyM02D|E?U}lds-7)t)|d0`C?euqZ*u|F z#mm2VCevz8=VUn7@-`frE;HAIH{w1)>~%>&frhzUifFqj3bd5D=y9@gTKqv0!q+=; z+6jo4u>Iu3Vk$eaZo+(R?x?UCKz^A$J2sk(+5IRQ^MySa5cR0g+S zN@7%~3FsBWTN_a--G(a~4(XDAzj2;{07t=z|87a z$yOwE+Pav)I_)4gm=Mz25}djma^z_(2WsaEimv@h8<(0QHAmFCd8ib3!3pWdnh%>NCIgdh@Uy=~rgA^ME$tM~(1WV7bw)}Eg zJCoL`pUx9r_3cfusH=>M`=S-J9}QKKgItB@Obn9AFh;G`VCc;r; z%*~CQk?$-|&bd61l)$fNNV*i_gmktt7E-U5T`z7?nD|yH;MJp#6S{X)@MOq>kt7-R z?R#Juvi81>6kVgaN_F<+-(spH-eA*|LW7y~5ejj~EgRR1eWPE&qD>z4@s$Mm$Ai*N zC*1rHn?Ek#KUtS0=lsfrnHf`n_Nzx0#oZ0Z0{KeapSOKY59Jg;%BLS$FpQ&*och)CyfvZ7kc1nirm*>DveptSxc~fpEZnR;^Tc_E3sNtq2qj#f-01MZp})-2lo6Bn z1@1}a=--ynIBM^JKh)(G%qR$%z#gHcv6bdZAGBapYa>QS37nz74bxm4?)0(>H58@A zIZQo)c-V%z06*o~&hBO&`4zsaBTQKpZLt(4Tr}(;Vg1(FJp-5}@51EG!f^+a&?Lrt z7WuqCeG5uad(*P4z}s74p`f7ekOj@hm@sf3Y<=d&i85P0uw7||6-iuZEa(2AU1B^^@}aiDX=>*`uor%V5XU|AxJ&PVhSbn^`l~u z|7f#%^*}K8RM!DtcgTSU+nT&gKExN2DY{yW9>-1kljw!7%(W_P$+ft;!spTaEU%O% zyx?u$KCOx6w?Q~mOxNh_w{3ph0tBZg`7`bH-znQE8JsiS2{8fwpZhgydfwCzso2ot zH!C4V?i~z_wCHNpRhFsL{h%sZcu0n2m{`os-@{rX@9VR0d8Z~@%BvMb9TEG&8c3}a zjfOy|3=zNS%iXEm@)fmB;~ML$S4K+X?9Mw_c#IrzaL^Ep zMnD*0)HqziNMO}Cq%4M+5OuU(VoNa8TV|_{2a_dq>eqk1(tEt|deF}iyVEoFNEf`iaLX}#;N6L99gXBnw=&>EIwiud32`lb3Ubtx$wm#=F!>Y+m);ce+e2BHe zXdsJE9AyR0RokN!<1uF9HN1_Q%O~NBY>WuFOGJ80HOKXp4qGZbevo>LC`96}PX_ka zPN#mjjn*Jm6<*QJRi?0@d{ui$wb8z>Mosvyk@~9JZ&O9E{eFz#A+jm z6_vlCnrc0wNZ4Uv#Gb=HO=j}tYW{dygr44ca3!te>Nh1}1wb05nj)=s*!%9+6QDEx zx7Xgf9q#p2E7+)FF9T-vqZV5CZjM%MJ)+I^GL^;Q>eFEFG#CKsu1$g; zHpcy$P-Ku~zsnx|i!-tOUY{Zo^Ss5;FVA2Rr?}KWovoV3y_h-1Ze`^>>ek-#0Noz;7U)HA_jXGG^$EWtv9d+hY8g6}-}%`$#7^KlXFjJCBwbfsZW2Php=S@TX? z9bmb{5ySHQY>B%s9by6Lc8cR>tU2$MAYHoPm^iW>*EY#MJS+NisaHX1@&v6Yc^xOfB zUZ{<;*V%v}=vIipo_yBZTu;I*(ebKE05VZU&tNBmLNvuu`u0+j{hJge$|4!*Uv_!z zvsZNZkb9yi=uFP#Q?3v$MD!B|-iP z=?U0*UfVoJ*(f)|g~h(6M>P=EY(=`&PUbz+aqag0qE!{sW48eEOjRji*+(Dy`*Fw4 z&k()4C-bFqE${1^1)bZj(#hnqbwg9DS1S#qm~2LO9R-0Y2gw??E(EC&|rUpWNT{ib8kJ~xEq zuXLO=hguch4-*$r;nY}?k|z#K^O`s>YjdzUwO>#Zo)WzTk$&`puw21O`ipYd>K$mXkGWAKv#o4* zqr)Ti*PL`h5r^<`P)-qFt2!CyEYF$6pFJjjaA9<8UP80{Mjk~rsnIhdq3V;cBdp(< zPR`8aF!R)$(6wqPaHTpBN*tJYueEp4Q`)SAwdJHiuCS&)4{Q&?Y5UuTiI|J`t7%9P zTqUEERa6(|gT_x_y)9`^-^3jbB2}1(v4Ed~I$o+~2$ZN!!p8lzUqMW>?%gxii%Ua{ z-6(e4cYNa(bI{~vRo5`ZxfKF&$rEE9Bj?I4slkgGMnKN|3c+t6;lO@2M-gm^N91c`iQc{NAWyB zTjTTf+{Q~3iuKv9xArf=FI>h2%aU<7O|$(Wpdm{Q{ektJs19)ovO11t=bWf=W0H)B4VjmMT z(ynZuF;o*JFw0!i1pj}oAQA1XeH6K16DMqnIfb>R!?h}-l){C`e4n3aQ^wh2)l>sU zaJH6rkxq2|B)bPjF97PT33W0`ven1jFS}Vr%^9lV!jrw*lnj##6C3|9Sy=@4qy8Q# z$tY-ehiASH01e+C`P!?92M@+1R&v9Ft|r~Xoqi(=4Wbon^ui)#NLA-@_%N-G?7}Z# zt8CNI{>_n!WQtn|8PgcZpZ=!teip3Rves1{BX1TubE8CK`1&Nmq>XN_?*q#$5k0W+ zbw5Djd{vk61)YTj+^E&&N4}7VDodMRkUwbtGc?HvyiBD0{#^!RVDa_|NxfXtc+=i= z`fa4PR(oq25tzpxI23VR8}=ZkObYuf0N6rdcXvBD#qB+vnDM&B$YEY<0zJ2V)e@l9 z?j@c`#p81c$tK0-sg|;00=g?$@YCX(@kUx$0S*%eWhP{!G<)^!ahqa*(sE+EcV#6k z4QM(2to_U7lk?0%<$GVhd=e9(gg=&Y!UKZr?V$3A@Xb%iU}O*#>dc62g?+(r+jj7@ zZSa)y`3I&Q!(~LlJFDS41K6#e;Ulz&2aJKy^COysmERQ;W1{-8CyIp3<}bjuG0yGp zB<1yM`u}V{o34vCi2+n!=hpofygRuo+9Gbd?MusSqEptz42^vPBQ3M|&bo)j7?`&= zC_~?_%v-=QG?abo9^v!Ui4@3+D2fFKe4c?>zk`~=-y5cFb<(P5mBsPeY~sh|{gWif z7VJYuR_{&_=~*Q$w>{)ZSWCUk(A7FZS(%5x(&TcvOp_yN=GC#OV7uXu!t-h2ODw_O zcadpkO(F}S@yGyrxS)~VBOHAjU7sr5INiA~)iC9DM_a6Z>abpQot^PLwI<;_@`ow0 z4xnOwGi~0@%=DefJn;l$Pllzjx_q{NLB~@1>3{FOlP)9xV!HB`_Ws=xr31?Jp*y2x zuIHrhUnQqpPjURq^I9JkMfODVn_P}*cOsjeG7T767yCn;*Yj^thMnT-Be2xhbAWx^Q^HHqF>G;x8da@X{r3)eI zbIsPy7Kqgb8yZ-Rq>WgLP5)OiKgv&JxPN)dms<%KPK4`y5L!M2rS1!nLUko^L47`R zwiVrlrk>X8JM@(xX$B?G>lH^|G>hTkkMs{O>O893w*@_%Gn~eli|*LRqSMs7=?VR$ zFhV)!DI~zu?@6tC*iIoQDjK7y2z+Iof8U^hsgJblD$5$gIhz$=OPEL>H=YQansW%q zIdygD)1Mw?>L?BpV({%K54san;jA-eU*!)EA%a(7@X=8DJ$(u7f1rS`$!8mdl-KFv zjro=*Q(es!s&TeAJM?uWsb0=8nl{YpDantUf1uGdB8U9L4%-N4(eap6Jfp>-=|%_Gcw5v%>9iC&ovjN#e1jPj zfXttZFnA^9i+P^${rOiv15D(~w$;Bx+>()!^7q3ks#>|7aS`+=f(z>{BZWMw`OkE@ zZVVt(GI7YUOHr3o1#QxO+ot7PCyDJLm|G=t|SIf zi4t0TU4xQjyBNrJk;1nIeGNa9&|GNT+rfs@%lRR z=SLak{@yMD9sZhV1@6-|^qUWimZMzt7D(BNaN}qy{YD3Ii_x&323Bpx_*}O?@wzE7 zWzo$H*?RrPpctk2EX%`^G%vbIaN|pnYpE(^*q8cwi8Z>jqUWMA42aR2a~v>&QI+cz zu&okVZGUX2nc}x4JyY2l?c-g)Qp`GfYY&5MS)D|1Y+U*v$3{!rXH2F0?N4x9VT{1P zH`n&|H&$u<<)KAVWGblq0mGwAcVALlC;*Hz1ISe>^l-uL!t-`S@yQUZAID0gr?*a2 zezwkEu`Z;5=9h;^WA-OHsl$&n9j3``m*E*Y=K%q0q~&|i7yI#s=YDOJ&|sVOHg}4q zLeHm?(zi3}Klp3dFf?_i#xn*7f?FJzktn=hM){b@C!BE@hO zGjn_X4*q0)UbwT2h?;MYw>_}Ae~f3fHJ#bLe)`NlOB|=&g;OHtXQ?ln^m$uvVg9Bh zrkEl<*sIFhDn~qAR$XJfY|o00U`@1PK(CYOGMJ}kz2fnh#DFVp<&)hXF}hKw5Yr~B!L zKQk8bc9)|C9sXq>N6~AK1PR-wb)(_$-`W3WDxyVRb-s+2<*}vuXfrB&-lDnG5l+_; zvbB>m?pmZ)9V$%fm7C1AOrNneeG02s*C|w(0L6-(EsRaDWD~2kpTgPLhFZbtu0^Si zLyGQnxzX(wgH8PNZbdCbyz4@x+GvDojmI$x-vHCr94?ew(y7Y~<>^}kJ^mIrIFN21 z`#%1|5`;RC{q=SwoGDP}Y&QQRksr#+8l>KowhKS3d9(wh#q+y8F{ZHA|_g*tzdW+HzfZsvdp*$^e+Zt4w?lr7+_MQHQzH6znI~zF|!E znf7ZcQRjR6uGy%oZG-@}tGTi3%VH`P3-Ia^$qA(CZ_K~`n@*Mt7qs=&Va$6{L6%B0S42JYD0>xYyUjh0P&3A(lHBt8fTVlhYaO;rQ9qZn6^mI~h!wt6*x%%pXr%LDfi8J+ zQmuTz1PQ?yMg2Nz)m7%P!+O*coc}}ETL9IyEN!3>+%>pw+}$C#I|K;s?(RVX!Gmtx z-6goYLvYuPySu!dbIv{YzN-J#tD>k?Q?r-Mtm)PL^*3KzcIPk1Msm-TY03FGKmeWe zl4l@F_1q(F1I-pYTB6-MMHwPMQu#mJF)(HaS}6qwVly*$R!?5;b#TKDDYRRE+H-u% zX}N$5Y^=LOYhRn2#<#!~oy4ceBP{_Fj|3M|DGo4ZXJYov_hwq2Vj>4D==|dM=AxW_ zJy7xTGHxjAdpbu9o9P+Yh_^6uC;Vg&bO*8WdHK+)ucepgV)9PNGIVxRawuZOP(L4k zt@#fZ0AZqScW8~&638~i?3!}b(lCW{0aAv-9--YY37~6{ny@4GD##q6MEZTEo}9t~ z3)xodl6aibma*oy*NL!dwJuc>qDc46V2o+OGwtJm7ItKag+A@3sU^au+7T)+{Cff5mMH>W(Mh zm~&GU1_&WNiL1M|(%s&3b}lc0QEAI6V2Gj+IDUl)F4-0XZ3jWDJ zR?1`R_tRX7nmif%eRQfmsR)aC78NdoUXlij2oGvE=yn4+_`F4qFPkgW9U{|1Zz9}y z13u*3OICZ0sn|I!Ya&E2F`Ex>pm4&Ko~9t$y*{?45sNH7n{P)X#+VHVtw$wa-|AhT zP0Y`QU;epEnaKy0CBcR6tEx!MdLSnXDgL$oKE>(hh^;d}>B#XMNMzuG2Nb9>vH_{R zXRZ^kZc^T^?m>Xu6oH&#gyi^;>LXwyH?c~qGrNf|4r_e2>7+8QRTwzF1`Ks#c{0im z$)-s%iPGsvTabR+L{d^sBQ-CP42v2;2dLFX+*s|R&jNm`X}@wUhQXl`9>|kFeoj6u z^)_Dp&WJ&};joF+E16eg%t~!&z!+ST)8Z{!TSuom_gReP+lBsoBf!YL8zUhh4(_m4 zgq96CTNQ`B&w%Z7EZd4d1oDGop9xV0>DeK(Fk*g+% zGL13yVOl)HNv4F(6Om{&q_NA;!dljfAeXJc=**{@6VPm3sB~ z{XdN=rkv*x=eD%oi#XJnZG(CG{X^o18oKb+qS_r^JR_ouUnv8Zyg zO)18ao73#CF-`s?0$S)dw~5M>6crccG&jeK{{CLjaz0S2YHU=Ch$YpJ&X^6@ZBjvY zhwZHa?;k1jXi$TA3UBO1Zn<^gVelKF6T= zR>Ds^Z$=sy7nS5Sd)_8Fw&>jFxE&VqiV&$zOVDWvX|9Ch3@PKfZDwuWKAuZRYgAPw z#>P6*DEr297lww75Rt24bd}Q-HHYZ4N%822k`huT{y=v=DoTms{h3u}3md)%M7^?< z{1Vklo{eq$L9C8WXYI4*On5;f>_DzNBH}a=r54&i!i16{!b&^JBBYgO168b(!4OkdmX6eO$wAT#o4N$K6siRUTOeSLAzXiPcn=NEmEO-0y#f(#boDk zi4Bq)X+gq8g&l+|X{$_hKT4zdGIp7#Y4nC<7ny@cqn{j6HSYs@iF^vL@Zmo zq}Zhg)i0{bIx)SK#pVoxpRgMfF3H$E(gLqcJlJ zTZDlKRi%X7JYYr9jEAKqp>&E$LIssY3mSj?Ot)ZiXcXs=c69!3VT||!VtDi}_ z2`35zM$QW|HI!1!x#THQN%y}fseYVBC)TVBaw$Ffk$RbyeHjbLZYIsEg>79rc3HrZ zSE|;h9yyeOF-NPp++bJeItS-cy&L5|PVbOof9o2T0%JoKMYNQ0KTyxHu^F&z_0lev zaA{~tiy5M}IJDgZsHJIHgHDll=2jq-O=iHW4invvPR_#PgSr6}wYHF)6hh{*Qz0T2 zxstZL6ps|Cc@7mW*p35|DN^Oo9M}DhCBdtAGYboN(0zjRlcqAeq$cdJ1i_#IzJXI% z$zn0R-XEeSic(wD!zK9JE}4>Yke-90w(he(j2Jt-rs5ZADb2(x>fLtlPf}5!A2B{1 zHpd1G)^Dg<(F!%^cyFu<3Dl$%MCevo-{Cn2ej=c&)FmHV7_O&6S7qLlz24-KyE}hZ z$fxRwQ^W1ZU@~;5`bU?53xdMw`eev8jAx?AkRH6!AF%&KI|2 zr~OLP$6vwKYVl?>@(K@7o*0VhR%^cBz_Yq1L^nXyJf<$Z)t+5lg(5yb2`+sW{nWCl z_v*mbqrXSb(=5@sBV?4)ZY9BGpZ$3Z?Dtoy$tNdzg0ilwgN9H@K_q6zp6=9ukq}u7FXei%W z|E{PxcfaTrkBjn zC5;CGANRL@q6SUqLmD%4ugJKmBloC4;!E|N2TK)fLGbrKspmX$wX<+`+4~{CeEBgY z3nMp!*nv7QIkW$cKV1hwe%C>fsg-1F2!bRtlp+>O2=K3}985JcyjlK<6w z6TSRf_Yo{9^Z#nS#OovBTpM^uue=POe$hbp`9-)qEO^>B97LZ(_Ro1pJsuFKWuqOg zj(wx*q6{Y@rhINNLKvKx=!O5&g^2dz=dd2oC@wSEn8z*CmRIzT9>RGjIpgjcVglau~zbm>U03=WJYZ8$SzueO~f_n{}*KKKQP4hm9 z)&Z+?#_CwbbQ?gOZv+HSI*75)eM4cV=ii(VUBfgpP`%3QaX0Gn*iX+_%tPpP$~`yJ zdm#zDf6Y7r+~2J43|+o!CRH-`Ob~pn7$tfZ)XM_Q597TZEF-W9h;JUF1{)qdtgbIh zUY>%Y(y5zMqiXE-V8x9r#I;&N8P*1O>y&t+T6?10CZ@Sfe%iXn7iMVpJpTd;-$CAX z)Q0z9*|Nkt)#_hyx;wbAGdl$wg)~&VoJm#ODH!4~TM~K1OxTr>m35tPzDB&U+_U(- zj(sEPY;OncI!I+OaGa1N0*CwJuDbns^)#9kCVha$M?2jQ>UhpdUzUJ_w@)fP4!-Rx6 zGivbr-&z==mzVY@*F(OxX?(pWqabgO5t%Yv{_bd9pM(xBf#^Lwk2I_~skEm}znwY) zlXzbTap~JN=72_{m=f-(D+q4Q5rL_gq{1 zk^R!Lw$`mX(}v>IL1pd^^bR~+b!RAEYqw|$b`%bvcXrR-f^9K7t`9&dOuge;@)Glklpc=pD1jFfDG8mIg6(SZkbN9L+L?t8PD_Rgd|!}NNE zq~?@)TZgeXG;&wC+>&xZ?9ZF?9r9Ad zl8Px>uf>xL4EX$A+hNiIZNv(Sa$Z_ zbUh`&Oybh$xGOQHgbxj_ej#=?1o^L_Soi6d#PaJnzK^SKy$#!M;esACW5xsI6aiJm9g0b9{t@;X8j+CE zv*#02ot;tEQWIau$i5tFi|E}`(P59iOp4IN+NB&=#!0sY>?l+_t6*>A=f1SvZ~6B7 zIryi}(e}RAoGjLU;0hl$D&j`|zKnDGd=1wCho^zfkmFmPnWmL_#uW|})O)j(-M}YvC$-D1!vs1yWMbepR~@L5+ruS^yqGxH zLr-L3vdH^bOxig4po>BLqtLJRTJ4j1O*EgRq`^j3c2%rQ)3XORY$-srrZpNKfyJ>zq6+iy5Xp17MnxJ_r!@bLG z{E+TWleO2|yTx@|RO#MOuAT)}o+htIN33j77?BtU49uRruE9v=xC!PJr`U4AN9q9{ z0$~TDrZry*9jVJ{BLt+K&IFR=^DJt(Bq3p61noa2D^HZoRn*uYrV&+e7>* zxEQB)ZT%k1c|X5Kw^rurr8B$U%%28>95FRv*X$(91InmiX_%??65)ztFRwu2=FUA<_!uf+rjG*yCe8k8JB^rD- zEgHxu_qrk7aJ_v*dv#B!pG1&ZxcwgX%cq<&-%WCgdYe5gzl*a)o$A;^J@>Hu3tb*) z*)4MB4}^$fi9&bE+8F^2%{b2Z+HUY}ek{C&S-8Qx(xjW>357}cc>31L~=23Y4bed21DFlQw4gGjnE~B6}FGVe{WcP;e4a?ibJ&az7QiUrR^^D z$L9P;KQI;;qM!>n7#I9TMk2*h!}rA5c!m3p!-ltg#EL)id8orDxF$>Jbw%%D{C2WM zOE?y=-NFw$<&{}C;APHVA7Yey^>9ekAsV?juxL|xH7@pfjv0YUHj;%UW#CeViFI`2 z96N3rNs>aKBjk8^qT1sM>TufD*c#3Qj|`h!fAodF$w_d7vA*~@+V94%mIekr{p=hI znpeP3QMEhaib`;;f0os*mfsGgv?Pb+MEvYBdmMq4i={svvoH6vZw_!x39IWHyxJIu z#W5m!ubRL9G$QJ!Tugo5F$O(M~3JvW)+byRqcakY1zV}4T&a4bwHakX*h z^*im|gtw2t5p+fM(`?7iY^EoSAGO>dubkNgOx*OR_i`VsQZmK`@PV6$0j#V;z56I9X7Wx(ySWvV z6eM0Unu-J@>z)BJxwJ^|I@BSO(UX`pM_fzRdNVH-{IO z2F`)@%$p|V2O?#T7w3CNSK>F+E0@SuUo6lva#$>-ySJAnoK8I%$#O-m*P7)feq*!F z5!*bt6>(Z_Wu#HWeLakK$$R@6_5r7Rs{U+eBn z?I1x(h~pevg1)?QO+VnL%VAmA+L+l(lVKxnO`6~j8Ju?``MPF(zewv7T#vQ;d)&Jz zH$i6}%z+pt%0bV&=`CwKUCyuvKhD+w?%Y2MO1Ofxrm1|ltoYV%pzK~Zp6=TWhD(S{ ze0-1uza5iks)?*!=~m=FZDFXpUqEl=C03g4oTOVntqG#ghZ*)`RReIy^^=UT?2Kh} z4F@t#yw4(}^J=2>*~ECVa;a$iAL+eql+6Y*2%h~y3hjTrOYWD$VD$Ba%3^%x^Si%a zuh~2682SDq+J4Azj*;wE(~+rzCAA=rz>5MTWUP1#kpD|F)Y2G7WsA|400?ytO*&}tuBUVlSU zCl&IprkSh2>x8BH7IYA;qAd`p{s92XuiRHMmMO8;7Wnb)etprTiK;|zqChTss>%Q! z@`T{_*e4;*ZaFENE}Td~@eADdF52T|pI|Le)>AFt>u}s?bn`y9Z!$cAE}^DQlmZrI z<6nB1-F9e04r$RhufL46H0qt!QOKc3Xf`Cl8z)F)HZ(qYXbG#Gwdzvo^PVAc*3v_( zsh_n4=VT9~MS(WBJ|#kil@N1-shz7&$JPPFB-AY9qkuS8NJTk>K10hQFpug5)h0Bu z^?6I&vU@naW@$9|vv6zzuSg}~exJQ{neh9g(>qDD1&-K~Y)Pbg69XBz5`-ulBW|>k zoYBQ#5Es`R#7T(na5OTa;^P7>U&q$zwkPyJ@@kZeTX!TNm#X$k47tqrW_!j#Tk9{9&Q~yUD7~=g-1l;(3?j zPfyMkjr2Lb#2N*bWe=`2ys4UoZ*DL(;DhD-23caaN9EVvzMVM=TeLsyRau(yN|K-Qv}B#DBbIn(1Ecnug;`)N z?p5J*3Z_5dGwPOi?w5~f59M2wRTfa$n+XKvkkTUGx`?t7d zZ`bo~rkIg3_j`3(Bl@nCvG2al)k-bDEI({C`tFyWMQ^47$@A{|4uO7!IhI6UKRp2Z zN7!Ef&*Sqb2P!i-sZ&{vSgiVX@=4($oLz02K#6d6=fXZVr`_6pxr}aakPo;` ztw|e6XI^aUudBX^mXzdJ;67-dHk>wuZ~rTt|3AL?=TmMYQRKj}KjCL-#o*LGQxrmAWrAa#7WesEtxSR=XCC3_C4y zOT;%B#3dUM?R31a#KU8&^hLKT0P<#`er$9Ufzx&+t1dsG9}LbHm5C;bL8tv~qbR%T zPrPgz^=1=WmXUth;E5@To(nu|_jOel9N2J=ZHf#uy0?XITHuk@{1^lKi+wxH+8x(d zpX3Ce!C2<&d%xQzM}Zg}(>uq@8$J6z^X*BOa4IB=jxEYX4AX+a5e8YE?rPJ0p8GrR zJ8hix=N>s@fnAtgaS5T=q{D;kqjS`NI(Dwa@2Ci*{Jn>=Q6MG(f$^@7XDqDzW5csn zlKElwP1;;wUa_We4bE3BEpE44ga_e_r6mti|G$^SJwzIxLx3ckG)0`y{Ec2pCs&k+ zo*t3c?eV6J-eWAx8f9i{r|Of^+Vg_|Po!faUv*klqFE!+bAQiu9#=$t`fi%pR@_5f z6xe@}Y>rT7jTmrGf_eh%`P~z7Dc;&W(f*IK{3lls$*AY9)~Pfw3MH$wvAsGnco zMVWxzq6Bw7p=*+QdYDX(0R|>k?k?jBCa=d525(<1M*}dmQ_2w%8UTja`;2HZW$nuU zOx825^}r^ypnJk>sd}yV16-@_88ih`z0LIOY~T9x*g8t2sOW}3`gWgb(F<;QAkq#V zu-eoFQ+Jj`Q0Fs?vvUE?Db7c|ca<_C34pX@15YTM57orGtHzx}tjr5N_r`>HI6dgZ z*ymZ&9A9h$CO4TWt~jWm2>pI$N%T=~CuiUrIeUi%Ack%Bow<=sM6f0_R1<^<6R!AT zWlvek(*KZ%b0`Qoz^i3e9mImuNc>KZb07GAn$k!0Wi0jS%9U#SN1(L?Ckl*m6rn^+}tPtgpR&FsaS^J6cCu#a{j>A=zQZ7S-yR_ zQ`9W9ysVYHe=I!5R-<4o$~+b#Ls(eA<#kIJj>XsnYOz7l#jMkyq)=RG=d(M;1v2?Qo+>y;jl^HwlWGo;h zD#0<>D0iEU1wg`M6B3%bnCX)s z_8!xI5Lp-WyS_)eacyA#7kI~BP@%48SaT;^gTmQH`HMPE%1|I@Pd6fCResmNVEG7G zYa^+a^D%kUztS5gn!g@q=XtqxneD^tySWHpAKq>pZ+qa}MlN5S1NXsg!^7N!Cp9BH z*)lhUL@;&+OR@JgWX4yvo@}DmZ$9)!D=Cix>nHR^FPt4hI@8hje$gD~M6br^*()#& z<3#!s+2PJe3QC{55U^_X`;5x;lx1HZ9qLaOL|Sx3lC9F(Uxg^H=|(vD#t$E)w1-!& z`}CCh&7b7byfYSJ#S1*2VCGbF_a8-0{IwYd%5PKo-nzq`+ zuyJrcnSp`&5uF0Nsuw-T%>Msy0V>~8+Pci{r}i=_O?YIZF_(_Z($D0@05J2zs z5*XTNNNS(?<#Ma?>rh;DWX)A4^V+=M+=nV|eV8T&o2CP!mriTd_X)Hj_^^3jv4bK-gj${d1i{u=Gc>4K{R2k25^GU%!g zg!^6&_!PX&R9`!yW}54My=>7tl96#i!V{AEIasF-4N)WXBwgJN4M}-=dF`HhtBI+x z(~Y2kCn?!zb!p;=(!2Hgq)_9_u?Udh*gGS+SQi0^XV#k8zKJ%h3~R`YJQ@*~iYtcv zDRkpcaG6OBUW@Ejb6LeSyl$t&nIjhq!HDi{x)s_@-N=6TB4M?f?dN@rXh0^))5&ZTUyUW8V-hXQd6o0R8G84XItw8+zM}r zv+jZK^Cp*9S_!h*QYi@LaBOWsOJfFGr5*h#!F0B2-Sq_aP>q|C_hG}uCCLgN{egyi zYj5^=den$F2^fWOjV2-IWZ^K+FRm2`-u~Ycq=XA1aHM18C9;{uwpS;1D9!fvBjPW4 z6)Lhg%E)+OBZ_^$YPs6CH$^`Jiu}12OFU*U3Yn}!rWQzSk?&a9PQTgNDjCb=KKJbj zCI03kY&{?~mJ?x)3|WCh3pQZl=a2MQSFCM`yV+wyD*rG&t%3mu=|BOK$$k5oQpYhM zHXd0d#`FkFXCU5)&g0Z7;+TJ^m_QID+Zg}oqEN$;I&f-(`Il#Rp1keYq*3iiUQ$qf zbJ8$`1!v5Hv*vjvM?*{Naj*mIGollC*@pay!3N9})%@6%1GhVSyi4@@B#)F{n#=bd z4XGaS?oqSsLn3J9$?vDVSZt6iCM>ij`?5@V*P&W>5e*Tik(v-k0< zI>+}=W{Nt)Zh?o-or{Fw%_jxo4GP+gX)j3>6%Kb2aamn7iT;_H)mQbx7? zw#AZ`9jh+P#HzR#YePRC)z#oOg_pVIDY-^Vauq~PVVVo$Ox5)qSeD=ws^zwjdKshJ zZntrDMfC1j44`v+d`k|W_mshWWspzUB<7@r9JvUS!XmyrIqfV~;=xcxB85}}7iVOI zkp^@50vl3dL{ZaQP~lKt93I;YA?}-$p~bnMda05I-bI(bx4iP=dq9%mc6F4FakV?P zH+nGLiw=tx3U~)DhawjKY29lbtg1IAr(R_fav28q*PABo%CF~rNXNVOOkLSf0E-P5 zi(mLUsqBf|E|R*_S2d9QyC*Na8_W^NF(tmQwaYU!viY+(YIJ-7(gvYUQ^+5RO z;S0{WHO2wQNAS5lqfT3)8;Un&Z-3*JnGHR&ktqBWv!bzRcmHNHWfQBLTwRY!XJva9 zz`8V?O6Cy6##b-!fSS8~lsQ#6+xj`aLez+uL!QTRi@} zPu9~a96=%FUYBT|5CHp~DGESHIgctVk1jcuPILFGLj5twes1E(=k~&J;*@7_&8U2b zYUGQyQfOG7B=d&|!*|4JqT?TB$N5*Mi%U+QatomO14D`5q4u8fP8WLexVgB@zC2=` zqC&ay4Y{>9g^y^tQ(Xwa8sk|tZMPdRST9Xg zS&>_^&^xqy9zoofaKpwiql^ouq&+X{WQ5o!v}5LnLqe01IH|2JU3KO{$cw#m7)c+W zgc}0ma>U^@u*3|?tQfpRld2E*6>vR$T-z0R?yW@yN_3KX=!d*nRk064y(3&&y?$2c}K*} z(OgYUc`#W1(?o^WYF@7&>`<8NEs3guxrJ28dw+t!Msp^FkJB~dU$ujwpmFxk%uJq2 zWGvgL%j*PympOIfUTX)ohE(y{Oz|J`KYN)gfGqfv1$I32lU@OdOHLO|iu<7hDpWn4 zN%z`yd-4MH%1|Zxom+yH8IA-?sqPV>^I7Z}d)WzZey2Bn+qLW0_xpB!K}Sn8)tFfb zqoI`7XE_(z$dQ+Ng}3%~-E0U+?&;v}g&ho#=8?B-+lEOki^tNe+M;MCPOfdG$uDS!$Y+{)NS9^=OD8M-sLz+Nu(2Xb9oynU%2tGN z+Ik89^>`Nn^N`1&V!AAjYd zxpagzjOVCrS8ay~u+KKPu*fbg4X?R`3o~NYBmu96fGSCGafySYqx|Bghgh$(y~bVe z>>1cj9bkY9R&8wf2j)#v|EFj7CJe25h4JDgCQ#coau5u(V5M1e$WX-fU-4<;{Czfr z9so818Vm$O(;dUVT!rpF65GA2F2)^0(*FP_45S`X`O4ri*Btrt!#{tmEjuQ6r>oc3 z*MndG$xcCRuG0UP6hZp$;gA0!DgXE3zn2am{yz`@-26Y+{XY+}uoBBY2%#{r<>r!I z-`&KG>=>K;`9U`+EQB>pX$dtoHR>ODi7OKU8QEd0*P%ZSRKo%ubcjuB#h;P@b6bn- zU%zDkARn9F4(FY|bR(uFPc*_^S!F1HhCl;Q?3@DrwmR-_2yxgpfBn1T&^tm}BDBaRe6tgXm5(Zhy_`WFbrwfw%-Kp&eTV=wgo z9FsJ10vLrdi;IhcaS>wND8&wA*gAIhpl$=r#lMFSSkjuOOucn+&-fA< zEKKqN9_RWHBT&bumz4omF<6QiKesF=;zz!5cvI(osPM1jK`I|!SH&7{?mqf4^KzwN ze`WY5S#b#o_baT9tjY#pFu9Dmt!;L8mk{;-!GXzq6ak%uc6Z6F6%`FlEGFY$lV)E$ zBm+P*aCc9-xX^nwc1A=*R8?1>@DsV?Qg|8ZxCmC4)|}~Pl08-=x3cR1YN@N~hj(Zz z_Ir5_Mf4B#OC0#vKxZ6n7EEizFvTo=EmJgK8yMViY(0Oz%F=%^!7D1QB*TvaLoMXniu%_}JpMj6Hy0vMD4=VjRj}Ez+yOtNt4qkz%F1L% z$K1oh#)dp@sFilj9Dt^|fOvylcuVlT#W%Vfm|$S~xbU{!A=qo$`<$DRbw-&Gm?7MdR<2}^7(xuU^Gx>(U(G)I3vZlD6!ze0GfA(>K?Xq||lTKtH z=j7{nXh=l=bzA4V`*g8_&jk`v|5tY)w#qug>%VAWn^RwEkk^GpOTWY ze|EOl`TFvY*ourx&xI!SHQ~8ESU+44{erItQWG?mH>kpnPq7g6y5(mc^;qosID5tL{zw%^#tt z;r6Eo@3k8j@0jDSX3vV_Iy$S(q!@HNJZ~(6>FcB0`J`n|L45;ryG(6STnKYHI1i z)6AVav#z|03$<%iMouuAGPIu2vK2vu)khT%V^*n}mbuGUy{5>7KBMFNx%KM3dd4ft zS&ogL_>Yi+4|fD*Z&z>Kh|bj@N9xbdc*bvkt&qJS zlaa(2SqhKWhZC@Z-9+O_{W1lskbJa^W9#KGE#J*{T-n#UuyU=2;V^U$O$g7lTt@!k zXwUH9Adzd=S^IejyX?i^jR*3+uY<^oDh@=M?(1KNR|H%I@5t%}Uuo!xDooCfDyKBB zN}u~rXhV~r{LR0K?#b)EJm5Ktb2>iJTNS~Y9{4-HLR?J2j?eZQ9}_X#Iw?3%;aZ4w~j3s@Eg#xn(lCWZ*bOKv{s#!1cAxX@`SD_FqD zKObwZA*>Cb>2*Z)7e)H_yWmgtJS|>b5u{ZObGKfZ$m3W%M!Ec6#@rI^;1$#De^PMp z)=$exI9jNx`EEFpOWKguZxaZK7c8YY&9an|YEgukgZvuL$s?@o_r~+3o*{eiLnX^F z`_0=pmTN}u>J;A@FEdzXhNGd@P>Nki1l=j6*at-KN_Yl1EeCu>Ay6)m+A%qz2H%gq z6!T;=55jV96aybYbzWXPIMd?baDnqd<;M|^@sx%3L|o-RYal|As<+wYsLCd_FvB~R z==B`h`#kVYSyOX}RY7n}hOw=eeO|j~tYJl%?o%8l#bu2K=`U?BtUGN~eSOWOO5Z2Q zjAbA6k;=*sj6LrC;Bp{I-%P$?<`%qoo-X|sb=pCbu3w98+hd|sAlTkhaQV&ei9V8! zA5{nwBn%<@5fUOm=tDvGmG&rKv77>D>3S zkXco9=qKF9EJ&MSj@|F!#o`YWM~ZDLO+5}~!mub)Nsi1vWHXU0f2I!nW@3`CqliVo$|{FH7clD?qhx@f_NwdpCdOSHg@paqk*B}pmvmY7a2`YH(W5RJYTdh z$diFE%z~VeDjy~h_#V!Ls#^^+YbHPo@KM{L53}`k$!g^*N&q`T;8bjJhh;Cw==$cS z#&`(r0q$=fMIII^5NtKzmg_yXLMiXZ8#?4%$7ahRb(d;4z4J*@#WAVkrDb86Q=WlU zcp$qC|MaTJ%8InW^pOi8K3hIh&$yx1sb{;H_g1J(jYPOG zv9W<-HD3-q`{x}_`%K(#wTYVr0^#rxrExk~oC^7|4F?E&_q6e^~ZOsJ-`Bs*ghU-WDhH@xar2 z0vD}chLW}#JrWrDsIF!}70&MV24}PW% zbma(!IB+K>*nCxiZ9|?M+H0a*?4JiF(Xaca8;1cJs`7G1tn6JF`~ygn+_4{NCG&oT zJ%YF4h+{6^6R)PHUq=@VdO-Pu`9*k#MGWDnOnl0L>1kZE65UD~{#0V(X#zSUOZhGs zAuP_vp5dY|P+z`;RLg#!Ln`)1io!o5&u~z3{js%V@{1EJ9O2-}8#T$D1SrIGEea|L zrbwK@P>4Y**I~JM->i_H2NqtbC&lPGB1fROoel6jV61FX5I#GJ+Tfz4R_W{JVdmjCiF}lcm?@g zS)SNk9+ZBF$m1)shgCz2oKf$GNea8Vn3c;{#^-ko0tbUrtE+N!pL&p>F7QK~c|@FK zSP^A#i_42iNISgK)c*&EaGm)RijwnfJL~+~Gx$2E89I_32))?ghJ3f;wN75Q2DoG) z$c@j(tNhSoOsWEF0zsu$9coqA&4M9HYoVzkUt2i&O}SsxQtc=CiMn#-ji^qrzX4Tz zfW8Cfm>4FTB^X5*>o?{}WPt%P8i-l&w@cB)PyI5~$AzmhZ?#5mK4+(nvloLe9Z5Nd z%a~Aw6D9|PQW7>=uQ$~31{uj@`v4pqxh?TjjoM!jn1bW9(fA}d7CFW3DMfJTTGdgO z&v(ohy-6{Sxa#p!is!Eh2C}Uj-%%?J4<6x`E`!T3n#GKg!T@mjblv$kbXw~HQ_cD> z=|m3iI}~kAym;$eTp|#VXB1L~6D&)pSz+;2@(o=N>i}?MTXv04skc3w^{x zJF;imTHD0sAec~V&KC~XUu3@6nb=bAsHTMztc)GZ-lN6*e8(~ZD#e*6Vahh8`p$wN zJF+G0V*-YC3Zy(dxbyS#-7`Xtnl%#Dh-1(y{wYcCfx4ET=}Uf+D%ee=?ZAnno{NA^ zi$Z~mi2mz&_uXEKqz&)c+iJ(IYfBJ(Ih+SKGlJlhksM66iuO(T#*y|le}L29MyPTPa1VPS^gDoZ19e{ny= zSh$!zOANq%sj%z-lfR~HWKn|P$NWD&xu49=OGfmW`~!1PGcXuT&w?}QebO=ivR#7Q z$YMDtV7k4+7JZ{*zEb|N1C94FQuGi)?h}$D+Wy09DoHf?FdAW5%xZMw^LBL8MC!(Wahyc|Ym1{5 z^>B~KOdpP6!KnTwY%xfoLkdcf%b#|Y$2Co5chPN{Bphf_#+Sn@vqqXmOPg>J)&CC? z0@2m*(US+n*UI@_6AP5FgF2U(EE-S2efskkA{`r<5mJ;*RxJaLjUpy%6`vg6POSaA zkKOO%w!U?Xf*J{pETZE}C#6y0k}#Hk%9y#I=%)b(=xw7H6%iiBV?xDmt(|a z300R@A+U?-|Jq|_+BFElke3I!<4!P9g(n3e>bYtU7y(XVT!oUua(+sU&g8KWg0SO5 z5D-q7GcK_2FvJW3s{&N}$;wIa*4>2;5pz;W(5?i&Z}H9JOZvlZA(X=9nlM0SNn zG3yQoKirIT$LBd6^KkXUOQn_{8EIp>dK^i{ie!w{(UQ_34%d_X@u{vz%3~pg8mqXt zZ?CN^X#&~AWRG#Iw6t#tBd*eWaKeT~tcy69m2rHZA7K~^5fW!1H8mk9qoOX;L7I*k z6d?EgZ+&5h@9Kg_#(RwTmO;w6wH7oS#bHZjMX*yCYR18F&&FriEd$w2JiR5P(dk|T z?%9kI-P4dc`CUU7Q|(-WM}f`5#HCh&5MC1Z-D?OI08RhoecGAX12b}$`qjgO-rM5%m??>rP?_8_L7^3jN};5hWJvdLiBEy#@od}~6T z5IyHInx>^%)D=JMowVXp6CtXg(7pHUqhcLXAB&{qW&pd!?wcAZsO7LwvbfT8G~B$P zsQ+*QgefqE1`8bVac_!>V5&-1a*EkH)y7DcjG$Hv`#oGbyWo~*24pQ|=#Q&0?5?>Z zwhP*!BB4xv&!L!3$1=^=e{xVDX!WEUt19L8pc^+52}@*2T_TM;{1J+$a50rt(9ZWc zaJb94|s` zbGT%NlNijJ(_eejccAL$jB5ykY_JLT`pBee=+(T7W&w-9jr-5RX?t6qP;k*{N3laq zjf5B>7zuqGrCMQ)<>RDfY@rAk2}`OAg<`_gJ8nE5Whu6y2j}OkAoKe^v5URusH8D9 zS$H==mJq0sEH@f7ryPFrgnn#ZQ(P2XEfqb@|8t{QDYdRnDRBVsjsa|r(GS+B{@~#D zN`$QihQHfele{Fv-A@(Mwk5yKB?(Dd#DWO>dWmka4J)e+Z^XAGLQ}00^Yz3+^awJ=`(E(>g1JsUtxanIkG`;Tg*5h52V=Je9rc zD==ND)le^>oL-1mzN$CiKnUDTG_*aGtjVPfq+w^`?_|=@G15=@glNJsX&n19M4VYs zZ87>a-W+HI8-6tMab`$Y10_i25Ss}z2G5{637P-;w@3{x_-pbLJ5kEY{C zD3J=Jsn7YE2lQvBnCRbs6!8ZRO$zZzdTM@6RZsPE``S78TuJWAS59K$sfE-<=n|gG zbch(m@bUq1te0UVItmIy%Y%c<8|N*WSqp5@0ZKdD_ksZa#M(;HHyBVG z#Mp=+n{Fn9t)U!4Xa;26Waq9;xB~-Zg;+=s0b)6Jg)Mq3c7|Fi+|oNBe@Ul}V~qes zIrRY>L*MjE!FjUF;0%b-f-$rrDE}W9zxIJr4=&V1Cuu?@xMpF|HNO_-xD`x0c@ay& zOU(|W33_{1Q*`vM%zQ~TRSat zbFK`kD5j>YDTTw$WwWOKIQNs+NIMTbcn;n7+3nix`aG)t>eI=Hojn>qLK`l50yD-n z$hCkak8D1rrk^5D-}7{2*|#wnsFj7XCXN{DELvWnB4^cYFRVKWRQx>bVl6l^%{e~& zs02zCN8v|sGz?5X6&w!uVxZOt&f%r^pa03?P zitp|KO?jIU$WRWteVeO1Q_cQOO|?q^s*POde9i4)zMn(4xu>wmC`Gb@?~ zQgTLieXg=W1(N(HsHfxb+9~HaZM=|WU5%dIZF2fyJnOuOxd&+yD9ak@O8k4o6);rt zm!a%m{CD0C|Qwb07mwR;^jx zgBag*{{vjYkZ4)&Wv3p1CzzRHK9hxWl`-MNrpUwO*$VqzS8@46$0-@vhof2e60@`b zSLc8g$FxdIn#}tn%l#fk8Km5_%y-MB@*}aH-{428ZUYo{xPc~YB-3~1|6(rYDo%W z0+(#+3=s^{5F{1cvKO8ePwdnYJ8ecPMn?20kbs+&bI*sJ>##5) zQn^q{%EW&YFT;J^xI!&yMv3975IgJJKv0jE4+3m}DMGjsn>hzP)4g(e`Db$tVoZ!x zI)NcQXEXE2-CdU!;gnVXg|IRSJB5S*TcTseY%FF`>;u?rxYo1-Vb zRa)G=mnCJ>V&lD4>P#DFWQcii|NbNDP}g5ua~J!5Z@6H9mp_@O#M#2!Y8h&2u7k^n zKLQW!>_FsX#sCjS7#KFaj-Q^E*!1JzaY)rIjG1Kqmy9s8Aw`34Zr)XfJq3JN&+z96 zG|kC!*x-zjrvN{ErAk?9%>OK9#%l7&)uyg;V#=WMWpSMP^-g}^z7arBi(txe$6&H{ zp<$ZMKw|HVo1R6+9$CJ+_5rCSwb8+F>t2sM&}_uA57o>^Hk%a?z7GbP z!MI=!^L(LS-Z|3r>MH)h!2y`$)x36**2=lWg~!a{=0TDAW99IbmAqKR5@fwJpt?jah~Z~W7>NnLGUULin;*%0x3 zc`%2&(#`=nDu{!MFbC+0t>m|4yU zmx{IJ7k>f6qFNSXMcPm^vsf`Ym=tBg-eKaB&B`7vVFo}veCvw zOTVEr4PjRd4y0`>WaF&yP4rD(&nz7I6lU9G;UGH}^A-3aAvp_srg`}rr(07@U|_>(_Vixvt$q<2Qm%&Ez83h#2tDU>*#ju^Ufr zKJ%_}xf)*r=Q(ux3zT_r>$Ll~g3B+g%T9*2Kc|2TgzbjA(h^72|nb6%mSJ#RU%dER! zX;^1;*-nERu4L?#Q+Z;Zoh5Cv{ghtFX2r@sY4QGazpNkls_%5&nVGe&*YWP!@#d)0 zX0K+Vf;gvQGc2J`E5#nBsuo&P`%o$$>P(tI1BXgn)YIc1)2LABW>*2<;qHTtm@LZ( zBkDa4SGFc$MVpUGLnGcka4-jf?e`C-B zX1ug)j+=clKkeP5IT{Fv>{^%5xC|aGsrsxju!JvSrWJI=EdfK>5<#2b7YC^1)IioW zDeWL7wY}!2P`UT)0&?-Xyem8jfm5-xEaHy%xlk~+L^ww@4zyrjWQbb?Xh??d)aatm z-rf!|W$`Vu$4zoI4;{z^ipeKq{VySK^Zb${Z&p#6ctpise-3sEpWgz!y}!58 z^}$5&KE&|;r+a#K+Ym$texAmtL_E*G$Wc%N!zeIsEl0WNXe61!wfY=S`6Vm^H9nnc zdTiozo{c3bt7JwJlUiG!FB8Yd1CqbG!+TymC__P6gSOQfjLlx(OrIQ|=OaykxM{Yb z%UKCOP6)g+#)wEH6D!%r#yS3;f28q?@>OdTD~TlERE9a+(@GT*A(&|hvYQ= zzV^^IF+|h7@a#c)+d*b3TkfBnP3qvY2P3k+xUgpoQnIlPv1@P|6+aB%q&R{Px0y|IIeubfYQ-Q$seoUpRv~L^0Pt`K$96qd)>9zZtyT7K-c# zy332Rkjss|K{!YDKKA(qri(UO($J2Y~`9lP3u7?Ph-01hzqb_B`Z$qI_$U z|6fmy9~|YDC%^|$$e1C*pCC?~YC4%hL&=tjdDd#&kTUbS4-oi^Him>I((O4Y0%|GT zPMgfzx=%|R$oG0(OkopjcMzmqhgQbO$c7W_OvXrodrB4bj@r~Aw#=rt+&=;w!ouA) z>-N~==HoGySJ)&rGi#6s;~WyPT9t%z zO_uGrTt?IRujOXMw3x)i?AH9;Z7B@T$(hVNJ30x6U}w=##aO;OQiG%FG50|T7fT%i zEKv`-At-=V295r^phdH^|8L%ZCi&tP9edto(W0B2DIaaIh=;fGcw}i|@qMB9U_iSc zQRFq5Op`BHTul)L43B0R$R^zl7hVWM;erGJy-LtMqrS3`sK2`};nDF*<_6nqQ=(_uLBamx^X- z*VXh8`(J-LkCOyKQ=s3#ZDK6~avLpt{RsU0c%whwCf&VWHyY1hD?|O?I~(onq78o~ zuZ}5Zm0R9#Z<7#Gf4!Sr=Oi_KB9Nv(9 znwafoPl5LLeNhAdqxt2f_h47VAC=PtZM)=6s(%K74=FeqBZ$537aNDUxq2yMBdvRc7vJHeLNpNo z&tfRI5CM#KTn*Or)KjV5H-q$eq+fbC*TV(aED~Pw*{o1(tc9oYZAFo9q< zz;<3a8e1t~QQ?z!HRms)WUBw}L$u84>#-5)WSx^?09t+g?q&-jF!HgyEzGqX#L*ro z{A5VWP?D-6211&b1k?dkP*7ImS~}oqZEhnwmJjMhJcKy?^W!Ze8517@epj8P z>CG)ZX-^jPM7GRkr&#AiaSwHnk2Z9HSpfgd)=$9nzL_y~MP<+oz+3Oe%g*;Td->C{ zK>GN%EM~W7^7|<3nCImX38@$XtQD8sWV*I$;H3vNBNN?qIy897mr|~C8^|KJe8b8j@m~eRs_F}->hu|m zg0jgd#1!l8hVR)C1u|R?;onD%pGl^0f7lKceh_T>-^5)X%?F5f1ssF9p`MS3cY%BP@`4q9VZ7;MUqe|$<$(cR13V2y($(chB9N>ub zU$yGS%GUCy8(YfwOLFE@bH~U*rFHNe-Z`iptQzLY{LXPNc@T6*cN!D3^y6sACibM* zjbF;^qUb3yao4Ivoi1Dh(Q*U&`}gYi`ACNTH^*t42ch;?b?Jn8(AG8k-Sm=#UQTuA zffD2|Zu+I1svv%n@N5IWhW;xrA0m7mgSQhnvarMe`)18%bNtj)-L3tGV?5&u}Jz2C3?}o_I`x(LFumBbNTeUES8WnN1x1rK@%gEJ_A} zmn*xeg%Zlxhj>!@t;?qd2@2YDTRU$&2jj{nVPfiKqwuf@JiO|U1LO4F9!!5RvofhS zHh=?9{o^+W$||leuu~1)q(7@B62*K71<~xpG_ard?^c2?l~KF0=%*`%kB}7Dy(0z= zrKFtAIAZGiV8x-Ovc!$7VtS@Cc)%9^KSz5nlJL@%}y;G+)=X2j0t4CF|Ln)VYnaOD@-2NwXQ zfkp-ci5>4-J1j;9Us${C?`nAi>NEO;1^ONuEM8wLB=o^ag{GF$QSX!L%TF|uh~dl& zX{@Sxt4XpCj_Tpa)7N&kl)rqUYZX76Vq#S*qJLsXoWI&yWWe;_f1O`FokQZ}YHg%@ z*~k0%-Q;%_VuHTp;le(s5|+tK(dUJBF!*Hw$TPjkCE9VAh!NXqfL=kB?s4*I7wy?n zwhtD4icgu!Z(u8x_Ows>48c&Vm-1t+UI=`JlalRhhC<)|fMeXF9P=n{U%|^Vm~HTx zOjQ^X0dWdGZLSIZYcfxoDfwbYDaYz=VZ>}<;U>c120dE-63T)s2an*031y_| z+G<9KueCl8Vf=~jXKf$eU}D?aU}?|YkDxu^Tt4+;bI5XYI9~~fROnkV?u{@fvG*a{ zbFLFf$-`7U7k+8azjTokq(o2EP8TXgj29364repK(k5H@nML?Xx>{OV8ah0*1&mRg zcY#PI@VTSVlS|OQ>-1}Wgf!`Gw{AWQo$}D#k&60{W@hBN1-Tb2?y;DtI(zG$QYf~3 ziq&2raz%tC%8^y~LL4axw4QWE?U9}Ycj)Kx?g>tcR z0zCEqAyfB3i_D}gW=Jx{4kn@%WX*FL7%PJg5;4Bp4l}aCMt2|%3=DkHJ10Q8JIURU z{B9H`cp`XLBK_~SrQs7L=+kTG=#gr;r*y}lb7w#)Tzf72cH5M}Q&hQn~ z_^C3>DXGPNKpvlSaKa!ofil~La5M#Mq?GK}BB98^(*9k%?nL&iR1|&muzRzgflrOz zn~8mKU|R7rd*%;^jd!h{>oE8A!o4&qEn(ESv59zJboYq>T?qi zoSZm-4~s+8PysqOrdruyBLm~E*G4{rvh4FddE(=KQI&aK&n93tUa$WX+h^QdzyV6c zPRoKsraGJOG~VYcnfC)89fAHl^@Qkp(9zt>Cg|Ov{%1;_8F-fB3%Hf#F)6RWb8dX) z)96O$zlRjab)26f^PJz<=2VD{zvQ919X61bq2{rKD-*Y83ApQIPD&x-RsZ~n#=g8D z>gkSs*=2&ym*Jsjl9Riq48mUDz@rU^g1TuBI_Gu#qEM$=52t57YKHym*8=E<*JW(~ z4g%cWSKC0HTWYV z?;iHy)H}HWm#~m5I8m_WC!@`~phaTh-;vl?%y&QlH;vwO$5``oDk=*#x>(rvH6?3- z9%3wde92oY?JkFqQH~NC8OA7M+@sghSH3B4E%OL7 zjb*lC0jt7n$V%?|RNCzw#cSsjVjj=$-g;ZnW599(BGRHD=d?5^&$6(o8b-NT^6fu^ zpF)28{i4GtK!$Aun$vg&a%4JM{cbP{4#82XY%ym{)6^OE1oD6BS+gbWQx2o z_KSHM;Z`F){zf_oI_Oc``DXVW&G#_Mcmz}k;!I03@g+@AGx^r~E8Sfhj!MKYGzM+k zOSZKR7kbYu6R#mryYHp{B~ja8d8ZNEuQl>OI)T%q)n(&H|IB!UQ~AW@{v%mHx|5Js zQdsG&M)2KC|ETy1$*vvf#&DZhHd#RgEQ|I@ZFlvI9OUj7MyEz%Wd}9JE+`$57l;kO_TgM5ZAQdrhK;>SzjSsRv{OfYPLHc`+l0c zbI|!Aj^D&cSQF#or=B{Rv`%2XJ3%D)@toT8{*M8ZAB}2x0;hd@c#HRs^ZwcOZK<`_ z5_gK(DV=fY{S4OoG3d?C;OKIaK=|LMqfiSQM`=lZL&trNpP?2tF|B|pF%zv=s5rdam5l?I=6iu{X{-%T85@|o&x z#eY?LO%pBzBRc(|SZEegWxbtTA=>QYQ{f$qhg#E*g{TbQl6BGT5ulyL;4JmJiS5 z*p-+FdX?_{XvQaD6CP78+?t76_U=TU3^^b^SHd*(`AYV&YFNwi*XpfwuJK-l>})|? z@P3BvF1_$-(6%R|o9vm7tn>VP4p0n#OEvT! zoWgL6eVI%uG$@Y-LIORNL)0|%<)Q`L&}QJ!@p;-i@3-Z+gCN>KH>QE_>+Fxbo8#lc zzP#sRB!c%7iQa+AF%{?67U#d1suMJuJto$D>lTz!cz)?&*^im8nNi-GnOX0c{@E{kXdka>KGM^OIXSy`K+`ROs#=3px5}l! zr{=;>ceNaax#27sMSwWP={1$#A^TNl+0vDe5HxSzY^oRU1ke;agi{fX< zyvg+I^_8+&t#(S4o1UIAx&ZuohEQKEFc=tUh?z^Q*1p%*GSFD~7`R*tkfN>S)fmi< zoi`M(-8i?1*7uxKwI)()`;d;aFU%O=$J8{oHmz&z0BQpMZ8jJ&r6>7h8 zrTKp!eM{xeWDDg%kP?$Hrx}qu2P=wIb_vE5iy}*TJLSfX$$Q){FBu;r?eI-E`+>*; zPt^6R(5hjaUSC3vx+_rMGhaf9#|uHj_x{n7D_J%u4ZW~CuggQE)_)kEpT|uv^^9eV zya(|L)hmztuR(L$e$ta3hSq)kxs2mifB)uD%}?-SP{Ko+B~UV`Qqrh53;lEREojQL z@(InnBoOf{D7;J_7j3hQ#kQ2Crm+g8{z8ckoea^O+_muSM5CB#oM@Y@9l{-ooUrYX zAiKt?PLJN*YfIp4yQRP7>C?0LOVC^UasSg6T%gDza>ybL#-x>atQ5mv*w$9^&MlF6 zBrI(&HdBVED7+7Xu%ov1HMuc7cha2T% zT+n*nt9~{{5g_I8Y!v6aTV_0JuatEm~;#~Hc9hhzN|KG)aiuTYADhGIAjG`)K(TG2F|k% zc$O>2@Y$*?q!XI%>jJSC-YqvOHsI5Y&EHQMM-QP>b&2Y`cyjU};W2r-WAB3DI1rNP z(&IRUNT~8&qtHAR_OfohV7}rm;yW91B5-~ZvJB2o8us)(aTSM#)E`GbNi%$>{43~T z0R1y}_s-AT{hrHD7_41y{P6)D)4=JBR|GH9q(+24wC1D3gTO-WulcP&t7xCg4F2ajl% zpb_KxbT6aae*%#)Zcl#VOet)HGJw;Xh=i~|HRSk&-}hjjw&K^#Y>qk2DBrvqZeG#&?TkmM{&0K0<67wU2wZ0t(xik^%14C;lV@>n$4GiaG$P1EC{4~8h(-6j zkE{YOpg?vq!3Hy9Y@fzl%p#MwrEuN{;r;u{YiL_HGB9j*c6 zL%tIc;qg=VoF3YP8XNPMb=3DNi+wEQ2SXF;Jn~9J9pb?MMkQ=(hw7v|-H#zDLfu&$ z$`xQ^Fj$GdDi5uF^RpJ(b{C0ER4hr;SH)UVK=P>7-Hy?g11xTg?@FXu7>T!LEd2^3 zsUr;;dSJI!e&XQCm%?%AfO>Ri{adzPPL8;e#LXgY_C4#fFE(!c-sD#8IAfxEx9-f$ zqo5OQ!=6Ot+>3KvEwyJU3-ZDvNsF=Ve`$$&U9Y5E*K=10vecyS@qFr|T= z{@Y>mhxyKR=AEl<7d9IaR6}WDuH}cM5lW5a_K7x%-FI@4{pcrUy3D2 z#a+~O$!MH{yITp;R4Ca%UGrngP3`T$J49t}kKcX0E=^1X6vUuJop*0#u*FaK{U6Mm zjhJ2}@=CVk8|y=g)Q`*r6{yXf?esVyj~wJr9luW37xZ3i!z|T7q=`XR2eJTbGMejK zQZgfyo!{-bfkeQhSlOXe#Mt%qlO$HrRueWSYuVgXk`J<**$_f4O}VhSf+B13kUa=! zrXy}eclQiVzJ}n{qch-CswS5@hr99F&bF#< zfNG4NH@&A^N2fH4#`BCiQc4o?leP<&rR?c|191|1Z82E^q0q4%X>^qx&yOwHlV!iY z?((6ZXGGfC4}W!jY~S@LVvo0p^ZIT}TdcLM9o;=@wagPYQ=0#C_G?}ibBPYN1dF&g z$W-c?M!0`!?ztGx``-*Y4hqghP6)Ssv4;s?mzrL~AM9L^7Iz+}71>D}sLhg+# zEA<&@A-|ntY9NELdv;Hp%l_p`r_L`NV|Af|dD-pf%B{m3JzE5U`7KXek5~ABo>-E| z2zs3h9n1OO2p32z^JXY+7c+Qk0o746wxYk0%CI8O6a^;rR%M&8B*!UMCR||2^dT<8t?vPWp<9QxV>&>Zl2IFSc@g z5^L(TvZT~(V$zWkE_L>Ag@U7Cx#-f^-~uXu;N)#pBDDuO_99Npu0d3XGi6C|&FTll$Ov>_rzjM-mH6_y75=bycKa zoVELW{;};6(1%|gr1fePLoy*M#m z;^)+8EQV0!otJD`t?KO~)eeBdnhPL$atb1`O_&fXxNRBdPj@al!IXfV<7f;bep@ND z((IIYA0iEWSd0v_U~~K#l`)s3L{?&bAxzrs1XI922N|z$h$-#WI~sD2z)Z@^6B|l; zX-&_pj*1`7-b>a4oJ}pQ^5o@F9k+$Ht^V0p&=c1?*RmrhIxfUijjQQ;^atAwD=+W> z#?!FJcc*+mk`E6=sl21>7B9^pZC{d!6{&J9s-(6TjR4pl9aA|40Bg;1|lGkH@?y>p$PbNQ?)$Rjd;}j+oxEsns z2rbtwia>LBHy3O(dc;JR^<>f#6&yCBFC`g{7b%&;K}>zohZrhK#v?nB_4i=6;2ypi zCN_%((_q|sWk)GiQexRoH*f=>)GIOqcikf$_>pgaX*3>#b0U*HwqpV)B1sAC(}QZV~jOLuy+ zpF|_*fwbnmvK6-doYeQ^#qP0gE=;|_qrNaN2SpjuR?ckndv4*={DRkBBQOvGxWZ=r zFajg&J-3^(qcn(F)I1e#eLOM$x2~+F895Rfp3>8pCLJg60$T>P&}?oNffyAW5XZKE zC3_Izsq3Z?GVLu*8$Jjo7bE47P4DV=hSj$*jx3XpiwMqTf5IDDrt1h(NNvejquXiU zt#xN$xHBsBgHVh%dB+yt$o4s7&z%n=*Y0_PCcKQdCWM%H*j*0|mCCM9&`ABGv@&Hl zejZRN+do5hZwrfFwOM=n>ho&0QKniy-ApmTt#-F3{F7#Kyw#vnoLwGS_q!@%+Lb`K zJR%Yi7K1cZld`JcdzSNY!UG&xub)xYD98-L)k_4Fie@U$;D z;2j%yHDBYyp`skDzgm)l6o?A;q3OK*GdZEOV-b7>)6+CHD5Ej89JDSoq7jzVU77aG z>{f;j63wG1bI47m<9aFJD@^V2qaq-PcnoO3Qi=D*+ADj~A^?Qx6A?5I519yv9D-S@ zDZt@cY z|D)ggOL8KC;mYV;eB%A+H2*fCi!+F`f1(SKjYo2%QM=hW0E)%KQs)mtLcmGl%Q;Ep z%g``MnsK{~ru%}N&xy6Svo5-WiHL~zKMy4mk@43*5D%PiYhG1o#coU+EA9IX$W142 zJ14_bkM3ah4{TxK7PSKDoA!Amh8Q+>!X+{}Tys!E?PZ0PM?^M4`4ljg1Akwd-+ z-p6&qj*U4AOAilMcwMaoZE28kA|s1`Lx*AH-5J~6`Cz#PFG}uyE71J_rcMahY&ets z)Hf*eD>xAe_+Z&4^A5%NB&IWZ#l2SA8g+V~f@1#pWHJKB_xbN$@aZp*t4?Qnd5tdX zdrb5_c>S3-{t1cl{m8MF!6<@K&x@eYk0nk6+nBzBmbml$O^+ubW~3Nw6u7_>I{UOy zK7td;9&BUMVgVEZcjO!0)wp`vI(jD&Oj2V64kOxE$ zci`bOzvst|;w;Iv>0`xQOW=m5)GJoruZBH0dC37Gp!ae`q=JXFh05qXT)!H#qURjjXkb&%~ zOW{rw{4p;ev+1n%M^Db*dpsdU^u*b)`d)c`@xk=&|1&Y%5kl5w(dA@GuooZ`ITzjU2IX}OD|6^>(H$Anr6nMcL(f2$al=r- zYO}`vqnB(6Z}IG(%m}SIycV3eQ?soL%rDQgvB|kB+6?CJ#p~B&QZcFHiJUnN zW_ucB<02i<_=ko^QF|^a5fVP*u6pCcdHjKS1_4wvGx0jH1hf%zE)=T3QvH>ALN2nV zc%;mxvdT!_Swj;ppIGaXl0vXjrcKS=K@)x$8}XiZb4KNr&iGK5t9?o^@C?#jYG-r2 z$(9Mt8kX;6@XM(rz}p#jDC{0~nvzY5RmsLXiJ>@r&OuL3JR6$t^y;eO@`A$6UL!vy zh9?Q9c2scaXec#PR@`{!{j#AUvcVt5fYn{}TVei=2|j*FaKe`yN6f50KN~Q!u;?7) z2YNoc2;}~Svl+;u<8h&&AgHE%b8G4lEBD$ZrsK2)sFHNDk6KIz^F!(}W{=P)6)G*h zPjA(pSF!U-XA;FxnvYB27fh@EauH(MsA-H1HfLbMBRgL8JBU*nv4xc|ra}@RtiD@M zf<|JQNrxXdAGwD?p0qnwjkYRCkxWKcm1QuRYNcQ;AfU{R!D5W6N@l1)si$KLB?)Sb z4o9+co`Uq%O{xh_-G1hZ_Rm`#jYUozrAJF}ex0B$N@0g?UPBJg%LY<*<_MG& z4z*F}$pgBmmB54z?O#|AtLQLvOzjRuFNq?|4sic<97TY)`&Gq$;wW1!fy+IAQFBfN zgAH39J0h7D>g$zw9IktAAE}Z0D*o8p=?R^jY~>yY!ZG*1wpqe>wN8KL$JfA|SLv~z zOKXY5Z=Ks*^bKap3Fl-uRM@Vuxa%Y}`qt=nH06Z51vZ71w|rW=XwEmchGvu(Iuqyz z|4VOQ>T_L217T3~P_CwS-=xFv&6XgcVX;l_aC0 zxb&S6r|Pl|a=xu`&==9t%2-o|`OeMrHs$@LeL}%{lFTG(m*hx?LrGVlO)LU;J}*}< z0gxufzGTL(o_i_SH9R7d2gJoe&4pN*zI+~51YSGc$Sj$a!MzWUm=2+Q^*jiz9|LKqZuLsCIp0w2=7450&9PE0V1onsK3s&n`(MeTyL3st);*|0J5?+wE*ATp795!!ME@^sae(%#j$8Q z#8a(gcRmT~0&3%cAOEKD4eM)s!3(PMuF1-0tjjlP)uzi9E{u8}Su`dPrtoSH{#lXn zh|=WBCJ##If8-o^j7AKfOH9UddfUdpI0#d7kAVlUuoj5(0Ta>4T@V>&5PQw##>_dL zv@J*)ftWlFp>_Hk>{w^<*+!=?f?$zjbpD;#3UQN1#v}>#57`w3h9}8b1;|o*=Ns~S zTnP?jPSGA6uJWwzu6j&-RS9$&ft=jxDO~yqMv;zUQ##WoICxkMso8woF`dgUDleGU)o7ARQ3euk8J#m)dPfs=j{(-y97lxmWDjR)y8(LZi=pL@sTwPnz z*(+9v!%_QjYJcd0!l`Ak4-ghV0ePK*VU-GhzD`32)@pg*$@004A)|E@`1u&lZq-9sX7P8!;WFWQdLFp_jJAZ7H1*P}{ zF(~V7xzgvNExaQZ>U8*oAirx}Rd$}?*v+EFC&m*&nLT)gN^Pkt?D2g4W(qdkJugp9 zDO}&IOCWgp>xd1r{6IPRxh{CELAHuKKN~nS$Rp6CsSGLeyK&G{({_6QBUYUQkOrJW zENdIrmlmgX9a4d|cnJi93X=cSc?(mxfNIjs%3U6!*&lhP4 zp?sv2dd7W(g6CMxbhf;~SgjUZUqyNC)kUfGPWMGL_kR0d>akb+DKO4yh4D*RkYeHZ~pWRj1*ONt_BLOOIw|_+X;Fl+O@T@ZyaO07>8kz*&{A4>-JPW%bc6* zoY7`7tiNlrJ8isCXGR3!^=7?pk4777+2yID@cIX9+oXU&8NnqHZO#v#_TZ|&r#TU| zvo*Nh@6UBOrM1-@DEhfG$auMyG~=iw)SmC`+1?R*D@KF!vCzx);^-2{s({pI6sWGQ z=|g8-p7X&?#E`Z2xrYHT|FzKsqQrD+m#_rBBx=QxhTxwH-ouVFll!xtZfAY`%Iwv# z;R^PnrIx$lp!(KqNsUz(9v4U86+Kvdsj_-AB7^v7GfUL)gmV4+R+RcZN?b5;RizUD z^mrtysneyIWo8`kdQ?q@gQS2wnc!qdXWv*0yaP^Ur73E88w$*rNkZdxyR|%KBtkly4N;)o+)ef;nLHi zz{rjan3>hxmGpE$`=Gp2z9+Kjb8jWex<&4H03gg!rBzsN)@J+MHO!CYx$(Q)qGEE7D+BHDQ4l3RgJu%BUg?XqM%Na zUr&&g!h+FmmPD2$z%${_)MU=_XO$?`J#>2N5}BFYTOTGHy_V>I+eWCQf??~pBNRvY zZ{AVvvRRd3%KT+JA6wwhB72&O7y<||Yhv*7B*oT(pC^3MOAZg-)WD1jRBom@#G;6R zqeIW-ZL~Bbvh+m4jfIIFjTyEbohX+fBK@9|qoBLCR+vv}Zt&A&Arv>%h=>vrS2@^K zzTiwI&4y2cFNfTEwc62GrdOJ7(=V++UOkM;r8y$=I6YUlzpMa|NfeYFKlFfI>>TDy zErrYLfu!ByXbC4;iIS@rA(kRTEhm^Q+M?4$Px^fwcYZ-FUOFCtiBYY)Dytq27yG4T zM!s=VN|=;_5EUy%A(e5p>bp}Vt%_*6F*y&vBo`qCW_;=&mb5>=mN4B7+)`M~T{@g~ zxiE{-7tZ(?G{>Ye@@QS2V#+(}D8&HbRWo7x7A-fGK>|UdvZCyh!xf6BkeuH&kK3&y zBk_Z7-)vrx!$Tvqn3Hfk?zkVliBX|tb7W6>70?uXI&I16QY)xiT##_rCZZTl^bH*d zr%WP_;DhPSe!U_160ZWMY@KfAY}=_fZqwe9-7x+SRc{#}mz%rq@GT2i@r0R7> zqmJlF4g@5VQ@|dd*yOLJQ(#1bq^YIM#M(?5|8o2_bK(*J-=nie)*185lmnG(EJ4x? zGRciwnB7ygeFakN=Ey|rm8!3NO*V1A!{EaxfF%hgE?>JtJGfkE4!pQWFCe?F_dn9^Cu#zTVUN-MpS7;xUtC7X>!5US7xKX zoHcmSBDFB4;refE)tO4WkL|Y=Bf(ilps@pphbU@3bRDO#rakH*SIFXu9ETBw1ur6A zgYHPDIkf1U!~M?<;bmfccCO%Fu2-*-)tT8Z%4sF}dyYq4vx5$6sG$Yt{5jGNYPi+6s$YW2LW2@-V|RASqe4EOvVhHI>CB$tl`68CgvDun3@W zp;|=ki~7kIMn2PTPr-mZ#Z(J=dGa&~cvuHBF?`$Bg#Lh>4#1*4ceEjHcs}=~3|Q{W zJ5A;qpQKPRGUZh(zyMb~q96r))^a3eZN*iqD5=tm$34o*f2crQoOlVNSy)(fxdb7s z3W^)k9$)~Ad-i?_TLoP-v%HH30Np_r;se@B0h46<5_;kZtO1d%YY(G+1G%Y@%sk)7 z;%RdcSvgB$BTuCHu!HXANDJcW#YBZ_ny)leF|IVxk%|7Ll5ui~0pg1+!ZnGA-vS_f zQ|9T>G{->Uq40w&|5(%@bVcyMR(mHuZ1ZGaaWy&lr%d1t_46kVi78{DG&M=5ms{mDJP?<$!8*J^msFqlqzjn9cZJ{x`$TatIet?C;76YQYqFS|`s~V4(qSCh*ErEr!X+~V}8V0Vk(_T$AJj_k+p_)+rm zmHFr6(=DdX0A-Dc_Y_~uz~8Fwm1Y4J6ytp% zWC#JSCq5W~xd~a>CgfNYDpTkt1dRIr1|c{Z&_Br}`1pi%kfs#(#pl#+$}C0lXpRE| zOq_OVrAo_VcIXOv7~-OX;Up3c-c24A)zP~S>&Yh>VoX3O)8zYd^X}%6qfkfBOKYza z+j;bwQfZ>OslQoS(z~@bh0=^dv*hLF5@sp?$n&bBJC6r8(uGT~&=eX6mlTKZn|Q0K zLBGlO=>$r0%hFp4$k4lT?RQIiqrgb9(*Q)G6~u>2p+H811kUj!X(F~qg#(lybLX_? zli6a6E+!tuLM4E455ZR#hWIo&3+cTgaFnrE6pSJL)F`JX{bVltN1PMg)QUV%Q~mcQ z83^&wVeh>0=x9y$*Ix{6D){3x+)N{M-_yne4Tw6;tw&$fg=z^L=sB$uqv>}qyw7bJ zI8b=ifg}|Ipz~#Q?KMMRJkE4ZF?^>B!brf)7>ezO)yPH1$4ez4C0|QTt*_kb&-r-~hr@RoEM{?uX>#;vBS@|Ju`3qcu+C=!C*OnK#SSx&v`|*r za}W*2`xOKxQ>W}`&Kp>mtw*b;#7TiRJ_W-UgJ!?&KdzYa%_a?PZ^!uV%r6BIhD#ot zCCa8Us4lMkgM{Z(1${A`(5UWZdj3+V=L?^ z1`|$xvPJ4i7h<6_Ra60kQC7*3aQzKN&tw092Rp^#0O{?0GsA;9gEKA9BE9U$Op?5o zzCcbkZkF9fSGUNNg@hhE_{OnM2ZbRoKMEF996-|(gqofYuW}3cXnUqwb3#o_$!KN* zrM>QGwFO^IWCiOz2~>R>MF*C#Z~TWJQ|GJR7l5~jX4@PANZ~!=z3X*n<3t$Q@O4$e$S>~R99m& zLAiJ1xR;ELl!Dl<2rVp>()V3$qpY0uG>Y#bHEqc6JGUE3$34SR-Qh?mwH1C~@#J3f z5Uz^Ko_r1?LzH&FXvonu>B`yB4n0fgiB;3<#j~Iwrx{%=O9DKH%A=TT^EJJe$jOi) ztNBFYK=XfI9K0$2jb#~~aL_Xv(XI>&en$XOmCLS4G>} z@EU(kLj_kAHWNanM%uFh23oB+#PfuXLU5#ab->p1f8!Goc#S2*{6YgakL#2q6+J!q zGyo|iSiXr1aGK>tn$r5bZ?X))ige6cq-;CYy~D$RGO)IzzM3j%8hu|9%#+UFyU(w0 z5Ybvrnw%hG-rv6(qPW^;${^0s?(Xu}db%0s>SnH(7^7ka<&*Xm4{snSy=sMxhi*BN z{UF4x1LDEK8m=~gmzW*8L_Q66D9I`dc436>Y2b@RIB&!41d zLZgR=Xt-axF2lYO`&avZvuV&iJsg7Ld(2E@W23nLZn^S}$3jX84a1>!Fg9hOPp%Rc z-CF><;#;>>`^GD44q8}MueROz)Dhlg6l6YNSNk76e-fa<+T1cz=0CR>9<<;eum!^o z?aSIl6_4N767s=qU%ln{-6{Rmv`szDp9HD9R_gsW?;X(I%*>QeJTMD3Kx0U0&F*q< zH@g9Ml8`T*H@Z$=JGg&%xF1tavCq0M+*Lpi7zs-j4H5Dv|HR=60BKh}Bqd-X09>%85N%vmnNM;4kPwE@5|=Duc1Bj62ap9q1au`` zwJ8Ae3?`QI#UPIIEij}ilFqgu(mtZNQ|P;YYUsBl37W!%^;(o$ZMaum{oK=QZ!OM!5Dt=OG*Dqru^P)R{>ovT%#Ei^P>IdpV4-$29n z$3p5jtSc|5IB)+(v~5XGhcD`(U8ya^5g@cF)pdkUoSsea)`ED2qEw^#Gk-TPK>*q zFhuO2YDwMCX(lgyEEsSXR!*Bvo5cay{Jbt16E193RR~<9?9G<&oF>xp;dlNK0WmbO z_@dF|NvxtaokHbw4<_;mHW<31G^nJWdGe${8ge-Bxtk!(l4twzBe1HXzQN^xZ-P4c ztMXOG%q6K*jzGu=mXV+@v72E*P-)H}aDQhvnxYLOA2E(=RJ29u-V8iO8Paop3@Psw zj5jwHo-k9Ke4kWt9TvwIrG}lWklukqDh+5lYr$tXo%Y*bA%NQ*U0 zg$cMd_;+Md`$Ihir*kzheKbxQFpQ<@EZn_)z2mYH50hlWDo>tNlpA2;vUBfYuL%G; z-yB0EQ5}}qLd5KD|F1@JsUDX;R!m|F#w5(UWi<2XhqpT#!*zv!s3N^7P4*vzJ^{j^ zVed`tkZ&S_Kmq*CP`Cxw4UejB-^tCk z({h~Y^&s`VJT=$?*JHBB^@fRd9#*&QKFq2h`dpAI;lfaab=T+r@_#W&LG&`lOhd$x zB;t>}oZyw2Y)}BtB+ktz52qhxgBDM}^?f+4#W`U0XcjS&-s|V1QC7QY=JWCKp}bN4 zkITNY!xZaj|LT4pW`|y`DNo8G+29GIec2q;a%U;9_9!4R85>Uzr}^dlPpk2Ff)w^0 z$%pIisz+`|+i;8W@GYG_AAPU5`G1V8UnG{EA0Q`?!XyvWfE8io7nOW(U7qPWaTi`8 zf-ebZIj{Pi{o>TQMQPlR*poh9!T$lfQe_VZCLI?s5Z}X4 z?6;1z#EtP(rxhNF95FHe9w!5-@2zhzOoHx35EDib_z!g+~&|?Kgrn&UZKbO&q zF?pP2khOh3G@2`xJ?GIl*lRJvJdQ6rCcC@gmK#4}>|&VAUsd!?YFuMPy*73wF9E}C zBh`X8xPhY~6gjP)=_J2J6eiz#+f5P20F#sOc)ad$Cah8OWQL{q)X`9)e(&@Z#9pCc z$r=XD0X~Knc*UWw+=AtG7O(B~vKI&Kx70j1S|cygh@SPaU+mhtCt|5s*uUv>c2}=G z(p-$t0U=eTfD6uSU(N2Vp0YLrK0h|cJI2CPM^roMu(vh*zI7Y1z{@I$X_x@Tgq74l zt!@qmNAwbmp^`XAZMqpv*01Wxi*P`uti7%eRGxW3De@BX<+eGdXQWkIeKDDkU3`$@ zUcuof+or<@o!{M^G9flRjpN7bXWA#%E62x8g}kfp>!n8t^;qh=*PGZjmW;qF)}t!& z)xhJX(CW=9UtPBh8OuPk=`ySmW-M9OJ?r=>-^*l zJF{-S%=5CiN9i7{T zJiapN@M-)@wOJJwrK8un_0@rXxu^GWahC=#y|%CE*h}dB?jjKWq}6hM>kPvV``AA8 zU2sLt<-WiDl$W%6YnK7Cczp+!!wJ*UuGe?rtk8#^rMhg|7)2oSm3>E)w}&@2nQu5B{Izp9R-uj5VZNO`}DpUrfBg|lrWsi z@e2Xw>G5*|z&wBy5N`_98nALwN^wKmxZ$oSCoABA;|3z+#db8#nCnU0$aDrkfN z|2#repS#CvFfex1|Ds)t6g8(Ph{kaolee6di)95(6mX~1-j`L!$?5N`cNxF6R?`pe z-WJ4WlVPU=$E|Qfa8qI~c9Mun9R4g#91@rJCKK-+Rjr?Svc;ZxX0B=@6p{zs>Co>! zFbQy9J0VquPU&Fjcf%?Bt=k85vR|CNq|_f|X33 z;04~?qci(M|4>E%XK8E+j&Do2xzb2grl#1(6G;#h)#%A*rslsigf)A;W2~GI)U2FoilN+eUQj7+4zD1emmYdHCAJ1YB`E<|c>2=nc9&L?XTQ-GG?Zn*x$=m^uuUV1q9`mKlDm#&#KGPg3=Or?9YPycwRn;H@xhaNbU~GY|8rW z8h1`wg2L>osT^%^s@v}{s?T})HDBpgM-(%kIPJLBK!t-ouzRxe3uGXL2fxH}8MYkGaj69diarl1DLUDzq;~l1oWOW<{1u zztzf<#{-O0ttWRMw_UZ+U?7JNx{YUP4>;~}(A{EFpZw<}b;Rog& z&;amWz2Fu|kFb7+Y_HesTA!2+UO0I8Z>mb7>mW+)st5*>6s*B@sR_54-ORfL%o3g$ z%$%hNuQjhElVP#(lW%iE{y_BhUTjx4vkpPC05N2p0@gm>6tO!tnP!qfM z?CAklila%1W5Ec`VyY@#zk1)%1vSRWVzbpUBn66TI3ACo1Mk92hL;Ko98xhg9cRz? zQb_VmCe;`C-bv?+H*bQXl*5jQ$jPO#O=?oIiAnIW+ocmBL`b=>YF}RRyjuOU|4eSt z8Gj^Wx82|8HBxjf)uhhOKv2%j3hx5G>#1D3vMcN9hy-DY>M78!Ho|*Cb(#qul^<+< zNJomx_3c-gErt=$+?TMP?i@!;J01;RIZWFy_=0G4fHqbb_$^<>QDD&l@Q#kob|VVD zP#he+T7U0gvjku9-fmJnY0czBQRtve;iZzLB&Ep}Yho+mOwz{DuD0**^C3LDl?81Z zQ4_{PwSGKve$N2D32X{2n=pj0u6y0wWs2iQfugkn{TF{Xe#Tlo`RKjDX;xy>=S>PL z{4@pqZ!G{;@2eS{PrOzRgFJP8BZa1mos{2X%Jc1Z`(r4zo`{IjDIyU83zXZj;hGon zWK=*vcZ6I0Bw}Ss%MPmh?!SLn8jUPNqLrL~Z_gW-be02{N-x)+3EZv^>Z)s-SAvQy zX>{k$KDOla++W~{z3y1DJ)VhN=U?R8kE{?jVs;5vT9Uc4KXDZJ9&i=--pQ>SQf7|S zkN8@mvoXSFZu8jHW=yj;G<&I>`v zDP3_kD*p3C-Z(JB>LigPa&1Ej@XvXtq&!<~1P^1yIUb!{ z7#&WW&&{b4XcTsrq%Z}gyQYOpNl`Bs%_wR~6)5zWH3pWXEif|qervI+usBi;C*}$9 zxTQuvEZepSB6uA-j^1Uq-rN-S@S(PKqyBB0;eP)9L!3TcEEGU0Q4()bwQnFr(Qbui zCqWeEMv^Z^bcc$J8wKkZwbQY)0Gsk4iGCQPcukl0EO7U<7Nm7`j8&(d&(H?cWuk^l!uqzGX@P@zy4p|rx|XJ zgG6rjgIR74k3?MdN>xMGqLhhT>?$?yUpSK=K%5RgFl+PCf_$MMVdSC*@QNHhJ2+eL zGep&yp#klw5c#E_lbxUZCg!M@0A(zG?~81&+}763zsW(7jN+zg^?%rl=aMi|(&YHY z6VH~qKTfb)T2^>`?J)@+y`(0`$rw-iK7L?C;FUeaCMzy%OUz=mRB+b)tEWEu02n1x zdNbU!yLj2Z1_oW|CYM69vSKLGHP-r?!^manIEy8fPXv0=e^nr94xcGT>Qu$*-^bfTjBem{_RWaydahvIcqccZ3`adyUx z&H3d^Pyll7q+F}J^-}Y}uWbFzJ|J0WQxlEy3x>@6kA{vLR@+(bfnsr^6P~`2lI)%J zs)#jB=+fUd9v38SDkP%fR?xNhxfRW!E9!y?v+_sZa-Wa?@b(>WT-Ln0Lzp{bal!}k z-_OlcC!{3=6?qeooK2@543Y76KSYd(T9v1axKuj;ju99q+`L~f5`GdCkyP&VH-4A0 z4Op$#9ZCffkmq`gXnl^f0tUZHNu#DmZsiegJjOVcM%-L7s5O!HU=5!%yZ+Yr)SPBIHzPhRu9XQUnMVJ(8eziH}##EugaAv%pMrLy|sAcyjo_xLFp726l+0Dpk7@}2DlfV!9D z6Hf4rEHMSu_)&bm9cuGa;O)WjlyBaE_c5OkEN(4-$;INkwz=GC~Kq4+d#3q(vnBefvmwg%K?jlsik>v?4O39R%b zdZaMV^Vy?BOqhr(=y&}&a9h3|z*O}<>Ix>Yn-brM_P{#mH^vAptuJ;_dHIlOW7H9` zlCIagc}}>*J<2maKexdC4lVLqgaNzVaz9N3{Rk-qRV!-@?K>Ka`6dBl5#B zjs>Rx>UXOOY2D{CPx98j6!>>DiQPOVxwhxcMgoKrz>l=zW zxd{r|-etc8wQu|f>bL6G+q1EC4Lw4nV-LQq%jFxUNu0_IUV6L!#Q=1o9p8y@??PU#W={vLF z9P$cmOwHaE&8o5uA9JS5H2k#$Qo$n*V%W`#%BYGFIexiw66E>A3AMgnPsAzXSo(*i z#9#-oJHq}19Mw`i0Al;m600QpbWPP!gY=#8CJL1j7uk1F!Zj&&h6$6zGJAo{ZcqtW zILKL$z>28+Gw*?eKBGFxXl>6g4|iWw3GMO*nGAkQlYZ~?XQB19G#Uo=oSoYCwloGl z_($`zhDx!SF&9iI{7i&!fPxe*8owQ@KN96-N6zK*gFbX4GF)Kx21NxQeLMw|>Pf4MvSnai>D9fF}eYR`hVDx8JB?SN{I z{%fEG8I>2SOjQI~MLj4Kg(-bmOlJj7eBTW1G7&8iP^{<4L1A+YcsR|6MyT#c`%k;- zFV6a7nWj|w%!5gTurUleU9-m1{gPK(Pjef2{QO#F94139{$VQ#M;@gXFZ;`N>u{VP zr}WTJSoP|k{XJq)xNK%fR0+rR)%Tw5eAiFA&Mq!^JNr>sOzATd+v}###y6Vm{2?xv zNh<2IT|SEmj%>T z5-cZVb*;6z%kvd^oj(3`9T%4_|9J&%vNOnF+OMV}$u866#y`gZ2F^jwgKL^8DjDiL%_F zK^Cs(;A`VoVqko_VAdR_YnfO=Q1BT%z(j%jIk%YG5n*SDmb;%s7I*wllsKv}BVgFPLY_V^f2s4*)(q8GKGJCKED9IzWt!s`OIptIJ$10HHETKzit1kid8V`i2~qQ4Jr`L~oYI9t zz}ou0GwL9Pg@HXbo9!BRd3m|}#j<(R!HP8=mn|Pvg5}iD=|hL-&aWheH8t_oo8EOS z4kg=8aFR2M=_s|0(iDtr8PjYB%q%TQwKG=ft$~Ic(1L>-KGA;XPBj+&YGb2Oy;v(s zm^vXkextHKHkwlO-#=J3*1ZVbgoOF0zvVSqT2~b;6AYHtq;c=(;S6sSQ=IW@N~yT% zFK3X-g*AdBly7!Zquq@k-QT~8iBIbF%|w~SVbW5BJ4EX@`PVp@?F=%RT=(FafG?;o zz2p5lGy~bq7!jiewyl;2tS74rMh^4ZT~SX3mPCrU(#qJV;xn926xq77$Mz^?aH*4S zrw8~6tV&-@K~T(BwpBg$VSSY-Js zPdGdr-FoV3bM4@)p^^6zwumM*%l>0!H6l6^|E_ItH?PI>Z@dX-M$L*%kkKA85|RM* zOVzf4W`~S1g?qa>aY{Vo^z_R;QA2L?=qM~+S(RnTry0@rUCoB*jRj60{%=C@;EJ9Q zb{o!igylrqUbZS>g@?}xx4V4UbUkA^rh-2>?KTD8eEmK>DlPH(`T5`W zKVB^@Ew>+5?WhF>H&dIKq}wdgbJ9WWa~6ysj9rJ+UAznu(cSGJRnB_MBYl79qw~U= zj^DXu)x6F}ZpuiQRZUTsKBxEt86zI2-TF5fot>hVVU8j+Nr5|$1s3XOuE(>7c@P%| zKk!@C@@H?;G`TbK9U{Vw*qdjIK|~CgY)1IACBG@s8*rg-g4j(r-yK5e!!Ie9Z(oOy<0Hu8cOxELrM6olP?T}u1-zKxgUx=n1OH&&P zR>A|6?8TKP)xI0Z&`4h6GJp(skBE4DagO#B+UQQatgR6A7Q1vJz##QT9wqU_pfR637Ye`jT02_ zWtN*&RFJ&V;7HQTxh!0K_VT($G3CR<#r0khdzssztbg?p7x@OMKp%fr_6OJfcYmO< zNO$M^FNE4?r(abF(?fL#Q|oPY&FXP;)hBawu(5b4Hrq9$f!nh#np-y9LsQVE{U*?PQ z)#kT(j<&n7oNLz$=VYH}u*%-BA!gBLLy{1I1S(0<*dy+z(-EE!<<>cs#VGk?C6u~O zygUelh&seL>yN$-Kwf8rGVC+&3`hiRU+@$0^V!n`?Jb2Z@2}t=gRef zJo%)Tqr@*^P&gjjPbMe2$Ub@8%};mD5zRzN8JUu*s+juv`tCsiL-{s6ruO!BO?vFz za(3n?KBdF}V4M9lM#HO*rji^|XdyH))dZvf z()?mF%}P&&6tBw=ms8lu!Q;~EuuESJ9D(L$I8ZPaQvMJIzClb3Rg)K2G)Zh`qVu+U z0t2=#G~LKnq%oU$&ll7q!-$e~4rfvAjO>KMX?^r@EX>tU41H6WgKbVi4rXqdi0EjO zs3mnXQaU8xT5_ z@LK?Bc`+Gu>#@UE#U1CxPD&4il+DaZv2!&WuM0@u&#w`k8=oX5qc5K2G%b%3XheMg zN*3R>#;1!~)juHrV%TYDM0sfO;rohTkG0fWZX;gJ!9x*{yA@`|IQBZIdm z_yILbgDa02^IYo{gCIxlciorrh%6eTo@h1m?!LN{a|BSZ(=dkTh8JqoYyhcL5KQ!N zp#~|Ym~IymHGM;o*ks!CeKi>qs&I0Apme8yJOu?@V&c*8yOfkC{5B$F7`S7Fw5?H2 z8MFa#E+yublS3omJrV%$ex+0J{Qf;6m1nfc7kR=XQ=S?}-A*_^7fii(unxY^5^RB9}E3P=@9WBxtC z`a-IA)!Sq%%}w==f}clJ?=JzU`waK(0H>4I6`2iA}IjeA51N4gXqSu?Bd5SL!8?zzuRH9;uxxN%QtbDdu<%$N0R zj>|PKO+XkTgVZP{Yv|@X6(*mf|Hy!%9U+IL5PIA=Yhdnnkcr=s;7p|_Jbn-`aBDN~spxYzm8i(nfew|h$nC0c= zwfAv53<3f#W!1=T%d^o*)i!66L-(+>!ZRh4B5qi6BxuONBfK$5+Wn_%M!teEASIDo{o9)*u@7&KzV3lYh3D_VO|SF`|KRTeQSf4JH(3>fC)t^QSBniI zsQotnt>I-1oVYFA%w1*|v}^RC=k(9@Yk*i0#vW*l3OLTp;GG@_t6EAUG!{DgHXBnT zMuwq-plx- zmbYp76~OfQ-04AOF_6TUo-b2PrjS_kqaggZlM&CkheZ$iH<{>RVf`d&;lzkEXCD1* z6=7=yRCIMrkTrsShXYA$+by%7)*(5o5B_dREGb%%7Yk5=&oZLw164Wk7m%6~V>*R` zHtny(0D84nJmE1GeN&*`=V;sWQMJcB1A07oe(h*AsY~CX0W%yFIyySo3cj`7%*f0w z&Z}@6|A>!Qf(sPVFsF98cS$^34V(SeUEgyo39`{if`!eY_6fa?WdFJN*oeR6C3k$1{=3{8QosFXwGBLpxJ32D+`wsJHMW6M^ zeA+u1XB`bX^Y&o2&Vi!X08J@b$rL{D2ud8Zm8^YtqE+2lb!d+y=En8*(0J8;**%s9 z$4LOn&&~BR0EB%hDv$IpCNDA1q?*XdCFSKggQEhvJA(vbe>RzqUy`)UsJlC@FuzV~_}FY& zM#0F45Ad)cPw+UwA&^@g`Bc;f(?zyS(@S05SNHx~d^mhYidY3F-Gj34E?rMe6TiU- z&pR0aT9N;?;QN`vlux?(W^0?>`uoE(sn6orx>L!sQHu=m7CXBYAlD711_T6<>47to zNJtar*BEf#ZKA;yIHp}e#*+lUExB9I%;95}>y*Y0grUTbF`4t>xHjOp)*u`ldU1)M!3Ov+<_5+F&w~0Z4Q0*AYY1~Qf3%I3o#bq>x8+c!W z5VJb$e_cb_T>JuOLUD0%b&huSXWgNCY%{Cy*e08g|Ki9G);WDmp9}*GThs>U`xlma zhR>vQ6nYtD`}w->7ry&Gy>8xLwNc8Dl0#`JDYB!hVZ_s`Cl;H%MTXK+6AU|K@B1#F zdkQ3>nJMxR#-+i3Ma}kIqlK;?@IQnhJ#sZ>t=e+(exAO1_NLxzla!n}cGQCg3IpMM z28TT0wXNRV`E2vUPKh}Cz==9=s*Y#4EFH!--9D2!s5?2s%XVc|rDS`#oq&%RAO%bS zVD&(csc9U;AZB|a#E_7@__w!TO^Lp=F>1q3PfO-`Xn+UYT8UZyqRfRh1TxOhIz~)r z$)`+WqB|To1o1I_$)fA^+Or^;6}7N;jZ7&w9*i@A*8<)7x;y3=pvME>n?Hc>!aHIR zkii{J6l-7TGp}x8gcPT%)7skjMBBhC2wp=2?{opc_Ct{O#fI`(0`)EfqxkU|5LDC+ z1#57u%uj!!{~2gJ7%E^unybNZ`@A*sos8-L8q!$!_+r3s5AI-1r!X)2)hR@w<<%$M zNfGY$%o38~aNiq^=|hMKL|!n20iq$NWd#vZ=>X8BuwKQYrZj&2**wJn(NZ@|G<8|= zfGP9L%uEE4t!BmlniGM*xb7!kEv^kF)z)e!Nl`nIQnC<85gJlS37rF(u|?9(==rEX zQH$pe@*7OH@6S)){UkIJ5)5YiasXMHY^g2R$Bp9{509jh(%}and!){-`0y1MtC3_w z!onca%3W{510ZGe_5@X+TH9UHBe}%I%*@<`79#!h`@>k{gV%30NNe!7Xw+{p_nEh!bv(?-cN+}IEY`)rwnp!F)urCiSrOCAlr^1`wrBYOq|68rJ+bo;Y z1t-|a{_6-dTXO7I5b9-ubZul{U=WT2)`|^6{56lGz{x0Rwi$ox<2Rd}6N{GPpKob# zLJK|iN2|pjkJr`xtE!s&v#D-hu%j6)Jg%1bl_$I^A=%Q5GA|gry?X4ieC<`7a zk4c53-_>>_-NJo6RRX zT>|cL^PI0$oaw}6GyuZ0-~u$2gmXJS)-sqo{e@0fDGJBZ9L$UEB7osT&fUK?~n@boOQcsTKtuI zU}Sv-)*KPXviZFsZ@0s)o_6hzrf6ZJp`l~dwn^wT_G~D1+K|FJ#J#p}OUj|wzigZ3 z|Bre9_ifSc;@-FmCEn+n2V&QcA|sBEG0FRrUh=+up)&E z^rwsX0!8&5vE$|&SnShYZ#r$MRRf2a*X;ojw??504yqQAzpyZ)t>^m@nIdpacuh=*qhSfyaF3d?Qlg3F2S%_bN>lhz`?%5 z>wI;VnFv;MMZ3&9;bZFfOGu|8x%OZ9{-4t>(rbg_gIckXn9Nxp zud6b<8T^;&KQ}?~ypCHODvX0q}B z57Bl#mQ0y$Dp)%J!TUn zY+WC1_O>&o!(Mg@-Yrdel!PRus{0588qN>=DM9D{4+Ij|vcUWo3vqp5>q(E`_kECI z24g~y2`2blUtOE7#rZAuXGLI3{GC*Zvu_+dT`vLG-}T$CprdCa;<7{)IrHWg$(C(O zL5z9;HL>u>8O$dJZ1=r*;b+m3{U-mnvHNenPw%+Hg?04+z)%tx3X%Acu} zWE1TaHM(sz4~TO+?v3pN(Qj^?yD<(XPJdYeRT4jp&=%-L+cHtXF{^|GZ!Lgg7|evp zMp?mAx}`8crG7Y+=t^klV(7wHXfWu)XlT%o(87;zp%LqtejTI>gi<}WjmCHvq2d4Q zk=K*-iP0FSX8ql1X>dJlwD6o=MN9zs#d&a0x!Yp|adYVs{9=pDuLLlEJcUnf`x7#vFsbi)D!tBc(9#8f$+;4wP%Y^Z|FE8TC2?PphEFKSfwtLo%Xw|_|o@;{=So#MrEPnMnU6EG#HBxVF za{S{YaCGGq))FtP5^?070-}e+`8#mmQ6+;v?1>bqgh^fovF$0J5zV$~dk$*gu)p2q zd(81{=M&MR{<&GJislsK3Q zT7^s(+)w>w1EV#g-qdTm1zdP7{9= zxHd4Icki2-@9XpXoZh>cAqjzCg$QPh!SyVWH?-6cn~nM zAK;|eu3ZXJAYj`yxuP~$*-STKj~YEM?W{Zr!C@P*g}5i@ykE0xi*m=UEq?7K8I|{9 zUL?}oDmVu(_lC0EpDbg#Tpa^Eu59jR)0})>Grj9xyOG2I= z=Lhys&r?wWiDbZ6SZJ6+I-x{he{jJ|S6FQNCHC0V6vTCtGmb)vd3UxZ&d`l4=A4;V zkpyG^G5G@>bVl7ucz(Cz?^peRnR*|6xZHscPlfJUjSh=Un_Ft)FS@iwAx3Ou2Y6oD z*?lXb_Mby(kGp>Eyc$|flls^z#BO4dW4=@+*yw1?)zdP}>+1&Bl|F}v(!ix4Y3LEF z8<7vxIvPUUUkuAB^oVUZ5!ZI4C~0pHWVpUxxG8pg`0&@e zIX1vm{%-H$taxHR_WM_Go%n(YW}r0zntto7t_y^*K}@Un*Sj+A-9{i(w)^(e?d@A> zaM?Rh>v0=qLySSwT@gm@GZv3KlOClQP*rP!mG(o*kC4=Sm0wj=#{IA_|LnU)*`P|` zYJR&2ts`%>9$erX*W)Y1?_cbn; z$iWia9bEYAcADIr#J2sivgZM<4r~RT!a;Nbp&Tit>PaMtcVRV!X}hn@7i*CpGruvi zjw~-I%GwYig=<6;aXrUovUC~piU4jPSPxz%z;|@zv5|OZVD7dvswUYyH#NOViOn68 zz)~&MRRl>q4mPF*k;ZpUIqbJx{|p+M4-nFZ0m=|aE!gMffbFiX{xGg=_%!@sbKX^< z_dyr}M^~H23=zlGl}WX<=yiA) zBnL()J)&*dxsIk*w6dd)laLL)5NrUxxGE%kf#Smcbe51GMcG~Wdh2E8!nrHPH4l!FYK99 z7FL$YS!ofK<@Q^h@$n=}^MC)ke9(=C{vjOPJ*cZFkD}h`Lgrh!o>OeB$Pt&pogK@n zJAHkS?mB!u#+OL3EvChM0rhRbsN0Cy28W)j=Now}TTjON#iwrlLyM8_j>+7xlt+)vrm9Qh(b-NSKn=zjP6 z$(p}OG`-!@fk6{x{-#6XmDLPtt-es6S2~foie>q6_2C9WerfAAGkCNb*PebhqscWV zXf58pX{WXd_=s>irt=+3yiS|fQADPxqO#KbY^@6+drCRrO=ov^w?U@{QtBMtqoQGs z-SzifX%7&Vc0I)ASufspHR_XF!I9x?`o_dlXK%IlY*%Tepo*^IE_w(8u5lo+m%OBvUb29DuEzs5tQ=)TBtq#l z_qs$tuCK`4=X_b&$P2^c^F=sK3Q#v!`^n0&PAe+mnY*~wF~3j}h+0}^msE6< z&jw;WM4Ya$i{0Oejr^V@E0r>Faaqm3rYinwindBY;{I8C@`~%Z|6O_;Ck;G{+esq- zx5E@i_-VPxulr`peA13-GlAHn#wWCM))<&IRy%Y2?))S5XK2Qe7^mih_rM{=X6WDJ zK~lUgFFSx#@HwcNf{_6faVnR^;jc3ask}i97KBAdqg0s&0!UWFWn^ZiV`9n*3xlPm zrjCk=GFcRK($Li%TXET|*I^+DiH@TDEB8BJdbWYdXtgr|Z5j(z>Y&Q)!gx4^&9Qj) z$8>ozO-AZL@%g3Ce!Vj!p9Ii9+~Fs2WW%y3GgzsK{egv@4P#-1#Y5A&+Cj>a%k4~M zJ}fzMbkLHQHDGFE+W!@ zM>O34T1D9X@JCln;RE^800w+FTfqZ;u^&L(d2_K8Quk+PUbVZ}~FTW>_J04HDFylDrv z#hkJ(>9YewyYE;3?8zoZtgojGDX1Kq;aWg{piZ-iL?f*M_103u%ZtC0cZD_G{h&V-+enV?p@YO= zyK6}QcE!iE&TuFjMp@hz9!yS0_tOUSo*ZyxXQ>D`{mLCB*gVR1r2W2+c(Ua1tE)0= zDKt_}zddNh1>nT(ezu~v?#TP}WF8$8bKEl)gA}?SH1JmmEAIAmJ9PGETM9TI3@8DSIQwlo}eK9&!&r8 zTud73dN!S)x{eM}gi_HkMNCQ&@_+}y-xDN%0*?p_dhOa0zocj!)xzavFaGlfcytct91t6HK)<#2ianfaGlUS|3lg)HEM z_Ql#_uUxI!`32$a@*6&lWk}W$ahtu3;dW$;-jRA1TPqbX>1&%M- zLJxDc9;7xy*7-w94}K{MGA~{)1bzD}b6eL_9nmY&qVCym!;&hsR>q+SQ@DT?Y2NRr z%jroDE*i#Q;=or8#=q&q>OCzvY2@*bU(#=W))`F70k=tl4_Pgznm~`afSZ$Rb=@P8FO|pC$$xp*$IukYe$bPe114rJ2TyVr zI+co*j0ectSZPEzgN2Sh!LMA6;(_BK`#sN0WE~J{guj-q-x@j^X9S;}7Tdnq3B8?l zr7ql2N++6KEE*q-9NJ9HDg{%ylBKLdB1!RCDI@PoWAM%0H^+?Z z=s#XjbCvkjPud)Tsct{6RvBX6HmEVutNKndPVP>S9z&qgjga*tzwsSE03hQSHErmr zO89P){BOG@n(uq2oox=oJm#e?qryLf8rED`j6$r>iCM0$P_O$DLpI+JFam=p-gTV7 zd^u$0bL#(#lK$*bk067|E-Srb*hjv$-XW(99POUUA2}`j*9(wLY|}B>kubCi&wYs* zm7EENp^Sd5b5+VW&7p;;aekARTGuze&8TfTDt^WfRc@8*sHT^$A9&Btdte7W4ny)h zR(+t$KVWD%fiokSO0OaV-`FyLq_^TzsOdJW-`NR9tMtlU&TYAPs?plMP%ZU>QSDA- zE?Y#wK^#46-aDCS-7RzS`|jS4!Zo;{Gpki?M_^hE@(U zuc4g%1k)SPw{N#0PWJI|zpCB;>J)tW#+&)DMm_#^M`#JRwHF)?2P;d5{SFkJZN3!` z@KWP;qcA@uNxWI#R;DdIui4qQIb+zzH?(W~nrU4& zRKR_)o4NIt=1X3G^T!ie_0@s2ZXH;ORUFao!4k3t-TM-4?{)sFr z!}(MmOguF2oY8pbXSMZ4axtA)+O_XM?i(PSr>1?~)McG4L2_Oh`>`SO?!7x7Xeayq zE>Lvnw)pGUw>Mt!*2Eb2EW(CXIs?g56>ekdY^yz*nf#fjPigVn$~~s&>x5(+(<4u8 zHF6f|=vmj>kSFKPQAD~|z#>=mG|^bgthmr9bNPARWMg*V_*5FU(eo&c5ZIYJed`VF z;z^GakL@iJ_}QM8nLjxbN!IH`CDG;Mt9tKyoAHmGzy0}v_u6^NZ)j}Fl29>>m#U)!H0s__d8W&L*Zn4>+js$1n?V9>j>H zvIY^8NvsglAV&Sj4Eutj%iWeLY3X}A<~L>F$89!En%&uT9z z$)~H0I5=jPMF|C6$P`wfFMyG}^ z%}`=y{HMJBJOmo2&kl`P(e+z+#3^1>8EqrK}_h?vgi7u)P6e& zd3{jF=KJsey3e}@IE4i^#E3qRF{L(uZe1G&($Kd&m>;?kwE~sIU1Psvs2Q1wzo=ej zS@K}GtR zHdVD^pEvN{^)Vl|Dk`-#<3NKPIFLBrVSX)z?D#~ay?zZ7@V;%dnmD=B6__m_Ry;>! z3s0XpnPK^@w$ALmK!%gRKQxo^v(%^T?rtgDm_+B|08X_KsnthDMOH$U!i_KiD{ft< zg+Gh4;)&k|X}xVKoJu#yDCrqP5mUl2$%)GD>aR*Xlj@!YJtyTQp_>eeQVPtWeC} zu};8~skX-JP-NDwRRQM|!5yQOME=ZVa|SMVKkTnHX%4>Vb0mWCmgy|iY)0?~?Lj7s z+0}yIEC&~*_shDH=on)06Lt@H<;x%97^nvQB!r6PCc$_HX{Uq5aF8NRE=SsXQMJ73 z)sWm=84K;^UTIN7!jdDJ+S#vy2AogCVNu-QHBd5=jt7?a$2$rIN@@9#&WSB zHVe;A$Yag26S2q^$f`QTOCmBI#O041PRZL#?!ogarQ6}oM%c8Kf=%yx@pzw^*a|pL zF?I*EPjf33byP%)QF@WHSyOWq5nN6gv+;QYhEn_ENCKwgNCxwivqtV76!)Gl(>L+& zA4d?peO0r6Af|2gg&({|;x$Om?Bp#kq5IX=T9np2^3Q(-gV(b~(ot4dF{|;LO&}w9 zw@HnswV^K{(Hot73?o0ahh9WzNS)r+XDhv!xvq2<<6*AJj-a+eBfjh6SSk(zMcv0< zx7!>hC5xv-ET<=e7Vim+T||C=>GR>5AQOxrh|$(Z*?LaP6HLiVphWx)DVRhA@zcY< zA11QnDa$5A6Fmou^%}$#_zfp)>{~nBd zF*Px{go`4W{o-c8Jph>EZfo9|Q68Yqli1E_PpLRAltqcA&_bj0&pNX(dV>kr_Kzb7 z@aJVKnKn7rVs3Zy*`;hKhAj3xEi`?{_c#+6^u;*o%E_us7I+b$MGMJr?#x+XDXVo{ zn%xWr{kD1ou7S*uv~JWxp|KR)%vHD&_va>Dy`JhQIIiA>2fpdI@1MMghCIIJa;M_m z>|8iCy>c+#28!+OD`Zwc%VkViO&;SF^A%qXnwCn; z!v4nxb9-}=J#O-u7KRP?k-ZMSE0we$8643koMKPxq>nBv|Ab>l(d9TX$_w(CP;0ZSkgeX5yQ=@ld8rhO>*d z5PzZ_BYd}=2g&9`LOrTB>F z>--30h`xm2C164LB`JXMs9Zvgq3LfPBr{<#TKF>q6wijLq+bA|hqv zK!M@!52CMW??fL(9ug#PeI9bUPmJ{S6-4sO`sxz1R#zKPFy^^AQaPyFZ*OyG)zpGj z@cUwphxXX{qOcHmEgCec>w%&ROJ+WKM$1PKR6^bfiPPcG z0|W=VSn1lNyDN=rLfy6{e!bjBubM1IG*a>5u30cu_-2Lw#R4EwZAM;(_bT4f-uTtQx&?uGAJH5z5zTy;GJQB!PeNa zsCsMAa(S_(5nLkZ?-!NtWQ$ZdbxDOzTT~Hthx0#Fox#Fr+2#lz^|Yk#=GLBivO#+^ z%O02<1JegC{vV)me-D9ntKMH($yZ-s17FhLF}57^2Lki9lUIHRbbz`S9&0fAn|wrCqG)wlog9SDJ2 zSXjb`$(Nnu7!oKt2&9PU9CmBp7!_&OcfRkarjP#TrZ7EPUuV&03E zZf^H!tIt|L8!BTpJ_}E}8a@ZyRUsJ;SAu%2tM@W6C35yI3lTjH0J#(b(<*syWQn2z za?9i43$jYrG{Uz}0=j_*eyOHr`0rjsQ_St1J3O0y-XsoHCs!r+^)626cF}{bH@Eg% z{r3jKXjlk>vvLX=IZ>vVh;-#qy7p_Y^j$zh8GnETe#`mpaJ<$r$iK;zsR%yDjUOR&CBfZS;Nlvdu z%-Qd6eV0WP-4de|8xk#|GFnF&m4CDT+xRu$>Uj@L-Wt8P9@-EhfNTm1yLwgo0*s}$EW zgRj_BE1ak`DR9YHen`MhkU_#JF0Dahwl$l2XV34vw+y)N3;42V$Xsz_dHnYdS}=~} z>G5vr5eC5R&RTjM&FgKd022!%dA4!&SvH0K)9@dQ)WF2AFbZ|;ap#70SF5fwgLpS` zd_?8v#ZBIHr)+_t#(h_ueHu20+Aj@}2`LWUX)P#~h%XGUVG-dxJJ!pi8jLU#6lINb z7R`1PAPX+i)rQ>APA(aPP3D)BFu9`CF=8Z3lj8q3XvZ#f0no>0DF{4A*n_)99Qp zzM3vq3bZB`ur!22Ehrz?W`WPb5B(|ug%9@`V|9UOp6ef&waq?;>sQwj2SdeE^yK5b z@2w3jRS(Au@9WGAu}5tN2o}u<%Ti*?WR{|{w}$R?cKX~A1Qx&y+{~z~TU!eF`(MU8 z9aTDf~JQo!E31d;o0|JJ>JjKFdV-_OeiFtPY} zRjhk~Xk4<1NvnMrS~*{dy-C{KsHeNR(O*~VbamQNOHc5oguA|CdC zCzr@T&Tjn$g$`IKdX*eM7zpD(nJtF+P&dd3=@c(B(X87YIan-C z?4EX=>785>jwJf^^A2NuqH_uHLtlPHF}{iiMOpC z9>q(juMTGXpFhM!o~MHKN67eJ;i9FtSEfI8ua$k%@y44F(37)3Z#=kza2NU~ZTdxx zJfVE6LP{bbA3$H6{oEJ2S`Q7e?Z&}UFMg|44(JX6;o6@a56}HyhrX^4%Q_lJ_%E23 zccpLdR_ShHQm;4XFzcb5`R-X7Z8gSvc75lrdB@G~F=ylelq8XvvJ+YEEKZcSKnW@^ z{TxYfcYZ1qfIblI&9<~)kL>FVPk4$SQdAuvUe#l|dfu`;Ep1zAJ%#c&!n+~xR0WZk z0hvj>4&rOhMA#JlBvw=7mnt!|x)CU>bu2x5Q|26Z24mkImp!C{pr zauyi%4in^^@QvkC2q-|U*=7?uvMV7PMv}lOp|t6$kvdfBmZ|0i*e~Sk(}z=QE3Pa` z%@v`orC;$`9O*KI2Jd-!8ytY-3G|`Oth)00TF&aKS8};RzrSq=)EcJt_XFHHQSWFg z3>xw#vTVyybN0`t1o_v~gXNe}1ehv7Is=2YiOJ3JbynmGhgy51^!(g0Bo$@;0fLKE z;o0QHZI~tI0SHP;WGqKfDZ-s8yu1#Uzza##XJXw(3v!<1XeHR`w8|4((q&7Kpf4dQ zDQ)@`hk(HNt+fzfevJU zYm4?1$d>0v_kZ5$j;KqUy!p-fKA2_DkF#H*O125z3;BbWYC?lQ2wU2*;$_(58~JO2 zn$-1UIh9gRk3EKw<4mB+x=3ay`lF5r)|?FuI~W~gbdB8qwyE%9XE;3Tv6nyOS5ypW z*;WfT0y}fOZbxz9BS)6HG}nDd78^GY3Ky4`%Z&eg?8W4pSNhpjmhU#-M{PS-H(8=R zOLhb*t7}UiR!B3_3nUj-A-+U$8Nfj7={Z~Pkiz_0su1zp~^wCHlT(`0pLa~An_zN&* z4?!yS{Mq7mNu7&rLW5yQKlttW9)8&Os6aiDKGBf3#zsAc#KtSwLiXHC+EVS&o(x4$9sJB3Np{~ia^iu;Ee7tq3S)f(&VhDVofLlDNr%yE(Kex zwf^nf^nVx#e8lh)D>#EoJ!>#0eawDGPpf-eEz5`7ddrteWBmzyEfo4G4B4F=f7+>& z7H+AVQOdt_e!aF&sX_jYw)-3CVq@aM(8(1f3+gKlaMa~z9FqQ3+M1T_*bBGT`XwR3 zOc%ev`LSACZ-|Z(Ge`~=(Awb2FEqMnXB;B_xDMRb-y$}y7S06)Qb1_thhsT}F=kw^ zgu;nX=bUH!bHJOPHZP)mjPs+15{!ks8xq$gXpce|fJWy}IQBh^<(x{7tIL$Qb6soc zpdQZLS+z%}cO?~J{Wf$wL=yoYr2^|9y!c(xmBe#Cogk(fS4KF3(O`!B9DV1C>aZC< z8HD0S+ibhF+qaW1?4xXwg?7tdoUtV2ys&nEJcqZkFflQ+{mtKUH@tolnl|WUk3NQj zd6dN+2LfDjuBOd-H(*tSd0vcYGEx0r)-I=WVeq#@U2y@`_+yRUg#2vn>%ODl*RQDN^-5$O_`i}N_gwQXV$TGXI*?BgGq|5-~c_nB$$xU## zJNW&KME z7kb%>DyO7N>M%@#LJQ8Zfl!2x`zT={ja&~z6e{z-rYZVA;yO2xN9b4g8U*mK`?7%_ zN1NCd0`{?Vnh|Te&;jh1^5-c(#W&79fB2s;%2ZWewl$A`$S=AL36HzIRkd96LDs#} z(r#Ko4OI!$L&%UNpM7bZq)(a6PCC4CUUR^VKY=nQ_9E0NsnkC<4}8{G;fM^vitbPE zL%rh5Q^%=fEm~_!_Vc6|FJlvrQ;q6>#n_H0CfP-(F(Kgdxkao!om*LOQy!e?^4*#Z zE+JG^Y--*t!Tmbfz?x?sJj~9XYLvpWdEV6R#GJk!ONopqJJ{Uj36WZfD3n=LolJhh^|?h1uiJb6>IGjDDDBgwH@A|MTH6QZx*Q!78xc z0R8O^ba&(aa-Jk-!p~ZJJ;H|TKmuu28ZKtuRmvYzHai-+)J!}|mk4tzg1A)nP!jw4 zliGJ=1jrx5&d$G!ujo$hgRGNUYWxED`c0?2WqXZt`u)_d-#lI}ZUWAR^AS z+lC9rp0@*%t)K{a#bp3smu(p-gqYHC%Y?lABt}|SM8!R+h z@IFlN`|i#Zm$#&uiK+a3FrBtNhYhI37qSJicC&cQ5$ZK1beqg)+ZY+j%$5C)7=|gK zIL2L2iA+Nb2O!lq|8V4J=DESs2KSK7d&(r{lA#ryi59uT7#d z)CJ3%3k&~DMNgpUD_bu+z5x^ys5AR=F#OsAnd(rH338fLr3A6$vFYh|OUl{?vNNbBUUw>dN)keDrsO1Z?`JY-bl{D{r5# z)s#2)$~nQ}s1vaB{c0wBwY53x9@%*k_mKItU>H{v_O16`bT)VovT^4y-_Boqw19aYez@3od^5Xm` z#6|K27#N>T54pSF(GiDtfn?x9Ey;ePhA72bV2~GMqV9suq`p)wbs%IMq$h9mpjewg zHMLWfqo^XY^REA5ws?Q8yPOtm68&{Lh{ATXcC6EdPws;_!|t3q$gI3~Wsp9Q9w__# zn+i1$3JMQZ{oxYuNJ6}ige#GQpZS?S4Aac26lrmh@T$F+{d4@)g&GQeKLF#@aLqbp z;uyLAW=4`V654Rs#qg4HMK#g?5-J=Jc_mLm9m9_VVR@;n0bKRF3U`mq%(pC`{Oa&~ z>Ue?|5V#d6*Fn{;K&naB@ZEyQ)K&r~ZOwl!pV&-cp|6XPsA#(p zslxbVv614kh*M|k%HV(EM`o998t*UZ1DALp7~63u^LAD*@~^aUzPBHz8yvf@b2o<1 zK9n}$6jgjtS<7PTuhuJpnLJsvE^D#pM$UhPU3UgBo*LxXM{I5hNgf`lX}X9KA3SJ0 zWJV&6QTtPcg%MDNVFEpd*l%weDw)_7{Y?!zb>c_wsz9epQ|ArOFFRdZ;bnOtZp3he z386bjQ06-H7Y*io8yoFSE#~+*u!mCsdz%3*_&hG@Al+WlfcFQ}sVuG+36XrqF>piT zv9k5Ssew@XfVQ#eQT#H;IMa7L-YxlqbIz9TURwndcUq7-czOyrzZf|O&7+JB=RE4KvFqzQ`}Z~=$7zt8 zq_NC8qyihi+AzrvM2f&-h(r+}<}^-Qx-GBW3O}5M$s2q-<~-@Ul%90f$)o)5p9iHl z6BadK;h}~=mkIT==oPcY5PZs7Ge<)kNDP1#ed8b%gdc|D>O~&`kPwaV`{1^f$vPE& zJWS)t)@MIGQ7vhq8z-!agX+Y)_C3BY!Cm*F@w;$URST|K2s<{*1VkQr@4B415o`JN zX&EX3K>nHA-QL$ji2u25ufU2JQ%(`?mG?x>`gJUV6Pwj4QxS#|FJx6B6E`c|AcpIl#TyvT^=fEHf z$p^!BcDdtO{pCyrn(~p4-#8m$u;niKMi$Q#;^7JOhXFbrZc6C$m$lN=zcJ#veH%Nt zttnOw(l!b%%a3T=oO{nhDRCn?Qwj7jb7oY=al7&M$@h*K;5C{@xs3&3d@_P?N(APM z*;Rq_{wqIxqU9!-MI~^8>5?THW$+nxwZU?*0hcf<%{Go00-Vr&Px0vNZR^k!Z|qE@ zOIn1a1~Y&g1JdPzDJzabwKy*WgbW3`q5T_y`r`SdDTur1$O#Zk&u(We?;^?b!#47F zchsuKo)1g(gC+NZT3u5?V{KIe)#aI8E^1#Hc-jZ|_H~4h)V)#dKnPq2q!6igq!Fox zo`$2O*w@w?9?k|X*EL`!$A4lXA0v;UuuYzeJCL+Ggzk-+f{fZ<9CdmPKuCL?UU`GA zDD4Tcrz>8^5SGyhCb$e$Igs>sjw>NDMRi6p^=ohc9C?i)`FB;I3UNtiuwZz zzN*)Qp`uVvn;c_56pK;yvLY?^EZQk@hCfD=Yiqoe-*B z?{Wq$!xSDP2%#HgxTJdn>j`2uh357(wjh{9?`Ext$b#u0t$MChB3`Co4n0H1MUs~WRj z+jd1nPY92WJmbz`NU*wgC+*_eWQ4%Q&E1B;ihG-tdEsa%-u`3-`DuRS#y9J3z|`oU z0;&aw%CJYtm$~Cn;m%Q&HiO2(F?Hm3iiLhDqJKL0i64Z+0O?BOA@GQ+1|?d=t-lfFOXb3WfI8~FNFW?)7Cxs@H> zrarF<|DU@yvkDdqGGYHchQm-E$kr7R+a%bosf}aM5;Iw<^k~k3Ix)n9Ce-g{s7YH` z7Nn&$K$F<7z&7P8h0a=#lmjNHPfj*%{LA8E(+>gsBgOp*27i&BX? zWTGnR?JdAS#lu+Cn9u)p0UfQuWK(F;xt)+jsAtWWF$&_+*!oaKpJ&(0l7HSj{c6S6 z)8C08xecJj!`lNo9-{&Jxs-(Fhgw*KCgwJpQO(apfZnLZ8mLyBeDgW738%>o){b0f zyr|&$GvOjtsn-uol2m5FL7R8IxH>`@1_bl1Y91c|tPyz2!tPV!1EHNy1Eoqnl`GrZ z$2E40y7f>Z@80d;@8#7)YRKA*-HqEn_`iplzrP_CAz&Q4%M8D}7OKfyw8Omr)c)e! zfk-Hi6+isV&aSMp^RPORvC9)Q;%>+?G1$nWIG=Or@ifIA*O0Ald)DiAQSk*&gKp}7 zoGWd&f!xlpyW!k1x4(Z+@w|;U^bF0LU*7g?5iMz?n12sCd(aMFM#&9JCL|MI`~VqW z*xdV>Uck)X(&BvZ(|Iqx{@ZMrjcG~Kss?f$u9f^E!NedOa)RW5d+F2%a&kBfWdx03OxJN5Tx1`b88i};8S*30 zvO~!h%6ypMMNpzY>grnT{17gy?H~uqDwtkaMdXWPJx1GEM#kNpR4@3YJs0Jc1DBvX zXiG)Qo#)C6`i7;AB>j^5U$98qt%zkpIy#UtKJnx!QZm2)a8^+7i_t)*Fk%+;-B7X2 zEBS(NFLxNSG)P8v>xCdr#(lIp4PRK;VM8E;JNFMs-^r{N5#Y~<@@Cc%?mMLl4FPNK zVW|Byb%m>3WOgA8o;$Y1p<|O);a-mt9bGjIw6TPu(2di&(_{81=O{)@3i`@9tcV?GX&10m@hOc1oHwqRCXdRElHTX@Pg+Q=ITdx& z&^a3j-8=>%OBeKAZz_O(-WiN`C5zkksQo7K;7C%k z-nHyP&SSejGtebp1@wfCei}1*eNb;t#G+gHke7MkX}XIyx8Rh%$#a!%wfj2R=PXcv zzFG5N{kKEI6J^5U_Ko#Ix17G#uu7k@two$$z{nxHW)AAWwRK$3f=`49xBOOA%oQ%TK#HR-=0rweT_E9c~3MKQi#$ zvu9+_o?U6fu-Z+(UDbHq*q>)%xla^B9?N+n?lm6{Y+DxL8gm-HMkWOJ+BR@o| zijsVkYl?BXl`j*OA>fKjrqyA%$)URuMS=#u=wRk8XQ*Y_bj0jCHVULx@Xt*Q#2++CIiW(O`U`v_dVl*cL_i>%zqVG?1X-E^PZke zYC?b5_<1_cZ2AU9Iu#qay&pWB5=cTtSAOMdt>Il)ESm|?VLU!tD1eZUMoIMpnNMlq z58MkE-uy}5XEDYwFm}9I<>TKC2A*=8-wp!lo1F{nMHnG^@~?=2#I`$kaOk?9K)N&Z z{`h&P)QV}@sD@2KXe4AZ3=@({9&4(IASH?h+)JXy)!AfzU(nn`d1hu(u9>4v>AZ6- z_~kU;%5pP3tyy0&nU9eVrZw=bK{pklU{&Ooo>VS5@;*yP?Y%3l_5Z1YBdO*N>d6%~ zxPyWsVEZB^uF3s2pxuCtq`UP`ZU6H*5?-~jDa!K?DYAs#S8ykwj&x@`l5IT6xT=Q; zmsrDYNZBD&5#Goj4>Izx5q}!W-f_)2PYrez$YR!MfEIaH+t8f?A=e4ZFvlVFYfDf}%!S>%aO zGW#>f5yY_qd7epifV+bMg@0tR-C_RO=&=(RM7S_L$Xf4;U zU7!ITpHaoUS*`vqfy~p{Umi{|A!~j}MZg1!KmmOg1zu#GK61w%JSOH*JwD%I>Bo!W z*tR*4y{U6h-YA9nw|Nr6fo;YDNYP_K^p^cD{~dZ9n1Z7MdELL565EKjJL_6u z<>eiNH@Dz9f<&&`sECh(Yt1Kf8SUFE2-dZ~XAaTTzXEWoK$diYbror#5eUqQj!Y zrMdrf{r|oEyU6Nim>FyE81fvlUjrpWPRafj24j=Du?ZycePlX z;btGj{rNnJgyTkKSK7}I#bXcFNLc_O22)9!o$Uzkv_U--KHErBHB$azLW@8ib$vT) zo26tx+=4@cDO-fPt|3AoeV9Mgi_l)3H_*vs@ zhsrEAP1WU2K%%DRow!CSn zW(i}}ecVRkxsA|8h+27zwBsOg^78eXPgSkO=&yd4JksKDkS** z;Um|$gac|xupXF{DQ1H_q`B@IY=cXD!RWe~mdxe+w&m>T{hB3*cZf$997qIi<{ zrR>gMq;3sIKdtxS={6!QI;>YqOWd+#lcdz^LWSqiM_vh$MdQs8A0}4&cZ!HtQgYj- zg#}PqXj!;KFys1(LxO5B-B|g2l$(#ZlL6_LY{+AzutsLF{g7=s8 zj%MsvNJEI>>@*x^cFU@F$-Ysw26POq|6Cq&8Ywi@&~U%Ip^Quf|I&t1<85WTmx@FI zX1tP;rl#g@cFBt-eTwOPDep?BCG(TSTj)z^IvazUw(RSUByB?OFJQlToI$Xv1KJgx zLNuGMM0<<7(Cc7-*>PF~|a^n4ivIwnkkG#0w?yJSuS-0_! zedKjME8Jh2{_x$R@_)p9+T3jDS0^`cGl@1?T-0#cQ_|e@CU{%b<1hG6_`mCyB45Ji zcZBIhuBD~*U2Iy6KBe^Z2rHGdyrLrW%G`MMl3F%_+;Vsv?~$Rd=`pC>jd&|>L#NBL zptFnUZ%1eWuMvPC9xIDC(OH4HVCgIL;-bLsNASmqp?a27ei4>5ChBMLnW?JIyi>?! z7!53mmn4l&TQsPUGt4hamv+UT?Et(IxbB4&5m^Q>Ww=9h)x`boh_RQq#4Lu#HL5ru zb>M&ZJzaG9Ly_~(*31F(S4`ya{h*v+1J(&a-%ZnR&L&Hj*F!iekYY|iv{u#EDZLVJ zWB(%nltm)Bxo97Ug9> z*E~MA%#AwfEQOFJ1qY!ejjGjEI6J9opvL0&{_hb>Y`6R5#>1v_5g@{TsCV#PN<2RW zLDs2WfRR}(LuzVZDZtz<7y(%lDi{?TU2+as1?$&jT(L&jca9K>-;zUkBUvK zt4)aM6ku}fMq_KTDQY#cF!wU+{f~J7{u~gvrNX zaXouA>V--OJzd$(G1@~sz%Y4ak&%(Hv2_}ale$`5#Ln6J;vB$GFs&ToaNfDm_}_e< ziWSX@Ptjsno|^fqdc31(&gluY?-AwG-so7qkoempQqB(5x*|MpI)E8>#Ll04BBpFvLK?=HEGeZV5{3q2Y}u1+DUqFusBp+7AC%X60&eQ~t+8V7~H5_a16l((Ll z8ERcVpK)MeqWNaw=gyHbFK$7?UH=n9>PCoHeN6{nVVz!tR-G0XIOq1pDGSkLRkhru zVluNHDfH!u-*{nGsG}6Ai@9%m(AGRI{=8I~ua*9~xhK{*B9r7eK2@<_mZx)1TgW#q z!rJmC4E*5agW3HWcZ@yeLD{{Su+kg8qXwmX9n2S+nrO)mfn9E!j-?BYq-O-lDYQ6O z-?2;@Ee1;)4q{sP54;=+q-W)h89r9o{$yEer*wk(Z7c&k?73j{?!u#l@rFCIN!;#L zS#>#j%P*@lUPR2TMr=by( zp68c@gMjb7WfgeIS6tzD_Nbt3D7NI+Bz@p>(4hvODgaR>J=)1nuf^T^;?p~(^8F!b zJoWTYRkWIbYZ^6i*On8KR2jol89d2i`2|(E7WqNNPqlw~p1Wy#uT^p0>vnSCtW3BA zwNc#7pvsIvFt)EG?#Zle7QP>E6mcD35MC>|GJT(%d2(y8Si3Z!rY$SNr@Uu8_)dxBkHirm9cPgij~KCI#3~aO)&dyEId8$#0Fxi zs0riTy3ayPwaGVVBW`$kc#<(Vef!a^@noTl(b~N9t4ltW_kl7Bdx0n-)po2p9^ebf zr0EKZwAubRPfv*a@!o+&JQod-oh;~`9Q`q#piy^WLM_+hJuVYvm;$m&K&qfB;U8Bu zKc%d?xQ~!NdW_SF$x)FZDt>Y`smFXPTP7Dpzc4aiI#-W>sT|oDP*~2fZ(E!C1ghFu zIEbhyq+Z=wHv7}{tQE5}U5j~BPHW}6-I7SdH>E%8OK*P9l?q=N844$?5;U=}hc&-c zOmd`bb7kt=!tWN1ZzT3Nd^g{YfZL5#E^ltFB@%cEmXAtqnqP?_<%(MQPYyz zbPLuL-dXsARpeTU)8kVDVaNpQ;G=fWzTWpF8u15P_XPg3fkw4zPtk;dH}7@33UaU23K=CMPf~`b z`fZTtL~Nu=u#>1J`9LpXdms52Y^uUV=!b0Klg{{ObvHW_gwbwP?$&*SuWJ?zOHE$4 zwT603%(pqb>BHLV=4*H%E^0O0Zho!No_x|t*UVDcHl)Y%ch8MQmzrzGo*`bw&*uIV zydmebW}k5?*a#+2ig#+;2klgreWp4SNQ@-wR_mr)+pue!9L*B%OQE8Yse?kxe`{+~ zmF{ZJ6+0lKEh2f21s_v2m+UykA2W$LBh9-dc}4@}7I^sh!<@zlDyq~J@wthCNzy__ zKdzE^A0gbV=S%SWTd^%Q`P{l@1nJ^qMAC-ZC3?uyru209Uv)VT)dyRjla&k~-@wM% z5H<-V9X%?Z`WSd+A*K;#tSjl!g*GgD2q zt(hKRRp1ywx5L}EmWrRPpyE*_aWl6>oWg~p=EQ{H8`kG|Kk348-S(AoI6ZBYp)1o# zy&g|n*f@LWM(}$v-}`9%scLz_9N>_tSdg8&;g& z3_PWDsJ;t2u0Q71^r_zS&0gWd(uL3K{be&7gle6#J)Y-Ckg6zWNs=|qbbS-7Q1Hjz0DGJyK0-;X5~h05wdiL; zZIyJe@8r&(@XdzAD&Q;hVRVq;nWu*~tMjmKM&-3=1$|tfsg-5Zevk6RqMk$H7lDw; zqddA7hzTM<>|(E$IgQ=YFYwQQ8XN?hHDxL&ihy5_jvnTl1PclY?GX`*_t_c-QqXU$ zGS4y`9!@jw7MK?>?PT=Iu5=$bE^WT=h~PX>si$i+e^#EVnmYKeC8&$HRP>rxFJT_2jRud9sDD6Jp|#)y*y4W5>jk zTA)*bK;rI&UtUjW`NX@215h^8WX;M2|J-9ukuV zr?-rpr>b{%cLS2z8x8Dc%Yl)zExu+>e0G`M`3-=UZ`acHZn8)J&!t_Zuyb;bcK+S? zFMTzyBWq9bE5%Sc*AypX+3H#|{jG5R-E0R_HAX}SiTdFOQTU}#V&7i*-6Ve_+HpH- zdO#WwtrLO@)-vNTb`kkJ>5iZ#?N(M2*cRx?WXn`}!OyK}zfOu$(YbadpkUR>bu^qQ z#=aJVac#b;MwU`)c7Y_1+2ymhC(Nfn`eP}@t^5%EW-rHZQFGc4MYQ{hK9~on5Nylc zw9vK}ZzE1c^D8y0smiBjpwtg0i)Q!%2{EwRY<3Y)&z8F!5xOL=C60+WLUeP(c0);`vYzZ)yW38dx?!!5#6NPi2iO; zL&4t=!o92N47Y81e;o`Eu_d624$h$cR34aeEjY#0?M6#3^zO&1-cKlgMFo0L!ZQ%G zV=~I6H=wB3-v-zxo!)w@J?i5_kX}U!e;_2a`N2tG$4ml*FQ)jA?DSGz>4J_^0`zI* z5%A=lUg!rzugpuWXAIP~@%Jo)@AN6SmXTf!WE0GBh4I6w`q>7718$s(v)`xXuSfv~hy{k0a=(@!7t$6kZ_F zHE6irHGc+Qlw+tjdO(_Ao86mFCBo;>_6j-hW|RaDHzapemV@CFu~{qCJ~_sEqgSN( zHFs|WpPg1B)NZ+{^JO}kW`8ZWy>zZaA#mmG5kS&D;x=zq`vf6ijv{-iNC4iymr`t= z&dIEOBDHgHB&e`j#!wR~7p~6s0eH`{&Ic-`_z+wS!xerk?qSlr#sF9*%E!( zybIOs>J8Ej^d)QViss82+0%uArTGZJ9Et1=b}IBPHDH1qyw5Hvb0Yzk$(*6Zjf4hw zyeKPXbp??u*?coDY=Th4b<_!){j&MS$zE0S z_=go59@`dxFU3l@dxPMCHF;1Gehy}xVRc^S_O2?^8O>8(N2>vr5sJ^A-|@Nl4B_gZ zzDrQ{xI|~e>9h;%*h`#<%jtI+*J|8_0X(-iym5CVXSuyg`&p`Vwx=bmsyAB$8)Osg z^qJOwh%Utj$%q5P=W&MScM;$fF@Rao4Oku7*Jzx{Te7oGC)u*`o$)bG3r-3|6{YYi z^{B0js{nw;N;Gf diff --git a/static/img/install-rancher-prime-basics.png b/static/img/install-rancher-prime-basics.png index 2186b15a9d7f30c731ea4f71d9bf7db90182ab02..9939c73d8143edcceec0dc076d9e4cd3ec609158 100644 GIT binary patch literal 44759 zcmeFYb#Pp}vNvi-?8KPF%oH<>nISPVGsYf|nQ_ccOo=gOW`>vO6AccwH;tJV6c)oS&UdTG8X%1fXk;UmGoz@SP=iYmjvz>C4az;3@n zfKptCuH2xPF_5N|iIfx_%q!>(loR#^3@kJ!1`o~to!^EM;9%ilpd^?;XnF_D|K|Cf z@L^y6xrRdX1b^papn00Vd4AVnfrW!XgOjWn@PoD7vO zz+6N`QA$LF)Xu@y#M}x50|QR+iWHFS{6N@kpi`5D^^s4~zE3gr;1}YWX0f6_Ql`4u zbo<5xdZv^})Y=+NJvQNkW(jXS_x|25x>sLFNK2XIgPD}qo}+|AaM8o>Pmh+@kBEMi z#V1<0bit}sg*vg489UMopJ27@binkyjZ7#U4K_kbTi+)ZY+ddK$6YrFNu)<{;r+t+ zx-QGbu;#qBD<`wvtUzc&DMcnoP0Y6Qr7J==Ue9}7*J*B)ty7#zK!T78JJ_0`j)fkN z?iABrRf%KZ+Eh=S+tyxvP;I7}+Q*Qlj1gd;y2Tu&`IB7q)pwar!BvE#X56&kH^TY}~Xz|8lJ}F?8sVL!$H@!GS#C!hUJ`kZl54>8)MjhJ_pb z89Q^PvG;R`dbcJHTLA8^?sLd~9Mv&wJm1f;XePWUikD`0$S;3AhPKioqAbG+6x-Mi zd!-1%;O)^l!xIw1Ws42ypMzapJ#3%T%&)HDOJN*Zm-9aoLX8k?uBz#zDJRPdw6$h3 zG`2MYF@de^evcRozYy5Y5NHW2 zbpVmFGqE!jhz@d5y@uC7e3Y)rNerT`Wm z9v%QQD}a@i5z4{n=w{<&2xhc#r1%Z-7ltUv5$IrU=VWecL;4%j(8$)=Nr0RjT2A_p zeAaeya{q$2ar|2gP<;TvhIRlJCT4)OHQ?WCI68^BKtcW%=>J&5QPs^31W*P!+B!P` zL1Hc-8z+i?hcE{ItG=DHgVmqz7y|(yE08sm)e+h%%YQWad&>Q*#%~pvnp@lbsRdQ` ze{edPoBWru{zJCkC4ai}?}9+9{|om&xc}+@1udT>r(S4svjWTHhxUb6 z!~taJWb2@6YilJy{x7%tuVOjqbTT${G88p*0zpCl<%m`Pam0+w+`PI{(mq99uN-;3!5?2nt(tcbo`*!#BFTI&S=8Q4Ppgx z7_+h&@%$&cqpgXPtDytvqbXF6P+dXI^UouSl;+Ps(f%j5s~PC`C_oj)$il+N%=wSP z*#1@+;O`Cte*27nddv^_f9Zt(55vDX8ECz~Xi(<`^@V_cIm5qo_S^0JU;O+%7XKGp zfI|OoBmXV^{;#_JS6%-t4g9y5|JSQgUL5+sFv-*ijX5 zaG?8mQWz=GkE-B>gC&qB=Irdx)0G49Zy#PA9oditz5u|!TWqQ4!@S167S_r65E8R? zWW#ub2KzNPx|iGf7#R%>Rw>E9lR&5`sD0 z-#3_Ie@M_DvB~NPJFzmSsxfYM5yn0PXk#dgaZ&>)Wn4;!>0a0wmu&ybAfmL}9F?G0RVU1G%@)(;(@@S6qo>&H;C> zG4BaU*1O}2(|`!Fna6b_FxeMHONsAG#@KCfm$lt@A#`DOTSgM} zY)t60+yTD*MaikfW|S{w2_5>IQB1MO(D{Oi3fS%vKd_TKG69!DE(C}?!)Ptyvi@vZ zHLU5BGv8La`hy+?bPL19a7mh$qSJe@`?zENkXR#t^ca?U=31U3T1OdLnus*1BQ#Qy z-kU~dF_?E}5=vI+R=I*O-XEw&8P_)r%-_8QcbgRhyM%NN?uWwX_7^uA;hjEI z;X*#goR_&&jd+-E{Cz3{5#6Wtr6dvn;pR}&jIqMyN|Ro} zyeYZDacTb9C^$bIL0)aYPtB3X1B?V$OvIdhqs>D#KoMc z`7)7}=`TJBLvCdvo`+$nuJwKn;yY?x#v+a=aa|)TE!HfgH?v{n*_GGU-a+`J%<;9! zyEAQOl*I9Zct9ObQdTtYLek$`b(T;dBL%z>_Oy9QbS4s)DPj2e>w9>0?c4adU&+Zg zc@n^)rnn5v@hH`k-S%c6Ad4yOBNrEIgQEalQ%r^^t%ik*_JA|d1!9P~di5J(itsm= z!LlcewQ~DX>vWqmYRxZ7r<2%@ukA=t+FIClrwfp5C_|J6x8wC{yC1=Qs+flwUQUa z%Lc5@bq2;dySj;oa=T1}JQrR#7O{*UCrOT?a%K%f6Z=y;gJ(w#41-Pi$XJ%$f*)kJ zkLP&maEABQx;uX$5akp7e4e*&JzPrQ<)Hhe-@wwzwMfRWut9%vR~Bli0bdu@O{3Bt zq<az5)GRLhu#H5G)G(+{4jPR98Gk;5h;SbAI zr6QW{LDj7OF%Dhy@I{mEcTRfGff{X2IpFq=sWk7mkDWY>Zf`h zC>zglm-oeh)-df3d~d7wSWAH?gHH_?=E^}ySc57Jr_3`eXphbLj}<+J&FddpK6%Zu zs^WTo|7F%j;(cXl5x3uQ7r!^@dVP^ks5h1z7%Q!m<&Vsv9bxh~{7KPvexaB!R-7ax z*x=HENKZO8^LnO^#5++3c~7PEyo{v>obsh^0s>^d?~HPvIIeHB;ZNOD&#*c*ius|L zUg4piA$W2BWvK*T5ob1vBf()NM$$%-#xAJ%N2Fd=e&x|ey2Zwt>}Kb#oQv*p10Gyu+?68=Jg(~3JO&5A_KZS8 zPjvq@6O%f_lKKP5OMM`oP!>H$l}?XWJNuF$C?XE!Zk6Wqt=H~E84lwj;cL(0Y=h@C z!AER+<=E{(rD)t~NcRRL`8NQ zT&@OLk`yC7-dU)(nGba=AttWSU`RDqlnQN)Jlai|j`)IDYcag{aIQ=VeolmW%w6gc zEte6BhNwHbK`wMSj}}ME{3;!sI%ciBOUW&x!%&XcaeS^QB$*S<$LVJf$*v?nI~IRq8gX2(9-$ala2xe zchRe!5fEw#h6`m66KhUM5$k*u%7nQR<_iIq4}!I&?rlLJ2-}$Bu8GS5r0+XnZz8ih zhj;oa@JoHKA>8^ecRD(crnfG3IQf1;*oxb(2dgbj=xWNA={+Mu@+iy6Ni$V-<+jHP zD6}rIw(hdqss->&Y2Dyw$ZH$X@V0Aebo=2~+wv*Y>{-%l*DB~VJG;S?>38orQV3)k z$8GMMk(}=1h7qq$_fweab2!D9n8Edil(Tg5ru*&bH>_=B9Yji`K>zvS?ygE}c80}a zqEzMAv^~DJM_QGu6CJ2ww8hk|06NGJkpolZ=i zbU{K^>uRYJu=v5HY^M68KLShfn8f1d`=J+24ZNaBNu^rudDmw3j|9#l>6)Uk^h7K{ zPhN`QA5QFA|T z6M`e-qPIN=cS}JPm4y7m!##4CS87teV`XvcWNn7826=1lSDPyp^*gqPczyr~Wk%Kw!=lD2TmVgl^3vaxSepiLn zlBUpHvX!{6>eRtAN5tq9@D`w9HdiOP!5IIAeOD!Yu@+|c)M6(9I6IkwZXu_BKS}{h z#f>)nI?Rv2bAE(i^c!&AjV=KR%bM&0h3_g*$=vuQVNHU4iT>f*JqNyAytmlWm$zDF z4iTkbYuxr)Hb30mEva@X2+w1mY@}7@gUbz)n5U(~_MBAdei|mSU}yh6&na%?(P&Hb zrH#;vmk(my+vHsxHs`Jh?)*LDumW#bG0jY>i|Y|TKZJzis`u@SiZtzun?~!tem`C& zjYnaIhjZgn)Fvvn?kZ<|*DZvuSRT-^#ISG8S@RHy(F~hgJ-#>(Vvqe;#S46TAYydD zuV5B3zOUQow!7kWCFcLNnvIj7h9KO5sa=G`UXYj=olLD*HX_(+HWkGwM;ApQcA%3- zW%KAA&Sjis;}xNBRG=Mqn(3XU$B+(*S)jI<$k5VBn(d2N7b^ccw&3_?@IH3y@>WeY z)jb9BQJsZ)Bl9U`p*eghzs%u&+3Vrx{%yhZ*7_O+JYFT}>4r~RIwb|=MJuvsAq-PW ziwMitfJu`6^D-A*ilNMT-O(#~0A z;qY^uDPg-EY09!x-@7lFjiTU)b#J|koj;*GbQ7FO3JmQjCkv=qdu+N+AX}!^zdMxC zWy8ue*iDFtJ_wG_^xgHaS>_Un6uqN*U6Hxc*j01VaX}YL?%wsC!vg`OpD`H4ygwZv z7y7OG=?o4sYrQ#_tF!3ytM~CD=_G)nxh?p>}3 zidg0;#Rw}LBQ1|@?X$w@2eYvfGC%Vk0fd?B>(?VK(WvFy@~rRn33-zV%DSiRmjxmw zy?I|gDmajZ@e!@xt0#RIKzTO8MC>H*S-hV$OgZ8Gf|Ze5(BuCj`!tjSC&4Cd)l>4d zyIWrPwjLS9Jkk~g-89tFy6O+6!ygy#)jb=4EVmx-n71@>?jvqY}-Lyv+_goz}tkP6zFQU_` z$Mbcf!UY2#A0dem8#`TpjYEPfuw>c47ch8heks0nwbD@*lz%?yZ;^AGyls}`MRm3T z_@eg2V*Gml!}_=Ac`X~>niLLZA;U>uaas2b@%^pKf++^XL}EbR<&7rf>*Yjqp1Cg^ zmbe+NrZ&}Bi#U8BZkyHDxj48OJUt#|=P8T3*l(?ftl%CF-! zDHRn85_u?S=?Hqtwb|Wwa0sZ?3DmxMVuXUy5*i4sv*{hKL}$G;4(!N?6J2Q<7KQy9 z%mT1M@^*}iVOgh`QPQ*HHJXRmKORv6-(SeRD=2>>jH<5L%`0D3+Pmiy5M0q;-x{|J zCo>o!k+n>0Y*qF25Lfn+(XuY{V>rVL+k=nCh*BuJx!K9>8F*_uk`Nty)c7#;CXjU}GhXM9|O!6-qKFztjY0`G2#p{h$0dWFr=_HP0*9)S^O_Jww zYT<$Mi%XML4;y&Po4lR2iTt}Mt(Y#9#1%&ujsy4U?H$f9+`>-PT~YL#A_b9NEq8v+ z>n&_>d2tk%VLrp%g)?cG>2Hax`M&&Wx?|!Dm=3iHsUf`zeCqZ;t4SZ3!n4tXnW6jZ z&k5tqxQt`RB*rUYb`D%5qh0zxPJgUQyLa9v6uY3HZ4_Qn0^_W$^|3S=|E?NKh!wc{F8G#UmMy2GC;O0q`}8UO0FGjw06oh&>2WB*BjwuH z-SrERg!L(rU}Pz3@wz@apis{Cwfvs(#4p)2etCXwXZ&ZOv!_6i%b79q*45(&=yFbW ztKgY6vb~>bKDp}8hSDLLvGmIhfbOT`rfm1QP6V?_sP{u+f6VgRVs4}$Bf-o5Ycs4# zjm58gHZUP6FZ()Q%BP?PpB}g4j5>7Y!2~!y@EB;A^reK!-eHaCgc$45P z;1SxDBd-qcXGCy_-(V06$<%jtjvjrwhR~rTEX14C&?z>4qMEw*HFK60Wyv3MZ?;Yb zq_cVF1H0pHS++-ns7+VlNYa-di#>VKqFK?b2EZ!QTd$hXj)3=(>{F#G%pSAq_wrE_OMcbjd;|43Yj+iggo2N8mBeCe2Frz7 z>%US0+07@uQ-#5+C!vN%J|7<(eDFj!3gbD8RMC5QpZ9ELBgyY7hCR@D3-o@DJ`aP2 zoKD?v#O{FMW%@%=B-pH$Q}Iq|uCR`DIQX+8-*U6r;{hsMvSh;j)L{e$YR8Xcu#NZjMftakcNkwmkLKIrq|b<39j7iX(~2@_1@j} z0xcXr0vU}Ury+~=&Z!~PF6BlGPMj;V;}bJEdII#EVfaH)*>&KnJswvD2GbjVy&UWL zG$fx157r(A4s*pL4$GcU({(W)eZi*gc3X*)b*%MXzN;SH7{=77m6_5tiww9&%6uHJ z-d5Mw8Y6+Kg;IF#@${~6N;}Qm6~4z;Eg|Zdcy`j!Nf|QKH;<=m#6l4*8>3P0h8L6` zdUO#yTN07c4bJvXK`ycc9oJ9#PF4xYK8IXdz4$>=_=xJ1g?dYAKx7fn(cmQGFkHKtJm{*Aj+g9J`P)H;gZ9MCvYy+4V`raUUwCBbbH z`fzAN1kY?C$8L&9W0;eu5Dx9Mv#T8izs46>Kk2;1uHADQB+BlAgYb01*wWTFk_<1C z$g|E@yJSygt1c62K4BzS6=fTUYJ4+v_yW_sbJnp@<$>hcvJfB5W@-26%71gEWUV!q zdP)5DO=AwNer(aWS=Z~}sWRyzJ4H*-!+4wJ9IAbj~APe@x(aK^&O-dGqO3u`t z2mP1zEg5XibQ-xz*LZ}STNLTps|Ii9;$HHxnYvg`q@>6~lCTP=O8_gW3L@>gr_Qyg zw>rb7mmMRR-nFr`EjklF^I3?3Mu5kT)U0{zzFS`*W8Jc4mY?oV@>Gj8!?3em4IxIb zD=xI5m+72zY)U>8x{VvnT^BRcg zh7P*%!&zk>d!29!R{YJY*9rc){W1M)vS@bC47n+=&jaZn<)P)#N{ za{?N#znVQ1ZyUH~Ts$?a{Z3Ey($!$b=B>;v+#rdkf3q(0xT4QSYy~n_58fOA^5UXq|W}X@0xwk@BxFa1bOJn zIoo~3!0kpugUH9&06So}ato7s#wq)2z>BiKhWI%vOR}@o%&YNgM{H%4O{=1u!mTEr zP_rQbF@3TUfHlzMy87&K|M!?bOo}PV&fLl<&*^tQOr__WbVE?}Xq3vim*S6s`awl8 zwDSR%ut=}gS3lpPSSb-*M~TrY<-uL@Dtzj^{6Mar5@2tafE*A~^Q*U@moam3g(vpt zlAlJenR~OCW4kzZ+l`<`RBpR_Hy6eB{$*Njh*D)JwV(*+>8}AoPw8r-+_v!D1wzkY z%p9lZrLNn+??}HM&dAt{mE)o)2iKQCOuYtO-iz5_pG%FNy0QR?exn$NGO?gjf(9&< zyPBITP>1a?144DlH;LUWO#0nG*WR-E$1%)`e$f>&q)yvoS$B@2FFL<#oo4kPOiJ!j z{xNaUho?v}%`F^sH%yd3hFvKFwYbFk<_$|?tiq2$0LREl=~JtFW^MGvp8FIv^NDP% zLU?b}&QW^2)^|~(TRic{&1BpnSd9@#tNG?K+}1jYrF!(yJRW3%dNHP3s|&DBiJq8_ z%SqMdN-x$gt%r0S;4$Kq(kG6eWz(-P>Z5)L5=mVC?DwG#!A8qY<{{em=&dUw9kE#) znk00-o#5i5CAKzQb(O*6Wa8?^VSlejepvKZg!7cS44^085XrlPX6ok@)79{|p*Sh! zjI9W4w)-{t3pI7k@F3qX^1lS_O}}q?3r7(W_RBL>Q=kfV7uDB0VE(-Be5ishI)12w zFASl&i_es+xsA6gs%ExemQSIi=ofzR*6}a3Rec8hl{hPe3?ux9a95+wK)>cv^)Ch{ zWvgjocnAzSvQ3L|EZzcbwxs#k44c<60R=M|WVdVXa#C#_03qV_R6iVywq)_8YWxCm z%&HQRYl9UrZy4?5e$^011K!wP+l=sR0es*2 zfD^Xq1n?=t>}6oiOVefg?|S;!S%fAfKw-wNSU zdid)p8<5T??WI{tgJH)+H)6VOoKHzJa(xe$5K+jPzUqygZjyjl@OIDItYhT#H%+F60E3dQ4u_AA8=Btw2E>`2ZKzgCjeOq##CUYInuyk0QAkiW6GvvK7ILAY zV~DZK&D7EX5_u8O-H~$yl=_i@)B=a@qq4?zw5q5>R2KPWNgia&Ofc%dkAy(Q`ISm9 z;ELmFx}2Lsl)Sam^L;w`OX(i=2BS8q_&9tNoB&gC!Asur~;vrM^1x$Y5(VkTdlyrrf!{@%Cn2 zc~v^=?Wt3M)Uyu6P;u<0-A{h2qgtNI?;x3xHk}wn1a1+ks$D z^VcK+6V^*3HE}?U){Lqyr^aE5qmxhx8vi;wOo(n2z_*C;*?vqSu@R*gs&7bZOfD%9;Twb4}-f3^sHpAL8}Kg;9Rf1nTB;- zKIhjSk5#K$RC=P>y%hk6v;f|C{j1NAz{$)`JI*oRI2&~-8x~+vb;4-LMzSG1o}eQi ztk}ZIWy%p|ywC;RU(beS_S~tq8-iq!x#`i^Ru36gi(_>5I2_Zz7f1aU$4~mKk7%nJd^ycQdIVz)e&v5Dk)bTz-ZW! z59ub{&}lSEQ^w%;`!4AE>dDvVmhYdF6sOO??^J)ymH&}vDaNT)NoTpd;P*1 zMwEI5%SRriJKvry`mXe2tSep!ov*AgKX0@OF$-yZgs?8nJsg!SMR@OfXoG8w=Jg)Y zZOFbq8mQ&%^@+R~Ot?dNQIRWQo&<37y)_WP9^${NpaeBp|4MZ#s&-D1O~E%v8~}#D zCDvHv)a@hEbH5hC>SrlUW+{{N+2i1NAlB)v&1sZyD+=ZRF!y}#{g*K7?r^L9UC8Syxz53VNc=#<0g zo{dR@pZRk?ObSK=VcB=1jJG0v42PtIe721Alb@Ou+0LJ)={u^_-nX>`uBL~7F{W%| zPFrpog)~0{^->qzLf_cmgrsBQ^``-F$RyOOj>JEuyq0Pa?5zAKSFomyrV)W(o!*Sx zb^`A45>8ixO?ftdf7p7`^}~~Av8dK`w+6-qr9}2TVAie8^i`~`z;11iP*1k`;{bn> zJF4OJ{XT=mYPiHB61*dI)FqyvIGOrMPP*FqsNGYxeWIa~(NkxohbM#?IQl*vmSHn6fF~_Tn;( zip#!pqN*qo3FmAT2-Q@netLV`;(K-n*N^eD%tfhOu>u1s%hMroz`9kO>CyJZMdrX- zjzwC7BhNnDxuC^n{7*TB)Kk*QOLpyDQ+u%OaSb+d~&SyFY3-D7U#DKJED z`zgvK#`+HaI(zBCr_KWg%WKjQUO;^*r3;hJa)JG#>z zrKLn-e8&UeI6z3y^(&V)<;c!WexV495LYpc#la@!TtmPX(OJY-({mMX8;v9zf~>IP z^3)5)$*;%cvnByn$71s)lUjUL@XjrCtY8njX5bsl&l*04PWyY{`k2maZAbCarne0j z?4MbPWQ19;D_d|t$?}`=FGY41DzL&V)bqRNi1;U-HFeywW*mXayrTtaalRw3|`WA*8pi-YkNv3%#}7;JPq2+35=9r=~?rA$n!Hq3r2vi;5auy^M`PY5J_U{lYo z>_BAYcx!U@yt6XB{yNo;a7QgWifrgOVAURo*_?Ewv06XU6%u9&xBI2jX8>(MjYL3Dl}*{Rx@ zEI>-L*|fhb_}DaV*>I=-DCP$7`#7l1RxRaB$CWuGllwV>+1Td+&LZ7) zp1m`^DrNT!ckp2v5;HxPi&5xV(PbDf4)HYU-om1L(L+WHohohaJwU@cI9|=*LaSt? z1uA!&nudmx64sJOAtPW&I)F$6NUxy`Uwc=~oU1w)vcI>5q0+_EJ4sAZJO8P}X46(# znoI0SXSdX1QYSZNH#kWzzkqJmDeq3;C!xJ+L|wsCY|B&u#qqj%8MCvMlbD*v!b^~{ z^sYi(fgl!rAu&Bu!7LRNS;g7Ygl$vZGK-h!!k&cbN1GbXN@A??>fUmtdXaAD%e^?- zQnb5jbd055>g4(?lUdrV#l{l#>&_VEJI9)ax@0=N(#$0AK@BT??iYZpiXhX{bl$8< zuIg9b^Fd|j6M0`Gw*9@~Z?6ZMWIbx`z7e~%5*L93jw~(@e|-fvaEsi=9cIk%Psb{o zT(0fV)!c1}TrTIt?Czp*6jT=D*YBq)50oqu<7XDRxhM*yc;w0sULpfjf@s#>k=p^Nu>GH<{}nBk^>7Cx`PW$LXPPLDm3MUeI!VNzST6{-j)>= zhm<9`3YEzpgQOKsn#m#E*{OF&R>n=b+NJKIw()Zm`_Y=5l;G05V#k;W zONp8_n{s7n+siGb#0d1cvaZu-wKhdpV_|zUe0sEw-`&eiL(lBZbFlT1HKcvAye)L3 zo%KjEhLm`KL3=8Vnc7Z}3l@WzAB6~y4jKV;db{p$z>|6G>AI}=y_UNo_u^!=Utya? zjxTLF);%@hfV{Q-Mhs`*V0Dd77eVz^XHj;w5wTkOi^qXu8xPz2BrQf)+1gxuE`EUbqY zX;9@3wJS{3=m27fHHf9o8YFN^<-?0}=)wexI*cCQgLM?t^4jb6YH2fD6-G2eiql1= zyLnm%T28t4%6$@)S4XE;Pn}~-uTl3Jc%By1&7P2!GVfw+O0ZX+!I*~BJv3z&(No8( zBo3wdbUF=H+Mbk(iNlQ(auL&kM`=aU*Cf*oIIGfy%$I8eYMW)$+wQqBtV>FR+Ho4r z5{IhjUxo(=*YdCA3d*E$eq`pQado%YIvUx3Ql8zqqq)w!7t#-+=$(#lYYy#egSZz( zbvIA>qFz%70=>(ahHOd}br@ByG4?v^&pLwkwGJ#*rbaua{KC9cYX?$>J+mot#?B$4DW{pxLW;OK~T+5ns&1I+`^n%LCt)O>2iSZzW&L-S+B0%!InoQ z)%^#3ZnCQ8JBUPLdhs-obm3KTn#5++hQ0#EvnL_TyEIK*T2Nz~&W|~;yZ|aIEtb2& zk3Cg=wPZW#0I!`Uqi!|7vWVjNMrCQAJkDzem1(N9r)otoiG#2FD?t`3T?j?8)#q60 z>1|IT*bG(Y-8(f_I^#h`5%J^0koflf<2OhtGv9n_KV9#5PG)i$ z4liWgUc38dAzn7@t!3qml@#iJ=RwQKE~B_#Eai(E`@v_TMzWWQ=cc_Zg$j)|3{$(y zNo(@r%-o6@<_eyv;Z^slZ_Ly+wO*VbTnXq0e#vzdJj>w{29qBe_Q{9k#rA)C;l~or zIZ;9bDIv-wN1sTjKo~B@=N=eue+(V;mAzpW87VS7-DDjnrZ<^)@I(riItI>IKS3eIw2XP_cBhL*W=q zGTbJujaPiKx5>|>DAWZ-vgAmZw&X=r898xep(8<72?1m0GmCKB(yy_5oG|>htSfh#)ykABlu0$3?mdM7=4NIy&xx=*g&riN_jLdhKJ$`p)|x z5-`PPj^iXMzD}FvL;JDxF&GN0L0+kc#FZ`K$N#=wnBSd&01iV?Lq>){4$$Dbjn_W# zRV3WgxEA(t!F^`YE^~XVaif;Y*Frt9Q$KR&tL3pj{NqUKkHgkAiz~(?fb= z`<&Rx!^c`}2up~9PkY9h)zE8+M%)}gypj+O)KYw4!JcR5v6w897H5DNt{{w+rnS+( z6rpagw%(e*BAJgYr2sZHMz-TK=e>7rFPZaC-HLaHox&fB7|^mBXa1C)Py7hk+&;(? z;O8W$sAPS&;}a5OD{IEN+n)~MIif_861+D4krv#H);;@Y@pW0X%WgS~pjhk!;AhqR zB8I=Hefxd$LQo#DJO2Lp(^K&NnRe}4Ipn+#lPCpz`?sfcSnPcoFj|@(!u^VCqq62Toao}wWPa|b zhQ>W6|El(ZmoO4?d1gDSWmW9UrvxeE{ruE*5(J@cI8C@1?fp8M{H-^ZMMq70icxx? z+;p+w6cd6n(%kHtUJzuB-F;%M7e0mX^E*OBuo&3u5FfA}R;F0$B@{za4M-fzB%SF` zX)dB9&!$%-XMKlBeKfF)SkAY~YD^jIg7(M5N*N5q4l))3t6gHCU+D;P^b&(+8&%@R;Q65a0 zi|?Fou)SxDE}tWSVlJ6ZmDwMNT9{%59AY>)P>cv8fR@&4KWL4HuTsO-Z!NAq z!cA;naf`nYpWk?4(`|%eJ0c(w z3Z|%LRV1Z6$xAo!tu5~$=b=G5ZjS=&78<`v=(n6YOpJ}bx6{wV;Xj-0*Qb{Vb*XT5 zk_6XyUuep2=!TVAC-Sl+m^&sZIZKo6IqgZfrhm~CavM5l=jn?hzYDbPkD=r!GidIT zUC7xCVc(Uqycq+WhJ9pHAQ2+lxVA0O@xJTzW)FxiYUhg)o9FIzLQ7UyLH^3sBUqg# zQavZ$xiAxaVu!KQZ*9pIaU{^iq#($OYg8tE-Ydk6fmPW%nfoq+q4rMS9DHu5(xdG?w7jbZ`9X(R4fuyt#?bbdJ6@z`S(lf_Klt!Qh3EU(atS! zj};^elUwhD^e&M4h&?PBm%XTo5x>V2SH%r{+X*V0pO5}>-HfbydX*{Su$_<>^1w~` z{en?_oV(3>q6d@}pM%5iofUl@xfXik=nSIL)ST4Yg&k>@uwXDsN+sEZFc?RFV zzjjZG8HIS`r+@2-B|n*v77x2gW6P7>=#NF+_9cx8xLv15PZ9`s2`oqf0WDGUPQbP^ z2v35^nU<5|u3{>c1h4{bz>h7w{dERmpkY+{%FW@AahOm3iEI+|QS0fwI}s#j40<*W zb7K22^oWF3IW$pOG}t1l4=K4#O#wo8J7|Zp0Cu>fy0@na0c$4c_n_TrZKEt^j*}ITS`h(h$ zUdRN};Mn(qYsC+5F9d0}>@?~WjYWxf$L*5_nJtnO}M9K01 zyK`RIN#_Vui!S%0Y%W2*N4yq(>99Y8F|j#>NwHcCwi)KlcP2l%5m}~@yf+leqvrSC zk_>dJeU7L}^XU{6l;w#SH9Z)S4PB`BA1Gvh#W(a-Bst=r~otBN!9q<)M%X$#ZX+RI-2o!Y~rO%&XVo zGQ=nh>nuPDySa`0M4i9;E3J1l315=mOn8oZ|NLw&TjM`|x~c)w2E( zIlx2tnHqS>mys(ef}fnv?`ix6MM=eYng5EKU5{+SJcB1TqkE3Tobv=58le(dX~izl z8c!ok--raCX_Yuecy%&5hBNpRxBRqLp+wRaZ4&Xk<-BUpiSBvhcKEIMIGSZgCl&kO@@MGxqs^ZTZ!*|c2rXRQZcAlM9q`vu)(j#~Hi3s&1AdxfAkSg248#NCW zthDs&iI^1Sadbg~FzE6mw@UJH_3~pr-T%}_8Es7Xwyaey*-P!evU39b{U}^) z4c=ymsDAKoUUmK+%oE;ax(U!1G+n#KQn|Su<48kD8WYjC15H|>wK9q)3dd<;7K)(; z2@Ks|;VKBjI?@2j4z^B)72?s~-)IqN?0FE(-3-g3@gs?6o%*_jKFZ+Fn>G!8Sg=m4@0ND!SJ!~W1%1d1VX#G{w8yL7VSVlmG4)&eNS8^iunUN4_!EeD=Y6-A`u^rO7v$(~F{EY>bk9GQUy1{s+N1JZ0K z7j(biQx(hi*+h|ye?cfZARlS0USB^niQ*R7WaI8LJpatM8@M>NeV*ho3?hCM`n3_M z5^Dmk-NjV|nvNItgo6p}6RPH--Lv$#Y|hkN`T<5rUj3KWD<_vG9(!DLeps(Byc~M8 zQ?73Z&crr9%#7Yeo|nn`%AZ769q@XS2rMt!N_rA%ZRFY=1raX0@~!1*^$~HF@O0e! zZ{3MO|4MmET192OdUgMm+uQSsJYuN7LI1PZc#&%5a`(eaYOo<3mS=iuRlH+Q%+J*7 zuCFYx?*w3d+PW-MvueRU-!p7&i@c==oQNYn4!gz4>BxP$L{POGTZ1lH zodjslD68_-){kz⋘kRiGUsJtgjpLm9y!Zby*_2+uBG8$KaVx&qFz0xN&t)t^)cX z75OJp)+EE&9(-Zct|V`YWD_nn^sAodI0VP*l~?`!&FALkjbIa29!B_;>b!zt)|8flCD1(V_8pOEqRTv^$Y)r`OPzq=nwyGT(F6~>j)Xh9Vu5FhXI z!XoZeXB(#08?qRy#0-PrWQ~pufKAN%Q#ib66C@cEOGm&aElEGQ^om$`-Y^_iDK@Uc zh`V>6E^fA~i(eD}T(`44P}y#`?6UJ@#T_e8 zQ_fZM{~zYwGCGb}+Y&a!c4B5`W@e6=Ic8>NyUh@D%*=MoF*9T0m?>svW^6M|JNMo< zZ|1#O-^`D@)>l7DrS2}3N;*1c>zpmMtCbC+SdQ#mapL{ngJp3;RS#GHj49K4REprk z!)dXZ7>aRnlv5s$vhO`SVNAAEW?Q6GsvyRA$g$FN-?t#?h%d>(uL=t55@&3_@aPAvP5eM@CS8*bmNkp@%^YT($<0sX< zFg7!51M3NoF!N)vu6~nrRemb7M+VcC=b=$c<%qyMXj@gRLhF5pLsd2e+-eUmN7~NE zb&A2M9JR&aX%kzUD_n4s3jV7CN&bDpejvkj+TDt;21(iilByhmD-Oi9 zPD#lU2Eg4djn&K5#1z-kx-I=;{_$osZp;x8*9<;LyDRvv3f>gtNc2Lwxg2SiZz{|< z^K>dnCFd1>a=3ix=efN#BT5%<3+?9@)Md@l+v}_HBD@sAYc^j4ZsKUgy*`Mf=DQ+) zIQ;&D8bT$Bl2{(a>g!ZIqreB`lY|e4aZ0E(G?{Jf=R~duxPH~b?05TZ9q@@mS?Lz$ zoG$xW>3PcQoHMJn5ba_5EZi?+PD-PER{!DxfW`Q|;7q%ctLod1mpoi=DCZG&C7-mu z#j$;{{OW%q$29QL-o9^~=}Z#Ew6(H4C))b5_ky7$n{ z&BW$Znb`h{y+@&7a+QWG_#!}%s0v=zaRKe}^sx0P9Q!16)A}NrUKPt0nB8{K7ryqv zu1c<39PUv2andi>{OqoWj8LOEp#f(lq+pwO+Q$x@|62Wfjv~bg84(YPliRd+)Ux}h zdR3t#e>aOZJoyrP6S?9ED83wDEAD6sxjelQMVh!0;#mk^8oS}0O#f^jY<3ecwEixU z!D0TLiNs9SXxt0kai(PcI_97;b5+~qr`Hwqamh+AC$k0neyF8#LPaswJd=!zoar!I z+%Km?F;>2EPkg5(r458WK`5F1s2ha>^j8k%(T`bGBu`egW`dOhgcAZNLpso?Ee*6b zDXs-SlsV>|D6V!63nX_w$qF^*R<29NTY}R&Wvy|BSn*x`=@8$g@=aV98aJ;slolKs z*1~fg@e%Yx!TP$SL>0@ZD?X6?3|K7vK&q%Y zCCwS*o5`|oZ(Q#}s;Fh4EuSurbnfpTMAt)W@`)r|f(Vfw@Y z0NROSQ3|nHM9uyl*9C@C%zqS%K;z1wc+-XS{Ya>^y3Y!KKd8|o{x8#^H|ppbz%epE z(1L!&OBFDt5ZPk*#Z2t|K>zkP0i`>ogQMPF^?%xZfZ9eVpyNR?IDdx$vUJf8Lbe#G z#D4;j-3IyBpCTb=uXXs)n-huDIEfE;Y2!cF9Sp#Am})Kdz?Qh+$-lcZe9b`GNIc)F z0oVNX@FPU17t43(sTx@9Jz$8->7Ohv^n3kL@G$Gai{DrD2xUhja>-4b&Do562%t`R z3c)9IFa{Uccmb?d44afqTPw#Uz{=jA8*D-!x62kgH-DYEy)4qt%%gwZbYJ$r;<7V4 zDicZpzW7?+{){bL&rTbjyu+Jvw8b7;V18=~l=jU~W$M9NU;5l|z!p(y;n1AW7X6cB zss5m2_e`;bfKc`&6zzfWMWGV{yVirEy4gW$HO3{p=GlmVHETe^_+F#qT16DX#~S6& zcQS`+!Ov5b$$O8r;!!6HX>G5K7oT7^dwWZpQ!#osL&y$RsKNXVh#+uX4R@K80| zF$G_vaoRXx=?vRn2_hvMO1c~vd?0ZreYe~h3s?1%N1oC+zH=Z1`CML>%Fc%j)E@X? zf%+@H1mzppR4)?B=^bW0rr*z_LpSd0&s<)<$+>|pn6;)rRxdtKN94YF9p}%wCkE>> zG2cdJpCB#wc2Kg6;&n%<0;(+SE>G57qOtlXwx@TGHUCh?v~H(5Ejb_mdXjKP;Z@KZ z;K~bI;4I}G5K0>jrBf$P&b8O|c^u)!ywy)uiFWp{mi293i5+Fj(F*|{mDX&x(VnzCJ!(|3d^QSaXS3<(##Z1hzis@- zW9|fj%=S&ALw{3p?U*aNKsw!yJTQolY1(>C-JR)JmS=i>LUnJ+e9ddu#QwvCsqBJL z(}dOVY`SRrohoi2f%)9UM6LU4)M=h1ca1wLgG`$Jd^3`0^KS6~6(2V;X8&C5vWbph zoU(y<{9#$4|G=%IL9y-1*kin)reE6UT%+ZoX%q0}-WcR2UqONL7NeRhlZQC)3ipHI zl6EAtHc!-9f3H-olf|igf-*UEc!EXm0|Npv%om+*IVBb}E~e-H^cjBihW4IxYPv!Kld(sS4EUp1 z13z!(Hl@c964z35e=gfot*%cchy@4w97vSTN)1jHxVsAzTtY==HDCNE=g1r{Z4_0X z^lW((J}k7f0tjHfHIfu|1j_1YAZyogIdo}8=u-9w5;Yp&h)vIo*>b03v_jiT&^DaN zMe9m1XRxkqB8{4C45wh6FfAs|FMDj7vv24&F%Upj)dS9@=|QfzlY|zpBl_-=fKExC z;T^8eN6kKskCgJE2zmA>RPfkN4AWopR)?=&LbJszn&|tt*pHM_At;$MMo)CEC=TuV znJfI9vfvF}X+i~FP0wFpuVk4@E0Y0}FIsI4)nYqmkiRwMxw+G%I$RSXxu#gS z_ey-MkfJd#-p2&|qCkWM{5T```U_j9z%8OeOY54|Qb16UKw(LuJ>)X5ca%UNUuTJAgIT(@7ffetwI{19LocS} z^aR5S$RQ1J?7-~hz}p#AqaK!h?PzYVr`O;CkR+=BW#0~k8+Bv$uErcZ>iy)`y4WT& zLL0@*?3Z+Z@L6-F7R#GiUWhouxSMapo!w*AOye-U+aECJBEM=}#aFx63xh{Zx7!{XpbggcybqGYWYA8iYd2RD{ z3JVrttBaD`AT*{M<9%}{tpDs>0gH0Jr_C^6VKB#_V8M|yd=2Pq((^UU!XCAk(YY5o z2cRPVXqI2yrb?WPW*8gfODlc1OBTr!Z;F4W$dCQ%zOwLgjXk&DAxdpHNrhB6~KLvh-P#fmB;HU@5`Z_^*4^ zIIEO5sdfTK3WM`$oE-j}(<}xk^9=-o3eCS%Ci^Q(aanRdmB+YDLlpKoo4(35?b^y8 zAKe;iq*%xpn7&o17J`xIny;2Yl0SFf21aa6a21_QLX9qX#*pJJOxZhIuiN{@)PFvb z{&ky6&bS(2k~gfzv@0Ux49orahjt+bLDjrQh!+P>9aYh8qjzE)d8P~HA(|4_(|a4V zXT-_dDzs*+-ws??jMQ6XMM@ZNm{Dhvpbqu$j*Tt`sl^Y2M5x*7KKT)pixdF=K)oZ9))B_?%JF(8 zgp$c{ng*K(8mKGuLhbKNMe>*Fk5&UcYw*iF-?(%_H?)XBRB_)QyEuM#5bc-C(-B?( zh!;GcsIktEUql|K+V&W47Z$-Kt~!}xaOV5jS{)!MDZh5wpp-S^^e+PmYbzzq9I2Se z!|$H53y)pT+xhx5TNo1e3t7#Ei8JJ*d(F=!lyf;dgi5F;xWUkiP7i)Q^S23+@Cgj1 zmQ%lSSZ_NWy)|RWQ5YBx7m88JorOPox!-rC%Al2#)2##KHnE zDorPb!myxYLrv0ca)x(U7#?;qqVdltEP1UdlSc$)yJOc(`&%v>5TZy{8DR)_kEX6G z+k|;FZvA?C@+_E_+Y`z)?eqzrP|f5^@t4>$7g;2Z9yz+_pD5pl`C`UT^O1gspjvzj z2`MHSniFrt$$SrjXL{RQ_K5PYC-r z`=21~|G)Beqsf5)(=K)ep#Y*JwT}KKl z{x|tA>0;!XYLa|ke}9e1GUs@%kfN9vx4!<`&R8baTYzv!N9Pyf_pTY@B=lE|XNVs} zNIaNt6MUVeRcS3lLTG2$X`x^f%92=Ucl((0$d)qD8gsaQ`MI80e;Ik??RJWiPGhd) zm&;hmrRw80!#?ohV@yo${hM}wTcb@Hw-LX1B!)?kO^{}T$0taAJTXrurW7Wf;csTL zZsvdIF(Q*fN#QL`r*@BW0`jwYaEs_(Nj2FcIPOePnUgEBBI>GhwbfcPm57(jI*JzeAgHvZZR)m zi?+vP^5#S`M#7@f*@aZ&VtN(uOa%CT^IJeC0w z(NR-Q|Kv^gV-zxI-U_f;>);U$Lnr}M=lJ79oqfo6-W|R?Td1Ygg(kcX!i+-qb;37M zMB3}T9a~tb!>YculC6Y5jIDvE)8J&-ZEvQmbM|0~(zw0)N!N?b+YN7kNdIeGnrtD% zpOy~r6i;^wOO=1Z3^pV*`hB8?*{7e;(7SVMhdGz(stgZ$E8qj-S;uIDr;g|PYUr%{ zR|0>_S!W-#Cq8=Pr4D261=I&mb$~ujV-{ z;&(qEWk+(hF2v#nSy(K0d83W+`5J?cthHT-kfzA?Uyi!$$qz;N(ywN`1nr8(qJMmr z_MTkS-Dp&>pTa+)7BDFn`stw-;fFu%8j5>Nno+H!Z=!ASPJ8OWNfFe0ymkKf%DD zMWiY?UrO*o4?HI^od(8#xMg@qxZyOxR`2FkfM#w(?`i_v%ck-bkoplJ5Ybu!b!9TS}^R-|F@6R^dtvc1LKY5qcX3R}OJ zwRtl*7!F^uKXzQoCiaR!Uov;~Fe%f)*~B*CwE%wW;o+^^b6+#@5u}XY)R~8W3`hl1 z(}j?N$?f#ad62y`>}X)voQ2$ z!>fUaCHK$Bp<(NAD_m(3tpV?L6>|_;PR^PC!@RL*)yhtX19VU%-8eaN?)}|1Gec@Y z#E{NcW27h*mwcsoe%;uYY@OQSfXK|{P6EThK-C!6DZ;B8UKjvC`)o~N7yRYS?{v0t z#AMZGe z4jDlP!T67B=_p+7d_91hL}~@}1Z+C=Pb_TNqxu`X)@D6Kv-ST%zhxJ!vB$yWsHST5 z>lRjqhqXd?tu?E9Vjb7fqVs_PE>&Eqz)chucZ-|QD;UlkPNErAtz6~9Qxdrfg6EIv zHpE)l{_CM;mO}6pyza|h2QIc3Lek?_;HcIu8W%kX#F9k{=}H^-&V6Xb>DdS_j|?2K z7*8~orFuac8aYeH3`SoY7#%Wj;hltSGR=2av{*x7T56;onfAKS7dHHpo5K#H)YUPc z3tCaq9vT{rdk7!z57jO+W~JrG#J0BnyEIs5U-#xt2rcKfRgF+!?ZEz;ZQjfpAiV`*8b#9B4)<}oYC8=9a{BFje#yPtweCq-r7+P zMYF546d&g?3B)^8b^?yX;Ud=Ny<%ATi`Z=G5?-O}_P*@82_*B|AN!76VBBa6rEmsO z2l9XRhHrEl;t-M48u2>7+o@kgjfnrhP`(1?hA1$Y1;#Li*qU_Yt0ynE4~DG7m_ zGkvI8zHXq2myd6I_p~yb@%@{{lrGlI?WsV=ed2AKqV)_`l#O{6Esk?MCZa+Aq5A zctWhsf%Gr)?tSLJ%xX_yVCUB0}0L z*;Qry7xseQn&hUZ%N8Sw9farWDuVLz*sWK@LO|x*^XvaRuq7N~aLxr`J$KvX{)g-R zi13dCBO{p|p4VGM$lPZ3bK5$Y1{*T5#9+6MscCG;F=m?m&aR!0iZ;M%j3r=W`?(SWD zs~|ZG=plxH2-0jZB+R8xQ;gN`{NnLGH9FcG%a$Eb$aZvb8JT&$yu9?e{|VD^eb!F9 zHVrSHj!2>vU;2@WX|<<@mNKErXX0Bk44X#-%<+CxLBQFlmo;azWl&H%Uu$QlR8$P5 z?M$ZbLTeR}5No9AIP zEY|5QBc#y(I^G@Eocr#0fobIr4QHllX6B=6Q`)JqAyBJ%?$MkvlDQO>3ZZC+aRp zHvZQ_dwV>#Zv-juI02JL@l~6H$jU$>I83$D3kYBG7N6S8^=|Ax5rd@k?VDktaG}zT z$HG)N-wOhp#d(3_0OCwdH-^36Lkm&CEr!X#FeE;2O$tg#^YvppUPNPGt;y8KrahwJ z;Z-C2r6;KB`LS4Vyvw}v>ErBkY9Sw}c0|Iho_?B{)*FZ2vnK3PV0|;}N>r=um^lp5-rTyqZijh6>SLzZ`lt9A{O0&Sz22HDV}o^hM93NU z`$gK-_B)jtScy~ajLW@V#sRGqgrkAF2KCW<-lRV@dOo)@`tC6v z(Tb$gY^?&A`Aw(9t*54YjL%tL$}Rp}Y@vsaJ%u#D?a1>&rq6Qtk);e-{kwEfBJ_17qMH-UtpR-Gv>sBEZ0-Jn+kS->-tf={? z1OgGPbp2{KmCK6Nl^7iAGOpPshL&a$454d>>DA?f9mG~=4oz(!i`RgnPm($?Zr z-#m9Wcg9-dl@U^!vqtgtpWB_a&KStcbUATOG7N3^VhKhvY=qzT4_TEDUaYqmLa;kv zay&Grdgzim{N5=Jze;It4{8})v&JOpr~MKkS%yV z{%QADy}}`yYx<<~e?-4M2}7b&ooBMH)aS0pxjZt{d*VV>XKQ1J@R%DQeKfMVT+07_ zeYLu?&E2yi?5o#%Esd{IzAr#F?{O>tkRq%ac#TOOy{W-=9LYWo zgq+^ll8O1vy+t%_Ckt|CWC;OcKnDKpv;#EPKB57czj%7QC@`Fa18*~Xm`J1)93N!5$VX*VUF@m61yOle%bW}){@!&E{y8vHjRSIWfJ_@U zx8()o^hoO6<8;UITveV?fdntgd#B676qrcH(jp5$Amlz7ETra*WHK3bZxQUhB*F7o zPc_(++F1CE$IefI!%3%hTX-+<(EoSdSy9HLhRTU^S*nY}TFoi2kud{J7CVf+4a5&^ zfu%caNwWOEtB6o*zzF3$e}Lp?!;*%c9F2c=RFC1Ay1#TA2t z000Rm-n7qfF1*K!TK?jGnH&CGv- z>cAD?0JDRKRZP?;lEL}ZeUY^-rA4kZz7;Hup15`vQAv&clF3TT*;=?xsu0z=ZghWO zo2JR+tz7yv25A4%>CtA+zzKlSQJ^M0_R!rgZu5?hbWfZ;69ZxU+VJKN5$q@MI3MuO z^?mMRkSr*hNe9n)L_*ICJ*3cJc@_jZyeF&P@i-N?6H6!F{T9)m0R7yIPw70#h<$Pa z5f*K+n`YDdt~Qe~jH{tnU&gi7n*EvMFszhv@khL;dYU;AyefZpT}wteXl>LIRzSia z?Df39_^_Msf(96p&x9>!z44+-lf$xvVrR>jcbhIWU|26OmbyIH9TuIL2|eW@O_9QI zE>APPZAk_)cX-Ter(|f4EZx+^j#i*bLwEDg{}WdXfXlHKW~Mpx`Z``X~LMDoqc(AJLmLnK|u&{ zG5KdFXEo!>?{dY4FWx=_Cq{|G{|J1=5jGH$YNh-iAUl#a@_!527mvYJ|B2fF@2MN6 zcwV06;ikTGu82gDW?S(dh`RFIp|b%Ngci_^4E^Dx(6f@Dh6XvlcZ5b0hArqOSm^uH zC!@cymIp(gVZu={QKIf%a4)g3nft+4ReodP?}kVPwFPLBFsN!q#!CO~bE@7$ox^8b z?)7y0LhA=zwXu82jkiQI+rwvfj%--kE|BCm<)t=%lbSP=--^bu;K5W%spL3i9p{}h zU3)#iFDc*ey-}rahi_e27)Z289F<#lO+Tbkk!H^Lp-mxljn}R^{GsW$nBanIa!85l zgTR;cpPy7cII;vBHGf2zszTi+UCZFRyFTMbh~D6;+bfx`9ecrZNsGG=pKI&3J#bgsQ+7qxJJcwX7wH%;BC=ulBt22s3Yo#N7$-UC zG2jg4n>N&{z}mx7$Zn%m;92xa-g3k$LIil&>zFI?T`s)VuXG7i0(dFI`8?Cj@e)0& z+^nj)^l}6OnQi(onu_>M-RRBd^xe(&M*0@HYRDaU^!Jkm%vHc`p5?v#Fhy;X^Pg{1 zuu2TZrEg*)qq+?Xqwnp=%>=nX~yB}_sT2Xa{1EoMRktZcq z2UCs!7q@*bSZb?OsZIDb3p@z?xCn2w^W+!bn6t_pVU)snhx$kaQ7>9}Q{Yf!C73d;4VW`r1F-3`%qZ09wYM;Jq~o0>-cKJ)v<%c z1-GL^U7ztrNMYDYk12Bk-9V>5?;_q$V=@H1NvpB9eQYV2_*G*8GrcEz zUGG3$m*DxmrPyEGG2-c8P=L?ZP@XI-p_H;!S7vIsmza2^LsmXSPT6i6tb|?W2HaG3 z_}iWU04dfqcxE)6vXgDAF=S?Rp{wJt(Qm?<47BtoQC6$F5Mn@>tHQH=pLuP(c};;d z1{Nuz{^s=vCcUti3~hUCW`x(yzzjC^lbix=PPExgbt(B$k9n;lKWmOdqWyl4h&_A5 z@9Q-dID`%YW*oU0x_#k=K$~Z^(P&~A0t`@vLFzA|5?gmQZMx(`!8IkD(;>}OH-W;q zw1vl^Fe(=jXa4wj1WPuY((x9BbyRGR$@8ZpTZN4>aOS=57Gy|Kc^0MI`|uO~7>ao+ zF)L%ZlvG|Yyr_@6pROh%Hg(|8%T&^48;#Dk)-SN}KIa``rMoSLzP!~4P)_jEJM2r` za9L3Eazac*lpF#@X*st$Z-YiOA1GEsuPXg$08MJ3{`Qd6LfW z+?{YK_u?GV_lVfP-Fx!y_RjqK%709)bM|}~;n&IICF_#*jXF)^VJ+h6ngE*3dcwsG zuW|W!6gyK1c3aNcgIqfx=f+gt;MFm^{*MFs%J}yCf&75k(cSt~=H2O~9%h z_Ld>xJZpocC0pKmZqT0*eNiPmR&j)~eLzCR2Lh9zw3D^j&v>FCYXNP3Dyk0>iHsCF6%d}O8q1S^nqiaa zzEJ$wEgu!cjs&`&zCIG>N7-Z+yL<-O1rS)sp|`oQ7F;?I8=0KOo-e}Z>cwRCdh{C& zpl~J$3LV|AspRbJ@0duN7rAh6GNjhbeKqmgNSqF@7507Xej;>eED!j^wqCtHn2aia z2<+!xJ5o>I>CL_D_dag19@EV%%r##u&&IiwrjFPZJ>WAX&VF8zj;aq}h^e`2zdq_P zxUgl3a@vMbUf)D!gF)PmyvFGxrNipRmspR$<37b49D($jrrsAUW_pajdD^SX()s!Q z%%PU27J7A{V?rl;1odSW?OCl;ylmZ66c&dZhnEo6QuDEbg#`XaBmQqMm z>aE%H9C(`)wc0m8CTQsJYkmI3sIl=-_gw^gyIue{bmlSJS@+_S~(RtN{p*-=|S)F=T~c=a6tePD(_ zlGAo*x%&riQU<$0i~A=|*|Y4Cfv_!_8Ea12^>R^rNZ~sj6sjZHJwLacuLOc7TXe}z zU`MGP{gb!Xi#0F&1YRjSf$aeLfrq2(px^DYCcnNSS)Eyd>FCfdcMHF9TsB+CY+mGh z;>!T{Ppt~9HjTi1oWkKvcJ_eyge>uGVCUsFMas9rz>`$P%aS&vhu+nh$TmbBfU9J|8 zR=y*T=|HU@irp28KM!82!9_&2Z`9xabiX!e`xc#mH0scf^Yao8^Tc|d?0tWE9Np4; zTdR|~XGgwl-HlWOzX9vD0X|^)#rO+cP4{RrH(s;qL@po$NUF0}Wj=8ipC#y@6RBLQ zX$K{x@bdJUBUxSf{wCoflO{6afO=TN7GUG)oOtKY)mUXZF64_@)Rb!7iHf{T&3b>@ zkpV7Z2k6MUEQ6mtSOeFpU0w|it2rAg4?Nda{^oB951gthDnB=Zv$IKpper zJ7#|;KJC}sQI8SjUYg6wlZ=`7#F4@9oaHXM`&-r;)dsNaUq@xEM#|ise+r@#cgAC_ z(phrayFD1p`Z2|Ryzq6rQfA}k#Z`j7HNLd&&CCvg_ua)WM*cL^_5!KU_wj%=gXegj zwX8Vs2g5P9>$(72Q$xe@-Tp$0pC#1*s=!A=fn=lAr7807*oZ^1&Z$um3A?h}hMhfK z+1+u^13Q{^@Dy^Gj5(17N<|i)w~NbfUwlHZ#C0D`QkeG`B~Sp6R`K1)InEYk>Dxlt zZ2-miQsg389urya5sdb$yOal8Gg@`(z_6E>2b$=a8=Yknp5|0NswwJKCww&ME-@)G zgDX6=n%AJlcM>JakitpbmJG$YPwcBVzok++`I&Tg-BT2l$1yv#DwT0vJY5oT%uGzk;B#mg2($F(~N zbXXGk<#N&JD$Yb_7cCY9UsK*rjJOZycdEpPJ$7iC9j&qEz*FJboBz*g7&WGdDC4QYqHxWj(>N!rz_ z7S)6MV1JIySLRMAQ~s?=cZD+-%0Mz9=^QFF+E(K700aJbDJ zXU5wO8rCn~u$#YUP==arMp^z|{rf<|{~CgN;Hp>sBt}jLCr}d$3j5H$qb{_q{qtCV zVWp-ebI^*9daL$tDFaDDaxr&1R1Le1C z*11Z(UXY&xL_+z7Nm2<4-}KvZUa!^`fCxtD4h|0QQNcb;P#eY%Yz-mg*7w!4DRR(4 zDek7;2>CGCF%>}KvOYZVt=FLV-#}_VHJYj{AlL@%%3$Y49f@4HaFlA7vT{Hg7>?eq zdmhN9(9ho=j!45>&V#*KC;zyyMaY3W`$;9F6Ttp!ty1)2Cb!nKQ6K>nfa=2VxDBE4 zNxj)`0O~pkJEPu9ktBt+;m328S6-~F7tnv3H7RXH^T1z^ zg^;{(Uq2#j*_61;>9%IpINa5PLen!emTz%TSth47?l*ew(YP-bwdUt2h^K2kD=0sc z++V4J^zpq18jUZGG+!svj9tn0fnTBwF5qaiZh971@)1B(sm+@uAi0Dj8t0Mx+^o&B z)JS-AGzlqxR!nx=3WBI(`Tl_)C_Y6(xi{DG-lNVV9jz`Av9S|3@6oXiHuEUhyBm@C zkm*cLM?pj4UR>P8RzdjdUgv(G5+zcW_|!-}Hj(Z}G{a7x;2;Z`>3m5xT1>~jNfxRQ z+PMOI3IIG#gPZvxo?I0CR!|?B=R@n&4#4FXg(68ukjM|!r5hxB4O)%y95Tii|4}t0 zS(Q*-_JdW-`C#-^t?E5t`29x*bT8Dt{**Pf2 z)^}^CH-WUTke`&pa`HfaMN8e0QKleNqnu{QQxdb%y!$tkM!EQ-(BtF{E!$HmWWGJKCzmkDmwIU{>>EhzRv(k( zr6>K>TdLma6*~PkII^61y+3gn^)A1ym7dpo@C2M$Yn@)NX3TA9;ls&v1MMaQWsZt; z=tVxwF$^i89ZJ0@s*8qSBZF)G_K8BX7EyVgH;Dz^aC;F2btg08ix| z$gFW%I{sv98BRJ)_h`YASjEnLAf9=AW30(QA&TvoP*QSxFL%QooPKpCQBWsQL9?x~ z7=wj%)P2SuNVfz0Qg2Sn|>E zt;QT-T&dQT1*;TwD6;BI1%WVGJG$$re6*gMa9U{_aY(uWB1=UmYFv z>t+cABBWOMmqmmbcrVS4hH>1|Q!y?iGUcY%TU4(hDE(b*^D>7lI&k$mGkPox#AKk} z1jD{o>McP}Rm}Mnl`N~HUej%=sPC{Hk~taRve@Jb-!i_|NyX-a9RiA)gJReDR{?&2 z?%SiK-C9EFzY!#qAs=QH;^B^gS1J4DF@cIF%1|_?${#nEzNt6vpL~3a$$ZaNwoPhE zy_{K9z_jeO_U+px?>H>n??`kQ#TW7FMz-Io!T8ZgLI5wTP2*f z)KHV0USOJfLfQ(kA)`6O$%`rh2vK>P~e-!+HN;>-{StL0SJSoDQTc_Of4T2$zZ;j6Vdy=IbiFW0Fw z&Lt+lF$d;IqSHEGxdlSi+L}=%kaF-|P#_<>eqa2Adf3^nN&-Azt3Xj?NFms9-K zX82;vWGw$1bx4ey?fOX+8AZBc_xQythhK3e-Q~P>Kd1GKYJY{#n(yAC@vKurxwpMs z5(!2=_a;LIulmHoyl>~rpw>i}fTB?6%>_q+bkjCgZ}_If9uNnX_Wrc%%7I6XOoOvi zch1i}UXZ9w+;3f?RD+_v(B-kxCW&%o#))-sx;$=0#M|;P4cfU|Hk*l>Tg=6LVoGP# zTeq>p$1~SvjnCqiK15RNA_58wY*3P!R{t3VViKXHetO?F41;4|F}YMnwy)lPXd|!Z z5uBHRLvo%!d-?EF4%(-~ zNgHUr(W`S_C7@#Lmw_q+%gftsnV}lmmlc-2s*Jq#JJVcva}_58gY@R-s@Vv4Y0m65 z?k{le=DLWEe8!x#{(M><<0{B=v;!XLX=Qe$7yG7`<;EAYXBMoC#Qwc2s^sv~G1%7bMdtdwWyAgw-jsoN%^+CPVx5Fl1b-d#%>m_3~%{Jm)Aca68x_ zfr1MAM^lku13~OAVOORQ(&N{MjOK!hqhJB&vCtJrTxx2!h`p-zTXS#GJYpcuv}}>d zWBGELP|}vRuvKQa#(4_Im)%9{Z~f6PVC@?L#G(A3g>#b88WF+2EOrUReoC! zS9-jW`en|QB><{9I%z&X2DWtZb0Xrxmxf8?XnO{E?}93bG7XI}N&$8=KpVdOVJQ-{ zXULuML>V;2A|q7Me{92kRgrGTPqj7y5PQ=6hpnU4Wd`u zdgHk_VaQREZv!MrmSab=kH$CD+5G8_vo@HK;@xsNg%puk$3R4ahXx2RupKsRlyLhC z>*ev@VJ9TbdR}di3?^h|W{#S3Nvnv6bYyVajDMVjJW1RnDhK2OtU!Nme=l?&$*C5}!l{16vUXUCck6jZRNwV1SGF{_^Bn zZ?9_6OFq?*b95teW_&jNC(S!1kJW(nVzm0UgOJPJo4yJ{ul~*3YN4|dPHS%C$SDe( zsBzl+gZi@h(p)bNIx3CFbv-u{8fgVW!nQb9g%T5ho<8M!j;o`Kr{2P9?8uVCZcbM| zgClj(Hl@#aGB@+>Pts80&hc^ioSi}bCg{b^oB(EzS$V=HzL)#%c2E0T6Df;&*YIL< z0%$;q<%tHK?eViNz{c^>e0gn7OVH&XmV434wI)3suIfMc_7shWy;ZpNJke`_R0i8A z5xC5TKd*}}$<8-F=77G6F4h7iy(1~>7j4BLkxrySWA_-8goQfY55ms7ir(wObRFc{NN1Fj6Hp4 zLq&7q`cMj zCY6I@)dnkP$=M@*J;~THrTGn9*wc2g(u9+ex0zsoc4?D8#{-P`L8Fl@da9q3+kU~C z$}E=9Y_-ANY-Y7&*{;i`HJ?X(j4373@uj8j;;Cmy*nPPdkh$^6FRUVUxba2WsY%wz zw%iYAMghU*k*+4R+q&69)(cb(gA6gZ(^b6$vbI5?-eKnh8sB3YN;9Dl?AIl4*y^?%mc8vpF|m ztCZzuA#+tH79~wb3Qnt20C-wWiu2z!@M!6Ogj(OvPss*h(K3>aIN1W@DPxW*8LPX0 zK)Yp@?iW@r5eaBJbibC7W{UqXdQ#TTwCu*;uUht7Y)SSIiy=Id;qj8AunwbnS>eGb zR|kf+pJgr9&#=3+>FR@&S`|nOIu(PYf*5_bXQODTb3J~&U-|KDLQQMC*ycAopp&I0 zxvc3$ePp2P`xa93OltYO&2Eijt2UDL@bW7AbZNGqZtZ6lxUiA)bEFxEt7H_c!ojQ+TGS=YY22HI5KrLgnxFuYQ#!BxAC2aVJbly&^t%)otD|O`w@a+{29Zy3Sah$qt_i2>iu-Mj zXHYUw4K(6`kt5VYDK$!vYtPyixG~BzZ3x<|Oz4q=}QRtAR$j zeQ`$tEi9x;FHPXzc`3LDN|$YTv{sHiVDye*+FHnD%EVm{u8Wd!crhZoVfxo+g8|$T zo~M2)=Ay%kJyTomq&r3Hfs4Pvn4=MFYT(KzHvf;3R2k4Yx(K)UU;$8EdUE0qYS}&O zcJJ+bB*v70cCf0jJ7B`b@394fj-%A5tJ7{?u|CcEAWQd8k6H>$yZ7Ry(ybt>CZHSTHOX#R5!8x-Nob=7xBAYs|@*07gdGRw>Xm{&! z*mkD$=I3T_3INX1S4^H7vB)q+4Q=POyJ#UnANmd}ci{H)H>TWvD>W#jkry+)Tq3Te zWfH)9baDRcYRT3X573{Bv5!iL(YDbNL6Y=3tHl2$@F3#&PWB~GWjFX=ypFN{7lnNhG_-_9u-i>*h+Qrr}1WfzQ7 z83&8!;ZFDFQNLxS0s5BusCUb9wb|Fe`7xg$VcHLDlGWRY0P~oI98%=smGe=8wrQps zZpkAZP27>K;aLcELzv%Df4#9LT7_J|4oRpudJR^0oIj&wz3N&j2~@$$nZ^cX>}~{w zW)^4QC%JDq!5T9%iZjy+d7{>s=)o8pe@QXw_Z^MrX~%L$FU>tLEdkxwnp@NEV*hz# zU3sRtP*@!>kec+Ta*b>Cr3BK8_*PKU9ow^zgGUFsl`-sS82B0p=y&>vFihEzf!~kV zUY;vh$$+)2KAv8N8st3>QcsuJ6=8rdXm<8MD}f22-!j3&FL<)@D$9S}@z{e;LPRYy+)Zsir<6h{OM2QW`6Z$^ zMfkm{Y0EGON*49<9t2l|4!w_ij?wy^c=L*YcWk10P5ww4fALn2kvOHlgy7Fcpm=2X z#%(D$HnC3|R&YTj!-S3{)x<`Zf9g6XLkElv_Q9RExcp3Ox`Z2nc()5E{|FoF85tS- zTl!0V6C2i+8HxLQwAO_PqD7r)&B|6M7E+~%p1ZE^8m}#m%eauRnqYp$1nsU>YwXC% zq0~3@0j`+)s2DeAiH3c@d}dGy!EqLR`z9yWEzWSAYhDC~q=VX8`;@yDyYouFJ^Qs+ zi8DiZBd^t5?Xzv9Sz_M~X6c|b;GPGrJ-aSVEW<6^{qo!eo9g1dC(MCz@m|jMM0c4H z1EyZea_!#FI92!LfgBm!rr`QYmY+Udp$T&kx4Mivk4JfT_W|7h8GNWj(Soj#Sk5Un z?=sJ<-W_p%q#H(`Gfu)J3tWN1(Hm-EM z>dTSW7hmru31!C7)D0i@zBxXzy%^t zW~9;i2!BZN468dQs#(Hej=zJqb0cobzj2V~O>*_!>%y#0R{YX72E>U53Oq4~BS|O6 zYWYM&@FNnE z`M1P}M}E2;myh-3d$;C;Z}A7wSXs{S{c8B;h_80+Z|%*&kXdc_k~7DOp2H!tVtl_{ ztazVP^f$^BaXxUq|G3Rmw9G#dX!$>(LX1G-yZrxvIsXST`Zt_18y?s+C~~LKWNA<` zJGb)`Cx&ZbMsf3>uc=|g3S!y@MQ-H-9Q;B7oF8V9F7?pXr?CZ(XLF|?_5g%<{=4~x z=Kb2%rt)Jtd~+iCZwma^u;4%RI8Y~~DPLAcQVPi3Acb&r!hHT+Q3CjA0SYdBQaeq6 z-jSq;-g?WqhM$5xswS8$jpj$S*v8mgM0hD~^T!u-T>o~f^@Oc>qs&|DDudk z(h^B5`%41b_2j}XGS=mRz4@Ax(@AKS^l@i?ORNlYmW=lc@=-fgbd>Zh)6dO;tyWUP zg&|FszJ_8WBOt#}ggFPkVT&h@M~5kWSTM))y_5jUED%geb4U-^=z1WeN;0eXEa#xv z!?T9AZt0;vK)pM^C8t`XOZaJJmdTwS436%rdQiU6T*~7o!e9A@roFMV3AS>124m^~ zHPSb4cHQtO)rL>n%&c?#9PjTF;O*YGnG9dg3?mgJOov(P>G)xNufU?I)3>LMw6YiF z{se=pv-4>z zzg-fm`zxMx_7^^De2RK3*}#~XPH+V`Ie@1|rNqMWuz&D=d@^hoW@jVy6nfDq8q0H6YgZ z<&*-E>0fsvdn#*VV@OCMe6_j%Hf7ZBg-UJ>GQ}@u`ktgwC3RhmyfAkX_b&>lH`@V6M<b2T+gR=KBKU?H zm6;}tV>mkjuUdA!vKP|7y!+%7ZcA<|b5W{&{E>R&UIdex{#GFzKp)?-qT}YH9mD&q zX3y-N-la_ip610cp9sXNIhSfQph-#Ah9Z>W#y@GehrnRK*zM#Kgz@iv=N(YEo=pMV z>}D>%O}DktPGV%WIX@Ft<8-xFnam#g(;UL8fV6)rxfCLYu4Hz->YA)7Ue#QcDIR>s z^|jxKmk6nlvroQ1A2Ffocr-}^rj+7oq$l_n3b@;2m<`!*qvu`<83|hE0$&Cr*$kh^ zTAPNg$f=R9>Migxl~;&zG@kDjb)E<(HP}(Nx$C736`J-xlJst>iAdNMdhvgIk!_K0 zk}fwAEX9xLH+9`NT0ujFa+EoVsc^YHn1T&S=UYV#@Apu)kRharwy75xjCvO$NcKQT z&4m0dikHq*;XLob5hYgax(yqsyV8J0)RWrN^ zmkTXbj*>4e;$gztYy=f2C#W~Cac}#duOMGOgn#c0Bx)nSQ-(+Twr!GlmBJ<& zaJCbN1u$jzWS`=rlC0>w#4;mhCp^k%aUYTb@?De~NCk|j2B?BF#t#!KpvD0_d6iSr ztm}+RC7hku;8Y9Z5IN|=*&ktz0}>7q$#ldv89~J&5`H5DZ7Q#Wo?x`2Zb}OCI9wQg zkgJs;wewg^0rG{frOROx}fw=z3`&}Dugk9H!Mc6-MQOWpT(_S&$jP5+z+C2%Szh97R)5UB;ZZC{QB<= zW-}b0@DIMJO@g{YeVp(JwvxQv0@oiq2e+<%BS+{f`!O>;xNn-Yn*1DJfB!pQeaK|R z*{dW)L28e)tMc#lp7gdPTNa@j!k=4NppKfCpzf{rMXs~MWcJrI1ck*n`cLaKs^QasTXyk0u1K91Y^sU71E-%qex-E)f; zV~CMUo!IrIo8(aAOs02T13wdYe#UI@ubbwX-?s0_X?UQk4df_8D<{F%U$bkbDiyO; zKiVkYR_l>6n^3bJYyjIBRH1nq3?%cug9@)RZU|hLNX?YU?GnB;csP_Zqri6z2N2a@)^_k8T*odgj=}F>G8FhU7Psvgaj#71*GUIW!83-`i)@ z%U=LDdX+>6_}sVwEx*u5d)Ku|OPH9Iw%iFZF{v@Ffqxk30jthBD6c93d*xZyaRX)1 znTi!I+qbpqJaSnMYWkeiruQlK&w|ORXe%<1S9RAw$9&&B<7%>XamlAu1@FS&16W8d z$JQdj!_x9`cK$C(YCtJ@Fnk22JJRFekF(LZ{rr<`=tmic2>C$_XDx~B1g3-c1$sU` z$4qS{=A+G|c(tZhIa`91A+gS6hfXX`Sm}XYuL8|III~z9Xv`9|$4%+Ri^n>}*NSd$ z$<^|E+=t~l<0>9YQJ3xP&dx;Zp0t-68t%q=KGk!D3&ZqM(l3df1)++L;C;Gy9)E2d zUFr6FGqwNdI$^vOxMHK=!TrqZaL;JHwbrbSeVWl+WCT}*llJ&Fg#A;nf;)-QaV_q<+YEA}#{oiS$@d&pCvkNzS0EL6 zsjs}$s8&^VVrsFsgO=2SIGUFe@}jrJjp6diEnUe>+$Xv%3}y&!b*h4W6~cZ-Ecv`^ z&Nee-T~JS3E;SYpYf+$63mLc$t$sVe)w??9C4luBMg zFBBSY2fo^JlYux*`;>=Dg@E3>019NCe_psQxWwb(J{m%~r4!KnhkdQ-@Q>1W*6g9M zWtEfBN-(X*t@7cwi(53gBxI$#YL$F}UYSl+Rhsf6)FK@LWBgqrStiKG0k*&s4{l~( zOimrI@M!NFsq&mQp8lBq~ir>heslfsu5Pv5(=Ft<{a z8M0JqCR%rO#kZ!MOOQ4&!($->s%%q_s3?MNqE{;9#1~$8W&}(eiH#T-3UJ3K$%kelHR;AP*IU$f@TqnG2i*y-{}X%BYzXL?P{f%~~|hop-ME z6nIbK0;F07sv8EF9+VIQRlP)u`6=oq6{-68Y)Q!_PZLm|W-5Z_x|8hVY9_thGQCRC z%Ck$QnEsa52A&7TiszhSs7%mDQ^3`fWrJ7mhkx8N36+(RU&@a8Jx&+kd9}36Nyx71 z;5&9&be*8unQVtI*Qy-)1cG>oYY?YeETC7gu7wwxzK` zyQA0o3+eHf3?&IwF!l?nxIG4o5-Q}1Ssmz4jibfK1FgR(dD*8EY8Y>^ObBJpC8d~~ zl{qzjuynq3EN6bf);g73Dl0dkD4Ub#N2nSS+KU|5F{v>L?}8b|DBAjP{?$>kd@`aZ z?|1yn5`iLP1ts5#EeQ=0ojMBer1bhQw{|11ZTOvx^lHBqVV`{JvbxeXf~b*o88P5# zo>yn9j7gwf+1%5(w*z4>SQ&y%vNxc;$hC*8za+bGJh^*OkDngBEHGlORut%x0|Vn1 zDAbZ|;b>^#n`bCTwPl(1MI zaYft6%)NciQN{-WK~4EG8U*lp;+V%L);m>}Tsn6o+Ddmsgc@rnn$vGms3YPY%o_O8 zA&>aD-vb`HhBYt^OP(xA)li}56d7*a+4cfg&py@6Zgy&!TfGtea2gqe(WGdCYdoud zXF1tb|^kEoG5eeR_Tu)67O5Z3kr5>>$>lWZuJbUZD7ZYPq13? z=ZOblwCX1~<8!w8Z%m72!gHrY@foEe9wL;RAGOfI4fArCQNP#2c{N>5tr+1Qwh2jl z;X1YKFY}D;cQu#|ZlsfBW#hSh2e#t6EZga=v8%^aK;>aWTyrKvLjSWujIf&C2f!`b zmoyxFXx+4av$FCqH< zxeJt|XlhcdXtRHF(udjZJ>|q$6&nw;oLfKt^yWx_&{;n4c{)#$FZn;=r5b@lxP5g{1HLsvzI=7Cw`#kc)Ofst}-(hEUDTR%i z_Np02hZJaW4E&$?LSq71+il#2=bDX%$r zhL=}17$mQy4%r5k^MjeKl8m^X<#W`jTZrbG&t)Ag?^hF-e~MT9$oYO0D& zA~j?xG|_%L>7l0S1PifX*N1a$XAOO*0@SYnuftA`94LHd6}rxOL=)%rq{y*jCWa%K zf70y#ufp-aqkLR6sp9hTYq;<+i#LgnG6hLpbx@xRr_n;O|VjDVolirW=S#}@)Lv@odDb9wxqd9*Xq literal 44977 zcmeFYby!@@vNsALK!5~7a8H2XHrU{V;O-DyhCzb64*? ze)rz@oaejeJl{S4oi)#TR;});UsqRG*Xmxi=8J-y_zP4*R5&=e7m^YpN^o!pWN>is zrO%LHB?ydYuV9y9@CQj_Nl7}mXRsR>C;U@5co;>703-j1gd9GpwCX9T}Q+dJY8JuOjMRYl%FuBU}^PKuaanttRe&nn*+ zpi{*`grfW@J316?7`d)WKRDXhPENF_zI-b9PFp7#TPL&q@vR>&fRy-hbphJ7z}u|H z%r>zX2%m3EkSC(uZKUp3tp0Q)96sc`x?#2eb&#Y>Sc&`9l^fo=#^UA!F~8KH(I@%W zVSt4nfxti$PR5i|0o!<-w|-a2F0J3tUJ2UiI9-R@w-^WxJtx{8=d+FfKvPjV-&tsy z+dkHgDLO&3lxC~3+|Z%HsIGCEdgqs(TvgWZm`EX^k174~%{wuix6uY~qzc4>zF_Zn z@!z$D=~2eX6u-jf##Qh}?K$>&Y&oHpR$>FP_5qx*e4UX*81}dAp-t~gwwr7Q78kUqQ}c_7 zw_KiZqvNV4NL*Y`JJF({2ge5o7mE-4V|$0l{&IH3m0900U_R(#rt-nzgRBe>$l8+0 zz{uJV%;aKe^J~E1_yk>S3_#{!hu4N+6EiD*^27Qj^4DfY{N(B!vMjPT!eCP~2{${i zvYVU=$juzYZA308fXe5>0|T%GI~crnv9z$V=W*dD|BcH7qkk1MlfVAW;$Y5C{sHDk z!q#@+*X&H}Oe~C|E@n=wf&%q*jH7pGw%PxY~f3mB9Aa zj&>lhs1w-Af#P2wj6i?O+c?@;{O*nsh#71FwuG_T!&(LWTa&+L+}{$vOkiSWY4ckO zX6%3CbTBjir?LJ`w_i2CyYsJ#z{LN?{WtD^^!+z8j7wIQN5mTB_)9%W5q|Pt?eiE} zgUpP0ev@2A#s)wTJDAY`2;gR92LQp0Tt+Nxj36UJHX}|WV=$1*_+OwTt?V5PtU%yj zP%v;NGZ>Dc0muN%4m4)uVu9hXa~QEQ8nPO2Ga9fPvH`&yATDkLwts<;w=;uzrGdr2 zYV`}s2nJ=$4KQTo1_K!lx!AcF*;xTBjNB|>7Df=jkORcd&cbeJXz&}#2*e|1ZD(l! z8%{Gz0~0W_jg`soieCoj5mJ!kCue11`DclOg@J=HOn{$U#>~pm<)0NQW|m-O2ZLYM z1aNW#IXHn_Fz@8zVrK{blSvJ1XAkqlUzopR=kJjW49u_wzx)&i@Vgw=7an0d zuz`cMor<-!1wZ-UQTOj^S=e+kGH@^uF>nCGK>v=zD*uSXj4VJNmcP{h1t)85WM=I8 z|Hb`l^1SAQ@xz8(!pt7lzU%Lzzh;y&*!Hixziuteeov*>uYXSp9s|%{U9dNB0vr9- z6NdFy70A@U$^;CH9)H~RALVBMi7OZw8gOy|xL6puKp-PVb}+jEBNrE^AtM_nmmzHI zfNbml&VNU@w>EZgHn0N=nZWD_vlYxee?OsK)BGMN+JEPEHU@A_YJ{kJUe-(vn>@B07ET&VxtPJyjps~~6CW=Uxu zB@njJLNb&V7lC{H_4@|RiGr1&*hpyD!@;4q|2pAg=+TK_g~$$)vZBbFsF<&)u=w8- zzlDQ)4JRogq~bEWx8Uf2)3wxfe7Tt9`xJ!<5w#=b^&3*km+TThejZqL%&yEDcBGp| ztQ@?WfA76g4F6gB{oO&zX82Qy_Y&VQ&XD&n9nm){BoBJ``u9AXoG(5~(fYl7|Ll$L z%l96}NVHFW5wJU7jQ=di85Pt?>$L`y~3WKf7>tXiiaQ2mn?hkYEw9o07>bMnm7?;yQA7# z`3NBahFj*`p;YyY7!0YM?azH8uhLBRC1_sRz#%x_tT&S^&+BGJrc&n6NX|mmGa9H# z)7WyyeQc&Qs=WN}`IzdmUM6?7#diein7=Mua!w?|&^45b^e?=oAK8!dR_QmoGIIPm zUh&Wm+2|M_5HKp2409?)s$`vwc#sZ!%*MMC9PLizeoOf24ZkS8dxlrswVspt*=e=t z?xA*`B1N-G%eL33aY1-kX|&L>6(71HT*ga{DSZ>xy$ zjU(#5i*PM<-Rrs&^4Ve~C)w?Ci=^B5)c(~wag|ebI9mf1uyyNf%Jo%>{~fO%&wJXDL<&Fc-qiH~qT;2lx$p$(7$o?T0d{XqDOmznBa zvgJs8(JLLdo-c2UzrEnknqqn>X+~XQ6))IPBs4>*u!QSaeKsITL(1}}{KtgsNe$=3>cen9vrV_&EifE=5 z=2+*C2@P8dwiroBw|1RtlG`8DQ$jPl<3q6lknc3S z>mt<-JFc4}f}nGryy&JOHltGVXk{JC{!tW=I`?bAF2PtM)jDyoVxccv%pBv-GW44i zS9S)am(^+LCmZR>!{!zQOEEX=Bs2!<&rOEJWOy-AM1D58zgpOd>B@3Zl;U#x$#%`9 z*E)_2Rx_RC6v0E@xOGn$Ef-R8o#s|3ow2D}`~q27ByL{G?l5Dwq^1w3_~yicF+ZO_ z4CysU?W}ocjmp*BFQC{*qc;CVs%XPj$cq>58DDuIwLerVj0H>bOtYxH<(ro{Hn$WafkGXn%bay&e}_5k;+33 zEd0w?JNs9g^a08Z;c^MJ)doyjc|uFN03UI_GwQoqo7V#cHA-csio|^r*|%%_^X@ud zUU747)T5axHL$J@`Px~yXrSU1_g}GLDz49%kqDJcVY%WheIdzP*G)F;SU5W1j;mbV zRV-UqB2Dz}&UjA0+Z&E-IIeroQ@)FvbACdt2qvvdICx9P=F}(Ve^aB_nkVQ^fh`|C z1kx|3tBIlcoZ_kBfmHa@&h(764?AOZ7LQMB0;&FqUoPh|!_BT|qSvOZ`}6unzhj+` ztIPTUI<|QERru{E<=)m|j%&+8(YD(|`TWY;%gQOe;A9$guh-@!0bbW_yIhvXP)i|x z150stsmGe|Vf?gkK91O4bdnFZDp1}gDX;Eyf`vS-s;3=6+)8;fFDG?hAmVgySfNLg z*u@7<%^f>%kVs9BdD{O>y0Ettvm~A^`7$xMiUaG7)%`TqaXK$ad&dNYsd@%`)?ScO zzKo^+zT0Ov&pnepBaJjdF1(U<<{X(XXBa5wdIlD|iqCW4-BF+dNjH9{peYxD2jf>d z*|12CLPq8)hOyb<<30~{jU|cdD!q}T)8?scr%1xSob0D?7 z%{uql7Dp1O_e+(JI9p9U5HWJ+ajce{j`i!@ZO-v-rvx9N3c2tZCW{Vl%Q>+uKGc-n zy=o}idji)#WDy@UoNn)WO@2oo3R*YTbLuaa8~*Gq!%fWbTxsZnrNR}1bEV@*&}q5e z5#VFKzIGmhjAQqefbGtf><)PjIFJpCQ+KQuw7~OR{S%KvmRWQ`*+wh-nL1}=dtQ$= zZ!$NQ%h9>ObUod{6TI_;N_(=gT`<+8=t`!X3Vm9#VD;hV^{(Zlbs1<*cJHGah1NWM zFWuKR-Y`R&b(wULgQkQ-Oa0|R_HnZvsWO*GauiYC$M;05hwS#uLSG`mrcfRZeu$N5 zqf6X>PwQC6%%M>k6S#hw>FVK^hi}Z#wH+iutSiQKCCQZz}`a$NSc+-NJDW@w| zV}0Cc)0QaYfEB*!2%D=8Z+#+7y!O=sk{-$2&|8W-$20b2MKfP4h%?R41DPFpw{osX z`cvK!yH@atb7D^?w6QQ@6uyhS6S#bLQ1@1wj?H`EHg=RV?aj!;^8I}r2Tmuk{^o07 zVUu~!=QarOT@i}LbF#@z*sAO5^4cR@M>KU!Jq`5^^_xcIND;rRl*t#}bnlQ#>hd~2 z%d?*!s2|HI##3Aqm4Obu#?XNxapOWMwREr#p%Lqo#gYJ5TmOh#W7bvEmkH+bpyQ*m z5$bI<#kMC)T36zP-3KEfos}mBh~sx;I1ba3q|wtzG;C@!bi%ugULWPZ8q1a$!FgTc1OJB2De$BNTQ8r7>~>_Je*S1nG0Akq_u9WF>3JC zprz)do~=nZ1vr*hAIk=WI-K4iA$%>> zWY)Ag(SHc*s~AXQ{`e!Cd$h0sc_y;GI$(0z-8Hgo%;`d~M6!sT@TStzqDehy1Bb0c zu9nVMTKa}{&jwQWsLLJU9W%H-(O08TfdaB?+DyR5=`OW}#vk|lka?N=gZ$%&?=88o zZu%*QS_iSe@NUlEeeN2<&a=<#U~RFzL*HO>my9`VUyip+ne(tEOH1wo{56;tQOtV%il5D|-0yVL8x8xSxIeV5tERACnf;8ii)piYKj(Sc z1)btBDJ01rAuf$`wA?N+S3F-yeQho`6NQEx^=5dE-g%rNY-6rp{)ZP$y#C|5Y0778 zPFzzl>B!mH$X5Kye&3s9^lP-<8I9jdu)WCBWwr`5D_U|F$SF+$-rzUog{bFOt3bj{ z7DI!^zR84w8TTDl;KBUz0hBskm8z8-TQh%jJTKV~L?o_MUdODu%aL9yPtYh$=p6lV zW%fξ(fhaVK|^m*!@A!Lzl_KTJO&3o(9nVsB69Mdy`zJg0QIvinjWIKe?T%PeteP zVXasG;AuAF2b|OIhO?Y|^N-1il}dK5w@#@wPG3Alx%PO7#4n8RWwc27VRK$ZfJ$v=A@I#=YiiJzw(RACRC}^yny+=a zN$XMRa@*Hb57)5{!onT-p&yRt#^`DFo%_5G^Nsf}7r2upnt4W8PLqQ-52HF-ycqy! zz43mA9b;_gJC5&ZLO8z77_HCYTbHwC%1P5XM*UPk>}g7N)kUf5=oXoMj|$9>8NqK@ z#ZL$KeovY1CH0{O5l3|@dkxxcPjG~BIvXp7u;7svuHH~S_sO8Q;?A)-yRz3bYUqDZ zu04uZkEr0yv7Oh;dDjdW%(TxMxSf@lW`Y#*#Cu{Y#^LMohyTp&5-Nma%%i3NVzlt5 zJ~TU=Q|7b7&puC84C+1H#4-d#T@ zRES}%x;!Fw3sFrf8T|%L&?q7T-0L#sbL2}#%`O?(e|+VM2Mv6%K%xuPl`cl@`%vNV zmZ;0o=)MlOUwbqz(zYvm8S~qWzQOTSgS$8aRbQ%3^3Hj0c zHqaYJS7W_rpB>AfpE5vB=& zEft1&A`*=Prmy&?Ebxl>^jSs-8$edTH1H)V{1L>~$-e8Byjr4Aic7Gxo6Y#6!lV8zoefzV;l;*KL#UZj z5w~MwpVZb3lS9*~H;(%DmNARzA(h~Z7X$h(^-D;MgVN8~*|GIzc}uY@g1=NDnkP5# zv0N;9>jhHyGu}$5f$2I{Yl(9Ejr-Nm9rRd}Pb5Kc!H$VW`u*Mo=3=-cypjroQFjS5 zDHjCNUkj)C)yTX;l$#|PlD){okD;_d5c;VxVfgg=tGpIWx{^B-b?M;>%1jqMXxKAq zrSfKS?|Ewjv+Ii*Dm5yyX|E32nsx@%3@o=rTKb%z?2EX5gbU$EHjVCurtZPCo3&-}b!rQw+@3N$a} z%LE|4x=Hup6xOuclp7#vT77z#vboDx9>uFgGi8k&1(3!qYq*X}kjX0&{J3g&031qg>0|pt>I!9sU|gC#sUnEW3F~z=tocp)^fLvD8DI%kh)!9s~4UsZ`I46 zexwwRwJ@4wKAP&lFZY{38%#O(y8RUU29Y+>?|8+vd#==D4dFmg>gtnt>TKs=^T`>( zRFuD}lyccSy-m0D&{ka6(2lP$sVyH8aG!|s94b|^CLB1 zqkU|Om&N8zK>q^!MwY+4BNSAzoi<;OKl=fOkRlF-(|^~~0+Gd_b()jn0fC;I+_ zYM!KR!PE>0uK*)6)8V@C=~7b{)V<_!Vbd%SeFst81YLja2H$#Qw8ZXei|vG)JCb#9 z0eLLcF$AA07{rX-`F`>E0#8M_s zmf#2<5@@n_+}33`~0cN;|56dw2zDNHZkY=+sbJWw16hTZ1IzwIEbYCq^z zxd~b5PN%26P`-E({v$0YD;k8Vzx)QQ%$>*A&quM+woVfy*2vsH@$9;MO z0ux40X$U&J4h~;jJC3T?7AOlkrck%xuZz^er40qG!N*!m+1L&RVTO)}4I1&5`%Y9# z{nWi1!)Sj&P%x68jYx##IW&K-?s~=kX;*ym$HjE{m9^4aB`UH}ueXv>=t%)ywrj1z zq)++Y>|tGS!`}B$dWc{UTbF}wm_vvJ6Ag>vHfiUoh#9 zwl7WFQ82nTR<_48@oz*)U%CFgyyG&XXGQ~>>_rbw-w!oS$W!=9oAA{0>5mNc)mU!J z<+M~jOIv~qFH0T2-KOy~SARVrPD}zCq`JG&l1J4}5!xhN&mI2;L}M1yKlh&aIft~G zu*fJlWm1vjR*O2m%NK#r*|2s$jl$Y#ou|S<)e=d zKQ3YQ1PX{J=-KQ~L(r2^Tuzf~+-y@%FGs&NHP<^clOLpQG(Ui}-OZ3da*205!Nsm6 zEam3>4MZ2qmvHVkL)U(@2}{-YlWXQYDeL94%3CAGknKfZp30pu<7RdzLAe1S?Tc?S zE3EpYSRe7HZ$JoqeJ-Oe-RKsCL;A)6?eWQW`| z01d8teMoUu8K$v@2>W!=o#kTGYO|ByjR$=L9&kmq0J*AkoYm*wEc^%^^wLrZb!QBt zb0R(qq#Uyr=YZCC&X%x`1}_2lP3HY2_HGf6y$(F8%)#OVa{Y}ukwT|pO5FET53-B4 zv)>=yShjp_ouD&tzendTP^ap<4SFXn-H~2?-E+<@?Kb(nLHxyR*nE3m^7Yc7UKx{j zlIKed25p-ma7Zz_92b>Wb2<4zwA6)ny@5_5e6ZW{(VL~w;+Yjr8`4#C{At!)_?X_Q zZv)dQe4LsO(1#YDAI*o?f`0s6Hlt@T2Ladcy#C{zmA(kN zP&Iq$xL$_e$c+}bX>Q&-BdnV4=*y<2C>%2RQLCVf_R?2WF*er>m~OWcT=kXC;WMVUH>jqpdQ#~x4ICeRm#L? zN_}yC{=sxUf<*{Vjip9XG&yKy`9rb5J#N|?nvE^s9&UZkMYgS|i4-=YRNkm=#hooY zBwViq5J@4tK&$;)5HWZheA74(VxdGDu)-1V@#feU9K%YHP;N|}rmTZ>mMcYw@M#cA zKlO~YBRP#Va^Ib5q&Ntnqwo2$%?Cbvb;AJ@f)1vpj^|d2h}A1j)Adu|`o@L%P-}at zY)Oup%;f>R?!7?#?x5f|rByv=KUq#87GZH(wtKMTM3E9jV_IokJ?3E#mi*LksS!LX zZnr#U$(LlW^0}71t^IfDPp)Y{v?pz=J3Qx31b`+S+<=9jJX<{0m^DJJ26QC9!}qqA z!@hCts>cnDo(VQIF}b|Z8)4v^u1!gb(C|l@+%~G7(aG{)FYUSOU*B&1{2{JQEKU<-v$77oZomcfo{s6B7~L_ zDQ^&}hRAFV&(yLnYuXE3&9_XfvCPd30y;;nw4Q0Qinw@_#3xy${{b0R}Ng6kVQHh^B)YU+vb>89)h=)4}91xh!?Qt_>!(#Mvz*WSerc2 zI&YyO1d)-P(r#zsQ`}W<3^@;O&3oW`8wpa7>jrWm(F4NefnRz^tzctrMfIb>kBWBu zQ!BBbq@5TwLkn@n&&>qCji(i^c3l|IBvJbM1z-_4AubW{*Hm$%zyzbnCAlInBc3Mf z_60%+XezRi{TSXgmHX=sKnyR1**@e@*^7ndILnv1N}0$lCbkCwQrkUSrKOd_=mvYH zn{IJ#_A`jjr)bYoFk2s2hL6>0*cs4V6*=NC2jUaQOEb``OBTtM;9)zw{)BBG;de(P zW-{}~*ySy;cKce&tvB~x=KW(q$4z{jT@lj9NzF&RpCEg5X(IBEOi$w{f?vp z2#fWJ7o7yRheN0$Z5|ZgR8S&Fq`VKoIKf3qC=1S?O-B&1)Jw0ctE!lBK z@f9MfHJWbl4QxM$Xbef$s|Ij;OvlkymP?X+n)t`J0Qzt$N46I?(Dw#Z`uooy7oMLa z2_zIVF)8q@JDi8m)dp@N^0^tma9eQ(JdH>{P?@8ID`!V_bNqZwd9>Ac}tAi$+ z*y~GKulN{u{d749*hpWe*#3&#iUBk@NnP3&a!rfzJZqZ`MC;Xm@7=pZsoM}CB=2(e zlW9u6aCK8s%f%RpohYa_mU83yQ+s_l13w;C+haT2kUa5X5wR^ga)JYjYWu4rcr}Oe z;JR{s^c7go#jN;Sml5c43O0NXQN6IFRT4O!;=4;bJedZ;+ z2YndXG(0I%>$x@QdR1({xE0DZwJ&GLD}LH;6$%sJ@G%wzl=K?8ntk(6(hPfZAX_JU&GC`>g?r5o#D!M&f}RV)6l z2yJp4UL+|kwdgO%X8(?0v=cvy+R^m=ZouZz+ygR^)zbPR)O5?NZ=Qftn3TxAETgl{-(!o=ld^h+mGL z43}!QQ`g)nQOG+hpm>=K|GtP^ZEc z3$WkIB!UE_MBT8RT`KdjnP<|>N2gI&ze!sUP|X`Ipz%I_mW4?D8NZ!bad^lbzOLkA~=eD zM-Kgy-+B_SET^R9qA#3u!4!ojTiuh>U~xY5@YxKT$5o5V@OlL{%;g9gi^Uo7fyq$1 z1KOF!ZSHhxbUW6}XF!alcj6Sa!FZ(GOOW?o72(G^O`DhH-Za9RQdNY#xmGw=oIS_~ zNp6D&U@aGYB*r|7Mb#$RE8JAKp49aulwlnIJ;$wyEWT@oPlfl}4bI5WDkM9{eV&IM zm8ZyP+t`0C>Uxj7RqaMSwIVw+{B4Vzkk#hVHqQEm`stz3VTgq+OL}cJJ;<*3X0OFl z(h{coqWEauQKhr5vJYxf}|h*VLn*l6Gv_Gd{0zo&=FDNUehs=<=%QsoaHql#+GXBjn5e=#b}qF|kmmy- zkNLL!yktS6g|uqb++n!YT+5pQX=!8-NEbKROF|NsFxGN$iXD!F7K^4$zyS+w>i$yC z7Z$|Cx1!R#O{a;=&I0D$65da?S>QIziQ=o*anm;>Qd6~??-rN=83qX@EUs@|{#qWZ zJr3JQQ|PSgI(%^bI@0wSg`2}?gq}ZPStIbShy4K2?c3O%5euhpQ@KLzt{=q zy*IA=EZe5Xv!Sp@G3&IY?_MUNGb6e#I5$V%Y3IKKC#o-v?ib$4^_$B2aZgf~tNAvd z2F#OaXmljVJZ8`8_scD$hH5N9;MH51$}-Ktu^QCWdAMRW@p77J+$xMI%{qic;`uI_ zCJRC0+Wd~VV9v;vavr&o&94RT9{61RbE)g!b92|DF`9HSoqk@JDs2#!OWlj_3E8Lq z^0fG2Ln=k-{QFWFPH#_J&i6)=#dx2{jNsA>pJznLrvO*;H8ry$Z6-&QW8S{qTic1fz^K?LiK7nuBv8J$`3p( zY{f4lmGA&Ejom#Af5I`RboSv088oNXc`!HrK?}e1hn(!>cd%_g_+0T6@O+z(pwWo* z-gCYujutU?* z%ke%deu`yhzHVZJ44b@2$Okyhcpz~y2tS0-{!k#C%qurg&m#fFGG)ej+OcnA{IxJS zG*za}%EbSDmp4W?!Yl z`yM#;bZ}eA^>-+0_u})|+N4&3+Q4>3-SRD;5owhAy;0BWSRkhy?*%$eWT|B8P!{g; z>_nbnSRuar{_v&$Bw|;|SSBJO-hrfiT=mbMpW>l|idi!_EQMz@zZfm=@X$baY2$3^ z<}4eal2sDfd|TOtN%d4+$* zTAYtP5-(4-i)mr&dX*A)=%X;{KCOG4#mZpZS_DGnldveji`{N?(33*MuGtUyRIMDo<9J`!ZcHn|S!;Dt#>^xj%7g;)!7i~G7|yxP$KCjeOiQH$YNQx6 zSFc>~h;*PG|GvmjR^!z-P#wFUrXQL@*`?e{N=v$~otvT;VJx%g@rs;_V|;G}wXL-t zjjoP%TcDb%4ZUvkt727CenbAL_d-o)jgARNOZW7ii7K5%MwqZoYfHhv2d702QAXAg zZc@yv!&H%Kw{=@um{b_)m5e}`2=VW3AHTg3C*1%D*7iXaSd0cFZh*F3?bp|!TJ@S& zMROaJ0Wm8hliuvN5VR6ImF662<+e$es zjHEB(t-H{oXMA7(LX77Y%f`zMz8JH`8kWvJt$6lFR4Rt0yBNqVhFb+;kDo=Q8Cwln z9zqqH`{X;G1hyYlx3`lxt$F7}u2(uQX5CDvx1mM-HVmhppO2vOZf2wzF z*k+mbV}AqW!ug(&sf+f@27!-qR|;D~7`67BR1x8WrLMitA3|h;JO_G>fbVV2z6r2f z^Tx{O3yUFq)6+jWE8;6FYL35dT8WWENcdt` zhKe*b=PzMkMYsAWHihPhxxG-~57Jc2IZgbwC5XB?eWyVjY6Bi_C(BJxLr5;I^YDde zO|DKkKTka_md=?EbX2L94MWm*qCCl@&KOKxDbtO6u1UVUy2yA(@xtiRRBToA`p1)x zQYpBw!^VBi47_qF*yuJVXB(~8B({USsa%Nlg^d8qf+iNZ4MUq7g$31+t7~_ZeeAJBU z;?*rU`35D4^*?U(<>=VCsy$3>e_@8j6j@l)VKcHCArC>m%wU`Jb5ovVKwT|Mr)PK+ z7-a`Y*E)-`i$5%tBe}1X8UFm|{9;DtUfI{hx4~mIMQlU?*Q^z0yn_=?)CF~YJ@iY% zX4>>8W_glvnr$AgSYz3lnMM%2MD;;D_fgkZ?hOSdCiks^_^dQ+{80Os9v%QTXT;-+ z+FYX=V7_!%%BjY1n#^% z47G)A$Phot>EdOF#Uxz$0OD!?RFgmH%1JT0s=plU1ivv;wnx+C$!Qm7PIQM^tSn*M z8rY=N_OP{LDPTE*bI@Ld@KXd|Q8sIaGlyNnbenaCKa10aSaFtJ3vCiSOJvbQNk7?4 zw9;gp1~2HzSS-m~c6Y1MkDmb4j&;BcBYzX(cwowe7c_8F`lTh!h$kHd5%wF4A?C9^ z&Uiu6y0HTA@&|&JY$JJN*#lqkn|g~>o@9g7jdI@CLKd z=5Lq$82=&l*K_%wDTx2k<WK4!GIxUC%UUra!l?j$_X@A$Lha{ZVE7;c( z&-Y}m89Fiembw^AGO^9MzQVuQ`|+ShBK)R(YF%*gFvzQQlNSh`y{D(RM+JPG!*oKY z4V{=$qNMxkN%3*a{v2!E%axd-kp?&IYOmGLM;uTan(il!&H!&=x2(WDB{(zstk%ot zwgp97nniH^;@o6S=@E)hjBP4ewygbjPTa`5W<4vS?g#byV_cWQ-6kz!;)S0D+P9uJ z*WHjc`a*lVxrEXaf1C!9SOa=ALd`$C2!WlXL|# z_fj{W8c@0~Ci{|T5AM*n9CLb{-%+C7-Y6{2z?)P{RS=dVJa%7Jl=wcVLD$Ykg(?bn z!h)j^m~b>pe~wC5dFq9Ul{1}wRQKxTsUI^FeOIWJc;jcrezY|-s2-QFFpX3F5p=`` z)!m>UWIhO%7gZ-F>HT@S>ShIX zcbsCKZcpX1u4|LnFzgRpfiO{`14uo0s}ahl&~wZt?8fmueUIX+ea?er^0uXxI*9P6 z%K7&-uN21m0wBRduQC_abt8xgG;vE%Oh)tq{0fNh=Ngentp>SxW3r8JOD*bgaG^#;pqdxT_OZ2UJabxW`j8F<{_%cVAZp z8u|SUM=}4z0*Q^&`L~BpG1_S18j&dD6Cz>G4MIoI^h_Dn#eBVAkUb&CcMS933 zHq-8xeRUWjMh5t8T&|rNXC#R;#gf-ecn*^|RYl1T4xT!Cc9uH#e2Uca#yJ*mTHe-% zU7{dTb#p-oTd~|=bje((*)78No$~89UKI?IIgWr?=XNKz*{Rj)EfcraDyIyUHk88T z@kByW@K!a)8PxJ6b_ol&i32SPrRqs;x!GW+!qdF7P}KlV0)rAL3okV;6|oJ4*8Q zx;cQ)2LeTA!Fym*;+-#-S6IHp#B!pWqaICfUj{aNU6!2Xs*^h7Q713Zjo5WdF*Pcs z3Uy-Y8>u0l2QsF_8G_vXg`|}k zm(^7K8)@VU#p#XA@4O5#tH(E57JKtP5KK698#*$)zS}>PsUBa!Wy-(7&>AmNC?C~J zRZ=FZ%cVNCri)UdbC6aCFPWy+Wl&#KQ#o2fu+}w;nlzo)vsh`%QD1PC6bp>RD8VZH ztL?Tbh5eeWiQ1fV1+p3@Lg=%Bf~X6lsyNKc={y4h>8XkRbbA+46B7eM=kq5@2{9Uo zB&7Lt_0=ln@&c+Y4xO6fC$a46=;t}Pr$WYAXZntpqm1XHg(~eM z>Ae}fLpvqiK*aA%vPF5xHwS9VQndW~5g)D8rBwF;^7rTcnbD-VOiTygdTX4NlTzbj zg1El>$IuttSfDFlO63Jo$4yKiXXkoCPqJBtQ^32gifsjsUDAwT%JHBL(;7GX)RjZc=5b zvZz#{pQrs_hB+zu!eU7Cao7wx7QOT7Do1`sMs=bSx102U{CJ%lQ+~%v zy_CF7)AzoPqO6;J6^Ghnt<1W1hPWEW-IO{DDH}amyqsLkLCf)#q;x6TDAWd5jfEGg zQVCZ1qKw)qmGHY0m9KSZ?E~w|&2#hDKgbW%Vdq6ZykoRfeDA1ztCX;GMlh!m9_cu- zx0_vkFPhhzf0&;{r@bvTg=Oj!&Y71A=2N*`$5Z`grPiX3n|F}~9d94QM5)-Wd6f?u znN!aEPFQo_7^EVVphv3U!>==b$qO2938yhX4d&mWmRFxJ+)RXa(N<#8_@t+7qFwL^Fg%_;v_e^)#@AzfJ+kde=M_tniB{+iS6k`wq1ItwTq^!D*hCnOqL zF$_wQp}dwsUJD!TJKmByiJH>2=+mbce8jLIS?oqQ@o2T3AB1*Nc{=BsY}Cx1qulHhI`vleP_AEUt4jg%0x=lKz>vb& zYNm8eM)$jH!Q1ImvlTBgd6F+Og}SuhI;b+E?qi%AzM&G`U99HhprmWqnKEWcxQ-&P zs>vSaxr(~fcKCRw6;rSM_;GcUmvSRu_f)nr(@|r>WfBo5Tc8T&UPO3S>T#+5wB_6% zbm9*(q$W~}ixUO(i9vPgxa_tnx`LL$i%a#r&MG8eGLTn?RvM(W7VMOduF(_Q!A}GG zYivqG!*=z><8=K{GfhxH`07%9Ulw&{{w!p$0h!sZgRSVL$Z~ zoJPz2_T;k^<~C-_BF!kuc6w$t{ZO#N6H3ZsOp$BPMVc zLr9QdNzmZ#l7s}81b26Lry;l#+?xshPzR++%ZM@vW9{nB-DUndY$N#?fo4Go@*#j6bacwvGTMa~~M4D7AN z74FNuHws$X@PA56?@T1)nV;cxyE|1k6cJ@25xQxo^-3k1;iZLYM^z4GPEgnahs6_D zkF@r!4`1&4wpLrx%Fa#vI`G7U8J|a!LY;7uy)C~|wm)|7i4U&8*uSo$`u$i;@r|*O zUCxm&x|tn-Qg&mGqr4<$Kh1}_>~YtaJ&7>YPA#4w*AHeLns%+kyy%E5MOaet?dpv; zi$A{XHTEWsE6U3Io{%Rt0%?$qxPj3T7)*5OUgypR$%ikNO{Aew&JLJ&ZLSM7@^pB(>g3?EG4sk-HbwxfGJ`sO72`G zxXL>C=$*I?D*nv{m`dg3k8qFpjl@BuT`=vA<^L*qbXk_}gErIA5p(MTHo$s&;+S){ zZ8jLSyvJH^_#kp?qCoK65~lh}KzPa5ayeA+%e_~_g0Qc+=hR9nha2X!v0-n`#gtXA z72ohtcBm0p)=jD8GpcDhx!Ulch^U*DlxkrUNyo~^+-Zngy*uY_tKfUdObJ%EMcFnR zW&7@sF%2b>fci6v%9C1snQgLw;4xpzVPPyR0nqt=a0S6s9%hQ1f)km5E~m19qwTH( zFA~})O|_XG^!J@vaeQsDHC3rkG`4Xt-lc@&qYNZP;zD%QPQD8P;Y-fIDE!{B%Ac5M z5%n`$y>N7klZm$nPniE zDah69#vX&LFPet&Hx>?nv#n0xW!rqGYs%-0>-)9KqH>TWMEDffrALp|K%_DCqO}YJ ziScikm_cTRkdS`*k>xbQu$#H7=A82`I>J(%+7tyXKdhRR!>>sj>vQRRvZ|I4-Rfj` zSVlvc^u`U87RzRVt(?dC+}cDnwxr(>u9_!9Z4+v=4kE_7To$}ib{!O{(=O5`@SNd} z+^6vVw(DCEVWvR9p?6%`w{moQxYQV=t%^f=PX@Jais45jUH5~Yh~f9PX$j|+L{sbD zRbILOf_oSjE(Cqh-c_LCiOKe%S$Vz%+J?~9^SZ5ni6$3KT`_zd0SH+1MmNPJU2%#z zV+cmEm06YTvNI7RicoxaZIkS`#hydPrNt4#=auXT+&JWQ-n-e_sJUjF7MZEsv3o*E zt2MifQB5ioVMi!C$r#afcBz5CROf2iIUaSY&6A)%0bE&Zq_Fq#Vmx}Md!n@4E9h9E z1Jy6mh<+j9_EPYTjv?65oR%*}AvENboX-I%Cxu9JWYT#@&oFU#4@Rw#0i=qTlq+QO zKpYfa_&ef*JVM(1PkRAJidJE(L3G4M^=Zq#hD4q z6P4ux3q9GGv?qf%5*~Hj6F)}jdW9yV=+zN3!B{j>o2B+-#?i4$!yX1~6DGA8dis1Q zr6%TCT8L%>{UvQkI9Czr%SY^B&#TVzVtg2R68RVhuK>hql#&HE%!j?4YL{;BNJLy~ zky+Wk3LG)Eh*F0MedJGEm5mzSgEP%r+sqjV*6se1ry*My&l77^qcElNLq<@L+4(1y zTs^P4M9unWfzTEBL`J(l& zSB$G94MJthB)Y9pchbjDqA>-Ot+bhjkC-JJJfF|yC1^xvN1Jdk9bjS+| z=~!K5`X+)K1HwVo(^acub1Qh#p4Td&Z`)C){kuZ!If;-++UsCGCu{zLar^4^)hPz- zCQ-=8c_(FP5!9Mcy^lE_DE_T65}B4z{P>trkI7nnK7sVesF-W`J-B6s{HJ40uZD<4#XqN36-L$5g%eQqzCmv7!QXyWBm)XOq zl~&xqhPgEovjD5owbR>URo7+5A}9#hHz1V}+S8fzH0>IVwR$2|!PJVB>X-SH36?6k zKP^ccYB5kd&BkttEcf0$2dU&2YJNjm+4>e-)!B!QMUjM~v=N13R%7=VJxY!B>Us^b zoMBFqKT-U>)u2PMeC+xa$iyeI&hSyb0n?X}ieK--dgS>S?CFm>XXZnjdP_F;J2t|6 zzVyC$f3oUmCVa}+R_2vh5iQfRAKv4{CSWi!&%m0ZdvM10@}#OrafZ8F!*EcW$QO>d8H6>@i@+YS&SGOUaEf zt%@gJ-7D|gmVsICFh`fewsLZ5!HQ7e<3#66pP{GC$h-BwYvx;$`y)3}&cXB5r|j=x za=@h{s{w8fW0Vuq8=0<|X^yN`hVQ+N;xi}AzGGzat^xy32WEdcwZdj49`E-MoRKP{Py|EVa@a z-E%5{OK>~~w0zY8Ah4g4E~GkSNsBqT@w^%|Xx&@>V_4#Ot7mwDp*SnZlyc(s=7^t6 zR)*kllP>>tcMq_qO$tfOpEAm%e`F9>_40GPTwY5^)1Gff?k{e$cF+t-9f9Gcg}$jE zhQL$8={(v6cksYvs&nz|NfNrTl=3uMvlr-l1vCtTL!@}A&Iyg zm_MG&x1&ke|LwA2dv{lHrch9YA(>i(6`gV!fAkA`;U#3UqyB}f;!NJu zeEOE2A?BC%bRU|UU9#LE2bQnTjj&XhBVTJk3?=NIy#77^gxKf8{d#cM%^cKsM_87h ztJbP_%UG%dmOI)mP6|CZW+NeQ#um3q_i$y^-M6g+X=Y5>hD3eG5ND0bxV zaA7+Jrze34;sVJSwrK$dxb(`9KD_y=fGQW<;>0Nk}FOr-Y+x+%LtaNA+lrEjSiYx=pPt) zmnSGSZs7>u+()$v9qF|hrSUikX9O!o0xuqK)MZ&FCWT6odDzc>TqX{Mj09O4W>{m8*N{8hbQ@sS7WA=Ofc^;?k?S?KDNAjdUDER zd$N6y7&|ky7UgOlT~hE$+jFtE^pXR-H5CW^fYWo3)RFYt#noX8;(7_wx(iY_;5md5 z=DI<>*{&@j@1pjv<>O3UbFAzrEiTpiM`~B?Jb65nW;;6hbnQ61(9W$4YFmfKTRxob ztKi3V#LabV@YY+CRHz*5emWYn05nd&=y*H-;~Tv-|JRf28TInZ$LcQS&|EvCJ{5p; z4dG&*v|?WvQ~r2jO=uyai=eH!L+~xv5%msW($GO0Ddjw008pD$O~4gdz_6;qkP_0b zq2mE1!n>Wr*OM^Toz(fsQ9>kCIQ|3hd5BN_5|>QZo&24{@_zcIIW|MK0cOgbL3^1q z1x&apVw=TgeUyVw%|Xub5X3j61C<*UjdS&@!qjX`fD^(k{fvE_ILu^{x0drG0}N(hgK; zma9p74&PbMzzud2grfJfP)2N+d68-zMam5pTi31)19jT*!Ow^XSeSs2(54oaMHV{c zhPi>^fu8lfpenp_nsV0>o+Gz>cJvrkS6&E?`f+e1pV(=d82f@--eP;oucW91Mo^~T_?c2Palj9J&m+)|6=6+IAI+I?C@_AP}(T6Cv)fL$9L2- zyc+UOc{3&ZIesQPDM>C+ct|}Rw9sIW61l(Cdxqoj<9~AVv+s9|XqD7vT+|vqOKDsfO$r!YznN5aG!e6m})2g&{ z|Hv^GXbk)QWHZ_8*SHgsf78t7wdm%}NUPzyxxkJz7x`hR(z*<6_v)1~O7mgMEjfPx zZ)FRW^OTMsL_5{c6Oe&S*67$5K2d?a|M9b-R}eal{C6&cd594fn`!+betir``|nM{rQ;Z&0Tw3k?QBo$~yBENau^Q(0ur*kpff!N?1WR zAOYIcW+8DO7*!y1bCKjffimlv?H=WiJRe&=qbrPOfPrg{DoS7wXBok}q zr|2ra#InVgto3Iw-o@SsRNZ;56}J1bRF=3&kCf$;Tox#}p&k`&;%;@R`esLzG;Hrp z{R>6h_J&KkJZBHT29(BQ6<^#|XN|Gq(iA`C5v6>}tN~2o$u%B1O`!s?31c|Ta%4Vo z@n^EGHn+?gnSM8dQ5nd$fv#lOA;H9)RNRMu)&+A~CH#sTA6 zS1vx`?=u}ZpV*2yD?atf8mA6m!z4E}S*JWzTNU+<=HZ&F+kmlCFqprX_Suk$4(!Mz;(cZDvFf=CaVb)jRHdwewByFO}h z0qG(y;vIjNziTvGNJs=rQJSX0xUN|lbhN|!+ON&>R^A-5?Bda!Ol)S5^2hmO3-E=C z94#U2hbe9}s6v?1J$6|PGm#9L+Z zBEyvI$CZ#g>u&2#vQzcvJL6)i1MkR!(Wp0X=0oDd-FIp{)2XxPv(hGhdQi{!=V^zA zAhv$&EOXVj58KbfH-97s#UJtZANk*_c^U*=de~M) z|A-gD>$VE9%hAoD07C^4*LQy||CJuRD?U-bEVJa}{x&=4EZ=dSJVN&zQ{0tNZ=oE$ zzE0e;Q4r3)oG!dPQQcEvy=r)BNhqf_LG#JUJA%hYrUyrFag<^4V+#DdulW%EBnW5k zV^eAL@%gCvrB8IAq3+PiDtSqW*-}6rlgCkan7@(kY;v<1cN?#tXJ^`P#%iwH{MJ!W z7YXa(e%$(K$lz*s5IACsRBGb8N%f8p(A7t{4OaA`s`U9;Y22li(vu9`8&psauH)rh zpi6c5f-JWSJ8p^bxu~}J%jpOcS<0>R-&WkDB5jEakrCFD(RK0~EO)!jLNV1gJmC~f zgo6wbk_V-FQf)5Pr1i-t(+ss)zm4~d_U;2rgR3bSbDrv3qaP3D`@|-+jiukNS_6q@ zza?hLJ_+6GkoI&K^-+E9xs=?!a;_i1jrpe7+6U+c^&FW+DkjyM^e?Bai}BQ7tbHu( z_2Uhtu#i7lc@GQZP7L>CZUOEx1t_k$9_|>nm=TUeeE*)faNjFjY_a^H2lxAj$a>&=ri$Ur z%_$z?wTUE6yS*NCqB}{XY{ItT>r7_T01)EuSfaSh5cR~^*133gIcDMlTk0K;l4Q)N zNT($9h&tzVu@UGJ;z&H6Mz?fpaiy0wVTAtTYV-GGZhDIXEm__DWeetQdULIl-Zl4_ zuR{23s!xe;%qH?*rjX1W8;)F#vb$E9#4%i)n)?~9CCQKpXDZ@xsMUD$G`Rvg@a!!Uf-8`5V+ov~h6+ucj>|7&W0~66V(T>^#m4FL!ZYJ2Lwaz2PTQ1z= z^TVC)i*js0uAL*utZNkL~>>7tx{23FrMP>O`5vmwb}IdNJ2$0BzwA|Oj> zo8eg|^XQq7aUXWkgX4|>`~-fiyp{>M);q4U?=6kJjZz&Y?jrmtb%&QrjO}uR=UjV* z3u)vv*xlCf@4x274kvvZ-BOSo)l-GpgX9`?E6;-$VoTa>a^x;LIFH%=#+2a5tyaV+ zPj^L(pw?Z<;{s1`vyo>~y@`li68GnE4Y_#Nw!VK}i-Dw%AXnKkSv*dD{lDRq6RXuC zl+BjgsK3#$rm};N?)ua`glL%nMeKsr7`3h!UNB5-;Q>Vf9!VXt~{S zu-j#hwW1*F ze3G4CQU|J!|{S(_Cx$qkGoiQdy|>AZ?;xvq!GJtJ%>1z`>^2cN@pk{tUaU zWZeBr0;1u0#%!n!GSQnRq+H@n@HPbNV=!5X$WZZjvHJ>!`I&C)UtC@x-Li~mb!3kl{v_u`W z{>6a_0iY0tf}kA_P26`g|Mrs>cT4ur0jOc*7^bc*E$mfYVjX%C!#VS1&9pKiC$%V=@dp9wr@#qcZ7xQgo+(7hF(H$rM_p|Yn`<;9qKy<_RpD&I&AhKF90 z^!W`u60JCi#9%i3UwEG)st=1P&DA7^KkKUOI;q4qP!GY`05~759ewYkZ&8F@^9{4S z4ujKK#mMYrWc{GQ22NBEP*N)qybWHh2| z+2x=+7DAH|9J&G<5(!LyO8^BaOy!6@bdW<8JlHgE_P@DFhm!i5aySh*rS*KTd`abs zH3vrGPck%jp%Y*Ch_Mb&{iwJ0ql z_amAU!f$F6bw6qyi%RC=wAAmmTMlV8M89D8o;0*HLr_^E!{Wik=`Sj4Qw9jj(2V+y z^4&Y0i@`PK?w%iwrm%YZ)9`_=X~!nM5g6fOcgB!uUNTMLGz5cNPFM>FP)0U($I4Sl z_`rNCq#s9_af&mVd^0M*vlTJ+MocU%ju9b%{im#{bQGi!yQ8{QC)H%-_AUqFUiR${ zkuvL|;W|tb03S44K+-32Jt5bSOx#?(#%#)cA?_-(0iJFsQZ1?6!F5w_(YSmHj;Y1$#plvX$xOQB8piQKsKO3D&o>YYxYchNP^&%@!1Znu6h% z{u-=oeIeoUtk&cjoyj=&b=p+Y>`*pS z4c8?>!@hwk`V1PD9GzhS;>$rrMmGSOcV}EVFYl^m5p@^P=Bb**?A_b!J_^c-y(ra< zJi%9d0jYUft+!ry;jt0bR!e8&X0Z<_^M(@3<(lbq7h~F+af>azo-Hk9YH%ZS;h9`B zM}Vi#R^Lvb_K|YF+5>pBLB3xle5B5Iwl8*0Do;I%Q(LUKr*Zm-0_u_@KHECo{BVN>_PdEPl)>=D&YS#vdw4Z!TotYID;NE_@vi~(cZ!Uv#Lrh^CVidk07HSWSQH{L_~qbY2f# z8WQqP@vr=+x}Qm^?ZiG@LQZb2D3XNF{g?_JXAiN$h)6_4D`1G91H8hiI_!4eeRJj>_T zH$!tW1JEB6>ns$nZ`$<&)M#bO4k11icE8Ly0uylqo8}&M92-;7(&Am-$aHp6+BrL; zwogqZlpj8Mo0<7R%mmH0^)6MzAJOi9S*z_>>YUu%1h>oTYEEDV_kJ6x@LoC?j)glc zFsKb#UOD-70B*TN0Uo#tz<4Hf(k#ZT*WwnIhe$+2T^JJfM=y-_@(DY`@Y;Us3-V<# zaFtHXjwLO6oEX|a&L5kb$9rqOTQ2l!=i{ij!0QknSel6)k2=#v5TS57vw_VYI}c;nj6bmj(ekhOvG>H8(1ghpLjPc&*i%f{y_^AXm@ z8Vu?jbCMt#UC`LxO&fiqp+2?!#jeb&*{H)j*(Xo;+u>7ev&Gl$xtc_AOWGarfPFJQ zJ2rHO6A@1fQ*xvS*VC=tYr6G}Gn@R?V2hBzgg0EPwp-)%0f~vzUT1nsikC<}N0vT{ z+rBT?{W2E9shz)!`ZCDk#k&t^Tv&|woi}W@=*b!G(w(tfdonSQ#{z9JrzE!b5#g`f z9l*~deVZQ=>r|wMT$PVbTw$+dwHVu6&G{&mlX+^4x7fC3p`liIAU{AxgYA{Wc`r1vR`o+C6a=rh<0yvnhhcL5@olxmRf%&bLq*i#4fiN!@2PyP{%`wU1DzA&e9pu^a9}>W80S zd~K>b9H9hQ0Z(~t$(z3y7N^ful0dIFkLCmz;7&S^gExmvtbdmLR_K?N-3TVGD!AUF z>g}i?QP}J)z3~p1d&@kewYGQQwu$Z`!d! z`hI_>)g!+iVFR8cubbeK&%E(M+N5{#I5%w7;tuktIAE`o#s#W*SN99t1Oh(yqX;gQ zvX7wIVKt}qky}aaC6@6SFclicj6_|C^p1PJ!q-sk=s^;z8+^RHnL;7FC${56Aw$VR zNhBKxtFACGh3zU3izE4yxMJYrbSGt8I|)$>eHt?2=e;!Gr>}MI8uAS z#r|SSxf5AY9_q=2qx>OE-!hbEAYbb>Gpext`9+@)Wdf%s9vP z?L8U|pOqANDeCc_dXPALOKldk0zs`9tN6UI%&A9bGF~Ud6Ti|W?EY`DsC8f zC-D>2W-|ely|MotI4Z}4hV=Ug`reTE^*KMGAONUwC*iu1zJAl? z$0d;BZK+x=R6`!Qlicy2QJj4JzfqiXGVV1VpLRmp6Iu(fLMtS41Kn)0h-?GvvlAnh zaP`)d-};5=;ijwPI`Xt*F#Ph1RH#p1m&+Ol0n2@Yqe?mOI?z>Ds<*x?5)&2}u+MV*z9^3q*B0bo)Z)(R@Pv!&fgQX* zLOQm6LVj3x-`RkS+xMx}ZS{jrm}JM!-sc95tWzDPGf;83Z^B73`$FK8LH-&4$gm_%O=ZIOq>{I6{K#0eQDN{~wo<3M^}y7{8} zNdy_~XrWVT^LLLasoIS^ezK>sI{iNg+U)0cB!{^T)j2P11hJ7y18^IYqG=*uuYo)w zysojYbXCIsUCcn%cb`I_J-aW$czTGKRM5^B*&j`tyM~^FBW_fs%;5g+7K=pqBa`Z# zvJ7&TprA;6a2Z?>K9ErDrLaMX@WwdUXKibB$uH53$|z*vl}&1AcPL6%(X9lgGb3ch z>Ma;NJUm+3i%1euQaK2y^Xlk(TJHjwh4m=(9sLu8Nxa|Un*H$E+Y+IcuNejXhK6M1 zfV>|z=#`~TA^s1X8-jX0PO5KgeEx#8_yODD;RQzf_&N3kdd+;@c>QpIgV1)c&*$~L zF+t9F1ga}~{ebU&AoeB%IZuO%rE$~4`(>#uW^h_V!xTOsAkD(-VNubi*iCFKuNB~b zE*V4eaia7AYyB6}_CJa?z{3iM4XK3k2MidZb^i}9{4YfC-{N2SFLd$0RR4Q6`Jp*) zk8S@wqRm3wzfR{+LVi?l4PQ}-2yr-1e=qiK=v)mX=MgnCi3xV@IC8TR+1s7vyQul}%8`9=^og?=7NO(edMPe1@1Qur+jPIu zGm1niBqV(!M8T*lW@3UCGdkKmHFdTIEiEk#2o!%tK;A)8##m{Jjuu>&%dzIy(P*7%N1*JU>{JD+x`8t4 z;wRgskJ+@eUrS6co_mWsI6Ox`KQKLxQ)Iy;w^S+niO^)idqFF>=uj%3Kg#umB}O7b zJ8mF}%<7%(AN&sw59!8^&CSi5PuIc)1-!3ht8jP3bp1QFd?NYpn{=WMPI2xP@)O~k+ z{%O2%LJLr#rB;;SAKo~z7s|B$NbTZ8s*aVWrOEHz?cA8diUE$=8|b_2|R|E=sNPOwDtZ8@|qUNv0BUD=YPGF-2FLY4%bMB6X6|d^@+$9t>oZLf_mfgab z_2nxm%eI{76#=VV<`)wiFp~goYq8y>Z1rkNW*;Bxr(W>)qGF}*%18c$7J_G@HNO2v z&;_bexpvv-<~IB6%4NIryXlM_RnsA4MWy1Ai99a50p!wq_W$ zs{Jugt|$7_Dc%C^mnCQpehtB2Ho;wHENGNxyW_WaC2I5k2X-1+!2Bx<>kXKqK#?9eo4^m-RhlMC>Z_{?7dmO9(kd5x&3G^BNY^o+ZLzV zKaRkkH>`%-&J^AOCRIRM9RBV#=pq5o|<~TniqzXCf&smdnDn~r2m@KXWh?mIX){>b=kG1@;ZCkWQk?0 z5S?02($OIjfS1kxby{t*QFa!$*kmK~jUaa}!_;D=o?Vv0uD#%bV5+k&dAmj@{TA5a z$*pD6`u$h|e+xP%t^KY_6u~iS6cAYLeQ&)Z#C^PWkG|-0;9P?7>Jni|VthoA8o>VO zTgpwJIh5D$a9fSMBJr&}%o#a^@4^hVExyhW?`_+6XM{tqzv>rrY3;N_!8>uOu#d|F z;UQ@vh}UE-wF`K$X7^!JPl}|>x-lg1EB{=%u9VrJ|2k3|x9&)dMS(_mb1TG_u4_7U zq*y=o%lS<7@V_P-%i#Xslz6AOmXn~3a?zURif04@)Dl;Qsqy?Lq|NvXX?w*a#jvp4 z+&r~a@MLXZyv8{SO5~13YFWSUSqgsq(EGuc6V8erM@Dw`5g#{vr_DT$$@O)?S3MOs!S&3O9gTsj{&Y(M>nRTMV-FHGs)tlfnqX=DHylDIVWyl|L|938 z%b+?eVoy2y5uCfAN8!XRhi5KprS_KYo^}leLG@Vmo{ce=;?GlD=p64nk7J+n8FIX+ zuwlKrggEo3CNn;9X*)FMwy!WfDtqobwi1#}Tv=85?Pg|Wj$?eF*(!L?C?`ih@Wj}F z^72q$0cB1B#vcg^3=}UnIinYgCiVnFA3$@>-anxEl^9c34CuJ55-gCF>sl&r;0Vfg=!Hh|P^o@!Hl1emY~`a>Lg7KPG*2eC#|YBo?|ON-=S5rsvrh>wh!JNz7Ue>>ZD| z97>t?uanbcZFsD352RIRuOx;cEs+t4oC)N~>`TfoBQ>MEdPblTX{|mZ5uI?w=4wyw zs7ophy)-A%YA%@KiB*L)NB+AsCZ&Lt)#lSZ^}Nw-$!?AjxUy{riV(j7K;LF8p*xEk zxAlsBD0MWXHpYmU^qnG;-#1L?SewHgZ|}ZnzWs9iw&3r5{6{y<1xuw*v4;g%Foj>v z*YsOPJ$d@|4?1Xs+nlGZ1S+bK0nJ`wFjI6ADL%|~A+^Q^4PDx4es`YqzeQ{u# z4AA?6K%#f3$m^YS{lg=AZD5@{2A-z^?=qwFx~`qo?>e3oY9~>+j2d2?)(#!I1&;Pk zZDhjt;o1VO4~o06uz+CqP+q@#7XuUWu;_+Ru)3aO%6J)sVSGf8z9Jsj)BVBg;*r(f zR`Ztma%RtvM_fkst|P$VKI`Y6v|p!AmlqEZydZ)l>_<3H@Mj*90I!EfLQuo&Ecww& zckn}ZU1nvPfP?ES;RtD>bm{-%oL-VjIfmMlxI z39C77Vb!BQk%#A}wG4kzX^f`y$?q@RHfm*mh}>_8J^7R0zey^YTlS?s+0cJ&aygV$ zivRQMXy)Xvq|9a`-9h>Pu(J!#QeCJKiuT|&{1JbV_h0!>wL|zg3&JZH?laLJ#T^)$ zOY1G|790U%!LRGt^W=?blsSKS{b?bh=h3FMmelS2o=TR=SnGzW7V)o{*EqnH(Ac78 z482oiJei(e025M(e&`|Gp@-YlJrO{6?PH}`%7~_57T27?%p_?jswH%Nc_+VeA4j}L zfJ3eEE4z~rK~uv{DgEC%oRk|Mt@}Z4o~guPN0MQTzNobVx^FxdCrRu%wPe@C(kb@r z&lIR)cfUMw)4AhFa>@>E+Ce|mK$kB}X$Qu1glEzo_l{}FLBU4_E5m-R$knp4Z}&2c z0CIJP4%};-t388#DCYW=j$3t)#e5PvfldN2VOYezMig6utg3Y!(*{-vG=HqIh{NY5 zRaQodITU8BHe1HHzi^Ty87=_ob{;4WtMjYEU(`r|Y>17dFL|do`nXjde4wBwYJZ+2 z(bZ#qN~9iX3LvIqil4DwkZ8NTp2YS+(X;y@`kh149!xd6x?X0gc5u+=*E+B5CW(1 zY^C7hHJB5n4=dRZLh3#VXzi}r`o}nsCy9v{ziaqpn#=BV4hVYrgpON;aAdB7VH1l| zg&NO)9mG{ z-=9Z(2&ddEno_A=O|p$&r*Z5RLBumG7mj#d^dpJ!pbvVu9ko5(Fn8Qg9|nRzx>R-kU%0s^CqH-OSjAIHH1r33$@|{cmR&1Q znweKMCXzOk`fbw5<%eOzV{UR8=z=*9`LCbI76?Z9;J32uC!0b=g*5IBqVF-E`Y!M< zd1<0Ki!v7W1OfbZiCj+uEpdoGoXD{DsGShMUL zYR8V;?x>wX`PqRY^7G}I`|HG{TWZUZD9cobI?XQ`^aciucUxr)q;5TMP`GSay2$$C zQm(|AiCxMyOZEhkdtKF`Co1l^bLtarFmwiMe=;^=nd-ugewel?yrvQzFRJk6f6O%w z+C&RNYByh$^RA3JEWvn>fMEF)a34`6LwNj869c|_R%^T0vT{9RX1&N>rZH5WZZ&glXK6xqYH=J92lLp{PR1A%y}BcBjoia`#KgO6Zr?5eIzS^uW` zU(Whl{44*>S^w{<|K(zTi+^Px?z?`m8}ti%(~KaQEB*`qQrfr{$ENW;Sg^YLIL3PA z?Z7jeGMzLx;5PPFJ+dxqRYObrtlDTw( zMLm8!79EAffASdX6yWgd>$SGZa&gDGNbMe2Rg{D23#DReyRAypJ{O68oC;z3n$Rx{)oK%YUSR+j zke|OeIXbjkfR1?ULLHa+N-r88E~tjlMvn z_!`qu2I7?}=_h`yyfgHZgS$9};|V?V!_8r-=KaRU~d8BzdRiq9|ojN_4u!_dkS(=E(hpT3qTf zAu;aOiq5bH5Y*qs?3GiMd6!DOy!qO!+cRSK1}n+Mt2@M8QxeGvT_o?my&T7iMh9_K<7E8DrWB z#8Pq4uc0->tFWcfCoIQ#NC!6h!o5Y!;IjmI!}HN+sWn!8gcEJ^5-NSF+4EbW5qnCh z6CfRELY?dP6}4CsQSph=W=w*_c>h0YE+8Mp&Ct&q6g!Pn+94Na+TuTgZ- zW&M*4ftg#C8ZQ2ehqx|PIG^z%u<&GX{f=|g6j>hAvvq%D+}rbVLM5C%Kg#~?)HefX zogao@h_!qPwnbD#c!7%)UcF0wz}&l&61QHwcCq&Q1Wr%}KBn(t+@$we%Hgg&X?4xd z9~&drj1}%U6nhcbb|7^|uOe=DCZxsjpWOwyL+S)Q`1`_!mPavcrJ}YkRvrQEtq-tQ9(lvy35=!0IcO0ysPn7aXdenz#~C^ z3411Nqp10Sf@6G);dXRi!tyDkDFPsp$#&AWa&kyW0jNq1VdKh6B&_it=@$E zoQ$F{%_tD>%CnZZQIj%L`R+{8=&-d(cLo~I=L2Zv3+9~6N+bj+!TYSBZx8u856k03Zsbc>&&#PWWzIUn>RB|96IeBDS_t2vzQa`_0;tCBwrI zKgPwS;59OO)E;|2o8t^*YG@&DT_^EMVp<8O&Ke>;B?HyTZG<14*^e42*8W0ZT@j!z z#&p*H34-x!d?qfkKU};F17r>iP!G-=AR$qZOMd#G^iFT!TU;D<9NBCIBml9Ff(TrX zG*h~o-bTfPR7Zq zT5_y>lL0dYBwaD3XueqOo5LspZQDr=A9cbD%embOvgM(RV1;*JeNz0ZmiKm|EEs%R zy?03e(d)4<)5!zHsI1+>m(q?E+r*wa(B6&Uid*vve)apwha|1DaH3I8aTBG^L7r`) zZmY2Y631b#G(EF8-(cB$diPLGeE5(k?1P$l*TX)Z- z42ST4a5}t9A4}_-Xt`&bgA?{VCmX0edslsT%(TuAm+9{edl4XOl-J`bPu{KV zD^6iEf85djVBBffJk}OZY7g{=Xtrj-*_}>&3fYVI_T|nC-hsjtTekBIcPqh@7l0{@ zJc=i@^scWyfgJew8eEtuO86xVI!v(0r{fLs2|4OP(lT?$y!&&)t}_KkwKXsQ=;22K z!w6U-{lkcQi<<#+r~0$^zxQwdy1RenKS%$oSNw0P|DJW9nXdE*&pkfCcE0oc(C#II zFQ5u{yN0hob~CB3D~Svvq?q4EOC8pG@d1M(Ullz>qtuP|Q&}B0oj|cjKS8CR)?+G! z1hqO43n8e&xvVC6L8bqPNK}k?v`r1eJ&S?CPxUqzrmtVWei9S=Qd^7;gTdhNtFO~t zqNoo!YG2{s?;FGMVs09|sHeoR+77IXwJOrBHS3$y{y^;s@0W9UL~hK8tg` ziA1)7x*QH1jy#?&l-oFd`3p7^F}BNW2V$YFxb0z)rk$vh_4X=^&-X$A28_KC+O|1g zC6{LPwDy8F1JB8*_d6zHZbH&MCbm^9M_2iKw9ttH3*1C)`29V7V*KpvX&a=T$o{a= z_+l;mGiGRLsL5XaQ#gXH+}XkKEh=JY1>8lD@c`igZo-#lr2v5k>-a(#7Imvcv`k7T zGmyg-0F!R@zQ3MT2*Sq6hVNDp?}34A{~TKLocBUkrFV}(0dPkqx*Sw&z}A5?%DUBdnPCEyk}6K z&z&1~h{psU$3T!>5zGhYz~=D*CDdFd;w7C*|XS5g0hJF@sD+vS0k8wqaf zxYD7KBDh5g4G;M&(>+L=jXxsyymT~YSxHvDpybc_ZzYv37+hOh+h7RdC_Z3utII%C_-(I*mF|=iVHXQqXWjfwDYMIsh zsQZyYDcQ9}7ZZdjSf09RF!$qSqagGyaEwbP+d$m0Pn(AP%E&tDJ;bk!JJ6*&lG3JW zXv4Xv;~hfgB6@6s8s2&Su`mjQFod>B_QEGZT^igdp=&}(YME^|Bl^eRBNDh1DdT-p zMl)^@z)aDT!d^+gH=e?=>|EOo5xX`Vy=v3=}t{-xfP|o zpN~O(j~z%7@SH;g>xf}VkG$08oA>~x%_EPFEgl`}u+H#J4xUK39@tR?@P*|*A5Yr# z>UY*|U70O5f`DgadlOz9x$tc1B}A89DK=o%H>k{yd@>0y4L!UFe=IKGPpHEL;Z6@U z+&IcD6g41_DM8T@LRJ^Zfa&wp(^p7j*pm`M{;Opj5+hJUG~cKfzk8?td;7c6`=Js& zl6o|i3G1CbW4rzIun-nltq9NDaTyI-I2vyz_2SfB6!*{`PlX6zkjlr2$$Y zT>XZp-oHfr42S_klKUhMk&I{C}%)L*(irf-Ou)| zBH{fs^D3D(E;4RF!p1WJT%P3*o?0fs@$+ZtPxpONYGq{8ePeGe?iqVND2Xz=z+@M5 z3WczNHjI{+fS$ac?@(Dd$OZUx|DY??q_6+9V;4rux!$tK7`G}s_h7W!M+sZ1(!agd z^5xm~9RQRqWYgqr0JQ`33_rVF(g{9l&s(bLX?Abm>NJ`d{K8B?v@_ZRvGc2sX%D@W z5fDtafKXXT-fdqjN&&v(C}@%w*k1sic`86n!Du-=1-`IeC+sW!j>`qeu!fQoa9`A0od`MQ(ZmLjZ{De*<4|!8TFFUKL z)TQf=k!gM(8hv}^&wOG4*L!jpBmwH!5R2|!(pnLFIRcB83Yv(tq{V_C!s+#V(zVge zFQ2KC+Zu1D&^Js{0g6WA#EamIXd}^@aGMuMJ|yZ;n>~j^gxf9M(aHDKrh7+cXAD*_ zSo{QbU+L(1JZB1M|9Og-h|eyg_#|n8{vt#yHsVVJuBP_X8xh0R4vBj?#tnD?_Zvjr z67f?dPkiKr<}t;@5EmR&QrYu{<*6L{PnbkHtpo@X+-7&&m^calJg-xE?U@#mPo>YW zD|l^-Pt$JLf1b}zM(UfV)Bvg-8ta!KXdH&p`$AM!&85Ugbh|W9AK7~RFin(c@Vz=* zY3tWd@Z+dkK4650L5FN`S zx8|e6WR365$bvdk)H9~@Ot$z)HU$H(XOVVu50RQsqr&E=>>f_@>I-U9G>Or1Bl-+M*yk z9yjOO?^H>}zs(D-*xIM&bYA@EOWBwDfi&g5m){nC9~fOI<7*v}{A|V$_}H|C60-M< zy4SSXvxv--3z=<3u*CbMht~V4^V_K;_d@0Ndiw)#c>rkreF5fexSv>qSWIfNvK$P} zdMC@Vy3Y=w9~x-_D!7Pl4^Y_}^1G%AsV=AQWGsab9t6dJ97MRt&x1TOGHb2gcle5w zARX$G)?0a^=0qLE3`@ENT{T{H4W%mCcsQI7X=c!O%_^2kGt3+jn_T)Za@_XZTkb45 z!W&a_P%Pzng0t|>b?e@VU!0QH+Iyx5m^t8X&HS_|WI6F_o9DO9f^sGG-z1fdzt~y8Fw5btf4gSPigq% z^BNjwtHj2~l^)0qWq~GqyVqoOr}ciBRF0*ylL)hqdHKp z^HStZ@sT8!U<}jaUl;)R)JZtOCtqQ+02oAVH-{%eTxlh9Z-IPk13+a$GpWjzXj)Ni zixKuPpz+C8{MoOMES+n@*$0_X9?*8DyQIlKmCoxHiF_k`Jlti!s#kLn6BCP~JFT(n zETw11H6{8XPXK{sSVCQhW5OGXCSJ{Td*GCnP2UodN%l$wyyB8;bIv{ijFw! zgt30CFcb#%sW0nM%Bldqn&jtQ!MbiJUkWp0$JY>TCPDrKUAw;CIwM6=)0vq+t@-_c zWO?%kpaEZ4baU%tLM_-Go94SOQ-8o5jK_}b<<=vC0xNwRnkA{5@Z(vXd4lOogQ)$g zCzP|Rp=#1Laz5^N8Fad{fHv1n{ zqLscRZpCkT2dGZF>V>x9=1~WydiM7AIHuaQJB&V=pJx;4cCqB%-g~k^B;G24IC8*A z(k0VIu6o}U5f}u;DXYTEmp#b=zM^2MN5A{LGQct2u6l7S{7L|TE8w?J2V9!oT?Wzr6Lg`Bz@isB(P>kyLDh*%^C#)czU9i$)*F z&hFt*tdDLuzZ@HNj69o%0h~dtT`oe41m_dssdQ7J5qGIKQ@|TG(|)+uGXVgU{*K7R zcG8Jhr<-Xr{+B$BzsBM_nkwf`=Ndco^H+{a zdN*J=-dO@pF^)FT?bKmZ^K*00<539dTwOLV$d=vPg4q>pZ;zNT4xZb@zU+R)^q& zkPl$SRyi(->0*`HpWuqZ%j2&4DEHLU{WVekl{DrnAN6-8$g9YOcO9+aX4;7}VL&Qg zR(AH(iUs!B_2noW9KgfT+;HeX(CwGUJmvfeCZ~?85vL{RaqaRCiKKAp2CYTqKN)-F zi`r35E-Zc1+e*^Iw&eDr?1=*ldIGcS@}F5Uwd|ZAK~yq^1!3BTJWt%OT;ISfJJ+a6 z#3~=gW03_Y{&UhdV^$pq(wP~g+y7|Z$KD5E&9ph2AuT(oB+Em@_0#yF82HbKFZb8f z@A>^Cs^%DElu)%@JtHL{HiJ^nWK;5!E6)Z28zR@gOlRaQF-$bxkK zhN{s}d_ERiV_~05`f>@IiU<%o%+4>McGV+&cR5sHl|xZ;)BO96*~&Rv<59wtWS+Zf^b3KuQVi^U#7Q^Lo0y2gHn|8RM?aCYGE zmKwC3>Tx2HyPljUYoJOGt;l-&GRc~`pE#p;HmQDC{OdK9hGuzeV1Kv8$k=x0ulo+e zbqaU`99s_#MTG0jB(Awwfx_h7nadNYrG%TlPJLsls!3O9{yEsys@sZ%!#Ou;@F#{U zYHhTh!!K{+vj!gKc%2pUWQ=7jxmxq{@KE5q-BA8dr7Gt;rMmdrUT7@O#e>wavt-bB zUe_k;*~O`7`?xWuhsg9aU(`%m7#4EC9q`^t2}#IHTeCqPiyVK6z2KH}CuMDcu?sh? z{jl1wR?W@IQZT;wI_-A-c0Osgdz70{2~+>)z%%j6MIXYW6~*P*pc`&kT}R<`Gx@%v zj{hy1IDtJDc<9fiRb*a&E@$>sGUU^fQup7v#|XNmXO#e4jrBrPLj#Y=3Hv(rPbjJU zM61&+V3&2c0_r5c5b5#hL|oW}h27cwwuZ}!T%4`#QvVlfl?V~R{%t2W6WiS-Qw+Zg z!alr0K8+1slxz={qi^8vqG<@7y3Du2jF0xC-CK23Vna{u%L~C4xhO9bjmcA^e9TonoTy1?> zp+Qp&ZT-eq1rZUGD&2uO&x~+2{jT?g+??b>@{c;6AJgPf7W{uC6BmO*8lBek0;~$|oWp7r|d+NjW(+bwl-HRA<{m z^)2vZgstj}n@<(=v^cz*VqdCx8Qh)(UQ1cs;{(3$eSgxiyU?HWt~ZzXH$uH^x*`J2 z#*lNr;T98@0F^75G8m-KjS!P%g|;uv_Qsigijk;_Nc$If=rZ<_qSk2^^;uQ3Zvl@i zQk3LuLY%TDxrEJYN3W<7<6J(gS1-&60akkM8{3*LpzL!jUFTTx2Qz!8K&N|h&2*T? znHrtS*Hv~Ly^G)RRPXH`7j#tIynIQJp5atuI6D!u&q^ond>AT z-1=Sztz*Cb2i1?0vB$v)wqZ(F72qGm`1tL_3p@wAxoGEg7AjcKmoKYVvYqnf3HarBUH1of?Cn<(LK2Ip%^vp_ui zaJ|lfB77rV!Y47eNyF06Wo=XnE}S4aQ~)MRXp(&El~~Z)^6FbSSUw^h7NX;hq^gV& z93Q=-h|r&yFz= zgYY`P3;QUzH}kDrQM5tiJT~tOHmUw3pP;6yK-}Ak#o=ek;Mefe+;>334@!i9X7RDv zMDFoXm!8-N22^o}-ZgcxyH6r1kfJVy(wvI-z5Ovd5 zwo{#*w8d|Vm-q$?gFoBql7ES0S}uIoxm9bgtSq#(MR1_{+ityT*?Gp-NaxA#G;dM7 zW|%O`!LW^`q_Ut+kBbv1g%QcLEd~@Z3U)vDI8OI>hlQOVjnWV{N?wO)RT1|>T`#_8 zS_Af$2jmt%%sehbQi=vs>g#pyj8T5&#UQe%VUzeepr+MB#tUxshdPp1?%%2pFtcre z=VL2cyRV(vvMyiaTh**)W5I(pg9ovx}f|u7mMEn zt~6S@1~Xu29dGy8g`})xIKw7ZS7PQpP&)HAhgiZ*fOuJPN=FKkn)6lh9WuYFFv`ME zg!ab}g$Gitzb4{~$XzgOWqsnRnKf;c&wJAMYKKOyI1MU}IG=R1Jwx)s7}`Mxld&}9#HUyhk82ra(Oko{~C zX#r9q&u#FkG4R47u3Ta%Pcvfqk!9@5O1kp@9ZaG}fy_Cf8qEBe+1-$mE_G5jHOIioLmZh`k%>aTAZszcQeun1n|tjbR; zyKava(oc=)n6~(o(x~#BI%3)YfZEH(m=bCdqviQ6pzeLECRdG0?_q%-AAWEmC*E^W ze2nPphR(NmN~kW$unh&4`QKl`K{ek%Fs8jjgre;$c0fd{yFM|w)G#+@sVuJ=i z@dA*DGa6!}qg!zJtyEv?{E%Y&!h33rSC%oVZF~s49e`8eJv9<0KNAYQ#;RmmJLjqk zG(c##SUNA2bmeGCfUMw`By~qDjN+r5=3){BuN5j=kU5U!(dPd9E{+q#>mnND7!%L| zlnSr^Xdw@O_G5v}kK30~A`Yr@^Rn8jawj?4sLH8v29S90Eeck^QLRTZ8zxgIhF-jJ zulp`==LqAKo;8|+r=|wEt|z$G5I1YdY`m>3$Lq4Zm>t16ixnFPI$|9fiRqtA!p=_J zWkSR<5A2q#%1HkZizHAsa%@T$C1`4NmEWI>j@MIm$NR+dv1XKOt}~iWOHR$3v3tt+nchc z6Co-qQ?SQ2-l93K-PE)PxXb+C3>-PG9p5=z2l?TmGXe`2RvjI(;A4a5&##A3^Wxm? zxZ*&xU)-Plfljzk7o0~Q1GdJk5H6m>@K5qsNTih7E5|;0=Z=L<1SPG&hA^Yp??CzL zRjVpjbx(6rSr!NvEMaA3HC2AzoCajVZK~fXPBCZmYir*e_;Fmzm@9WO9P0f2;2>cS z^b;(K+-5wW@DEP5#Ko*|0JPE+oQh*BM#b;g>Ho%;&vAb?rEp+kf2o9h Fe*@w@>7W1r diff --git a/static/img/install-rancher-prime-bootstrap-password.png b/static/img/install-rancher-prime-bootstrap-password.png new file mode 100644 index 0000000000000000000000000000000000000000..a1da97ec51fabb10849456f51a576b5fdac1a069 GIT binary patch literal 22777 zcmd?R1yEdF*Cq-fKnNBf!6i5e?k))$G)QoFY1|!xySpVg!L4z3cbCT98yXs&&ijAg zU;n)`b!(>T*3?wZuA(?aZ_YWr_u6Yc&wAG0Vc+E?(ccojg@c1b|0X4-1P6z}00#$8 z{ssy5m#i2nOV}?IJ1GrEI5>>nzd!Iv^cX~Na3A5miG5LV(>+;pbyJ>0=)bg$2POhX zlMCL|XhG--h=xg%6u%d~8Pv`FDD%a5`>TkUiipO~!NfMTPcrYs-VQTlB(K3+Cpsx-@0#r|n0u~R^if3A9U>8e8iX=_UQSpT$^ zf=-Hmnv0CT_6y5V18C7=>hIp?jwjxH7QM~c2GE~|@W$I}A-!AlVncq}WwzT2Gl>Lf;egl*F3ua$ z*{zV3N|n%&D#E)gR~F^f<;U{0lB7BCar{X-BC^vO#{x<;3TS0=8G%1w!+n*=vxqB@ zPDLS9CLO{%rOu+yV)}7qL*kD+U$b0r-PO= z)!`T<%4nM=x)YrY;Q2LGon3!R#tUkyFPThFVFIru5*m`MeA?iT-Vi=(kEsG(18o4e zlu>ww2+(0ejH5ak&De7)B3)3}P^4Ty;Y`r%IiREsndR7= z^sDA=ex{nP?9dPuHEjZ*I;YXFjbJQHhQJNlH;NBe%DKy$KBn4&{^K^~x$!kp9%Th@ z#P<>d?tABQ30=t*h;I&f1b((MN2FR-;Uw#dIc~6^Scaz~5m_z3Ix94EP#B!*Pc0t2 z0Y7@M9dl^Pft(U)H0qb#_(5IDl{vwBM$&9h7Mko$XRGxrz_Lr3FGnfeMB}h~A(31L zjed?>u+tLw`8n++DrZY#ReE9n<`PF^?q1UBJA9G3*Gv=|Y=0f(3LR3Ue0%9X# z3MXXfZJiN35ewZxTL%cF7YEO%Kec0G_ zI$O{BUY6i7S$0dsZ(RX0yZ!MEB~Q-eg^WHS@h=+}%oG$3%r6Jvl?}+NposTfVHEGd z91i-{v@YjOp?$|fw52aDg?K17YiWhN==#>8OAS_&W@AY6&*`#B8?-E~R<3A`NpJIH zZW9yMD$oa}>z0hU#xLG?~`u7)>4>BqFU-d;jzrvW zeQS)3kqLuT^1XP;{xqZxt{ZncM5k4zL1NqK=8@FPKv+Er9F7W&lEi8ftor5*d_9zuz>_l&eQr`rk3 z)N~*236Muc9F8V#B&se3y6XPu#$D|qpm>_`JuqkK_Z0(YFBxTcbJFX`T9Q&%Y{QWS zV>+Z)*#j*2jqEF~xpHpg$W-Bo?VV+`22%$Qqx7z9M$%s=(u-@H>k~Q=cIEcim&oLk zLijYA1Ue9QMT2YEhon#9D`4(wEW-%*rp1SyU$uTr*O5UisPTe(q6x)FsjF< zz?kL^3Av7%M5Z6n8^LR7jf_aBxZ@K(0arHzSZRR0$FliE$loU$Ny#5uO{&H#`R3f* z+l~^g$4UJ7tW@Eo@o2?WbiT0C7<*sj@^FipInaEWRYIno?66K=M+p3>>|&P{KWEst zkr@}+Ffoi1rul@Tql@y(>#*i^u**gQXOUD*e^pfkch|Ws#nTF%#W}v^gOlkdHT}00 zBxPRxj~O#A(a=|$3G2DvlCBaNwZb&ZL#i$&URUXwX(*8WL0ghAv{XJWfI2aqk7t%0Z1L67?g2`W(sFU-vpGX7jk@{4`Fq(Mw_qOKF;SH zJya&^aHzj?vt_$oqb*s}7`HL*UKvwbmof1wUh=@F&yDxbC_DLq3xX&5#&geEnRJ~m zJ7SSpb1^9d3%{guI4BHziwS_#3q&nlbGeLRn@>T>;FE_j>D~1N^(r4qFjC6qV4%Mj zSc@%ow4K?Lf%mFlRe@raUf(*jG*E*k1XovB?TKclc#=km=6v`~TbiU&Uw zBoLg9lUsbZ&Y)VM)m8Te-K{VsLfzH@D*Ik>0JGY06TiQ_@u%ZZVPKM6+F(tl_Q20J zc@@iNF45qd!sr2%WRH5H z-YXv4Wp9@7FXiEOkRpGlCmsr&;%|Gm7DnpZni1Umv%mai+H_MpYI-yGWMAP6I>b?) zW|>594aE3%-pLiB#%R7gideq#T4jQOg6a?0t}btfjt=-}B>vb{++;5jGym-uEW z;Kk*g-kDUGO$tg~4j?ItC;5Ywhf9tW$IN@bT|%zr`qzJ5=sEbauucMmLO&9$N--l{UAl&HA_8V!1rQgUOml=KjxrFn+RCap}DD$rW)3XKd;@Xr{WFdxdFlxyof zQG@gG|T19+*s=AtB7?A7`!##MukeD%NW-Iuu6c+nH>C=R;eOtj<gqemB@1Cz0LsgE0W0&I{$Y zN7izBYhnIKvxUk#_iYbc*#p^v6AN1})FQmGt?#=N>Oc!Fl5m3a4h4*YR)U0>$L^_D z<@lUNh(xO1a_mLBXaqOxDP`j-WNks50SNX!O^hJxm7#fC&CA?N_y^v41uU#M$(xwu zz%}iuh%5Ro%Xe>w%sf1rA1i(+Hu$&fF;=kJk$HQylxN}Sh-~5PoPo2WWHofm{ba=zL#8Q3 ziJvvLW$M9ev6&-UozBh_y)@+9=(e3_d2eE{668I86roYfXULVqJ(^GxS%U7DlxVL- z?{;f=b&zh%nTk?HoIljtbMhnz|CXo5XxSJ@i^Sq~;>lsh4d=r{68#Hw)pv4mEQ1Kg zK=uA~aCL$x;n+WJJ{;PQn424&;B*N$LL+PF8jre;ZkYgjT?ALgJ-Ft?rw3$Cy)uK>Le;x$Lx+Q!uUK1A@D+S4>IyqtMZqo7{ ze5LY}2;n?`SG@g5=s1~39?cK??%|uKL*FGvmq(U}fH3CCorq6pD0T>C9CY`%zn|s{ zZ0|zLsJ3J}Y$dVdJ=#_v#+6NbAUWnsE|Ryj5}lfl#J?kC zCLm|gq8e$C-&)X#qvC$E_0sf_?X)p)?x%A5krN?r09TS@e&o1%uKM+j^p(?dS~jOr za>d@CTMX+IRg>i-;e$!8#9wiu8uje{8^Z*f^Q5X3GWo+B`fNmvRxX_$?wp`!^IuD@ z=ZYZu-S33cZKyx+&<&y4?Pw6pZmZe1E?L#z*+7ggw!Bh967{@5YvhozFNyMtJ<&ag zZ-^7YLy^PfadF6W4zS4H?5R(5AV7yd6?8 zvit1co{jByS#*5FWK4&$yWjalQ*r0UJJPV3ICbhf^in&TvZX2Ax4!rY$(l`US!9KU zh6>CIzhxl!d0(jQl;f5KMqXfZHdbCH%^1G6DX{DBjuM_{^BppUJh}fYE=~~3k}n)A z7waVGNG^9TSrO6ocBEz0WaMWoLHN-3KKEE^{$X!9f5Z62s+j`x7Jdw%5HQJ#CXf*Q$X2-51)t4oK)&h{Q( zYz0ky_s-))kFY0%v85v5fvi<-ULBOAx-TH2O^)* zM&;ph9(H(EZdTQ|AFDQA1J9ekW@v{jwKlx_Q8eG{JtpRo#kTEigZv=)$~@;~-FIkJ zd*s1cSYMe!1iM-ddr8-sUf!>(0Esdgo&12*c6Uekw(8te!vm=xIH`jrZlaW~0W%46 zh1TzIp4a7BAcwPsg4bh2wi{CW0=jz=O!rzV=qt*t-|9(fJTH z)Vq44Ps7hb(eore{cZL{gj|&h{wZu#&fkf+3IN{<-wLKRmGK?>qz_#iRI-|wa?{9J zDh#z$F#6?dg>7uuO(0v^VH#X0jJTQXYMc7JFrjypcY1=N3+(+p>z{>Lnw49n>Es;e zb2E>LI9|Na5ZW0>MwxVZum&KCjE6k5{?i6yB?}dwpz-tUP8SovHhq?SnYY2SsD|aL zALF#b^jUZ}>_99Aol`@Hkg)KnLn`_j0>i@0hDXy(CCn5!4w| z%hO7pyR_FY+mE9HhN$_YdA5l(KPbPY2eDh|oFOtNwQPB>wMej|na>Z3+vS81n&eUD@Nu`ew6rV1U3`1%QZCX6hj++Jx}+D#Ka`$t-ho{1%`c%>HQxPS(io5 z5lAW)&uq+@S<=Uwhv~~6QaP|>jPHQAf+tzXoFO~{zSQ2ua#AM4LQ>2_JxyIWCiN9j zsEn%tk6(bNy`?kZP^A00@>VDJ=(>%kcu5#u#CwXKO_CGf5(J3W^l4#(QRvB@Ys~?$ zmyv_92y{crq`UVJPREnly8V=QcbQKRk6GjMM1b~z?{X-%qOMpk;A*M-wsCz6UY1#@ zu8LkeLf^T!zQdQo+{6DXqE1zR_Qp?9*5SlY3HOy8)Daz#58m>AXA^#oLS&Y+Wnbnt z!r#}U(<_XCd`OXM0$U}rw2_!9Nr(InksIw7s$S$Obmja2eHWu96c!*P;A;EZ<>B3| zl~4};@A--Q2`$?xtlaK;PQ4yCctFX*DCG>^79(WZX~s)#^E)?!BQ<}lqEE71mE)(ASsPa@rm_N=$slSs5Lyk%OSly0|V6VmZ=pI zdPj}K_Ms?IXYK8Ha@b?#O+oztQoj$@7Y08gpSSxm8wW!?4sCZ7%T=0_rv{Q~JO(2P&QEL*!9!K143P0lPlOYsVU^X+}Yq-P; zrcZu$2n44X@?1XTh-Em&^Y7~^_^f_z`0bv}7EuaM+CkVR(oeGmGc#@F4`1 zuMLDnq%_%Gb4Tmge{?0qTw%&a-)E~kR?Ij-X@MTim}u9T_6TOcgX3-(mhXu=tkZ^K zCl(6U$xjrUuvdZT)R`02RSGg5-jC?)h2CAU@(6c_k9iEO_SD7VIB)S|u5@A`XiyIf z@V=}8pd;A{dUki3hVXEEn-fB={O&x`Qu5n^41jbdF}DZ2JW8A<2&gb{)xZb^W2x0o4rJo8v@CbW<6x~1HRT&k}^#S#c8stDwonagl^uhKm6d{`y*FtX^QL16PvaYgG1t&-h(B4c^FEj-2VN8 z9m5CNf_%nNO_NSxI%XO)c7;9F6-R?#?~E0}%hNbNJnmrZT0kV85B1gt;&@KP=AP*N zdn_y{|FfcgQ@uM+)Y05-64IEP)uWAoru;@m1N}y1n3o)AyF9n$P>ny-@@AQpx`Yc| z2DXaR?IPFuc68-Rl-rnWeS9Lr$)XF4E~GDrWVCEw?1(&g zNo9^>;lr=ngg-21Pd#mBpHesFz{`+}Nc=(FHssS0la1l#2`B{x@)!~%Um6%7d-jYZ z*uf)msEY1(XxsiuzK{QMF7fsaefB7G?EpKZ6iRIOS*+_}&1XcS|E(>%yO-LZJ)W@| z=3v(A1dB5Ml$ej_v|gL%$`F{v`IohyU#w-?Ul;4a#}FYe-hsa++X!^d5q}B1-|Y&G zYmE{%T2AFIKB$V}&51F6%mfYM&t`?qgec8DO+ha6SYzv#KhmI;#iTe33(IA9hdY`a z2+~EaO0eXYcR8T%ohp)CPTV8UJh+-|xGLT?SoNab`ouR7IJAGw@wplFg&^P89rhlK zHCfEp_3E%ABE>8_onnv5H24@m^3wnvb}=~L7Q(Ny@6o-#g6-|+jD?=v*sPfFejkQ_ z*bm1HZ*xehh>+Nzu6Y?R?xtQGAql3G%$yI2%$^<&PD-@8C?(^iYyCBSDv7yiGcJD+ zsE_9;z*BT@+m$kAJ-r{3y0X&Ae8ztH(T{qxkk9>@FX{;`(563d-@j+xzk2Nf+Gq_B z{t~1VZQGCMRkGufJyP(q_^#N0f;SbOeZ6a6(WQ}`-5;Uo%EFs+1erTewf?@2tTxzu z=84N^P{>`Sk@X4s@K;TG-qh(9+qtABOBIRut*BDAs}Oe*CKkkO_*{tEnCP3r{h0k&kN#I~ znxI6)jWg>_Eg}};b*VDwSND--*+{Q_Csc`9bO$y*3uX|2s7@VgRa`ST^vYJYxx$ z)JE&?dnttZion79cLDn*5Ci5c>z8rELj@Q&wYYJJh$PFGodKn=A=&w)QSX3gV^c8! z^ThEiSkR7TT+)gv*uP)-s+PKB?YlS!{4Z&I)3;TNzf)7q=gTz3RaD-GV2E!W9tMSk zAjA8Aar1Cr;=+sb9dz)aIsMu&<<^tZ8b1X5t375@BPP=xNbitGGpPsOdOlf~k}l;2 zp)NL?u%iYl0|;suhYGhqjFnk z$_Nq1=3;kWZ(b!ESK-XQ zYs}{9YB}YjIkY^Gg0BO8xxz6gWQd~vCa`&kT7UNZz_b) zHqxL6QD!-~SNyp*cAgWZY)4c-3KuQ=1sSFD6vPkUQugG^m5`$K;mHB6W!-z6D;Qio ztQ{_XPE7xumHOU3a!vVurh4tTRket#Jh*(Tj36H3D_yK$hO670z{G&(lOOOxG|HFJ zuGdLC7H#`5{YUj9yid}bvZ+WP(CMCoCHn|8t?u${bOANw(qrx2QB3&9u-DJp*W}ig zh#SX5BIVq{;I(2?m6PUBBG+3c3JOEK6OJnNFk#QgT6-?CahE^+krr<4Q{kxmF4(Sn z4An&w8{8iFh&_bMTy2%&sCbhs&M1pL9Dw)zM?dJTBgCJB43~fq0fPj!8Ut0c@bppb zwzL%797aQ(I~UcclFlv#A;Y0leS^L0`!|`OyU5CpjFHEQpHOffD?^hx{3!8LJO7#~ z?Udar8xR2Mx=-_dGio5U#9_e=R%@B@zUS-a_EAvYV+UL@VZ+N@J0Lly_0CORmW3{M z9Wfs}*n8R1oGWC=0qyL2Own{qt395m()Vfv>(Y5iE@=_h2?rL~@z@Iv)K+Y^)N@%4f*@5+H;78vNog}9c=n6?oJYIgK(-VeawlTvKbGh= zX-NOG7Qk_s5GWy5<)EZoR_i(aQp8@e@@mLao#b#}K-gB_UYN|rhCsYwLLTdJN~ycS zc5lE{&-C^PBqhI43tKLN)lVwk-PpYKHpFeZt6YR$Z;V)07pGJz0KMxkSx9j@g$I5>DV+CxKdCnq42xMlTS}=dWiN zp(qdq)nyuO-;r{Z6Nvq)#O%89WHFg=E{o+;A`+?mHbbyni(^eV_v?%(Ps8=v)rWXG z4PwhdU8ibvKOyX3CNbcZU5?{9S?oaVxL+LMK?Gs$&Ja;mk) zFHAY%z%kN;@5WTS^eR=1?fbIfMJafSinM<%!MjW%oEs42s!EA3hd(6J)NlJPbE3Ci z+1EjUmEWCM-u_W`8B`bt_@Omf{EHoKJp0GRm``AU%EZ0?IN>HhwVh2LCg9U#HoTm`kTJ)G(#{Xf*SZEX zg_QYY6FjP3Nv66?_-GQ5B?Jc;lxIH(6*)stST28dkRg`o&RS~{<8{UkWk~DV6AKbX z^(E%0r6=xB)+A+C!|e$}-G{{gw5cYQ9X`md_9=iX6^kbL19!$k;VEr`h$dUCSs_ds zBd0_7Mn0CDsN@YOk%ex+$2#nVh4tMiwj~w=3Ynq3Yp;5`LMI(qm|ILJ!dEX_eM2T5 zLheZiIm0Xi0kg`5ePxpzaSr$ZjA~{2LXRW}1K9=lc=U@k-u(3KZdqGQX~j>MNT#lz zgSBp^0FjH`DV4k5+<$%J*YI4-@lPmZGwNb!ZhYzu(R=xd?RP_1t)XXdkXa81TO8cs zo027EjmWbw!`_b2)K)jK?5zSt8=44sc7P~Chu$;p@I9DIK&V(dP!@KI_59doP zRJ0Gn{iAS~--zIAu>2pVg(o0_}U^O2RVF-9s!HC5M`*Ez%QdrRwu3>K%`-nZ06 z6B{UB)TO;*ZFJk%^zxrEizjzo23I@WobcN0GRTjwVA8G$aWuy*jY*FN;WM-*5}q*h zYKOMh2Fi+w^^OZb&?34D*bw#^O*eC$UVI4Up6cpXlJUp0xxq^QDQB9N`omyscZQVE zCd)pRV)UFyw7spsJ(bE8|0z_;Ci@tI$Q3jjV;4EkL8MG}Q@G{>gyCoD$UV`6e~X*rV7`qw7fh@i3ZumLho22VtXfP8s4RJHV5|`0dNaqVRWHt zZ{?5}Mw(F*>4THdyr5uPC?C|EoQj4<6E=J~#!b!P+Xs8-k1kI_9S`#; zT%#KOUC5-9q`hHma)cXohOf6N1T3)Axp(!gqjo35dCP=da5Cw!aF06UV+N{sPvpwf zL;0Hn6*~Ck?PfF|ci9Nx0+8Y7WE_q6)N#q82Ex-uJPTRe`}$_nC}0@=!Lc%?PSVJZ zrnUu{l=Se$gxp9orXR3l$8E=TB-=a*w+A+B+=z`>U5XSzy83b6*BC^k&QkYEQs{K> zVC*niLhy>VI1SW6)-SuA@mS?S4)Wzp{%!3&c$JEfjg)d?>`E_{ak#Qn?WlItp|@D; zIV{Lj=*tBxz59*H`@S`f35^j5;Q z;tP#V@vJACsCP8j9XxyoMV_ge(0*=(ULZu3h*$}cDrZID=+WjYQNQ}CYjQC?qu+e{ zrQgATp1u7pd~RTd?CF_QxeIA_!a1|_xl)nQ^XR-f(|C;==gwz@chtD|A!`T?EZDV} z{NnWEG8OlFLY&}8<3G2ObtN1Am&@=z_z#qqzbR3MU+*cmED~zH^Hp$l@Nie=c(~PW zv>>;ZbG}M5%9O8(ozVA|s;P;0qsL09r5~5*^zxSzuAms!o(68_4SkPmCb#!uvEfUS zY?n_vLBbwCHygP;Q2~#T+avFpkFWew`g=kwj=buV7EVoS2MbxgRx zEKGRn6Toall7#V`C3icFJ4sk}1p=P{V(cBqB*Z$|m)w;ISkyKCsMmHJLL{BVR<%+SHi#tWe{kY_u_6d+p-2x!^2S!xKn~_-HYn@A7nCdk8Gq7wjO+xLHj)x#YA4&yiCuMciS{*JIiu z?f87I9e}}d;p~M8ee~j`->}=k)>K$b4DHd*x2xTW7b!iuPZSfv%3YAr<)wAtU6?)H zQgRsT$};X>vxU`z^6zbJ{VYmJv9A7yqxtqH=vaM(MKRc`zlN2B4!$J8_-UzXMHM5g zbTqEWd~W!|9rEi%Twy$?skYEZP>}7~DDc8=#SrF2+@&88UcGtaC1ksv|DQ#uGTr~j z7MSub;{N^8p@VrSpyo8|%}rpR%Yg7lKfg}>m971sumS{4Yt(=813O*a4K_4fT+y2K z$BU{hyLEO<+x_fdWs$PBnOUDgq4s`$f!rE!^TMCMoFSrpw zRtpu?o(u9mYb_}_wDRxB$U-6_=$Shn*-S=~dRlTZHEN8z%x4#qVPY=--%8yVa@EqL zz`)m#ll8Ii4#g2wd-n%(UG}GS&r9A?ttmDR&e-H8B?{Wx z_BM|0|3Rt(7G$enbIzpODq>%`g^5mY;q~-LclIMQ0+0Fc2P>8^D^enUi}QUh0T7L3 zchT7b6mDYH+lg=Adb%`IN3*#}t1@{1gBZK%eN(F9`E`Nop8MluH4Dv3|4S&UNd~5| zUp3k|@W%`7zcL#yowsM2J#DbTBjkG9^5h5$1h6uz*C7;?^#ZaxC@49#5hQxV{a#Pi z{c2QM2|=!g4z9f|xiQvr2<~dv1`8EB47zo(dbelQ<+xbxXC`CmNq^@4C>Psdt^6_T zl-?>pV8{ewrO@;gZp${L?F&6TYecKQ@tr@l&U6loQ&sG%W7{HZ=7wH4EsFA4_?ox@{y89c_rvi-9v z25mJV=MP*3={cBxNi(;{%_+4Jx7u~SA-I|$jW5(DYx&YcU69b_F7?JN;oQkx3mc0} zmHfIE#8Q;J8m>9gm>pF@`W*!%4bO3BC%91d?&TrI3sxHvE28K1^k>@gz(Kyi#X_hf zjoE{v(6ovy>2uKJ-bz5jgJ-H}TwG%1_b%Yy3!peGnTGYjc^arLMw-w)oM2=x)osqU zb+l)ybt6(?V*?v5hGa=WOIXg&w?engQtR5+v{Udzh63_D-nABSkm8C$k`Zm7mTBGc zlI`n5qaVF3+sp0MJ}Z@nn`Do`l4A_v7fd~$4K5*adDrfR_5tEM*r`El6Y?6|RRFL* z?_3;GPGfzM3{F}f+jy=G^BCO!eX}efQAgHY+2_IT_=Ewp)fzXe{6HSiCEd+QPu(nQ zdRTZG$b2>sK@`GnAj)8u#c6b3!=`4tXA`RbP{@n+X6R;+oeQ=Af#Pt)LSBQwH*lCS z#IRiJRjOnK_=X zgBhHx2HnmL_Bg)Xt?jVY2S>v&-Y&8t;-NJ5Y#dr9!~Vd8gs?_ONgi)bf&fRR@DC2Y zkF+oE(hacO9X>lV7fxOU8p{sKDjBj#MiW=VER<3*IyNy;wm)*>NctJLwqZJ?WVjDXlzKo6+~>xp7Hwy$zV=5%ED=&=?nQLgBRv6ed@!}>NmtK)K%75bXpB31HK8#i6Q`pFz2t{V8rQI?uTmm?c%0jR2Yopgf%o&XKIh8)IuER(Dq6n?w)6wdglPLc7@1to@s7P zE=I$|nWLe+$c>grR!V5d5R!e#|<)ag(m`S&&)Vc-KW%W;nOe=r!B! z$X?&2>MK{$v4Et?@BVjpcO9!wrGI_-z58+Um{?XM1qg##9rXDqc0?$KQi)50OMdKh*+qzqt(hc}~4s#(djUD}KrMx;L`OBni}L zJT4n|WXoRdYr;mf@uhSwikWkFn>pd`E}@}>8-f%ZxkPur{GGandl*4xEs=`DM z=3p3f8~p|crIuX}Qf=sA;nRSF@YDI}SiuM@gGOsAEVN%e_=7Gg4n#M*gY2ChDVeyE zVGHwbEX9x@-8o94pS7LzyINnzk5Vv>lz~mUEvtI@Jni$?Crn32afP3z$wpm~z}D+b z?`P}(2RbL#ak>_V#mt#en9C9@os<6h^_8c~xoKbcu6C;%yrd*8F|jOuq(m7m>d=sB zd^|SHk>LGT;N>=n))+eIJ27A+acR>54}+D*?w+j{*^_7^zLNUiSzwk6Q%OMW?_Lz! zzblFLlH#KwX=`g=V4~%Vl_;I8*C)WD?rv`wPA{m@9|jE(-@g9^XmW5S1qT@#p)bfwKg7-c+?90gmuhvRxMPOy;uP2awPJzK{aAoCv@*IA*v z&tI&H^`G0nV!B{x7lvgQaaRidLRzwS`dW|LZZxj{0cxS#Z~kAncpn@M{LigpbyTpl z46L2}AGp6Pz}i1_aK^Y^6KdG~nnvz^8Ym5W)9iRAo#yE_NlY}P0PCbRcJ*@AQtRKa zj%)^xZn;Le1bj}Z)=4l%AV3{}j7bq9iQ#d5VxeVn3j^~zFMk?SXpt!~m;O?xL1jp* z57IH=|HOW}X;_9PE#m(hI>S_dOhx^;0T=44canGv-4AWgz#lPyscyu-yfHYc+kBD^ z4G#|w#z>dIBQ~ZJ>0v1;cw<_?nzeuC;F*%t>Ral6L9U5(-}*jBx$m#&Xag64j}0|; zmYVFtZthB}BN6ch!#MAkqc_2rSP!<1-<*_q$W$suiXO&*oN!dS9ohFFBJD5%FSR8Q ztLMC|p&@Koyr^I%+t}C$x3RVL6=uMqAu%7BgrYxzysT>r{!*w%H33z9c$UUFv+iur zQUh&fPVl{hsgkV_rb3l9WO3AY{Fmd10u+X#`;-5z&|zDbX0r|aG5|nN;XE5Ew=!%H zmxPg)bLjo)uUDVg znGWmEC&La75`q8FRuFj6AMq~`C1x`w_Z1QSvlFvxcwJ8GQe)GG+gFW>BH%UMFa5Y= zlo{nIGE#K2mWo6vk$@t(KJt(30U!p4KZc#yi9#4_#X&d_vhYLP?+jzp4$BS z!~o_djBfrU0sF4>^qYpsGSsSlK#1|vAGEfkYrStQU9#FeV|VtJ1j}^VqKvqwI~o$g zgsQTCWMJ6yKILz+A85hM^10pjo%%GDgU_+{d~fjNM>=*SxU$}tra;!LBW2D>OkvR9 z-9J6UINY|jCT+kNG9hzOa}(iLUQfmI`LsCPIX#gUC5@=g zwE&<4WYv+{MO+&-)YkpxvRq6=3c*8eW#k5VM|h!?c`KC{$KGrru0iw7H*TBQk)mAd zT4cWW1mB=w*D8QGjHXzVd4#MOob?>IBH0~)If6u8) z$#qPRmQ|a~h((m9O`ASMX&UDt^lF|6py`tNhs>vM0W@aP#a+&-aN1Y2vZX|{n#21{ z{IC~eJU#xCqfCt$xr|D?Rw;MHIN4@d{%*^swb7mjhpYG1f(CmbGri-D=~?g_ply1O zU#vF%ney59y0=|Rkaz9e)J{}Sz&M?G*~~>Cwni zrqBn6IqYGQ4;o3sIz5bI9F@8$b=}(2tw{|aPWF+}asX)b%2EgKbAv3p_zc^O^x!Bu zBHrrvU~ALybIeKo*PIpeD(Cyc<6iA%?Vxkw4OURYe&+dXuC*~|qh<#}$_*;AI*$u+ zPGUn_pDBeQ0L!I7#=lNP(JGFzZQ1t&yvRB4cb%^VP-x zS%S6<+}(qk3*%5u7G+Qte{`%>Cy#usJTkJ&$wp$2U$x_PMpizLPmVV%Mo0}M@>HpNEnh8$(5vI#vdWm=Q13^5 ziFC7KcFD}I&=u6=L)Y13SQRbY;8Q_7!%U_INSaXZm`OG6^Yyc!Iv7jBHb|P>mihC_(Ed7 zkyON=uw|^MF;dot&|8F(=|}jR8iubglR1*ehM#MPA-M;+i7&9w%IeR;dLX# zIQ>d)K$JNo6pJC1Fivarp$k`Qa;Wn?w@&XBvOBcj*m%&+&`~2afTGrL{aOfkve-J8 zfoAaI@K;f1`}K9;P=4>F%WnogmY8%@&6ACSXV}tsD}`Oh z8r8ao5!l~n@UaXwFHUN?rPzNpq$#arN;8NQ_Rl&)ldX% z7ZWANeHQ`B!tbCXLjgxwMK!tL*=`dV@oriM(~-b#6R!-`$1!I7GbIRMGKSac zzDdP5(0m~&<*pd-AEd;to({HM1!~8-$@F;! zCFSw&O_oW9@_#t$&xw07O^DR_s8hY!C0PX9JL_^sl!Ag}iUI@3*1f}nNJTa3TnNtF z*&;rPYC0k07roTFE^c^0bvU`exQE=(>UgMC)(Wj zEJYN2Wk-_L=sc>oWgVoCt~SE6n^g2_a{`-x9k($7@7;K5{3eM@`iw)U7(|l6U1g$$ zYj8?v*cR+FA?)Gr1CQC^a95bKr`=^xURIk~tuz07;fI*O3orznJ*>Rrom4LhptXkKH2sx0TwT1eLyW<xqPjx&qT z%i8m+vl;7M*@?}J!P%T!X%DMKClhu*hqexams*!0 z>{Q-ST)uDWkMR4Iys9)Mud2GP9%-wgcOrS~NVO2QraK$RCMxfOp=ztwDhM}V->zO0 z+=G~r4gj_ahTIHk;3tS*HSfEdXbE~aV?NILBYJWz$t!qy3&4v?Y#AoobnsBqX9=RL zd;{`cT$IX0m~vi@j#Cvi^7*;4OqIt&jh{Wda&s?kFMfHr;je40Z*1fIu4}1(Z+GLv zEM3xn8U}%FHZ?&WLSorpYTNJz?yfF&PE+vUXNtP!K4|HJZ6_Oy0!u!jFVJ>@m-TnQSBES6(p#~3qWMpa zXdGzi#V&>AZ+EOXqQ3`|_$cQ|2zGWnb1v2YEraBqgk7d7=8@VlzK|a<8Bknhu=QVT zwYs-HUU@CZ!Fo6ZL=xV>VfOXo-qqX+WBltR6ML<6Y*>~9)@=TL+{x;{>1gA>k2|sd z_i-m%z<;YU*8e{4WaZ!IrZg1%OS1a^??$DGR$s(+{#!Ta71dPN=5ZApf*>GGngu}w z3{^U@AT@v>Dxfq2gx*^O0tgt8Ktw4CEh0^%2LU0WC=zPuB_XuXd+!K*;r(XK)m+TY zteG{Jd!2Lk+IydU&VK&Cr>N_Ycsmlp&JJK{I%(*-6_pyMp;no2d_|1FHDP*{rP6@) zexoP#(Rn^4Z=Yd7+EnD4lKS%Qyz1X!<~EhN4Wg~pD^}L4Cjpo+Fzu$J`gWJ6|55Gb zzc=cAevVikLGdL)3@!177Kx*!tt}`aaWN<;==ZIgG?#^kGcCC9=FKOxUftb=BqK42 z_j0BtKEIYTE1hahz(SuXtGwO5nGFF11Oyb5odQZH998{-ZajSWa8p2{bIa!B;qmbx z6l+3j34l{#>L_i9r5hm>oy5vI9O|yKJ>lkT`X~m>gO~W( zD=VjqQONWh_N;!9eBM?^#(>-hxGHeULZKmXpH!U^lySVuiXzw{*xj)DDq(abG9|nf-%0+d6?x z{Wv$6|A!Y?-Pm+mnr!7e>``gav;B4*5%58GG_a!`FtEBGxWbzPYpT>L;gd_TpZnyTrRaaWD5yZ*`gVpYE~GuezU_c+(? zxu~;?h#pP7Uh#lz&HLtH2D3rz`W=*Pk~@l}ZU7YAYQ|jiQh%uMm{iyUAeU_WMy*Z^ zp!J1#J8k3kl~V01|#JvAJm9Ft3@f_ipcc5Or)Z*Xz5ivnG_8fuqI46E_av zzx+DqI`~(;Lsr~?ZZG}HL!4q1$y74%V9DTZVOJ0s-M8wsjh4@81Z|MD*`4UWwX_VdLTTMX9j+;6N1YFLJDG;3;2{f^BD(+g@TBeRQJ zl*jS!J*z9s*61+LH!C$=F!|seQqZ$(J9zyI-hiuV}pR=r+zJ@7Nq2SPQ}uXsb}@ zs!#ir3bp7}AD5Dks8V_rILxoa-`Xs^!sKm&+Ib(ub!C~bi0z%#StSdLB=afd@{hm7 zHC9_baQaOi1-V%unY{QEqr#q@=f$BZN=d@^NxLv}ftxqsYroP3P@HVP*pk`b?ULYN`UQ-u`D`t0{MylJgHUe5mvGZPM8xa2Pdqu$$Y?64XtzA-dVdTaQ7yKQT( zBe!T1l{DQD;BzAh)#R~f)nIub5(8POjiTIoMDNV@r0uW+yKmW_^%CugGv1uEtSY;F z8?SrEcaxi_vz9CG=Hbtay+J+LI zd%dC^2ybqpc9-8Ak&EcMcG`tS_}!E*yQK1JLwh^!J#kgIJLxa=+{1rSP!WSH=S zEgmAchL9+iLq9L7@6~<%anY9B!i{4~pE*fRKrw3bjp2wGyT{3$6mEH&+s%8o9>jpx z@LZH+CWG{_Fg5AjXchSnxif<8SsEnc{?|=FP`!M2$0B z4Dj88cTAJ=I}iMpWmqU|b(V{Oul~IGrbl46KR*Pb0F*K`%!O*mRL*of%kmZ-uzeX9 zhtiB1vmBt6kq`-a`0&ItRVK!%5L4n0xm0-`vB8M*;jcT5^7JQF0(j`;0RbIy{+_3r z4(E7$FurHr=N~HVQ4wrzZf-MrdJ31hlyXOxZ#L{5ES~Tg?WVt`+jP^>HN>`2&TKCD zLb(o>xU8U}>xZ$o4a5@Vqw7^t%K&4FBE-W4i*+{$gxwH=y=>p;3lj)n}0(*4B zWPp6FO1Rd+!5vhkudFPU4wAeC;U&l~60G!P1Zr^v!PFKhJ;-~qbS=id&#`8&Ic>DY zAKbH_Mz(FN#LHRf@BKj_Ylf98_Z}VTF?gWrUALrv-BOjxNhOe^4cjUNR2-__Z^{-e zHcJxZbxnTwpxOM+Z0M2KoN8MM(-4yAO} z%mh)4mR^W30Txu)lYeGFVJ{7UfnaP$s&wmMnH+Aq#%s=foWekps9oO<;J5^YB!Q7% zrnAf%AvulC$*D>>+DuDUC6*a6!nI5`f~J>OIkI&J;KcE2GSp_qzSO2aP^ijArw6v1 zXFId^7ubm~n=Xi5(p?z4Bke{I`kY|VPTom}X8Jp_@%HzC%%OtEuE)Nl3YsmpvN#9~ z9oC`G4kMRP(&KU!%p>m+`&Uf>A5;7~`)qX>71H-*&c9R9)FB)zm5fQ%iZl-&HaS({n zyZY4KZmCRu{lGox``4(x_WHHOyFaE%n1$JFOWfBRJD`W?hY0zddn=62b!&Z5n!A*X zs>`FOb^c)4;QJYb&Z&vDKTBNt8<$#*v2tOgN?(Iou?O4^!;&$vnDUv1cr8X}Qqz=O za05e;Av$Gu?|Ke4&#m_el(U& zQ0Yqud$C{F_v0(3ajggTCVAeIBip6iwJvg%)buBMYc0`1DXWyUI@2m;S)Q`2QGDW0 zz?~wStYX-vY-I}2{bRL;GX2HklBF?vUZY>Ft=j7Isxc|fy5ZW-?TiJkXQ19H464UX zM~118ZY6*E>8?};XAD0_zu1IGUqb#vHA2e7Gi!pTV6NOPHivImCyc8AVHeEjABej$ zJPn=gs*iZB3Lp227u7&sb_A#Zc6ZggF1E(|JuRsJEH<}lO~q!NNe6Qj!$4FiRb8(2 zb<_7h<5U)Qtkho%B+joCpMXY@SjUKS_wrBoel!0N>c7K@L-oGaye*qSbMIZn^KO56 zL!9@+s5Z|<^~8$Vh|Kt}T@~|76uG=T^k!$FrM~u3yxB-dLn9|fN2`TRzes8~z8cjk z<_Cqo8;+^|DPq9k+VXro$D?m>XwXMOKgLPByIWt=OI{((jr8itE5b<-iD6@9M_bu@N zJp($=w>$vkd`qese0{gAV$WLRu7aLMh{&B0T6~1teA++Aqut_;4@)%-c?kaf*yO8J zft|0OV|1B9vIo=H$1dmL3jQ;U8Q9RO(_bpbm%=1Grn8xu$o0aWZvr>0R~uOr>(&Mf zuM&Y|p8Qe5O)Ww`>?TOvJ-F5d}- z2ide>w6j-<;aE*wg~wCh8^o*1#&}4fT1Bvyswd#w$|-vO0C&!YQLZ*aOO?w1nsvaM zrvu)GoVAuBRjhEGmd%@ie{_WW50H*@?`?kA)T%C!SoyB@s|iE_EP5~7On_!PCl0eP z(hSfC1FWry;#rRyV+w6fqF!hf7>3Oc$8^h3x%bNK9-M<@S}R zTrPOw;61OqkvV`Wx7HsCcXPQ$u}E%BN`Bj;MEY!4(a>3{uI!09h&$xglQ7{OmPmeC zaiLpo+BQG9VE`#L2UqYK45@c%oLmGiWCvza#Qk2nK5|pBz?Nduzm#MR|QDCREH6t12*nv6|*P%0*6j8b!+?wTi`-9YU13$Reb$Ws~OX zw(ccp)F;WgMJf9774d7=Pa7nB-%9GDh8)*F z;x>)(kI$Lbhx7;gfSR_yfEunZ+|9*E@E!>dx_=0iq+5B@VX zbt+{W;~`rKT<0|ksFnAu@cm0B<3fAuL`URC)2^p+pzBwMQh(I8W*%Mu;YewIelHc0 zW+=la6B5G)>8xmcWmI4s%@Ld4Tak9071@9+Pn};U|7-{8l~Ya1*nK-t#4r1`iiMWB zq;L|+PY6g#-8y~R$e}Z2Y^>YqY+d^rAPus)OGi>}HLUUB;ZKr^NG_;!62mf$Jzkid z&dk@!&@ei>*gJaD?z1#zs({e*M|9;U|I3A)ujlt$!X#|<#Coz3UuVWY808v=oadwT zY-iJc0_MIMjR>3lA31xHB9TXQ=dUJh+t6M~iIYfVWF#Yx>esrHd`z{>I~-sH&i2Bd zg#s&jz)`+YfLzzx^i|{LB!P?FxP0s|)#l~}YsMd#R9M74a zMAGssBKNspV_7&@D!)fG(b5+)Xu_IT)hlAqd;WC~r}l|BZ3576g^PrMfIwh!HLa~l zFH-y$Z4w$`Rzfbjdm_5m;ne<}1=d&~rg+t@Ki_=n-+kK==bwj#(@c}&D?et<)nK0V z$rI#HAIJWERZvVhWiHF|8GQF$0(`P)$Ol2A8ECW OPiZ~TQ!9LA`R-rms;v6} literal 0 HcmV?d00001 diff --git a/static/img/install-rancher-prime-configuration.png b/static/img/install-rancher-prime-configuration.png deleted file mode 100644 index d4fee301354b4e15ba4f6902f750faeec72a269c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 22964 zcmdRWbx>Si(k=OC|EiuC}`{taFAb& zmY4V;2LyX*Ehi`_)c(I8=wy0S0w^d_C>e1PHFy2fbvNfv^L>L?7j}qb!T6=p@hQKp zrHjEI-l=7fl6D}>eB~q8{PIOyErLU$ARr)4RLjT)p=n(11|28AlPb&Yl zR}pPN*gs9-tMos8&@=Pm{^>)`B|#?fPbZrQ(TIQgEPeX_^F|(mq7g^9?ArI!TbUh{ z+RTYV)%H#fQnDT?1t%n|3rPD^VZskI`Pz%!Z6*%hPZc|-8Q8O zULUEHz}ybmh?r0J4FsVUNfw?nbl5cNQ$nT+%@C+}`Ak`Ds)@Do;)%x&hdjt(GOm;I zgDLQj77epydD$DmAVbnGtSCC*qz0|aKy7&$n$O~f%wus+SfDi*Vp5sJNo*UY8tK`~ z{2T0f7K-UXKZ#cT5tKO)e>klR2IzLI)P(P0UtgNpe9dma<+Key`hepT8%cZ`tU~#+eTp5m(VUxLQV>|Uu3x>!0 zVs57`qiTI>a`HFRg^A`vCWS31v)j9Y^E*>iCZee{=yivQrm)H!*M)DnIb=kp8Q`KQ zmxr=$ChlaN_o{1DIo6@v)y}ubk5X&hE+gh@vS7gDf}+6?81~*!$(Hxvv6_039_o%y&y;&xY&@}~Ltl*a-e{Aoy z!R)#+KeO{cF}kvKX&0Mb?%kY#mF_e}pEM^H{Gsxkq_RB;>?hnwl8v$RzQyXfal?+$ zx6J(&z^OpS7yPctsN-+B&QRVxt=j5X0P@)qE$<}@j(C)!x?@%5Q|Pueg$F}b)sxby ztfVPwcvS|RSMBbg8j{(GbDRS=Mv$;6ac7PfghJ@DWdD}yJsR)1j}Z< zZao*Clcfv0&FvAu$%d4RtAHAdIJ6c*Xa)|(Pf`=mKZ9)fWKxaZORtBp9+XR;oMT;J zX;#*iPI>QSkNz%g;AR4+P_|9<==nLVPUqSIZhz(wXj(PfmydpYUBMIC@!}=uqYFkV zJ|i-U)w#hgXN1xF`GdZAIUfAf`qOivaqXc3w6d?2&QjRxKGO+n8*E9V5|PT5(mZaf z%?HwE9Q2A`tLzxs>?o@=WWPYOY-P}4TISSZnecJN=Bfi|bUI=<#$T#u`4~-0?-N)Z zNXU>}9S?Ts8egz`MV!<>f1?}e+c9`P*OK2Pj#drMi8{;V`vJwXwUfan&6>kb(3!7v zjenoaq*&tkeeU8CFA{Bt63x$Z=EP+CIKVZjL?Gb|0Xr|%wJ6CPK`6^Dod9hdkIjMX zRHqdlUZqma5+=}#)p#2hADdY=Iet~<9Y(KEPnE^h(*|0R58!LD=GWtx^;iTJ3B`QN zEAo3k5I?;zP_}Re3%8mqr=6AA8W-2d?GOyN+nptQsuqODJ)PR@Z0sik z9|n9%=JWD;q^uY>X0GnMqbW4eSki93FtDh6e0l`s>bN?NUI`z71EwK)02}*^4(9Yb zMuxqoummv2fvDt^JB`Fbs=|8{KzRHfoLzU7p-M*?-YqooQpAaS6X{d721ZlVGKZ=% z%vSY;BGM-0_L*3MvfF|Nunt4MTOCHkNj5^+vt~KX3h3w$KzB{+^I#TWI@f8*%EUxR z{g&L{#^_@yxqjO}1`-Du+Z`J9k^SSddMNPFPv!4%E>!bX6jtQdBnFG}@ziEt$TWf! zvX&YHky1F4P)fxrrOy4+<;Y+ymv42rHg0|xE_Qm)l_Q_#^cCBB*8J&|VUP999&b*1 z@$cyf95y%aE-`TmiNcjF1687(YKZouIbR5cyQDfQm+84_zfaR*yTeHUl=_W`+T2qP zo_Qp~o#|}n_Ccf&<=SA9wNLGd!u_4*{q-bm4NT7^Nid@P6D6?i8%5}}wC4pEvQNK| z;}cZks!#WCk5K!vr3~T@er5J2UUl!;c-LLm^~E^uT%GQI;hCAOM29GwuVDl_zI%zl zUX^SO<{YYR>S9qE*4Nl~r5q(P3kCGFx~nW%t`v7F%};8gT;)bqLxe#-Gl3~u zsrS)kOAg?XfjYMV{Ja-@WzNJ~^a$fA?z5vNE=)!m2IKXWmK$dD9vr=)+LsstEEw63 z9ZvLbX;2K}K&1URqUQz|ph|a>uHoXHv;eI4utmqwn+(jG{Du5UP3YC1XF)$3&7t0K zqLMhe{XK3cvnxW>Z-isH1cx(~)mPI)d&)Bi>F&-rL!geS!#YvTE)aYM50m+yLqGe0 z9r1=~!*b%&Sk;Y%@ul``1>w#qg25re!#&%GuwlPGB$9I%{sMSYb^igQ!MIAEiIBPN ziX@~N*Y_4&Mt?d+zv*1Mz82aDehh9A_hib6>}3Vwjdt!UdIs{RpI}Run!9Xs`Yt+m zuB!XTVxv*tM;8#Lw5aHH_ZI%XUUR0GZc*_V&cbGU5^Upr|Hh2qm9|t)jR_sd%3hd> zYVO$-;!X`{;KsHYn|nC2m+PDZ(0Eb)B$+h7*tkxU>q>7&hg}X7Hq{)%;4z@yT%Iq- zZ%NJeGPcO3Vf3505BZilqq<+$;yp_$r4rbM`08R^aY7^vX;oxJEl;f`x7C(QEkL@0&6?A~;M zD$Bd|_g4I_qkNYBB|;#!UZHXybbVP$;#e8Y)x=sS^5t_fLJv@r%9ULsuhM|EIgTQ9 zH4x?MQ<2#7quz(qnQz87H&^dk2>ihaql@W3ltj~o-ag(6gXAlp(-uo|gi(%jOpfk_ zTe5~?x7|hFjzM6sNM`bAPDh9>({Vq1>Nw@K%X18m;P~Ym*OItsJOT(0xuBeoVU;Lap~SW; z&+eUi+NGOwU=wy_&Tv+Z8tiQ5v>KfAVAovjL>8fwndubB9=iFVPYtWaQhgnZmfq!s zGbE2i_xdXp#4Gb)(`z)y>c+_zl_60Up_MR+M8lODKA|)pEcg~iv$ArhcoUf;{R-hWfkx@u`AYcb zNcb9WHvrrd+}4A~2mZ+nx|AnW{ytO{hGy&`Zs2Y;oj-;{+p;SU$!lP(&}x}{)57(x z($E#r4ZNVWsVv_i`@)t2)U`*qsCWF}4dQ42OlX!|qeqI^5yKUaPd%*FIGgW^1iqkV za9){?4*L))AQuHB64+Uuu`cm$Wib)ixyr11-#7@#OU07Y5n!UnFRme>(OJSgQY&P| zc8vrFTBmW9vR1?@8Jnf<@E9H}2wQ7bb0l?0DPrJxL=3Zse`?1>D7=ag?jYIiqoy$Y(uRGixBiqo?&f(yx6hGf!7lq-<*p*u(5 z{WTSu7Fz;c89!=TSaf)wP3vfm;9*VkLZM;Bo<9i6E5bch={&iXVoImQVT;FswW%hJ z$$qOFYrN(sa)oxp&k_x%=I((u_C+FEZC28U((67Rj1Prz|; z9q1zZ;MQ6OR`>_gFWjA)UctJzQtTemSZu;~`>amB1EP)ntr(hJa9YH-_u*~noV-z) z5<*4?)oAWxsFza{(Sgxv0;Wt)o9AL9Pa7z3Sy@@#j>#vB7u{m;LErZuHwnWywzqVG zBhKmgtw`%)g>&vsmc8yj)D#3I4Yezd%mjqWFUk+8<~)X@U*7cpD_ z`^ARcCC*gss_Q>`HoQaPE^w+1rwn7HBpnZIKAFk6+6@U?>V8GU9J-VEXgnV5M-}Vk zb|$C#ZWENA&h^DRc&RSy_Dc`DwuPWZTmsWNL@KL%N+H9)bNsQHVe#&D zR0CkUty#X?p&__U@+w3)mLqn1iRTB*?q6+kaE$FeJy2SYfD0*Kk<=ZK#dQs?-q6gR z#v(plWG7mk`uQi{=A}DS3oP4$Y23?v%r%JUd*8(wU%_8F{dv_;6uehFT90p{FBnc# ztl*xrIVj{NymH{t58c`kqI806Xe{srW_odFS=$sd#=ob9FZYEv$v-q}GF-~F4(v+T z3Qq~21iuu&TKCaSm?_s;9;%K1aQSrzM*SjeYiUF^OUNYyS8Ux&OsGQ8Fq51dw0YGl zCVMI4Vy)jZzrdr)D|HC7k~^tY)Mx_)_-66)MPpi`7gcewlP4E&SgBP4*tXQ<_pFx&Lg zM7E6tihtwtj)?X`jgt%RqSd1B{crp_x}zqKC^RMx1E_o=NmA1vqxpd1Vuw(EHwJ@? zFrVX4b}H=`q2GOt);&f&$M?AQjxH@=AsL=wFbUUgTirv+YPrw__qg1O;O1|)h1)rL z!LNBE?|204r4#N(!&q-UEaW?s&{i*ShPE;iVS*#KHQjMrc7*pjzUFHkai*-KqZqIn z*B0cj#CdpoZ+29mEb*H6LesPdmKrSjVXYd|8|ZeTr><=zuq_R3L)jFD^kcu;2Y zMFlnfaH%#XPV67O_C6M?VuM1R)YmH-9+HJ}QjpPIj2|xSqWh&a5tP3OT0l5;suIpgv&W73y{&|v8r7rw{ zv4ctMz_c8{S@+R$+T-Q#bB(t@MepmDdeDvs$t+?cg6p0~6*J@dBK!F&qc|+j z-p?=RJTci3WUBWTF0{$EKCOB?f}@w`5u-y<-Y#;&4MNeSn9L+F^Ice{V0Ro`)A)IF zTifpWc}RXwxbw){WY+RoPumhz-Iz|8cgl;+`gKw+ixLlYijIyJdQQrglGOB3HY5k| zS-Pk{vwvOC0T~zBf5iKO@LviS9QsM_MnaKLc=9UWug+y;@g}!DR@Wtv_Q-%#Y!KO= zD?p5U+@N#hH9b+wm8tL+Yoc*^v(9GmE0b>c&fca}v(2dNT{#+;yDoiWo@ETn;0^v% zY2abA;}vDw+jI2qx^P`h?rc2kJ4evWHzwlMsVnO{lc{aHj_}mJ5=z_Fd2-b?#m=`! zB_@dH=FNwmopxc^sLy>dtiyYpSlQ$E5@f`I(P_&2HS2+WYo{2?>}RrY1H@Y~gz5sg zXSC6_eEfY%1j37D&DYThdA+1Z^35J?_MJH5*zI2@4k$L3`mWtTYqLBBbaG8lrVQhw zOAW-lt9D+d8=pMqAE zdYc+uGXyVrCNbmmz1?oVN z_-%w3F=>1tnoYw8HsuZZE8)#m5mW?}&X^q_jNegNE|B>nFRHWF&r3yRb7dZF-sG(h z-}di)$lK+A$X)+MCFc2=vs?sw%)$5d7c50r?&#k3*&mMUIUhHXI%du9j_C|pI&3lF zW88IACTy@YcAhsMGff7a(?=|T+cx(q3ul7ejqmgCjYbBZdc#G&v2*;N8)XUiRqlyh!p(J#w#`TNsrZx-_bTmR_=H_XKFPB$0NH8 z9>2R+(~EZunzpbwk@n%7ZadFWk-u#WpP~b5o>f3k!!;Z(*3GpZqi8l$slBT}@E^1q%3PEA(Uy=rieT>m{UL9oDOqHro{u}JPcJKL!N?cMLjuBRo<1Vd z*KvI6=k^zU`}Z>@jx=WjT}zIajf5wXkVUhu7~hg+A9O`ZmD)(r!Xg#k88SR#d2DK}^qPu-;IMY1 zSI&r3wZX2QF+0TCx@&utQOkm@nm?J1*hF>_?a%8Ov}`*dm-}tM>_D>sc2nskC`1Bd znbQqsw-e9}J@nkZ{}@*p5h|_INTW*aTqK*q{`_$EA;ga}yW!9YQ~7*TX{}*QBT`#} zK{q-g-+i5Lt>agYd$e`acv}9O+43C8!%?x9AG_+tXe9?&>M2Bq)nnrb+~5#O|Hg=>6x^FP^>|#GA-(EOmYw zaFb#EO$sc$xtB(GwVetVzAht9=Qy5C$K8K^pK@60-gIt21$r^^xgqXN@VBM$dvNJ6 z3l(htQOVJt^(}BywqvTu>P-bG8s5$aa1h_ICkit>hZ);iBR4;|{*1hMZ{~AFUo0=V zVFTjabOCQI?V+~owcua4;z_0Hks%h!@mAk`D$_}H9wPTRIn$=xtlJd{8K1+wgAIJH zWGyy_Embd(YMV-N*kz3Ma%#;Q-2$9r?4I=DkXdus4KEH zA@jp=$IU$I_x_dNHPY^UQ8tJg!ZQzOY*fX?U)hnd$K>##n8>HZdsBX@0r_*Ivavy4 zi@j5ohmsI#Z;xuakS<;$jOu`o`@Ajpj8in#hBPAT6MecA^k3>v9|eNIfT#n=TzieKqvQR7zp1wjHF(tewNA=A@YAj z!~Sto(Z~GyHC3y_kt#kuo{;a;_s~$9^Yioj2l%b+BTGF!@mHw>q&iE?`gF;Yu3cO1 zlfu8l=u(#U7^##X+*#@!NO~&hy3H$Ybe|UG3J#tjZ6>=7B-lAUmAA2BXmdL=InP>l z_w<~pe|TCb3;)XuFBRZ$t&P=R&>wq3(%kLy0sZSyCFsMyClJ(;^nq90KUL(SY3wzaMHm?Q_&vS~#6m|~E4M7W5wcM^?o3Vn z!PO1^0$^^Z=giw|?^}Z-{m$6;8J)uhl|9tC$fs;@u3|dQw~J(3ag>XZdx_tTrQ+n> z*2!5guz_ow$3#}&;$ZY{#2KkF3h2RH>c}n~U!}Tui2uy~2CFueetpe7m!pN}7<;nCi}oJKF)XB*M9f_ZmRa zE})38whS`w&iCvpF;OJU=Yfex>WCjTlhv|d6gH; zAx*q-ONkOdP;0f1cw!X4sLYYMsQY6(39CGJHeS?~x^i<;qOK-Vi=Z<(*?83PvW!{N zlUqKGr_K&ZktAwA6z^J-g)5E%5M_8o#cr^(G^KaM#{C^`_l?r#gll2qJlYRiY^D@} zU#t2vyPkO^m3QA1hZ!_Q(J3i03qXJJhhkz2F~|2f##PN*Jt8KBKLbfVbRC0cOciJY zzb#SA78HscxK3h?G0htZ$u^~S9}Mp>inux_<|-NQnL6KZ%4ZI=Z^D5V2B+?QuWbn< zxbh5N*BNwN;tR}8cg8^jgm<2?t-LBg?wprIzTeiSl0sRn845a$)kcoS3{GvcZ{WI- z6PWNeEv)UnRKId_8DVC-P#?wAnqq`!BfM=Lv4;vJeb>qrC8JWt$gnU0xrNOLF4CM? z>!I1*_0o6up1Zq%#09ZKO!RE;;NKVu{m*3esHO7$ZXVBpa5ay|jOsTf@^y5f;rg?= zvO>_#uV(_`IA*h@x?Y_Cwv-K`mEUIILq|CV*o6Gk1Z5@8%(-=6k7&+qE>NYD*RF0DATA zRepcZ>@KQjP@h<$TqU=?^r7T<%k^HVc6yLb)9}H!jn)-oqKL2`^2@ag188TgSC==G zY@j5Un&FcnqXOwbFkNcT2TA^@f}hU$XdlLHhoWbtc+hjh3Ga$|9k}*8EGdnX&E9qG zzw=L&qH1R++TUWuq&(eO)G98S0kYg874@OQDlSJVlRANOU+lbbT2HZ`|&@lw$d>NQvkbxJ-yWXDcl&Mwy0$$G+>u%h?rmHRyiIE(ROTM>aRzA zEVhCTyJu8ifPLUfhj5W&Wj!v-j`k0s4s9H>sTt0-GiTO=pJs`pCQY#UdJKkLRo(j? zLf*=36s}A0otmnxT{<7y)H1Ol+;)l$LxE;9)+_H>$a#@{EG1c+ty{=Tb>us!F_b*^_K8ct;>Si)SXC>4*{Hb_Ps&U{^_t0$5RJBvU@#t% z?@y;e;XjKuv_n=g2Sd4sS5F$ggs&h1b^Ru&E5fw3^w*y)N1Q-R9d5?F3xYCSmQ%Dm zVzwgw*8>GtAFhxcJ^pQWPfCbEcl6%III)VwA|SBVd)K|)7g`<(W$!j+q(=#QWG$eQ zOL1Pa&CHyvJC9VKE1&V76dPnWAAru2rTEv;VW>R`z1yZ{N6}w4uuyO;b^gi@R z50-1$w>NRpLo!%d7lLT;Qm4_C%`HVqOS^w8C|Oz2k>G0Q+*7;j{A!gP64yjvy zguJ$JheYGKet|0h*CF9H*sT~~B;1~-8xg+7qq^HVW zSC2p0w-a99F*jsDdLo%zkt%N>^iCh{C%zl~;31ZR32Dip$SmH}54^-gG{h#PVh2&p zYR4nT2reWbykvnr`rDY-sx=t*rUQ*A&BoAPjfI55Z8d@NRzBp(^Jad%z42x7;T(`R zgRZb!4!>4p-0k^!0bhuu#!QQLSSxODI(K4UR{F2V)C&|eOvv^a)VENI=xHH`J!CeV z-cj@GiY?L~)wFT?bjXzE&c2xmMxm%4yQ1bD*9dF1>tXVv@5IL%E(}*FQ7HOaO79@DwV*h9giyrIf9vt(7p%ANvl|0F=y^E3f-A72HCN{3#}xz>Zmg zfv}Pq+`1~A?I@@`Jk$wk7Ba1(9xpIRt@ktlPR7_N{zM*=hy$~m>xa+a%S%eo-0b_< zU%$qVW#Zo`ue164SNV5$ETGQqk7GAKv|Tl$MXP0bTi}|QjNoimZ`%-J%Zul(^!3Oo zc`B{O7i$wCo%_W*N>Y1jNvsuGuoAh4VHhRhegzRy!yVr(wey*bh}{ zBg9M+4<#7aXtFrCfYpkEbY;)cF(8wBM|_uj^NgD%ow`iq2A=aflF6*a8H_R+vDwny zTUHZ+mdBZNoE9QjX2<`|u~)eecon%&XYZ~Rr8Ta|>3>~8rI?SuE0qCQkGl9wh< z4FpVD&6Qi~F@RQ_5G|B0*!-?60}V2oPW#=y4qT3c>Mvx>Ki_2Z+E-zE&(@O*b$;jg zBN$83l>01VoLWT%h$$H?lwtg(`xC}DdDHZ=mfZk+iH3JQpfLV;=cS%4{c;4pSnBwe z>$$9GzYZ2GHIwxvyrx@t<%!Sjn=~e8+!xB}{cw>OWv!1u0`LnE(vHvxy}(l+dqMAO zifUipbL#vMVQ4k>#T(Xo_CZ7Hn1eQ|BRlY*5VGl=u0%t<1mnqIlQ$|x`+w%Ash=Zh zC%X)}??QD&Jw-45`1-E-`_T<5mqb@^m6TbnXG*?uQErR-s{APKQGeYKZ=wNpQx7QU zof+AyqJXO+6AvErtOVCq&$Xje^IqT8!cFeYzUqd_Y1va=+e^)Ka*-+U>}- zZs+h=6608DGQDPl<9kl4g;t#nzb%>)tDd52WpX8nnMS?Pr%?%ge%Bmlo!X;Uwjmgf z=Vv$kBBm4ji;gXJ6WB2oMo$9*OOSHMqDd*ZRU>K7$LzHIO-d!(O36U#EXi*=UVn}&@pOnp78UkI0Ho6ztg!(Hit6X>b{;v z%$OST=&8J(-BW+_lFze>O$vCzs}sI&uO1T_AXfe5?v}k8gqAK-#O)|xrWg&G$hXbi z)hp(#?@`}ESqhbW8_^J`e-DL5^aL(x+mmjBuX?aZ4?bQ$&h>4s#*U&$I@W?{JvE%( zN10SyL8HjCTb^np3yoC@7`E37Qt90NJQ%3*s1h;OZhXn|dGH>7dsD!KRJ-ctdHOFHT&{(3kbo8k zE>fb4=9zEl6ZYti1d@Y;L(ej=WyaTN)LC0*Q)>NJs#m zLlB&_7*$utPMnjoFz`=QToq-`PYo$BgtR@s0!XDV*VN)vY%;xQ`QHonc(q%|-$A0* zlN}sU%tML2;8M?-^L};*YVHI`u`s+Bwo_N`KN4o z_!{$HQg96|PN50EeSyf=Yfz)fun_!@7@*T&AR-kXUr0uSl@4<)FTF<4*6}e&B_JZi z>z@F(oiwwr4-oDT1Bu(uQWtjf|1JN&gLCT1$YJ^k8!o5aK@`{XrAdI-ojqtz#>m*% z-qn>1xY3^USuewJze74#NKi7ratt!Gc0@=S_Fl3{jb>P6q%n9hJ1B_ZaHcSlhlj@q z2$X8QIjTvU$l`Gb@O$MQ54k-l(Q89B9ZjaNU8%=KhC7+~J2VtX-FCc&imonUnMQ@d zQ3938a2h%gNHUrX&inEmrn$Kl1CwZCI$vtJ#h4$S0+r3@QLR!pI?pp&n}?rY2dD^H zKASMnQKXMpF6s018W?zZBR|E^-QC@H&d+0V{hJ((M%QS!+*@lZr`2kLkj~z+dva0r695S%AEl#=7T3NauWANd z_}NHIE^g5)lI`>Av|Es6_KI45T#I|`L2+<(rRL&FS#NV?bDOjg5EQgrdGi67ZrGV~{mCfJibTlIo z;g0QL^hIX-Y*!3@id?tVIUaIChxsqwry5wB{Bkxem$uo_Z$1BXDViJE(?E>5=%+~a z%n{?5&NyO9f#lb)L>*s;<>@R>DCA`GsP)n zVsNEu6_T$o?<;URzT73*tVAYgHaiS@E|;AJ-xg4^8r0YIO_DKc$+gQJNO(s6NC0w?0nBx(@KT(@9!52 zCjNYL3k_UHJyLuq+STN<{iw%R|5Ku`mBRu|buvk{vAU;+V1uU~{-frJl`3^DT(|H3 zJo?vx2J{7@?;J^E3;}l7%M*7*ypVBrGbW56m1CGY9xeY|4M~?uO zCpkdv>gLvxFt?0x^+%^Z(P>51KRS0PS(W7`28o99Hwb%?$7brWM`IB-#_3HPsmKU8 z4~OM1s^Ibd!9i^tX#4w1vJ-Nswe>npobX`^9{x51*39tmm{$!EDr!Fbx{;vidmH$) zztwK4A;@^;k$ZR^KLzPh{!ls79f`yn?f+W7V16E)$g66ihwFB>AiI7o`I73}FtTgX zomNT7h>vr4`KX}FMNofi()J$> zSY2vW^5_kZ&|^+3?Z2i0o#5(A-OEE=AFl=}iO+iE8hr>G*C`x!cN!~udM$@RZxNBr zYR+@hHM8sMMtbiE1v>*b(4Kyt(rY%HB8#Q72f}-UIgm|;vvShd&718wMK&Fc-|q@N zMb-jBtDhH39z=z_OY!NL+8TYt>lcGZLlF)E&wz3hgVqLO=;Nv$lnv{B|$# zf&_zpeH=dLya9%X_Wr0>Jf}4mswAPwNebgaB#9N|Kp4d%y->dVdaKv-7c>lb>Ylu| zupRtTdSe3CdhTiV0=27|)iX2ftkZ5@%$U}o$K9G8?Kuslb}lN7g&Kk`4o-Jl5#$%a zpzFo!u#)MpFHJ)epK2(86_QB;Ji$}Gg555dnizRJ)!=tcm>2d#r~Z+3um)t*M#M-> zG{QOi)bM>xPJ9bN(~QifvirT;iiF_1gR9XbMmZasQ&_jNW8urhr`HZThNNND_`g5d$0%2d$((+U))T2cY~V{+?c#8L zKS;iF8c2!>nD=BW@spUr+j6K=i2`yRj9p;dgUWK|h}@9GR-!(60(mg`7k}zBDZ{yV zWV&e8CA54&8BI~>gM-3oX}+Rw1@noN2h!s?dd<4H%OSo-J~aLXtA9147usnt#2X-fqV%q!&4cenfmC6bj)%82D>0(7W`23dk15y7)@GKqt2N*sV zFZ(wb{C^z`FXchlCmU3>CMJj-ia+fC&tSNb(p!~wdYW~v{M)K$JOp0~(ERsccw&{1 zxYGaciW}p1Xf}IelqK)AeFyWR17(>gJ}v@)}&B0ZAc2U|>HI!MW)Q7|SKXL%Dx8 zFi#@#Yo`i@(5of9#>4_AK*LN?2`DO~gcjlMsZ#Ea2NSTu;@Cr$2M7g}%6u@F9^mut zm@?^j=YOBco%rSzX^kFwLI1>kFqy8PHfI_VOBf76f{;fop&-C{m*nH{Wqd9=CPCjE ziC?uggl>flAB&lx018+4gw+AOdAd$CdC}Lw%in^t88oD&@#M!&lrAxJ0H~v%_6+A_ zKTN%&cE8l#slX95M}?;Nuk`(2U`(54Mf%)5I%hhif2qh7Wti?;6u8eI{8-9j+cMn~fU9R*r zc7;MsnBjcQ-#HE6>=|7Sx8#-@A=bff8VQw-Zl|T%lDI6NUR9Ws2o8#&pIB=&4fXcd z&P8CX8|f{7l;Ob0s@r1i+R_-am^QlFG`uj7q_lH3Tju8>tKq>Z^I6Hv1NUThuF@hD z@bfJ|B8w^`>_Nh7#GeJ;`JP+H3aG(IRMr+F(00jJlf5rK7cs60K^K%qj zg;no?Z~kMw=8#b6Qqq!ds&+!VG(1Xgk&6wUV$__KR^DG1?t9PJ5t_pY8*dLX+8{h- zLrdJTnyP5C-PfA`u5NDy)ABJ!;9;k`4IY{QG}6J zhCMmXV~iJyOQ;w2QgN=$FtB%IG#*s_1?P;6Hs`37d6EDt*N2b8 zZLc2pVRNz*#@B&NhG&D(3?A2H_>cF~zB8YN@Yeii+>}giLmK*T%QH67&9%CAKCGKD zn9dKyI+jV{n~%AeJ)6^Owi$A=^AVa4%8^{JwsiSsu$Mo0lDNG-5t;e2q(0O=?zjVS z6Bo_*xM_3xQhM*+6t~VMT#jaH$f#IMity~bY~TPD%hEe}(`tYh@>z}S_cIR%$zK^N z1QJ@xxT+l{%mpy@@Z?x;F`635N}ts+n)csEuaRh6XI~k=Jt`Cske2Jmvfg| z`GG&p&#QEn9R?9_YwzrK4^6l-nEzrv=Z|*(Qg#ynlE0#BoN*r${C1oEL9& zq@6C4jij8t_SIC8i?hL)#H7O9g!@<#fz3A7{c?YEs0w0&K|$Wg@Xdrk<3*T*GgQN2 zcCboSJ-nvu*Xv4j0esgmW}J)9k0|T2m`YCwcNc<^MKwDbhw7zXZCszb-G5ihkz}M^ zL!r?VFMQ#;Y|+>wAS=r-X0Yf zwr5=#Hj*ustH_B5<|{<%V`xX*!ue}9tZqrVZDqo3M&5bNcs8mV~BinbnV--A<{!SF?~_?9nR$b_fkYz(9+Z-m2V3opw6a>0DWT z9_=cUDurPa(9Oo0UwE5L+)W%2$|?gskiKt2DspBru}JEyD7@ha_jYpBi(djLv9MsxPTK2m{;i zj-;rAEkn`ejVGe;`AmSvmrE|SOA1is9)gxT;VX4@o8Tsn>F5c2vQS}S{JJok&R?7wOoDGf`Y*})~S)0>PWjf^5 z1?<4f%*@e)^jS^yM*j6cK{^K=2E8&Gmb3Y)<;?AOi31m9MQp}Sq=Lr49z;#=7usas zI9M7Yo>SM;&`x8883e~@9B7e=mWF`r^73|GoXwfeCBMzFZCx5yudk5<$h^zEnjJn@ zcTj{%Pa++VcMf&#y=i9^7TZVw<$ zT3h@SD5mub3A$;X5Q{0SasBFC8z`p`qB>zS)ya7jx`}|mnq?at-3IINx+$#I4m(>I zcr-#va<)=sy}tnNmALZAk=cnWhiqb}Mzh@gX;W4+R;FKY1DDzV7<^@=i<(G{lD~U$ zgsUWM6>_t+-~4^;;QeoZXrN+nxGL@^_8j?09McoYtM2;6mM(RD%IXb#xvpQP?Vd`w z?ED?Q0Z(YG;3LB*KGeeJ&(qbr?*=#Y@csQ8(PmAzc|3#tB>U@}($^l=v~pAfihOd5 z)_=*|oPvnIeO4>fGNHXKH-EJ-y2^KX;`3(DgEdB5zAT>!c%oJ)1a=4$eXUk&4kZ)A zz{;Ap{rAW6zU4XZfxk=MWOV5O;J2Yk5Ev}s* znd$2TyTV)8k8g^ENIFpk;TjwNrJD2pYHEw}xD^BhAE5N2^xjL5rc@~s1Qi5AF;r;+ z0-*(IBGOb!=sZB0NS78$kdjEvgU~?&1VZmN7UB*RxQAMJl=&`S~~Rf ztWg7w%7}E5x7y;P^JSaK)p&POen=$#!E$ra;+*z;KuAX=BYN4o-fOR0m7U8@p1reI z@s;FWzw^i2i|om=@T;SvlYD1A#`U~QvLfHX0QLtH*Oo<_z$;%#`a{bHRO95x*4;56_m67wFPDBO~aaAVx+-Gjh={k>@9dWWib7r1uhxS!VzQ zDMa{fDmTuaN5-tDrqDnLG(~`4xg}0upl@hUlYVsGmAc60I^NdlYuWwhzq0#3H;n@& zVIB`Y`JVu+m?iRC1m$F%XiR(i?UU0}s>HW^QbOPBn#jTZPOEoEdyyKD@--HVm;7|- z1Gd_RyOFmuryo;S;IB4y+{QhKM51l&_dprX}Oy^I%bEXb_(%qbw-% z)FHt}ePM`Fu(o?E5FJG_oEGho-MczQA~H@ZNPx!}eJ7=NA6Z)`K}S3Cn$0<;Bf6_q zCz@^PS$lfiSoT$Dw%xX;HuA~8-C9xM7)q|-m0&Z4p^2wl3n(!+E1~V8jo3j=|;}U%prNp zt(01vJF=^A2&c}yYmYNId}8xLp(!>a%7PRM0EF;le}2erJlGi?H9Rw1M7&rKCVJCa z3}RlMydz?;xg+tl^i+5{(FrW%tDWFEOjkoFnfDfOl9(K0sj`Zx^|sq>?|jjXXtFML^+Sq=B2yeqw`;<0co$o zV0E~Ty$>cnN=km7?a&!{3^_=Om=M1elMcuoS2jcP5(F2He%9dtQ<1157W-laxFy!oaM*B?)dgN!`183a7g|59M65M*9YRWiq2|~P0o3FvcT3# z=~#QXe>KZZHVwLbS)ZN*HF>Zlbo4d$wu)Tj+q7fW({F@jn2}Oqf1b_${g&Dl-yF6R zAlKS(YQp8B_mGa)U`h;JcmG6$UH#$qeXYfNYDzn@7%(pc>OPC*uT8yPsJ%UY7`%3Y zY)>U$0JF!B20olCC#?J!)wzuE|W^@39$Qf9ohCY{{C zVDfTqkpQIhTE^`^FgnZ<|)U1)F(Lmlf0InN2_7v8dx)o4s@5JnW{923wsOY3Y8=f3lK&z=}xIJd{;U;H7F&`lRe$pg}&$ zD8e=?d)+ie>t*P`s^-O%GtcCd*aPky`5lFN^Qk9i+pX?Mab<+CEEgWNmO#B;^ZKgF zzVYRSKe;wPRDC@tlzp{ZKy9b|5hq#(YR^|}jH__=MrY-D_c2urNW3sJVIbEPpg!%v zv?~->y>{j{)C*~#4XNgFNy=mVE@*Kcj;mg#-J{hcg(+{@PO7Pnele1$*@ z>Pqe2`vE|FXV#%_Tfkj`5fvFil@|+`Lzp`~I#W*mhs~s|5g<-F0gUg9lB&1`bZz8BNAZE9nlrDQ$gd9!-T;&Xh*Bp@T;x`(Fh+ewg$@ z+QnfU=_-f~s|?<`>D8j+VOJ<}sTT5l`d$1+dev3==0OuUt?OtR7dz*wxBe;5$ zn`x$|{4-n#3i9(IMHvId97wA`+p$MKxUI3e=AM-Krk zqXSaFo(&w=b4YT)H2Frl?00GS^pYcLCB`VI~UkwnZ2~ zEnQ{`BRmryKb<~a&;0X;qJXmafS5BQxE>g^elo7NjrJq&Sc$aIt~&cT=^`7fS_MBi zPFfOikng(shOpK}RZ;jHV7OOvCQpb`lr6tY>g)fJoo(iqBe!0xVxOO>s3@J-FEu^5 zcoy#Hrns%j2DYHkO;<}A%NRNF9?U@xm}XmM%vDu5ZY*>jB96!BC&-n-_~a6T(&pK? za}$iSnVj~4Oo$WVW#u-aCmW|V=lxglEvh1g>nNF;P?hWjv-dMNyU!Psoi)bW#7pNc z&H=U7bxwkYB#Z!=rb{yTD6u6AjA%Wb^-CyMk42?8D16^ht%W@j({W~M)QvPj(foO7 zKyz)c1BtB~x`x=-J&NcqmPbR?Ql(4VGlG@A!_J3rc;5>V zwcX9v-X_V3CJ}zrJatE1mNsQ=dQRCipQkN>?fsi(zpE6db$@_2lZkdiwn1LOMb)5`}$X@X(XSIC~}U za*P#`qI*}w^o>MWYAyn_vtFhxE6j}huPJDmH$Tl@%fDV5)vpRA%sy9)%%~OqWdFFp zZ!=ue_J+tv$s0lsE=#3h2bhv-%M_aV`uf__M6H(Kir6-o;F)HQesO%ny zMA@wR91euTV1g5y6S0X=2Td!bZW& zHOcuVg+6`g_N}1p3_Iv&$*_YV z)Mx?a&ThUpq;*ucgQC7irXHs^TDRLWt)3)DJ(@FeR3 z$B&RM=m)r9{8S_u`!xq!6KeOfs8KT~$~s!3vxEjowy%1B8nw~9pW{{-aNOd;%u zMtC0S4O5feI%eaO%Nw2j9LSOn^paolH3jV@kO5gP=8{ihn^ONSp@p;)!zuwZx26-H zKi=oF=92nI7(3~W5u;4lkfYlqzPajpV_}Cb&$5`I3m6zt*Yk`e%l?E3y?Emn{b(6y zO65>GNuHv(GpsX5Z*5T9Fyp7H{B-wU?Jo))kGE#3T?H8NoBix3_@bHsyj*I^rV+sw zs6WGGFuq1*81&Qimm}bt{qFJS(*6mK2j~gQs!L2Z>iUJ;i|u-pbj_Sewb8V$g!di| zbD(mnZ@wWtgS~I^rnFK8P1(LMFFX;Hm^dNkHgRz~5MeUb)_2w2;tJh8Z*g}>g7 zL!3-Oa9_F;%$=)23X?{_;1HFInmWT)c+bIU^Ef>xrv*p4Ne&2cG;eZKey4wsuekB< zYk#RBak||nGy1{#`8$N2KP@0Ev+LNUK5*Vw7xPPvuMo_IS~!+`RWqreZ_t{H{j7fd zq_l@h%)b^=M#KOtnFGi@2LqZ>l*+MH-t_vIz{{QX`(zbEJ^FXB<;I<>1#Z|Q!ydbF6_%P1{HD}M2y-FreR^5Q9S1d*Xq}r2^J{KX!!Ib6Osr1mK15W7>cij}g8=zko!MTc3x;WRe5NWJBeui9_%Z z&NkMeuzVSb!eVtw4Y7Jib z9x|a~U|R81G=~EVv;5NZMWTjoPP1=C`GIw+KCI*3nC~=+PF464(Rf*AU z?T0HV)OHi>nrTubY4~9Iy(Q|UQmn+AF$Z;j_keC%PKB%(M(YI_sCngdE+Q)R)ufvO zlXx1?#Dw88H|yiMN9XWDQ6N?t2||&)RRJH9Qi0r@iPczuUl|h=fS)Jqq6ihu4MCNKBdbQ;e_J?b s-lhI?$p7|#3zhuegE#*_N3<6j?%O}Bh4h&w+c00y(>Bto(69~v4+dPJp#T5? diff --git a/static/img/install-rancher-prime-global-settings.png b/static/img/install-rancher-prime-global-settings.png new file mode 100644 index 0000000000000000000000000000000000000000..de26e71c846b71f03e6ab3296d9751d85ada15c7 GIT binary patch literal 103854 zcmeFZbySsG`!2lbmhKKEq`Q$8kOt}Q?oOo}=};+YDWzLL5Rg(DLFoqRhBKGD-0yeB zIO8|QIph21Wsl`r>sj-e&z$$X=N;F5%^jtpB#VJcf(n5^FytOfsX-u!p%4hXBQhem za%rN83*JU8wB;=2ei(0e#wU?CXb{UvyDg3oy1y$rl;BK~+*JNOL!L;m$&8~B6( zUVpvI$|7xRB$czPlckNl1q9;#GT?>CeEh)5w4`0G5{jDl)OzB> z$`>~4FNtp&`B5toki-be@39Uy3pS!Y|A7=)9+R9OlXBkiW|U?!WI3?4<*d;U3HgNc z>)T4A+|Bw-`JRtYJT=i<^C?A;sUux7b$VaY-5+!DpYQIQYGD}J^4}Zb$X#PbJeOJ` z;(C(p9pY{Im6v}XH$q4CY1Bv*{gY;@1KKJ4gzx->`UKvV(@%=mqPlxb^Wsu@Ev40I zUq6U1$x^zI=rv0{BCx8^w;1v}Bt&$(9N?U?iKlud%`E;L89_5eB|MIyLXeR_t(J2C z2c_o?P7|JMYUih#U{vl;m6X?*fnIj2#Shxv7?W)Ty1YzKrK(2bwv9gu*x`@E?Yu+R z-((3Yy!SaU$adS6CAn-@jJ$rq@1F}5x9M;V?`Y*ceLXQpEjN| zmrKZ-(()AyXJ_PCdi_xuU$*}CZoK74tm>YXuE4GJ`pr?a$q$v zcQUnL^>%QEE*L~u%-h+-%+A7{%GAQj#!-Z3zomnQ%EnxTMvF(0UC~+6!rJDsud9W+ zuabtDubr8IIgOYos<5{p=)l3k-Gs{9!QRnL&|8G&SHFVbGxRbW4b`tE?sg(H+CYya zom?%bxLLVb*;%B$Z9F+?L{X`PUCk{8)ud$p>;ilfp|N&%cNS!0^YZdy_2Oc6a@6HXQ#bHbj(QxgGx7BhZcPEIp(UUTq(-?~tCwEWa&Z%fy_Qg`c0FhlSgWlZ%C)os*qKz?_elgTsW&g3r|QS6Aj{f-+97 z4klnZZ5&LjEZCeKt$zIg6}X_dikt`yCoB6uS5)jx+%3TkA~a8I96h}M`9Z_R!9v~L z1S(AqUI7740e%h+em)*mkfM89adI~!Dbsfw_ zP}0@H#NEkN!^z2BgywIn`}fa^U^|(cxSL3sxLbfu|F**#f7xLcc78$jKZXzOPSMHS z#?t5i)Ec^ZsDwd#u;h-wh|T9uT3FnV)n-r+)O+z z%zup&^!3M2X4WQ-Ru;f|{Hd;gUAOt)r~L<2#ke;gN2>< zFM;v@DKNG_C(H)58Gp@KnC<@~6X9PCels%QzCW%3;{|LX+uz3UPnki@&i})|KiA^_ z;S)gD|9!~+NWT9S*MG(JKa#-zsPTWb>%ZdqA4%YU)cC*J^?yxVsQ;u>7LFha@&d_{ zq4Cx@NVE`56=bC#chLWG+lrIH6%^;kI&Kiiy&mWbCiUSxQg9K;T~1LNX&ns_7Zc~s zDdz$Lp@PUsiEDVz?#z2>;AxQ}{hx{LLpZfp`3^CI~k zBfsz;tlQMYq!7k$>lL5dY&IA8tdM`}0^7n3{r~XYKm7M+sy@Jxc$7qkOs!_X=0Yx) z)b9P72#e;oze}~_kD+g>vM~@tBY*qjeBrp3@Qh65QxZ}b9mJL;RQ^cQ5((x%9?q0E z`G|AmS%bnb_1Y-Q<29M!H3N;utm3UvVJ_RK?Bw4dON!idVb?M1Q83iMJv9FbU1;zV z>X1tth9%(~3Cm1cxkrylaWLS7NFSpT*Gl-Ow)AmON&WVh66M|ytIk9}Aq2JLDhCe5;Fm*sC*1O%_wZaM;QNJ#k{mA)QU zS37HzY2cgnHPg<6Gf%{NmzRgFE6 zqvbN+LeJaxu}r{%Es#y<4#&t=DOPg0J{-ha8OlalTy*-eyBlH@L>{uSVeP)Zz%rO- za(S$y-QWl(6HA0B)Pnl+$S-iH;;Shg~853A>x~|w%X*j{=A`qo)q)9p`9T= z;#8q>JrMZx_6bZKA`13PFUoQr6}-;~gLO(+wiSD{)DSu95Z-eZ37Ng%H|IZu{HY;f zWV1gS64CK=yuwG%1iuZxQd5uYRM>COclNgRPei=gS@N)$Uc0QJ26u8fCYUNrj8;K~=`ILy{| zIdv$8*VMR_Z7L+eXFlmVS|3SfzT+oyzp7_@@FXL)T&wCs7Y!d7nXd8mIR`rzm*jg( z7MGh#3}kBek&tH3AzW70N=8;T{YEVLbXH8l^c)V~s}(>6Kr1ea_tTKL3f0iq913 zINzKbbQidZYX6Tou>(~1VTCv%oZxI(r~-aw>LV%|!!u6_P+KK5kCvEH-CuaHH~%^J z)6gB2>v7aWl}}V$nh&mx243!1Znd?)t#II6J*k^-^TW)`%iH+YL`%nb z!$V40C9yrZ>%6}pVn6c^#%lOFtT&D{&!8oqKj>B>$%Bwt8y+Ypf8aH;<>!p(I8wgu zZZlTMqe8Vjy@uBePv0`!qxcqcakOr{K0Kcx7G#ojxVZBTx5aZ;yf0qNLw@u`(K@^D#2&6XVB;O*h>NqSHab(c z4W49jm=W09A9nZkp+#U)_JpAka@eJ{R8|JvHnClv?IVeGAn|+c(H*YzhdiwyWB1si zgNKLD)v6NR7|j!LTsZDMTvb>=Xz|t){KujVNZ>dTTUo+q7NVFF2qd+xObXyS5*J5@ z^Kx%06htc_qwB0csekqP3p^(mEiyGH3lY3?I2MG8n;Q>e?BMWf=e_5yVAt2LXb_ba zPnMne7NHrzY(A%FIXRS-21gRN*T9*9{ohk(w~!&|A$WVaUE(-z(jA_w*T4!1Uiuib zxTWa?wi7Y#gV>N~&tM$CHKG=(p+KtNmj|b@=>7Pd`QF)$^s3+WNd`MbeSQ6OwF&O! z86|w7S`>xIOLm(i(iHjoYs0S+1U&*fNAp4;5CQ^%3;{R6t#O;+(NT77?Umt_%N-y9 z-?Kdg2!nbN_iU|AoZI>>BINx1yt9W6iHuwb4r1@%FqSJ0fMk{2U<@#F8GnD_o!xRO zEmpUc0gH%e{N3rtQGXk3hQSwfjEfhK`uBFzetxEsOQK?2NyOuvN2i9M4AL>0SSHHQ zwTgb@b@`sj04z9I!j3^WOB)*)2=cvqN~bf?_zKt*6!DDeMbx~!ydQT1{3{Do@+6v# zRr0fV%FRx91V*j7n=L56`&LSX9ZuKUpe?jU1vfQivJ$0y>U|*A+FJRhiJ4rmRyN|^ zE;bI%a|}{mlf7@>^CoOL>?Ym6HG7a!Q&XQWM)>Y$r(#uCS3gowQ7J+Q6?J@5R8)kF zhK2;usMIG`RUPAZ{y{Zc?-0_LaN~S?jSx%Bg$hwARg(sa2_Y8}%s1&qw4QIiFX*wA z_}1|6`A0@F?D9(@Kbm=GVPats7I1YBs2PQv=wOZ*<>C4W64(2ezHkx}k?68p-1{`4 zh=?c=OKU?xH6GiZ!2D3r(cw8Qgm!=XCOm&tS6kcj=|#88`mo6L(a43Djm>C#fRMNM z=SxcugGzlJbaFu=pg?_%F1RlqrVHpBTy^!A+DU|HFjU)3d3yW$E_OZ>dhnk(8z5no`R%M>4w9uzj*S0xdUti#bmOj0pMH+s6Lpqe*AW^DTSZ&g+ z>+R>)HPd93b(pJG>U>r2^ltUThY!^?{g{xFrxi@M7wi5>#0reO3+^n+If;o_%!aLa zdiD0fRr?tFt>=7DLvG)e#bal@_St5-%@1jBp)EqlYwuki&fmsvjPKxpE7-j%kpbDG zs|Pdk3GzZK8X`&^!E7Q!+oq*d(J!5{xrwsi)WR zy19&FP|fEDrUvR-_`QE(r7`OuLmIvIDV{uW&9$4#F*Y@QUaXu0WT#*=a2JJ3Ki1NK zCg^#MJ(SHC^5O;dJ#xX=7(%wi1TjxoNN+rO98gHpADz@hoaR`diyz;bf}D4zQJ@wU zH4N70PNpS!hFQ^F4X=TG+?=bmu!eAD?6t&c~VM-+~oBlP~3#Ul5``P==w`6z@rr zUK1oq++Lu_;e_hKWu`L5l9fYjD;zJ@mspnFJ(x{CJom94%NKyg86Y@`iHt)*-Xld`l1#uAOTFlcWIC%7aJ$bc90Yb|-s7HZPbt20yt}<&H|w>BD!Ea+ zzjmXusG!##GGyb+M{FQ3={ORPL_Q~q6gDFeEAX4#UWes;4k~|oPrJ=m;Axd%gh{u| zqk^$qwZiD>2B!wrL``7$U-G-aP70MzWr9W>kMbT{qqg}8EdxpZ*w_fQ zo!EhzFA!R3?H?Y`zPDndlY3sgjzC02M8(TXkj`q*yD_$GY^4PQ#wo3$!VX;Vv&Kg6 z=^4$=cyc`xOUqsv`G2Cz?^3L1o^lIlc?j@S{pi@^E&}6hUDSLUklB%!_vw;z-A$e;L5gz|EefDo;Oc3k%p zvn!Qt0ex2=S@7pCc%yW~@UXS22kg~s$mJDnRHhpHuo7}s$gA&aAA1q=OGdVr*-n(1 z9<5cB=uQByv5G}P5}x`{t9yEyNbGj{HU2*{mC{jqH}~N_Vkq9>*@vvp-tnU?0dh$x ziA56GrjHnC&4pu+c@#4_QCRc@jYo6yfd7Dtsx&c^DY=SOe9O^gh&*>Djk>o?pMzE6PMrC>>dP=FeR3$!HWO@$r|2u6` z!w%ZjNjhsLmI!xcK-GgJQZeH1=TOrnQ{^w^#>LCN95IV5@qT>h1w$Q2kQ7B-J9eNl z$#Sn>>OwS;P7ce(mH~BL=38p4Iz9w}9B z9MCA1G7<9#7ynFjqhRupV-{{+f#>pW*-@fi79^`@MiPgcT9tiQi;%!gQ1XZuCrRRU z^(z^)rYIa2t=BXq6R3{`&~aduDH*TaJ(~wRiT^`Hu^4LF89x(LY;xl?#d}JEF<~WU z$y^f6am)qKaqI7>sOSbwkmVkTm&YkgE4^?Y@BjYykF*_-N!Z`kPnGvUSa=)$ zTg3dgwA{=%_d#|x9w2&%_USm_H-D9$JoA0~FwNy(^Zn2H{r~;_B~7ZqXbSh)AMX&zIiF9s*B9l$W_9U=K^?x)Mqi!6FH5}-cxP@p1SlWxmFDp2e{ z%cD4Xl}f}rhI`sk(e0%91l!w(kk@-&JXF$!sF2r6ZZ*ut!83pDnUD1;E5^{x{f#A) zF#PhCPBmD%WQh{B238dYq!97no-1`88=N?bYTY9{s8O}(wgd4`VoqIrTQ8V3;`q~X zEs+4mF#Tt(DdAfO8>ELQ4C5x~WuA{Evz)Gf5avq{VWySl2zPN+Ok5$zcy4ffjh9XP z&7f_(s``me4FlkUvl?0y0TveO4i7xP$_R;@gRKK)XZNR0{Nv>@GKzDZ7JJ0-){vp) z3ZgA;OhfEqjwT;T?#*_xbJswPQ5*~@UnRIN*AQbg2zTV@9Oc18?MxorV z$1K{yJM^`VYDgYrh-P1RH$q>w9elVn63o}>4lgk%BpXO!3gfKbt=_rS`!*wrN=`c7 zg(=1@bwypicq3C?_m98F9`lkrI7v=1Ua&_Fznj5)-@@HB%%nKBSG>2eP=xvxeaSgs z?9r2p28>BE10cKb8 zdk5*F@@y1m!tljhX=YMcpiDgx|N%f?aYA3W$yS>9dwB9qdIWugWv%|g2 zBo7_DhSbjZ+#8nG^j=y@_UmHTRe-djVrNV!tn@ zk@WmXg`eciE&Np}JW*QCs{&Cqhyf?ge?;|1$^b(Y#pR;HsPh2kNU z7qnOK7z#%}=S`gvO3LHenqq`AV2}=79Ay(TjgzCio^8RFCu;A?l-~ZK*H5gDHcMR= z$B4*01BqxFE_taJ0?A4KIX*6xy)~JLp31J#);k!?=Uo&h{@T>Xq=Y+^_vd}XR-drQ zhBbyPdU6W}H4+4;VVQCgH)`DAXFk~D8$1YHL7ZI^4>>jLv=If4R%9J5lvY0VC;uiN zhVtwh1nrZDDxF)~Z_a3lHu(5RkwT4i(F$%GBULx&l?LK03m*J9__mrc>cRV*yGf<2 z9hczqb~KHvz>j8RN3R_Oy>7=F(XO3O5EBGtG>i+(geT&|31X zZ-%Yg0)<~@k;zO19@Uh2ksRe=blx^0sf^!{)!&TZaAGH5jeH;T`+=x$zkqV)@*??X}s zY4q0=LNn4LFaiC(A00HX`S!k-B9*jzB;|^Tf;US43crP5UM{tW&XZe>0W14lM&yLWd|%~ zz4@Lf*Oi~aOi;Zv!$9toQyZ1T&a)zqtvvDWNg|(S_y?@cmh6!mqyUnU0Fi1(_B8$++S1$8?+A06-QJ`cP>q|Y21!>LiYgMvpc@M5tlghKqf3UPOMpe-FzMpQW7Q{;KxQ^-#|c5g zl(M&HhRSMpt|2$@rWs_(qOL2So`D2JqI|-5^Fd%n5C?CrSo?e6KJ8#>V~Q4uE-ZX~oA(CDl* zm{YCPpV62K0;tergA)?Aa%_Lus%?J9n7Lv zzX&uF0Hx>vloJ+S1K-NE+x<}_BqZFg;-aGD4zxE1bBc?#-nHT}su3Nnv2?ZvTrF-) z6GN(j&ez&aAzmCEWj_6TMT~Gk5lJXZfGDX>e+nk5ETNJPZM9~RnCfsmu{ zA3lYH48IhB=IZV{(=eQw=m1j)y1T*b>grN0dSU}aq2ffcJ>?WyZf69Z3lABs%0UAO zIDAl0(7fQidn~ys3@X*eFw@i1xuCe9!j#I+!y`SE#p8Um)&U8QCl8VUg%s6hcb`}y z4%8~6j$VLxaJVdaYwPHI=;?t6^B&zj>xoK+4zf4)0zZk4TKTmw*ut6SX(N45(fFQh zb&ZZf#BRn>Uc7kGJj0taI3G~SdKbl25*$h_22@Pq=F&s8-kum90bvoKE&%jI!o|fU zA|WyEi8KLdfEc86bQFsu4v{GpRRX!^-YC246UJ4(+ng+ai`&zGXSIDkclV5knI}=04*oL zHvr;>EOz$|)2uJPD;mFitf2}G9RpB`TRa`QUkV%n5CH*L-H?_mX0XMnK61mt8iJel*wWsWm1nmf$|DK!-|bA%MZqFc>rp1rw@mCESW%|v_Fu_o#td>^5V@f#JDT8 zKd~QY@~bsBJ1;LHgkQkp<7*MW#UG=Hu1#dC1F2yxSFz@sjHv_e)4Mm z>5KavBi()Lfw@ti&n`QTq z19OVJMUoXfF$t50cz!G>mV{(x&d^Ui)a5qeod6KN8v25MlPgAGU?A9O%uf^*)#tT* z<5NWm2%5&){P>_aXnT9RcB?mxGTC1#3aXMCuTLY(4-bIYq)xkufpQS|Tt*i4V0{wRLqj>N&vHFgK?IK+18N&NbFhqR4U$?*WGOZ*wT3cSM^}`onP%A$%(QVwUYshh(HaWUr93o{InNii})Rwe19_ zKJZ<@$4O09ij2N5#&yo0ef1X?03992QJ`3Z32bc7^K<ZfkvI!K!KM$JXL4@F*qx?z`W#qMpY@xj7SbG5d^?s0|yG_97PoI!M0n_yS zrx6so1*=(DZtu3V&HbeUeL;RgYpQ(c)X;BNZ6a|`g*T>WM8zkm6e8_ z9n0@@NAX?4FL7!CzX5fLz!|PYN&dC3bkbf>8^8VBzM340^*kbzVcUC!Fc|0Kp~Xc& z;J|q4S8Ob-;MKwOpShOQirMv#=IR~Ty?;VJnRA|BT;!=2S8CUoG6Gp%N`DddImDAm zpojn}D9)OGMDy4axjpMv8cowu44P4=s=?5wZsMb*He*2s_QF`W=>da%!GDhp z{Cra^Ed$qP2|Hf|2a`ARKK5T6hq0j9Iieqmcv$#wq0(RohyOyzj&st!<79AAE!MlN zMgxQJ9|QF9{P^DM!h4YaFZ%)B^X*xeVW_cVrq1@4n@7mc&%ZrO7!mn~78%Bik!^dO z*8QOuadMKf9X0njF*$N@2|vwtVR^*NeN~qzNbX~r^k1R@?>aK!PQ>&Jh)avhQ;}Gd z%>Lx@qpeMe%OUK^bn0DY+9uN(fp~sN>D|=m@kUo2d5bH37jzv(IKXx6XFON9>> zX%&AUFjI_@oZgSlQ_1Xg)^S4{i|oqm-{mlF5p!g7lk&J~Cc3oZf6Z(cVmj}&Jk&C8 zOTjGu-jsEk5F@hs)rKV>`dq?@4APYvgZ>EI)I{**DzW#mZ8VeTgldJMRqXuLIhUge zJ=WfP6xz8dnN5k0D(@^YKX(wl#*+GqxD@Nh#$9HJt2vM+)h^6iJ*-alimzQ_W3_O@ zpaXSa_Nll>gi-YjUs^@VZ<7*@VYaiNzo#W~X?%P_S$%xXX;wV+Co~w+OQnI7P%koH!({ocxVWmY;$CxJZ7zrWcJo zjTML*>4b|@a0nc$RSG|wmg7WN3soDZ5bfPj`$Ph+`x|OauWP+CNjtldPh50Y;4Yxyx*F{i_%Y&ZF~dmy#E!#0c0@mpy5cBlE> z9l^_&zKdf8eZq?~4Oqe0v@(mJ$Tw5Ob`Kq0D&pR&#r1V0NMwSR2?*zjI85=r&94{v z1sxnPaXZYya&T~bf0IDWxk9MlzH>2O8*(QRH(m5(BFBRLPqOIaLNN6sv=C z`A;jda#ANp^JstUiNb;4b>>|gvtB){R;9jlfegmjd#kgm*SF6RVw?|GY%;R40HBrU zeP9ZzN-+{)sFs_)ejvvNWl6-KJ1c12@9K0H)Q#ud_vzoy+SnQ`?0joNQ_i{U1~KzQ zxt4TCAnT`O`Vm60b+KZni?AgaGdW2E}`0M-x1OYve#;dIi;16 z9850D>(lu&N}J7?j__|yZUvyk{VAR8d&`k6If$^KT$_x{%zzi%9VgRR`1oNqUoB~v znbC)bMGm?#>qPB>fJ^QMyazDmE9t|l(p#$cmGqqDhVAYF{_(Z(q<}jjrLV7_wl6Cx zn%>?s{X+AyY`n2avFl`;FIR(PD~-o#fw|k^XZH;X3^X{BOO^q7e3nC%O^1ci-Tf*b ze%2F3kI%}AAmoMWWYLq%P%uo38PBw|)1$VOut)~QDaQF{fo?FVm)mcwavwkDD!=lC zq4trxZgmvVm!}hskWI?$)OEq0lgMA>Di)e$k-IKuAzPCsr8R^^9`$9iY}Xu(v$RG> z_q?C79Ut6Cs4};#{&aFHVL(a}t1{v6)_pH@SFMXvGZc2sU^!XrA!A`HDa{O5s0NJT zbd#r0yn$bIWClc7B|TgQj-d=aSnq_FXtIo$IS$=evy_jZN%Oe`>j#faA(~+X( z^PilY1T|Zovh7yy16ZJ2fu6c-hQcHDyL9~gL?9UITWD(m73H5phhwciT+N0ADqFzXlu`FFPExZpE(%^d+shEnYXo88h>l# zFk&W3!S4+pOc$Y+gC;|qrNV6O)`4OZl;)EsQkD~g>6Hm1LwdTsacn&G{+n)_3bEum zg;kd+d-E-Mc3ORG?>YdL<*h->JvgL$AKzKT5aA81w2MB}Kf2cHEllXU9tUv@AsXTE z$l)$C%kH`#BO113X`ruUgSpA2v(EQMsooh#)8JAOP?$z?mn9FJo94_j5u^1;GP^VrK zwdJ!8E0&-m%rRNG0Nxo`!cKq{z(7D9yuitb5Q>f5m&faStMiq^w1>fc=bRSgmCM7g zgfiGogdxx(HfU+KI})E|7X0tn{l($;jke3=&v>dBXunNzYOrrhgb2!R)weCkhU(so{`` zBYC#mch^;CC;Ia&DBPgsv~xb-0Rgji3f=t7dn@BFZy2YWJ#f)6a0BB69KXTW+RwnA zY)v3Qp1cwy2TuYzf&!>xMBx~uu^`{oJ7)EwTGm$?8APA6Rsj!yAMk!CG|Mz(8XOI(18-!!eGFhADNLF; zP_+lRO?00ktMbM}T3Xr~-xJ;Q%LQ>jj{0^An_+ZkC)M@2nUMS5H;xIjq%Rk+5DDbau&@F^g=}Wa0x5Isxi>y= z_QsdT-`zdh%=%aXeA4}~kk4}1T~=G0$efcHO8YYUF4RA}IoF`dNHMb9r~Kp4LYV;% z@#oo@>|h!T79Ji{=sy5>3g~x_lc+*EI>b)*=3~Gr(`P!IEE1Yt&c18E90F|6cW&)K z4HzkCA!8s0B{txHk6$Q($VH+4`5xaxpk*!QX^spM?itx=_ZJo zqXSS7o&#bWGYgAq%PA(m=MMk#5J@QCWwhBtp>0^#6s@Tsn?4eq$(3JnjZ0c;;4u|RY%Z77>( zzU3|$3%1F1wJTTr25<;X=IfK`@4}&6ks?JqNGHgbwQH?Wo>uBZO%s%y1@yeDw-*rr zgeIn@Npwb~CjvQJRe+P1X=`L}VNs~ZS15S&GXse<`x;8nd>#_=g3ZV!AmiSu4QXOf&u6tz<0X3zZ-8)#+BAL z%rykmnD=u6@?E~vfkuLbyje)Q=z}_LTm&Q}vxQa!WK>j%cK-_ioxENVHfZq_0on}a z2<1EiY}jGW6Zl;`TA5gh^kM^5G)4M z#$Fjg+{GR;94h}Zst!c#Wzu#ZXi z6%KZ0+yHk65o4npU3#&vSKLC!9A@G$Pz&PxjoLwvZxBzP|^dh?*&E&GG0h$c5 zQ-B$njF(`KTGukJVFWLTx&dZte{UR!D+;}L_#9@RH#mIi;d2UG(aUofZA<4*j)}Je`z{ioCbt&%%Y+P-Zz3+02k=%d{zlnL||GV zkmLu7k1F-od3ixov(FK(%b* za9wdmCt@c;!lZa!V79JNWutEUp3)b9#sDFEmM4kS-P z_e_wzZAusz9Hp9oEmEzou0zQScEiA0$AaQd_xLz`T3Q-e`a+xn#NDjDwA7}#vR{pK z`^3Ph@U%fXzs_!omg)x&;FW~|?_S)Zd{ce%=EO;nhGrmKN~W}{XC5sblpP3r4wf&C z=x>{8{9pGW?;>TFQL^E(px!8dKGF=T{p#)VwIH)(+^4h=hm0+hSElvnH+oM4e->^g zN{$Loe2(KP2I^2ORj;Qp!-cy&qv{6|k^C<1k91Tm&Ka?u4UN2#jV;qqk8L4h<5qqeo%Yc$nw(mfTB_B%c}`PfqE@btKxYtJW5r!)yD#c3al+i&H6fc%$Q^z!LiZd&x7)P(;Nxp z#hq`mz@R2zNkoDug2VG|_W8|Om;^F4KsOm5DBmgqi;7k!n1_!^d0P%3#pj@ig9kPh z7BzJqXa#lzO_6dAV<^_rm%_oN-neXV(R1$`OK(CBLnv0)*Q01qH>zgc1u#_f?F~{? zV`He>F(}`dE_U6QJ6zur)jHlfc@G@pgQaEMNm8-EeExt-`z}UOLbkx$rW}CF5db6= zAFzh;C6EumNrth4i1%Qy0I`n*wJ&7q&dO8_JTV>WE{W(>TpN%p=t)O=@F z?KqDJ=&}Ho2z7RM#{tRX6ZIPaeGALA;|?Aimv(G?DQsa40x(PI@h-6pTpO! zc>1l)Pr24{-q4ymi>`08`z~k$0H@K?F=<1l0ja&i{H zyQKlFPRKd7Wps6)?}69Sf|jQS#h4>wrAnY)cAZwbYc0A3IU zDS{UYjQsMONgF>tNalkok?ABerpscN^t{VVwMlXYhnZ&=R?!$>+51LYjl7Nl2;OE| zxdsz9*!-qK6JEjzR;;K1o{te3&~KPvP5}gdRGGZMy9dMMT6oDz{wn;l5xMv<{6ZHDROm2za0cpa3Id_ zV9c$)C-Sw{W4iE&h^S!6xoyfa_+8|a%qpIipVX@>k34L?R4<>%_d7GBVPJUdG&kzS zTD0;#$SI04Xy=XJ{>BC!g{Xguy@=OY6Lgk&W7eTh%ke?Lj18Os4scC)Koyz;FOE0g zgEF#mQs5SV4f2(90-MjcEI$(f0|r*ECg=|4;PS){2-(pw+1+8S+pM5!L{1?nHLYD6 zIj>00nTDzdidiwAK7BGjxxT(Yo97sv zS}-*;lP*?@@9JCk?K;2yshZR-HdDANYbI$M@Wj^Py89>);O0OUV|LbuKC z`Xyi*ruG4p{}`as_nJ8@f!8nvF0M3XAL}O<@=g|ewiWI>p;@hqLdonO^Q9F&f+Y@>Dd>03$8w53HR=aqdOyR%~$rFwz7kXjZ zY-p$ji1F3NAM!&{!ppn?h;d)9%47R!vkn?4WKLE3(1J9f(RGyx()sNh`iBqH>>L~) zKuH7!GB!5WA2@RllFFpn1iwcXhRR>(L?tBjdLGXJ};3qxanIQ$|mKp=*2tP*SOMiHdfQ5@20w!WMmR|^P z3~YOc^q71_vxa%>|rsdhJ-RBPG>CzkO#G9v%*O7L%#>Yv%QI zbi^MdQws}&kdTLmM;ve=YIRvacpi!c4x5e7@u~?Da!Hn|-S@arHhpz#}PRXAqtYGhF6`;uB{tLaxVVS9dgng8h7b3mBr{kbR!L)FisIgsA)v0MwrW>{JG z>ZtbkW9ftrICSE^TKRN{0{CnxcX#(_8!^E1kT0YLqzR;8_wP7LMt)Fq5F8m$X>z>} zd6Xv+#_5i(zGWsl(Oaj>(%RMrqE@!%8c_TUUA_UHv8SiU7?8!APvT-@b0;2j@VV*s zZN`ELNP+x2$DR}s5fK~;d8Du3b(N8kf!Am5=jZqNr2y%@dqZQ5E(P4hdf+)3+1XH- zxkM!o)^XvQus|kmyru1F`A48|9RBC*2J<{NUxBjX}9Dx^=c2^>u(^WV-5T)_Re)oC zCd<7ZiT&m|6U9YmzvA=2_WoC&Rz4#BD7k}(1iio)FYnhIvvoa8kayRKOg0eJ|Dt!+ zp?@;(d|f$*l#`ja`?A|wXgx%Fc>i{2F>*Jse?OCXL=Tg8GN&gJeZ7rUxY8)_>;Wa2 zB}Hg=M9vu!1pn6O6qW<=AaaV13`Vm@0e)bhz#wzU`m3?f>=U!@H~W2&*d0)w4r5@N zZf5~F@B;E^K7d&xxVRjYXpezIqaeiwRs1CY8v_s~980&&XkmIbtsC6;CaVLpqa>~0 zJaKRpkS$)VoJyb=wc~XK!-OpE-=T+xBN7RDYP<`mbDYPSD4SUZhjYP+7osAiS8vV| zt`a(^p!HyoZpVQl zP9}Cs2y&_XhP`pyI@Y1%#})pUqA{Q_4y17a>==Ra)5-u z+u7N1+iO#TXs8Ro1I=unAoYs^zyG+th{+K0f*~Wz+IFN&N^@K6Po^(TTU{3Gad2>` zv7bQ&CNB8;;wZpVPiYhL=9q#u;N*L)joCb*-e&3D@#~Pw*-~&+20-~;Lk=`}sBlnt zz|zvPv_39j=Z#TSkm$f;kZ_NRkakU--HWFX2?snd zFf|;2cq<PJeh@6aeA}_Y)SzRK~(nPjHZl?T`$dFgxg} z&rrLBZet!E5XjStWu~>e2-2EO77uri&&q&9bRclR27HX_x*IXSGjejxu?Uyznfc>K z67+fZ^Fj%H_8}g7wx*7J1xGxTDXj=Wu{8_?A zJ1hz#eC*(vo6_*Jmb2l{;NZPykk=Z4!g1jeI0rp;uuNZTG3d4Rtw}FwYN03oj({c0 zZoZifpj;Onfw^urWzGsm=HzmoQOAOAlWU#mjeD4&yZ7dc;nIXd16;@tqF9X&$!l+ILl!i@ z4lZj}>HDNIlD_qoj4xUHwrRU8>Goq2dYaW@C`;3AeOT*jQQXd81UhliJBvZ<2J21s@wz|tA7769tOHM@4ybR>%d-U^Q&Se zhzY#)$sR~!DFD%k^~xvg!=ocV6_Z9?gJbaN3#t`9ZQOV#tTrN-t=_@bU2rX=QH{=?t21%0LaG-2cKA^Ucj!j0z}T z6$MTcK0EMoXbPVEb&Nz4W zP=9?09RiZpWE#u&*_`_8%WXx}drG&P-x1IjzJhRu+q8$h?P3k<%741F`6qE438#4? zt6{5kP}yD|Wzd%?BPTVm(*Z86hZ&H+=Y-FcG6j0-x93$z0=pvZvuJVq2r&L~F$8T+ zK@lH@Uv&)3&CT6%dk?0u*)I38;S&?v?3402EhP1utAUEjM832ecCl#Qg zR%Y1NOd{Y~3$p#U0RIA{Lc8wpxY>8Ba~dbBenH5MXBo;0q&MoROdoVR0t-M&bN~Kl zg&-i@KG#5nvK$Z-Facl)oZ_7VN1t}YjOi!%aD)i%Z?5MAscLI$H>WiLkPJj^TGBEL zDRd6=&5AnjEt}SD9OS?P#Cz^9R19TzXeK{kdn})E7c^eN;k%l8kA!Edf-WaZaqDIB ztQl>on~U0d)m_d*+}_l_-rg-B8Z~FylR;P2{NEz-A=jaKelvh_1u}Z5nDUm z7fZAjl`|+#w*7u}6TljskPx(ykk@|_7f0Ih1AF^W|#h~CGaL397Qh#{~rY&$LlW1eK?%$_aJ^gt(8w<$SYDLwL4r1Ef)Uj zx}TJG6_N67?tv#|#-!itt1Bz{s`5>j5uIA=+WMk;I8V!YKkV{8|!8WC5 z$4T`*0b+=_WW>EMzz3aN?MJ9-ibc)y6%|#9#$PExIy(lVn7j{Tn_iD~7H0D#mUXIE zf@uS8Vdd6%se=(9-D+0oH|Yv_?tlZwO*_hO0bNtW(a~{hbWyX;=`M+cyQG+JVWSXK z>jzA0{ugua8P??XzKOc6+lCE9P(YwT~^_2U*pU;hrO8ClUt9ORp0`nMRdj5D(z7ng_LrKHfq= z?4-UG3jYF(!HnW={d=UE7=t+yBsMbEmzmzcHo;nVc22#|8XV66fSSihLR~k}m*_B5 z&+h9hwGmyzAZX4lDQWchu{jWMH{LpTf_q-M(8RVh-KzqVtA6iZxG6FIs&&VmPQ0;p zv7Ln33&Pw_G0na(M_H1m`dS$BL%(P4KwQ3*T2Pt_&3D4#5 z_hFZpWRfH+SsF@tGkwOVrn2F@hFS**KUp)#-1gOEqUDB6##2ripfJGXmU|k)Ewk&g%YmhLKpSF!CJEqtm(Y&<=am=h?LEKPRlH$?L*xrniDZkRX4XM+F*n1eFZ$wa;F?F|-DPVv8h z+O7Te);>5Q7mn!H0D#4Eq{(p1qxZ3<)b?t`@?@7q5`y#M#ann{pJ9@3m6&11yRnY! zjQuo|_;>FvYKr+~&~&nccJlMZZNumjw|1S+gpy(G<@+cDLqm4J7(Tn)=bX5@BPosof9zQ9gt6>x`$xR92^}rniG37&&Z;n1oxKS*hczpDsa)$ zmOdVn%7oBhc}1vVsUz3v=zi*x1(N#3Gkg6ePVUy9Lfj|4mhmre19uu7<2g zsy6k{tN-iY|Gu>A+O^%c{=Be@CdBXfpa1dmXFU&U)W5F&{{O=tY2s?s?>3=znXkzC zM)=GjCs6;fQ{}GLH&n2IZWEtsiq!z2lc(-pq+`0lp{)7j{UIz_HTw)L>Hge+pHt+p zU)Yp#iE_e05^s;x>F0OHJ*Ii)S7q*ezUPDt@!MS=F;;asT*LBcZ=t-zAqLvBa{(Q} z(`ktb-{@w0Z|oCoz5M69c8v|4kp8>N)bpNh{KeZJ>D(zl9=SJUXm)H!(=ZH8PIIZK zM2JiHlONyU=Cv*~ypCVgR`oH@r|NV6ykz-R*yc?N^fYo&N&;mKy^ZJV(m(HM5YE*_ z?i)U)`n^ATX*xu=yjEJK|)WAtMl6LKf!IGV>$rBXXFTo*M}BVVbRA7svVHm8GN zjWKvB?{WXrX~Q+{jnxJzt9l#(nWM>$^h!tf8MsR4`Pyq^@sd5_a{N*J$-A2sTi>r< zVlwKGac)3s&7sgsUKwlMOqMCNe}?C`6My6iE$8<71#clo|E%omxcfBzsh1MIc`9#9 zNOf!r60JXSU(vff>CN;qnk~*`*{(IO|6q5nZH7w|4kMA0VMWS*T4+;TG_jE@9ZR&t zE!#2yFi6^JS-HSeH0`coU&~dW2aCP$CA#Ov6w0oY5>F=;vf0p=>T1wakT_TEhXeUd z2<9ri6iR6_z4lCN>urkl<6^7&=(-!gANYOki0<_Dc>FkKt=D@p*0zv~4`p78t%m=x(};X zethT=Dl#P>yT7j`niJ10*(04Ts&%th5}Q8BA-8sRjL=P5Y+8wKPYGswz)WBi)|-;& z)O;!2F2`Ywp_vlTYT2aIyi{_ea$iX(*-9h63lUT;4;tt{FSqg6iqfUm&YB6CZ~n!; zV|3#)m#lx0jV9$HN1cQAh|lZv&Yr?HGCEEuE56{%+j4?Koke%yOuXIQfN@i=H#||F zP72gN%)QiSrLZX&VVb97R?7T#Vwlwf|3JZeS-bqTy=Yyzp}~jpuvbR)QA0a>(qBnt z3wz%$sZp6q4$EW4wmmLPuhNxSiy!Uxi#&cLFyv*%#ouESC-9ucCG%>PmW!ILzEQ3D z+y1rq(2AEexuM*kXW0-fJX_djHJ@&`n3%!fUytzoY9gGOw-ug$d3_LVpKdi?Zc;Sv z`E4U+s;25r(Ic(x?kxhw#kg0j=+;&bOQ+UDM!sFU`uBI=T^S^&H?4%FBv!k%t zs6hG})2;o-?1vT|!XqN&I5gUPm7AvPV?JsetEtWskfD%!%UzvE*6&Uk=H0MXrdJ(0 zB%1ajMa(NZ*Q!!gTGX(yti&^kPmkGFM(MAkxxYg^S`lHN#Yk}BTBq19!l_kmKn@RaF={<&z4`m6cl8r%?-g{} zXzmGn94~nmd+RSr2Fb>9HFL(pzu&R_V=TPNU;d{BSNe}R{(s$q2MBsBUJ|zarXv!^ ztJISu=`GgSBNkX4M4zeO$>+rJYc%g}9zVXj|IwlSwCZ&zcJO1{3cdZ;m+0s%(l7qr znAeVQVt4taxDy6&mVF{(VtNp5YyMen0U!RpuuJ7m>$@A(wYAoew6^;C=1F}N7tX$F zyL;PRN9XnW@>oiLJz6u{iY}O0LY^APGy|+9v#*k(D*MQc?#SP&encWQw0V2`xhx9s z4H+ld~>#+uz zD7H+4E`jC6s?{HdJsAPC(Na#LkRhW*uJm+8^J-}E>J^5uWg8QX_=Rj%Z&WQ!kV!d) z*EI~Zk2TyzUA&lM_2c>}@*5xTedr_V5jDXCdy3D-2w=+Ef*Rw-Kq$y+r%mAyf*}>0 z+zF^?uM8I0^@<65eBXyYbV$9jY^l&@tj#mM-tn8c9%pWx>3$(0jvW!y@6ja~lZGEKUkGj}Fl=Es|8Eu=29GVukk2 zHxK@tCBKYAf5B7!Lj5{MMr^ zlV8Z|W}Jw9$ETMEhrGT&qo-wXzwNm)nTPjWoxOjz_73;8Yivkov?enO=zNdO8WNET z(cYLn2aaKkwminWQsTZ0@2EJs{`kbzm?*4~Qv0fveuAiKV3Rf66l1%yxm6vsG`%?H zVLhlX_GtFaXY&A`V#@dgzDoIV9DC<9SGa+w z@9K9bhIGh6W~@hSwddxNM@n&-%NR8Y)I(aG?wMH}v*31Gp49bTujAAscmxAZ3|C;$ z{FESK=8K7UQF5B`2Q@!E-?c1OxySk6+H=@ngU{+hcV}=8V@};@PO{ zWW0@l1HTY0dTPFweumK(Yt2RUqQ02-PVbU6*lV*=^< zsUc(8qwoJ5I?Z!QF26e~_Nwob`1q5`3y`58M;qG}W?ZpoI@cI0p>W~C!S@VOzP_GY zJG@YD|0r{$c*HnO{smO_(m9mkQZbDv>y=2^oOp#ka-MJJ+DCh&|J^TJ_DmwZy* zg_DK?+H0~beZIFCf z{30mIq92zQ*=SBm>@7!TxjhC0kcN%lcW8BNvWtYW>WWSf^_1TB@j0jS`z(-}eIexM zYv{j!iSERSw_~JqZfe%nX}q0libAARH638#Q7d=hw;an))62d01aaU%1|pQ=yJL8Y z5`#HR&nJ%(uvkV#7Z)2COf&6^;MI45vaCBV3e6?FT=q~n=>Pr=pP_N5zI|}Z z_SOb<{R5~Xm_^D6YKF4KA_|!^#GRV}C+K+dWRJRGQzvX8&%^X%{qOzr^|II3MzZzF z%@d5=myk3(zizgl<;;b>{l?K;8s^zLrScjaD(a0RR-erUFTJ@(W%rsHXMm9#@7*|h zltDnJsi_IFB^po<6!!S?5K>+|UE+u6`LZTO^E2&}uEJp0<KFwm;_Q{vRh-5YaWD%(dPO!dKep!P>azR$k57Foz1=LS&)VuNAH|ai`+z(5VXJ0m zCm?u)9ETO3?G3=Fe!n%|R~ZM2pTbB>;FfE5<(re@Zc{WLj?%5Iu3~L_L{?t4xVMWa za7ht&&o3>h#pDmcy^A?padUVSKBr;80>O^^{P`P)PxGmcwWW#X{CXek}L!c!8Urbt>i$3JDTu6+XU`gZQu7wj_qTan?w`HzP$oq5yey*`ePHV!9Sp$iHM1k9SU zAeorG|L9rM*ABq&*5uVMj3g41%o`JVp|=X-v0vYC<9XOJ*MQBHL)YDnw5RnV!~E2k zt9%eY2BIc&SsS|cS!voyz@YQ0_% zy?C?7Tu<|1h|lZQSK_0`KJR)hK=XTy+nxgJk&i8zFPN5}%F(d+;53o+JvCR>usPu_ z^UjOE8D8bopHRKwF3?NQ;eg0~8>f{ibHU$)b-SgkwX(e+qI`GNSPUh* zOa}_v@}+wS3-Z4EhJ0_~MFdRAf?F2j4D0_!QIGEZ&!MPp(?jKtBSP~F{6d93qI9$N zZ|{!q1d8Vx?1@7n?``j*qw&$5nSK$eq&^wtgCIKuN}lUcTS_{pR@b)F?m5K3uK3VQ zZSuaK5aO=AA6RhySQyu~9=GP;d_Mg<1yenTOW@{?nB$q#& zn^8Mh9rP_@pCKcn#LEoLqjRIwVOT9k+<9qQ?QkWvW7f~h^kK~_)fcN10gJ6)j^-Cl zXFV4^a`3P%J;7mqq`u8NQIfKnqc;-TT30zTNLhF=CACm4QgJe6-^aera5uSpF7uhw zOotQS9PM$j8mS2E7WBZ1^rEt&wXJWgG^3s0Ni#_h6q203q+rVB&}_=SUgawLp69eT zd%9Sf6)40C*#-0I^NJOjmYilRv)r2Q6`QZ+IGP=17(AS#PW-{)apKQ7Kexnh6XFN{ zSK+B|wZCaZptFz6?YJR=Og6%qAyeLWtNh_sEKtyrlt0PeWn)<_&AG%nV=72;C zG`GD}n8Pkkh)rEu%=dB2dn2xhlKH%V4fB4Me3CcvrV&{W>wdyjPW>L*VSanDWV=wd zYI<7WQ*8sH&OGl@-!KBtW5>Xn42{NqU9-pkw_#`@8v~jhw<7Tuz2m4|w!wUi$kg== z{noc)3@n!vk_C$x%!G7k?Sr*f(Kz+Q&HA{gC*sm6M>^beZ8-Khol8&WF30I+@0)j8 z*19*K>#-qv)#Kl+(&yQDfjeA^iSwRSgz+K69NUeYdOfjl=V?2VzEWR%aNmN^165tK zWBOSf!bO}BxoSqb0t#1I=`150&bAqSdTpCzW!NOSK2GY?eD^G54@B0wJX(lfCoCA3 zX4CrBg_miiPydUs(&WDgD^Kx83je^+7;|Uo@kgpDYZvfM_hke{4Z89hFIfz^J_?qU zILXeXHF7n(L*;&v<_zBP#ud72mzA4ok81k)zS-T-LAG948H)-I3CV~E5jU?%BljXVCR-Oz7F|;cQ9$?a#(LxsrS^FW1Covr8A_R}H8NsL(Til85kC*8F zdO6@#(KW+fN!@HC!>sHC1m=oh?RPFyA;!V!;nZsd=Vab9b9NWr+H?VCLEBAO~q-P}G(7B>|;uP}f;(t=Ef2>ESipNgQ z#2s{cYE&Sur@d3yOOqSP$iSTvfpdtqPjfx(eBsQ$A*+D+?ps_YVXoCpu`A9N*x%1* z*RIWxSuM9e>vGotnH&FZ^>^=29RK%ij~?xP`tQ5Wor4JH&-H)7NBlDU0s?S$eSygr ze~+qPs((29lDk_;x^?W{r+yhXig;pZA5WdW`Dfgp`{C{Cp9uQ(QS2IJ=@WOzyF;4E zWZkuS)6S*O*8@vjf)4$D&VEPgKYm2Q3(+{7V_AA!DR1$=Jpz{f!g!_cb2d-Z8wS~+ z*iyv3wlqK0@~+*N$)jNOTRREUIZFHe<@oxl5Negr)`Q3J&wcnTFDazDG)<;#ANE0h zaXdv>tE5Nw+{pNAyAB3WRa&6_$BNC;$~)fp?80e~(e!jIYKrCX$BWJquBY8MSudJi zEu-p9J704OQs|c~lu#S)kyd6`P-cIjjw8~JSThu^1xXNS+Q;*C^OU*yu0y+<4zmLfAUq8(_n()k9;FkedT z2}5_hut6t%zsK_pWv5#GwHE}Re_zuUUMFL|W_8d;eqxK*J|s|`*t)JZrJ1ehj>a44 z+fufbqj^z07D5@{9U0fw=o$5h@rPE6TmD(nX!n}cE_>`1uBVO7>Q6KtEo)4lD5uYq zsgy_jV8JA#^({vO9|WrZu;dYQly_v5OzA7gm>}yRk!4QaNBdR-ikjV&oNpnpZZXdp z3%CE_L8V?|GQKWti;LEJQt<@Q=@egNkSG6N9eTdV4@^wk55pLdmoh)xmB%?0eAn~7 zsD)DM^fkmxJKxsC+PuJuOybf4rrQMnJh~fzmVJ6l$DXM(R*q%##uG8@*@vxtTnWO1 z_vjio%#xPv6YzQg(pIC`mZxgcML~L^YmR1Pk}65|UfNTP$67};7(bW4YtUPsu-g(N z#^gWE(ISR4n2zS(I?#NMJiRh8+B}ya%Z zHYo?MmRnCXNpwr5VSL=I(|rQNO(pT(G8OGEt<7T29zoAdHw!Wg!BTcDk5*80tcoL``G=E;H zp}zd*P0Q2K3H4Aue7!sHYFny;u&`s-4dmtN&hBP=jL{4qBChLv=>hCV?jh%UB$wVO zwm8kKh3kynSy)8myhhZ4<#*|`jn<0=J2=L9lMC*QO7nbMvFk!FJJ*G;(?*ywHX+tF z7ZCkcVfuOXh^Zgx0?zdf4fj-w`Vk19kx1p|`s^bn9+vI9gt^1-^4a-djjzgv*M@L^ zL&)uSM_OkN-~Gm3ipZ50bx#t_k>XYBE?T#a(L16Vo!=+G@GTN=wFlW~t$4}$T?6Cn zE#}hCspp!ju*1w!Rtv3e9-M#fRF+Qz08ym29%Cn(40Wti8(=gumWnxwk}!d$<^uIEtN`J)l> z@rnYQmH)J|rSRnI*r2k?wtMK;@2zQfJ0sNdIzt*J4Gmu^2U-Z#-wTee_E5Ng|M5KU z3@b^3TgO@A$MY{1+L`tXGp4J!P1k7;jB-VA->;k#47jbDNPirq#@yvKG%?{tF)IxBEpZn9|MHA>;t|*=!+K@S4kNM{AJ*bxcHp-_%x$CHt?4QRJw%sOf z7XSXEzG$Vv;Gik0E^;v`qM+Picvds;0aH^NIsYz)?du{PPkao!{wuzj?OQn4=bVy< zIKvI=4e@D-q6^{azRpH@`QythES63CQ(_CT7mH=Gaxtd@mNHbFg=y+oU3-vIUEb1l zD$~O`no8-HKO;6dmK>)a(($~J*UTsVi~xg1Hd#aLk1?JBczT<6zrfl=i^^~=MS*}4j> z!d|9_(c`}Q={7g5HapaVGsETbpGv8ZRam(qSI{5H+t0EO&DNzHdVc}oaIrM|NWHpm zd{n%rhJ8_XDp$?9dG6jDTbw0zuT%2Ut9+5HeO74#mG*V731L{Gkj_B-7`098&+EMR z83^+DaeoPfkt}W_FTD#0{PR-kSytqqzjyurRXU8v?Cu{se%88!dKLx-rV0EW!Fm7r z*+)n?Ob5ru<8#JN9^aj~J1@`Nu)<48G~cuCs;d^_kH;Z^i7QTanwu9MYKV|9^uGmB zqxilYnLf3UNu&AY`8WT5<(`G*c~$twGG=#9LlXP>z2f_llT8lp|2=Q-e4iFa%ajqf z{r|tJjg}N1cuEaNAKyA~>>T;Y9vOf#J!U!<94@>sP7jKk{=2C`P=hziIdWm_vv#-E zXS8V%i6`sZRST5+v^lCLiY=Fr$;;*Iypl0@k~=1ZckV3zsUPg>Hy(`aIBM(q!FgQq zwO!YC-en&3PDhLITB#3;`%`cZdude@6?e$*Wu=EMsTnrQL~AP7X#82Semif34m>q2 zs9S!Qf9>w`=iKvE)!*l%R5G)6TGz&2)%VQuHrmQs{CWGX9VHbu=?4Yrk9U`RE$F^H z&W_|Y(){aL!^E1hAVHYtzF5&$-Yre+(4ESwm}gitcSikGA1U#pwQz3T0``oi-i4_V z%Vx^QXp`oLTNoFtR(eIfc20JYy>CVXS0cF)+n}Jw^=7HI%xdF0g=_thjSShB;|{w* zr^XE0!qn#xp03n3%Sy|`kh`h2!DGm?vUi;U&7&oqc3aQt>$()3%Fe$vSd|<5nF~+h zDmBC`KR-DXyS;EfK{Q|Owu6moCv(G6#$A+6phT`hagWy<+YONkrO;|C%HyE==H9Hz zjSlR`>@LQIIZ<6Y>gTOLzemKbG)PWS#Ec0v!R;-`x0YTi;YwFLi$`^4_u76f(zrf? zY)@>}AdGcXTI)99)pmS{qg^pGSf#(>T$&iugV$=UdRT~-&Gf9~3LTM{QQtrNt^eTa z%I;fpz7MUkZ`H?j?(F#P8@FC(@ePikFTBtK(Lzr$*qzuJq_eo3L+t$luZP zV!4*(b{T}W`QMSJf5p!tsbxaR;?4z`qVfYvb}M6nJ`dhXYc8N}qM%+^tUS}2NGcv2 z)R0C8aqt}YGibMO@!OU03J+(8?SJ>oN~s`2*=Ls-#k1?=xq)>~}`!EFzdC5Dy|- z@2OQR;m5{!G8VUSQ_kEP*4dW&vV15u3ncSqqO@Wx=E_m-hpKO-885rXi$&Ebs{R{K zh`T5=6q|}hUY~F_JQx%$&p}H%&46twiATheF7?Xa7nA<)&a9?T;TR^@N&}8y!zuQ;r7F(qmc7`ABaa__5)>h`y=;13g}S z)3)c9L4=i9-Tdm&`Dy+_4-2=8Gsgo-Q#fsau^RhoUv%n;e_r;O4--Ao)Z$ov0M{8{ zVH$Op-giy@I$yPXPFEy888D}pxehf_QfJ9AO#^)&-;Y;zl3L4a37yEZCwIrd(Ee{P}3DyhS^9Co)B|Ctf z{xc92zxU<^U6}pn2d;UGXg=HRCEykN`?atW-t!4U-yhVS+cBMYbU{fwg>`o-Q=CWu zU*RnKH+k`h_LOAQ>7%ImVK;#_!@#gIWrZC-RS&^7;Xl9OmvXsQs`Or1WLReeWANf7 zz^=IQ`0Q+j?cSsC5Xkv*IV6JhvC35woY2Vkfe7QC;+Z%3zm3>=1~@4C^PoBtK*bWe z&#!WnDnm)ad0|)y@yDt%3j%0{IY`{yi{Li*As~m8reJ~igRe>4mHui^7za@IkWKOK zw9L$Q#>>;?f@J99BB$==Rs!6b6i^djkEwZc^ENq6!BwsePn_05BbrA^D%zuKBNK>A znD{c6skZ>?ltYoN$b)qx+A})0(&W*k9($DvPTsi2bdWRzg;aUaG>z{r_Pq-%$2Opj z(;YvK;nlAq;CtYE0q+zi{rfnaZ9jj0@A;3{oW~0RYPi(v8n-xsCyqiJ4ahW?vH`O4 z?mED|fS_sx>3e-pWJFb)$l4{m_bk-_?4}I zhAVWL8Uc*?8^Bry9Qthse*R#8UQl2lARy&7D4->YGAIW8otY5h(AZce0(ol@0Hthl zEZ&PR;bxNoxDKTXEx`Yo3dBtI@EWea1&Z=T;JkW@fmC1zbX8g!$MNG7W7@_kzF~bH z)`h3};&A{JB>h3=OwuHTFQ0S#wl%;6({mkizFUhV*X13Hx*rM2Q}GE2Kx^lgg9=#k z=GGR<;Hr?2BDYpn$8h6L5+fh9W`W-;qEef^NLg4dlIlL94yM|srlzQ*jg5^=p!@@KjJzi) zrqMk3oTxPL;J;jD41XP{a#{toi}*tiM;3cX4SO(F;5data6Lp@ID zN{k}ZY(j<`_20}7`7aH}eI$cM1;df&wJ1vN{o4SsGeYyTWQ`=@xqWwbBeb$!Z!JJw zE)%AgocF+DZH-O~v=y9Sd{9cAS?~8xi@j0eFOAgV=e0=Un10! zOT4>4*|R-UgWk4p6TQATh6nVf0?Ne11Uz*F6y#tXkEVo1S$=w5%At5Bde{jh!LU$6y~M_L&9EL|DIFl4QwZu#z(fDs(4bF+ z)Hd)JtE{Xm1_7fO15!@V2`3-=)-AmoVU-C{v$3&B_7-Cu>nbRQ7qXzT*BuR?#n|@H zP%U76Bv-_9psRp}EXI<=5kL9!(Y*7me?g<(X^9fut{WVgj104ohAig02ZHu}Hgf7t zPKAtD?Q+-^`XWL>F>wOqq;5)Wmmq<>oy%XKmmMqR`xa2$8Q1WjP=p0)8V%AH0MZpB zJHpnI(RP-;i>;iDVotLX?<)$?b0{bPhVz+0nG&Gtm~Xwk!oUidUs)kd^|&rBby6;Y z0&nkxU^cKEg`i^{sM_drMATJz0f?1q7QpOXTm5y=ZQq@;=G^>l1dDhRXXKF?EV=op z^wupzkBptyLZdky&zUf+lh4MKD-|6-Q+d@G6dGC+B{l{J2U9_uhMR*!3*>*afkRIF zv;1o@4!G<2xj8jc(^QFIFgsI`T6Zyn%Z~{B=#&IRpImqSh2@HQcv?4q?WtR)YsL? z@e{upUAXZ6(9xsh7bjBaPO9rdqpZx?*++nqxD9L}LiA(kjde4 zvi1kM5jUKRU+yEj_8PF1dA;?2dZy~2%WTQ)d`%z)J zY^w+8eT&qycY9M5mD*drV%3#@OxSn(92{uP>yrg^fDVqpF>?bH_cxL%@z*jz z8wfz=4S<>OT*(30NEm!`4nV`l8~BM@4x)PsY-a*Bbnu!DCKJe_$YN9of0@bg`7t3!Mb<@de0M;E2kSw^2R^C zJOu=q&NzD-t;X19%dY$(F|XAZfGGqdLT0D&Oe)Z@0LZ0Gu#&(JHAra%(C}y4_H@KQ z`ejrSOB^>9c16s8VC~ zHTMGbaZ?c}P@Yb4Ul{&;FAV4~Sx|egqfm^A+hzJd-NIAB^~E#2Vp9CbTl)L4Z~Kc5G>$XAjj%o+8b;Axdx)L&Ck zQE7}9rE)lcNu`W6Cgy<3R=nxf_Ei6Sie{e4KF`aSvH?DaXAn&1Hm<5D18&PJ>47~< z3`|Vfj|ciX+A|{{k(WY6z<+uD*kfmF#k4@qy3;2ISayIsxv1TENmJQ*YOZE`~V9dPxUKu42^+na1(${ zL106Yflv&1GhrA;2+)~0djh(wz1^)w~u0S?XQ=((>d zDClIsK_w!h3O!et!8vP;kGb5K&~=XU>eZ`qZSS6Jkqa#BOG~bS#3+N@uqAxbqSBBP0R}ryPCV)vmOx3*o)O{F6>vp%lVN{_sDPVgQ+97He4kq{p*WL7U!xnajj&erE_GRrYu(UO&Y z0c~6D*ZDwn8n{!a)O00^#*^J^1GcQ*>x-}vfY2)3d61)rB%KXP5A1Bs~uf zR;rjW%FoSJbz1b5-of)5)kyxbAveZvpWoZR(^ONVC*k2l0_6|dGiNZMy;Zd+0!Ixn z1L^3@A_)ZNbKbe(DG#`SCp}o2|GG9`7jf~TIz0D!6uV=^6q^&j#5&QnpH8sHqBg`H zR8oXBc7Eth6PMUV(zhrVWaKA2Tm8<9iHW_R+tLSs%u?gka#{ukE^b`pjt8TJM{15y zC6ykElL_t9%QMN$$}*X81VXjh=dhcsGBhf4B3CWjbSOUM3UF>{ffIv<9Z5UWLtF_@ zN=kB>T$PrTlst6kkd~9vmldFAwt>bD5_n>8CrCRx38h+Fpl%}ZM!h;q0FTtV|oHC>V6)DhNSr~B-%z~#NW)cqNS`@$0v5}-rH)`!p|L7{1BX&~-x z5*z$|W(FT{Y>Q0}&0RhU5-sUnLZK{Dz$T!^XTsj=Jf)>enna&UVcYH_ckg`K(h>K6 zf8N5v0$^csfd}^jV-WDQtHvLj~?an83x7#{}>p+8T)P_m6hoLY8_osDHWc2O^V6 z6~=G&`%^hQ&=E6JE~2IxU0ZB_O2A?8AdB{V>?hND3JR z@mT}RuhrXk@5}MsVOAyOzNmX^5Em9grx4Nzkdqtw`XqI2k1&g?CizNggWfvY-`^jA z&wO$~DGl3yWR(9{=s`%0tAnL%&(_!WULs3(^^9l-GtS7Od^YF8z-Ph1Nm{GB0}&fI zgS%ly(X9_PLFoiZ^pTKjdwP&rujEl)>g!rEyc8J`5g}stEft(7s#SDfsCjxBbl9xg zF;Af5ZWb2FZ4C=KT?AU?3PTeVfJong9V>9=2;&u#5@0EE8yizhLp|qyRJW(p%7EB^ zA?!Rf^fXY49}Vw65fb@-qsvLiskwu*Bl=`Wpz7_Kp+e^ZWw^1XIsnLk94%O zsn9qe(|y65>b~$9ZITOZwl`hi41EG_T`FiSVL{#>eiiP#4V?R-k&z6TOM*=oY=t3I z>PU@aTk0J3wzRTz*yVt}S5rqr2ERQUtbMiaX-bunEI50Gj|a@D^ADd9XpBVYwA@sP zah_^~8%g$R6A*=gv3%I2L(0&E;iQ^jeOjw=0KqbI~+EX%& z7YluXfV*y6F=7-alD#xt9$cdOYadp;T<=Ldiaef8I`JlSOp{*5X=L5OK(LGZPK12*1KW^n_{wy#u&80;;_ zkza4TQ(|GjL#_uo9_F7uH8#JTUj zocK3n-St{@_kTVjD0BYzH|^SWZ}@K*)9>rcxhMYy#eOlY{|Rd^JN{qvBizq--H>Mp zZaoxw8G)$(eDC+*-6nMO7)>A8hP}TRKE6>8t(&<_grvFIgix1%Cyd|eb0g|8VJ))o z;mj&L+>$z*_&?|Wq?1#x4)}0AIqpY$-~7*0_~dqKI{M`QiN}aH2%YXFI8+DTi9Y=I z-(kd^6t{+tA3i{WC_$58YbfR#-pP!2YoO=VV>@;%G`idT**x9g=qSeIZqTTPt1C^e z_9Sp25!ywQ`lVA~%&_X6|orKz0GGTV@lkTQoM`Q!!(xBis=H|KK} zs59WF>3`$z8`wPX)3SA#eIEfP7SAZ)rivZI<7aLgmO05ePmqILV|e4P;=t$TC-fec zGH!u}5#W9tqhYL2-&mfGC~&+x^f_E`ZRZ^@s^RpbLuigZYfc#)@4`icx1A+u(OfmR zL6!a-rx1yV^0Loqs37R)p3&0M!iL`=sRU@YyuZ+tboQzpTV@CYDWkU3hkZnTE~mh` z;WWYW)Cz&$b=m-Y_bdTZS^JKWX3iApu`gYM1|vT=cjj}t+q=#a+)mEkiHe#VX;(?y zTM^|W?lG7F9$Z~r9oPGzBD>z?^v2lwni{dDd0@lVb$3fcYW4oek6?&~Ih;pZu2fGn zzZMm2H9L7dw9n;KO(>~csgDH7652DXiV|fjE%Xb-mKWiys6wB{Si<7QR8L-&es2F^ ziISZgcLQnV)R|aig4;f;r6?xB%#hO@ExgaDd}RXS$4pgE%FN14P(g(Q8i6%P3tZb# z_EaJk{M-Pt2y<|sc|nVIX>GE3NqK49A#*U9t|2o_?&)*BA)i%8%lpLr0c~ZTBbrD(8mb zYdg29tfO;)=#N>R+AxBgly;YZnUHh6rp6jjF@)V(&Ldr%)t0P~L*K6`gH~G|_4ZyvG7d?;PR7MB3)7uGoleGS;UI)Z80W-W zbzt6thr)p>uqgGqi|@Bx92^GcLoJc%Z@L)SlyK828dGNGE4&p!6<*(Q=P4&83@Zb(6@)Z znFX2(*}^z&ZZWa$LaE-`SD^Tutyv&_G~v3Z){L+vG>^CX+`01I(G~#T! zTd9{IRzvebT)f8e$ETO+%`DDapPhV8bL+8b>8dxUd|KY1G!$C*D8rPe+bZQi_=r>c zDD8k9O+DQhH}UD^KwkZ^b6@eHWj<`$^xCDG4y`cNfcU?U*xBls8E-2M!fIuLdw{@c zH!}l2W7Dx`{^Hi6L6HHA*X$F}jle-(E7NdeSWFf}BG8>MR_OZX1pS};rNRd6 zzfllB(cohFrpx+pkG;^tmK#cm;$2R+z2Esg5%ZkR(kpZ`uJkA!gL#E`Ex(FFG)8G= z>p3S#I_f1UC1ydwE3O^{&v>qvd!>uOa!=j8yl-)9dyih80~%5@8Sv~CP#-?BQg_%< zCJ|7vNJ2$NN7rj(&U52N`2Cfen(|#AQOW&3dJ`Qjn(I4iv_N7xq(B^!{hrHinL``A z13bo{V^Gzdd((SkiBvVSf&&qa^rh}%>x^5^4v)=-KUnwK`HSi@lhWBGuF1+XafT$R zf>s2yU*ltvdTao0GKA>=WNuEz2*zHwNTiOFWT9+5RVG{?&s6{!Qq;E^xWz&5f#)>a zk7QwxZG&|YX1TK4_=JF}s`04~eNbEJ&^ESjS8q1UFDQs$gGto9YTw%qsaU7!O?OC4 zXiPt-8HKD~`V!u7p<~nCap;N<2(Wy6JDYo%ch#gS6XY`&KqDzauh1rQfHTCpbGo-a zoV6S@rcG=VbL${X&2}-FAsV<-P+x8}>+n#lwT0-H1a5bBB$+B&bP!w7#sDs3N zU`W!nw_uE`4;_qfFoejpkQzuqSbXW)HJzkajA=0i=8%z7tYZv-&Q)0FxQ@rmjzd^< z+3do;uCA^+$CwPua!!?)`Q{=oqVd_Pb+DGbZO@k`2$l<{6GRtO&alZvMeV1C zy+)oDgCHXUuR_wWs6J+4t;GV2*gCMmB0=uot*5&}^n2G$AZ($7f*dQHSJ%bEMg&yI z7`5AwWmAJ(1iPG(kr8B{5+G5EID6I_wu^F#w0E*0WmK%zFB+6r^|DJ513;3axXft^>KI{zBKa20Z{x0lhRxgChiGW1 zOjvT3dx7apCookoGR@56eJKHxQ&U3_nvTmrZVSSty+8s|R7sKy56;epy^|qmvF&aj zaHSjbEa)`kEPo*M3Naw*@)oDbwkn(^c0=tZi4DdS@mT739dXozEf(Y+d#3Kg@;VnMK!(*8pw%r(`%5_M% zge4eCmM*!Fa(c^A-E0T~hSv34r7IrDr#vR4OA#qDp+pWQx0>0h-U zo4{Yif(k1a;|$eX>g<#WX1pptC#hdxo;}`)&j4?;R(HGqNhmd$3e}l(jL(WnEkxnt z^$FLDCC58J;;@gJt!A?%*V8#n^yhKiq(ucpM+}>m=Z*xD87>TttbH zv++OnZj>;{M}rgaX}zzlO77T62~+{%qh_&PrCWn`j?PV=qT3en!2lmMGPT++J{&I0 z?1hv{`)@5|iVvxYDUapm=%m3FIa_G0JK8jLol(@}DY&N((CACL9~LPAG+P)luH%wY zw-Cap;x$ip7TvkU<}Z0;g60n)RTnE}8=GTX&Y`VMzr=D`6(Rvybt&t1%v)BOP>#%I zAD?58%{>;paE8+p0+-;ms!C5Jq~J(ZDwa%;tPC#p>M7#2>Ps%o%GOv`#=t?fJt5w} zDhK%hG%O#x-m*-)-tx*8f(nYdnGVq*K3g|4!}1LPiE zy9;0ovTTG%FjU+Icva#!;13qg(kciwFpu7TNN)yJ){ZkPR~QE*L3wj+tUxZway9p@ z9`XL|tR-fNc@k7FpwdQbQ3>`7YtRMldd)%$Hs9}Ifr2`cnuG0naBt=wUOi3TawCN4 zC7<<1pRCc+Dx*k&B`1>0mkZl+hNx4U*#E*$DUVNR2 z$tx;~0vn{1C~y}#3WqovLK~Cdb60Ma6E~U``Qp*sTBCs0*)b?+OI5=gL9MVs34D91 z3lE5uHwz=p4bU36ZcFhM)Fs56C*M#f6Hb>pNtbPx#nBU>)5Y260{veA6(Nem4xSvj zvM|}DVOZg&hBk;lCGHZ%1KpuFL*O?urng3V4Y*2uJf`N_J_b}lRpi*uLsi&QE3ihe zm10@9nShR;5dUc@xYlAF)E1Efz5v-)^l5s_x1 zOiGVT@8bK78IT!hfKz%QeS{J^XAey&l;?~;6F2N0tZi&qFK2b7yMBbO!4uy~M{bAw z^Xw3i&p*yDcw)dACoTT7{AnCy_)$p|)~z)QKS9TU!DCFfhtXR^Lj8;u$s|qx?2_opva5?k8u?GYoR2Jh?I51oA2Ml zCenb6Z`Jm?b%MA%Lf3f_d?zTcj`rABA>G`bCQ5o^%@PyS2Y9aRJ2a?Wxqej0t>xa@ zdd*XI=m|UV&N!4=A>?Vz#XKLM)%#}?B)#=uf&YAzpbP;?VyJd9*NxwXdPGIVGWKr6 zhy^R;(hPt=+*##KnE+u2y(*g+pY<`-z^0W?O({>k+Oy-R4z~owI|DSz?%usS2Eu;n zD?6Kw9UTDq8te#R>Y>IsVms^r2kM)jooxXr4EE}$7bsJG*%)HqUx00~-FF}WT&6qF z(pSu55mU9^x#7QiPg0%tmowDG1OJ>)AOHlc)YS6wYx86_Lejxfm#Nt9!fn;914m?M z6Ex&RL!s1~4O_EDU(&jRhhX1nWZjwdvS1TxRr!TNpVlx+a$=6_g>4xM)U95LqMT5Q z6GmrbWaL0aucbvbTfbb3xV5aGpOaKobxhc0Qm1j-tB6A}9s}#%5nEMYZH7a94F%6fS>&wiojd^qd zc+)qb`l()hh)(#?4WiDBB$rlJNs(}eBUdA*r>B1=?YmYezQ$$^XpLU6rS=@#>j@y4Am^N_l5~?~q1Xv$ zwPspA&b%=;^TO>1ltoCNMA?0-$Skt`Z|uEyJl6gHK72M+WQ0;e8b%b7kW~tik-bUC zN+Los+9jjRmSklUGO|ZTlr4pfjEpj}PwPJ3U0v7p{eJHIuiyQ9JnsAc{qFPesOyUJ ze4p>}8qeqPJdWepR*i!wb=gFMC-=1UcJ$QbSD0PENdvrzGbsmChPzV3#Vgz%v&K#f zQ&70|e|#p_&!eF@<3fb@tLG;ZwLZ34FZJBrbPYzC`kZ`baeA3g3k`BL5?hl(5>M|d zXpO!<+L;HP{R7Uo=-@j5E0O@~Ch`eUG0{ZzO6A5WQIQ#xTTZ3`}d;$o*Ya z8bEdw;0G%}K?I)hRH(B7fjr|(s@I%dV60*T*~vyT#(_~O>}dIvd#itLg6GOIv61fA zii-pAH8k}^5V6Xmy@+`92{@;cngt$q?npdUmM9i8lF{4X41#bVIgTw!6MhLADUoph zwP`6jpSUkJe8Q?J*B3O5K7otRy|;3oBhUBTz4`vAKN@_)k33_og&9g(fW`Z@CbsPR z#_Ks(uZ`KM(%m*|-6e)S%NZ^03|Pb*HQ*UDZBZPa(Dm|oKx(*blqwQ))mhfBn(1cT zgy%UV=*`jh10g8)4ZUJWZm&`eN1IQBgTc??B(diJQs^&E@0`PaGYxm`ogXD9z82vwR`eiaY-7P3Ytsfy~j}v@m=*B@XHTwjLqPrHS03*YK5dxFphK)7Rs&#PiLv?c(6!Nn9Dhr&U@KS_pt+{cp72OT$O5 zVpTkqzt0~UyO%J{KmU)YV}yVw<4d}kOZ>E+z#FgmjLb}}%FU@5Jf%+s z6#l_d#xtQiHceECbRQVU?RPM%i~jJWQGn^s89wwjuMJYh#~ayJUFXX*A|5I2&YiOV z=$!5D;q3)et)4_J?$7Igv2xl!m-S$JA?E!^^u4OqrWcvPeVy{dI#N#ll>aV5{LF!^ z@~5RjemLa6m>FF-eKAALbJx2)y?-CU>&v}+*W67WGBkY}dFng08^y)^Ek%nCs^t&F z0I!tE8+}LnMWAwBl$q@bn#@X14oP(W+AX6nm^YTcoN5Xd{VEoTtGu;Ram zX)M3==kT4%1ZI05G?_TGo2?GzpJ|_t2P0mD39wqRAy>KPwwy3>EEcu;BSFe5n zexPJ}HeV!QNNdnY&IONQ_ePmO6TPA|VyeZ!@N!fC;@ssLFY9}Bzjm!Win&c7?yqRt z5k@k5DDFl&*vG#@3xanEvoNo*{+b)MbEh|mp%vh*Td045Q!Zhr#K^5C4MtV{w{l~6 zBq;=-QU~(ue(hFkAQrEm3b`4>>n4a{GDi$QYRj-l1#2K04Rr};9c;Kwv2|(_-~9IL zXGMZZVI66zpJ}~0Sue9f!wxL0HzsAR3HsR))j{!G!r6sjcnC~$N04vcxN#Vi2$15H zm6cO=NRZVL{ttu9g=4!U37`*>KYDFdm7s+q@p{aTS-v8SO9?7kF$G=)DrJ$}kt0Xa zs{L6d4m!`OI8F`-fs1AAPNstI)kAE$&57Du)`*6yeM4`hU%aT< zSH4yU4a7d>Iwki1beBPgm}am*6{kD%oQ)v^XkMJZ+~1#h8a-I_(#_(LAEd%G2Pu;} z+-j2|BO?QZlsh|x8E9!=E-e%|{_3M!B9H7-KO3a8giCCMrBI5Xg&!&=QNIAsA(D!} z)FZt^$|LCx4O={?$_s1sCV+I}20Aa5UjHMT{e6p44Uincy~&n54?-x4RuKd*3{3#J zfF3HqP#Fx5oi-9Q{wkVL6=LaWX)wUxxqso*kH+oGk0Z^a|+ZV0CcU8<6<$ zHg#}S1A~Ku0TqG)an+{3x+Q?1W>^n5zb60~&_Je3D8@#9e3^W8bj zx&WbvDu9K0u+W30ioRZUT9g>!I((S7_6T9}4eC023k{g>Ju zD^Zb=LBMsJ4nYc{IXS>akOwj6-M)$DL6ScXGq-vWK({1I$@%@5 zxM*t78vs}P73VWxV6TQ7l_qG97$jnji*qLO0)j-sm>O|{qNc7+1uUrV#eZ$V#roVQ z^tjcpawjJTi59qC+(XbMkd0@ft#ZOxk^hq(2iz-|7jwQJLBoPXv-bgdxsFc=#vXV; z`%a51^%G8K1i>lY{PLH!wqcN`9#_NG{|yNF;N^3HR#p8%;u)6ZCw*B3`7`_X?mc<^ z`gP2@0QAX8BK(~J_#br{m;3p3p#W=Seu16k#J3or)`@$6Hzxq6w|{tew>)UemXWqX z@CSoF?9AD-FY)GqI%BS=hPlR>6VlTb=rjz+uzNj9@WBdPf9a$zXZ~6Ni`#db9<}<&G&Ewb*7;-LtuHntwRgZvK$439)>HF7K3#I& z%%|Ci z>r8LF4&9eVw)pt;pqN-*QMI?#-1s9bQem|(Bw|tJukLhdUTY_Wpbpyf}Su35dmM zXBO^wmSMvYLyZ*eDWGB=m745%GKAbl=rBk5J_RTrrzY`a)Y+dqUwO3PW zC!>QzZ~h*6e}Bp)(Oi);dHbI2z5@%a#18f6HU23h^T^mwLOJ&5)t$U;$HCjTo{Y`> zOO5i%Zp%0uKf(}SW)U#P_SX~r=j~gWc1vswxFH=a75?P=kzdsR9$TyCnc>qf!UJjc zF*`q8X5RP@iK>Gjk*34KE0nRf7( zo6xMzX#Pm<+i6VNu9)Ga`ZQDRuQ~RDnp5VVU(*4-V&eSk`-}A}+7xofR>*C6V{A?5 ztu4wUR_%&`7A77%@#==OprJhM69C+d+VY&UL5NF$cJfpJ&{K088y>7n$d+ZW1Yn+s zV1mM|E55G9y}#NHe94^ibuS`7f3ErJ{v6R*>=9c@pA0@fzkMxW>u;wT2)s z6k1qU_sIj4&`dj5Zlv%Pa8W(R6I5rchz$hFr+JMF)nZPIC7^{gUq>uh{Dd7ka_3&p zwsDP5NxEuF%fn~}fQs5HC{3OgPR`D1=UoYVV_LcOFE*~9*7UF@(FWzOD8k z_qHJnbn{o+GP1m_1T(>B8?WXy5HSv5*s>+^{KwALU;W1W(Rn#71VCtt$6U`t@G;EE zwU&pi8zT4Bty{D4J^D{z{#$DGIfE2wJU-BzBfirU!Ha&fQGu*xLeA6krNC9Ru~H~#Nf5i&)&qKx;2=b! zPwo(i>ptjclHa5oqj+5K~svq3>Z)Q4wx4Vj)&;oa?3y8~9u7$Gd6BGwojkqIq=> z*+7i|So}4tOJiLpB|}TjqNg~0A1W`M+gUxAx4(o*Cgf@zIrZ8#Y*`NrvyPTb4; zD82`yZ8E`uM|t&8>~{yl!fP@;Jw3ype(nJ&<1{_TwO2%>Gc~9}Fqc7DJcc$hXA-r> z60c5ML*$uD2(-ZQ*45Po_T`tL7LyJ<3AFeKfM4KwjiJv1A*#TGU#HGiG-LwnizH`8?OXo zO-jXZ1smtUQ%QI4y+id8;Zxt+r;gU-&dCq*A z$$Bz~9Gl))2@+8a8pxd7c5rbw#y1vA<42EF(c~cqfzty`Iq6erb#5SXlPaI>87S!6kax1OK1!NK z$ukAx+;Vz2bGWHe3D8j!djAk{DfXo~hFQS5T|&;Iyyn=8uuC+dHDYtD|1)fU1UQVy ztd3y513Ww(0O3{wBuWW*PE{br8yPLUap>Oxb%Zge^7Ced>;y9xxc9!foK&Ee@!;R= z5c^~ZMlV{q-$E!6M z(EYqpUi!cgv~+-%SFyK3sUEGiGz+hZ62!k%Yt})S z?veB0WoBkpmtYagY6VjP9PI@if1lHcm8&EXuk6;7%bCGDstFX)4qrNacb;j`2CQp9Mex2o5Y-R|P#Bvkdq6a*Xk1vm1EL|@ z1sOs5^7jhyfr9`-ts0{r?cK~Ksex1|2=#rOExp|{q;-&PHq=Ml+$WEBs1{sxf;fr0 zzcx%iE9(dzV!&Q-59I@bK)-0Z5VB>THym5luu5nm?C!O#Y+txT(6vxWk`KUNiD&%K-;hL`lVI7yE_|)h*qp}806}~2%JCYVAP++8MmT_6%g&s$WztQvhTgA zaeP3=UT)+sSe1#wmkPurA2ARSeRzy6V6-NvMy(%)suNqwZn;WNR`pP+qA)Atyd04c zZ~!=L@3qvjdvIVGu4#;1f`SAqRBC__%IlcuugiPLkeoKZ^#>VI|bt&zy zsr4HM^;!|b5<5NEphRT42;~bS;p{lG#6su$HMq>XBBM=ecqn zH~I0|;y>F!KK1%LC>Wk0(!7ie^)8^xrlv~@ZLimsg&k1B7d<_65b1{y+XzU> z@7^xLE*3@xp(68t0!%&r6W|s1j4sRH=;zT+X~ep$7{2YmQ$9Dh1+z>6m+@on%ku_5 zv8z)5X1?U?jXx71y@UT{k+?Vq7s&O*%t4>b=@xBfbGvY3A?y4-^5lui6M6+#lQH~Q zEtZHbeu%ztpS3aN5JYR?cJGy^=Www^f2x3UtlHo42mq0^<=6+JavFrbPW>O5=}UF= z^nMTfF3;BqTFFW5C)Ph{dyPEw*2Z46zTQIAQqS^RzPs0h=qMHYVxYt*mL_$7RyM2V zxCUb2VyPFhkCeNSVY2)QbsIv2L1g1{h&o1|ixYRTiMd_es^(CcXw@`3H8;VAsOcduZ!{R2mh~^M zD_n>Sdhj3v_(deDwKk2>+=MGRL8SpeQSo*W#Z^=k6|txc^!*7Rc`WF{K4;t~;1u6IGC7Aw{0Uig3x*Lb0oblJB1zIFZ#K115L}3o8j@hoi ze&KZz5A^T%{4Xm~_%{vtkAg@N(`pj8IfMz~r6^SIx%uaIbtjuzSv~a4Jih*>Ou`rs zgd)-R8kmwHRw(^*-$-`Jaa>W-(tGgXSaKo2?^BP)H{AI9x4(-xL^gWs$?-pTm$p|a z$5`S239U!IgG8=#E2zL*3=hJ9dU@IZ+W{I%%2on0Y{_yO>W~2u@Y@07HK;}3YJW|U4Pcy+qdJ--S*!2A`~v&u0xd(cq2F}TkPJ( zepj2mG7>yoG16VKCP6!Ul+xGYKO_yIdcpx55hM9`D@BCtJ}IL81Yfi4rAy;BT}AKT z&LCsjBhx-NStnJwv&heH|Dx2)=+PwaB>y#Yq15y;3>Rcnsicon{m5iCWy~{m(sowT zP}IrGyZn>d@na_AYgGmr8SYh#RyogSX+m@#J!48WDhmHT;o4W*ak=*SoYM0rZ(~mP zR`u-papvUjmoY8pt$Tyd(on8WGLCim2B^ku?q@4qm!fM~*`7;?lMjQv)^pVD%9t#+ zWJ#OC?2BE}$BvP(pI0iMFm8TN&xx+$Yd(CWOgmKAKt^9i64s;ck?*r#TkC>(LVG%s znScEJaR%$%h0ZtfQDb#4geYSaLO#r-Udo$+Z)<`$Waf z9lyh~uC|sMytWM+HXOrtwtert->*V`cdb=)?mV3Z?i3Od<&({0odrw#`(2ifZeeHV z>w)0Ju>h&dOU)52v{!zZ*HKr;wtoGc{3@BQWW?4H`tWaCJ2LseZE|2ULb$v3rj?~7 z4RjDD-g)+nSs|2rjkdOSW+Ri}72XOT7M`U8w~p1ZO4O^~ly_BXI>Y$gZF)3j+BWp@ z<9k6t3|G#fz2olPkz=HA+TD?<(kd!6APvifwPp5beBC(Gnj9E%z%X}h%g#iTC32=t z#`(-C^5gIw!s|%}h1WJJw}kPVjnj7IPIrx%1MHj_*5vZ?(LRL|#JUWNkFr1YgnHD< zwi8FZdNntw?(JoZh6MA|B4VOZ;1@mS_YlV(mJyt(GA21#UnoIr0~ebh$7{eFZ`aI@ ze(|jh%P>Cqqa|Y-xQw>~Iag$}Qw&vO9L!zZTu;{kQ5_$-M;F)g<5pXyb!pS(LtE(S zg%a#Et;Da*k)mY%P9nNf%~W8V8f)DKk+*ImEFV zzWXd-dL~axNkr562JRym&T$P_Kvkwk?+9sw4mZWA@ng6i)z~WsZr!>?s&ZM^`pWlN z_rSpVyaY|v))q$OP(g*Bv!jNNmR;1dV_kRMvMnsg%zV7ONazR>`b^fr;Sf4>JjhK+xs)(^Yk7&hdv9Ni?9UWx&3-D3 zBI4q4IfpIJussvD4KV735YpO3@i7T%>}DsY+eP7QdRdm&@$n5b{#7B`IyxewT{KlQ zYdZi`HxwF*X~Y|BFL0ZdH8cA(CM#2LCp%R5sj$tR>frrRN+X}fCnxLD{f?RnuuHP; z@m$zUJwuHhP7({lbMv>ft0xC)11lD8%u}ZOIGZ~~Tolz#(z!lAInav$gh||m9~ag$ zFu-xZ-^ZsI>=xoo-&l6;^e9~3)UK@Ro>0ApG&9!a|4Qj;X+sH}ZTp)N^xil;ESx}& zO|Xx?_{?2F^y7yQubsz?L`20-7#p(zDLV;vL$_O*aOFbS=8@K@Q;&9AwrBm^cKU?T zb7PqQzwuA!HfBBWRJbnPAS@>+AYfDK6Qekze%L zwf9y3nkXw2${Xk!w9~9x6c`R@G2EqQD+Q7$fCd9Yk&S#sRCmLR*xIse{gKNlr25Y< zG;@=V0amv!n_YkY!}E=93oAx^^t7~Ikuu5A;#YpQ-Tt=EyLU`IHqE0<79KQ=3$tSs z5AE%3tGd~lM6LIxbmdU9v9W#r(tg5N%8kh}No(^yg^-gyrCT>;S9aCW$lj5~!V}QZ zFE1}I;?Y6zvn@L?4>Zl6b2bZCsJ0(v;9QZsJt}eaRM!Z3vX0B})!~B%`94J|VX}^n zhnE-Cm+r4|YRtLXzn{oxVeZmh-NIAf&`^SeC8pn_uuv!GEFE!{%!R_Q%}37n)jXp? z8(Zt|X&1lht(9=S0djvY*>~iz=w%K^r^8)8Pu{v~T3>veOZ^qqa$6cb2tYE3$ybra zx+=d}jjJ!te-9roa-~Pr>U!m^jT@+_f(lm#RcW{K>20XvR=?EUy()Syr|D2YdE+m5 zH$=+$k6N~;u%s9i+yFC z+ar4xl4~xFs+|_K&uc@vzzMF;RT|+{DF#6IGSAJ~ajp@#=nRVom&ANRY_u&s|g zc3kkn=bVjDZJca6uO#4DwJZA7E9=8sW0juWQ4SL;`F@M$dDwFSlhRwfHGD?7REd#V zjV@j3<_{d{^ult_XewJJEi9P)_?%|>C34?2<>y}6&a!MUrKt2;Uh`1Qnbjc2g^pR+ z_FcyJI)<$9e6mI`#ls0A$)QYh{GvA3HB|{~5dpLD`U`D=W7!yrN^>>Mdl`THMmY z7!o3LCf@}|^7p5~!6(}7_Lx{&lGN4JeOSb(<*3;-^H`hZqd+mTY{_Nx@lhNK+HF7Ps#u$gk&$g9fTB)WOh`y^RyczL`E-5Lgdt{+Y zecjM*mYR^%W8l7-*xLG{Ini$Z@gjMjV4jdD3xC$Z=6HHVMa73wo*qfz>;u%BH_=!`=_ z!+O%dVD(cWyO5}*5`cGrZ1>=FL@E~;G_B&iC#$(0oIdn~O83 z!926x`TcY#x9vG4{H_<&sXB)?YVaVUR)N(E3~_eFi?GogrEw zF1(zhw0{lh(DE)Ka4LQGS%-{pmztM%(;jZ_`3D2KY3F2iiaxcsS42$ZHp@~>b{gS# ztU8nLzOWT=Tj@Px&l8V!KQ-k4kk4~%imBZB#aL%1rNq_!%Rld-MHR8!Z}8YMwf6Y& zOIbl|2@!Bwk8@+)`-M4FVzZVI*2 zDPjdcb|*NP5uxNwao1nFdT!b_v^LeKwaR$w>=u|P((YQfPU85;r|Oz$USCd?8@p~5 ztN40W&lG%i9&5ICc8c5o9j9kvcyOeN!8|#6Vz`B8C_eN7vSWL#riJj?{TgF?-dhY!6_ukV#VLtCwzeRRUdX6_o=uf>0J0b&yqc@7%oMr%DuHO{-E>v`3* z_ti&!e*UTk7g5)5YuD4T{*qsy{XLLGeYpVvpHfzqUANCv>8ra83c=k!`+cD^iIfiv zm$VUW3Epnw=qPzl>}Wox@9&_0aOFC^^vS7@{6_?2L2obZ=cuT-=k2W}RsiJgCB(3e zT@Wf)to7gcxLaUVsU$%o-K>ojg@_TIA@_YNgi7N(v!sk%(j0 zZ#abBy>q9hr|cNuxnsRYxm45F5|eUirI4(!-Ow=XLTa`e=Vtb`D3AKcJlGm_=K&=N z{hKI0=UADBO#k@t<1DI0q;5EEAY(E{5_q$xOfJr_HY8au!aPyy;d`?j$D!SKs93!t zwY1_!`+{P`g;R{>ZhJF661Fq)9R~m4r^w|2sv{RVxC})KotliJ4ujip8*`CJUqpwq z_bCM3N=c!veIa%eZeiCNna*f!OQ_b3G~3uw=pKwePKngv-e1bf?6rFOVdqCq<3wG`|DB9y5`mY#67mZ2sZnN4gz5)<01UvE6d= zD_NtwxR@mKK+gor2_%!Lj$c0*xBRGM3i#=B6%`M0$RL9@F*kqG`}0#vi;T72ewsUf(!E`sFXT>k`9K}l zTYB3Q3+G<5L)%|SxrLa&O}5>KT%veZwj%MP^og>EK~r5})zAros=e)DNXQ*P#^+X+ zmj)XIdxiDD@>yfYXE$`Wd9v^QgZ%klCH4FZUzgmk&K|!z^OKI2c31ZEJm;S`^ySL8 zIm2MU_lRwK-(aa8da}_nGTwH*{9V3iGd%;tTF;dqfjeUqLMwoq(Qe;<9j&0dmlkv~ z8=(!5GwZX#TCi1m1GZX|&JI!C#?H5wIkPTw`T(|FO@j9q)rk`)hJ=bb) zGXw+#yo`;#yIbbaL55*Z4L&R%#}PPBRE|X*PD!;WsiO^l=oJ)Xws-H|v$$h9sBpmFVqksVK&!2UY3^QbhEfTQAQu*#!xn(T3=nY>O(lJLz2Ia(g1wN+{ zX-!eFD?fZ74?2qg4WrWq7AZ)9Zx*^QSZUmO_wMA}-1B4YSH6VHT7OB{ryPFN7bAxK zz=6$(HcCOgNY9ivFc4Q$SEplPS!c&L##>Yw{a!}{hY-uTHov8@v2nakYK1s>qlFB20V$WU%$7ZqKH;hJ`Bev|L8dh)X9Sz2)k3482pr0v_r{8=P6eUU5T zHZ?Q51=zS3)>x;Ml!Aw~!X#X> zUOtnc#fPAUtEV)l;}x#2UT0#ZyB2xGZQ9j#U4=4=if<~0g7#}}lC1QHi8PrdpsU^x?SxJ(%b>!eD_}+}5^Z-ABsqR=T2>cQWXQTbyK&W#q3c3hImQ zOw>GaKVY9~&ZQa3>#0V!5#i7gAn7HsD`TBEQPk;=qeeyTCX1MJPx*uImS>7s5jvx6 zdOas6=fViw-dHsgv}DTG`;K1@4Y!BSaAspwFpn_Wmfc2Cp)}@>ATbiUWY33r#p!3W zz7Ti!J{Xo){N?@jWW6k}2d9;WZsZ>Azt9=E?yn^D8S$&KJJh$oGpKxSZ?||4X3dt@ zZ+KUWxl#Cz*c2Bpa~UNu4YwrwE3=609$j*C9FG1H$b{IbG@&Ii&1#ZEL`+kzX6pgk zUx(KAGl+-ns>4Ec)>M5Jx{sa|s`(R5iahOARdL2;|u=58?eUh$v$N032n%cQ6CyT4DCheaN zT#D~mZD+@qxj^LR%FnFSlwFbcco}=luM-fk12sZUC-eZ%(t=B53JO)PUvv5V+GG^J zm5z>DP_TbGnYT7Eup;)ItJ8-kVid35DypVlG|X|nEEje(MVBL1qr7`?kjsZfkQ&g? zU5s(mvG~yikc#;zZ;da*aC7W_ScvK5T%x095vKya(hzfb8}N3mUPoEKo%dhAzSMl_ zN`+mK-!U_@y)-_54P{9|mXh|ddxhL8H_BAA93R<9ew@2yH4Zxit#JK~7wje* z4P|TssVor7Ip7YS#Yc7|ro%4$Fc_<@jvQ0#%y)flw<0+>GCA(`U%t_Hu39A0j>>pD zgr0w1Q%gNOy?IPS92R0vM@0Z zt*SRQ|M!jVWiB>Sza#0t{(2NbtVjR8{&xj+R4<2NF_3BksAg3_Arga4VnJ~9-P~q)s&HAP@U&xXf7B>SA+l|Qn z!LNQ>d#E3F#!k%q6muNwr2O=Wk>7dr8tK^C?mam<&BtL_)7>vbX_%X1TI|J6@1)#W?iFsheEBlO1KYH; zLPV8K;qiO#zU$3AXS>pO@79v|&wp?^Y}>ZB>6Pp1s>koDo;x1m=RXEs2C%q=ugy&` zX-b2R@41BArhN(w7M1LOA3T!p29ev!=pe%R_%t{?NcQa6U9gJcR$9N2y?bQj?ne5G zY8csSZ$m1woHESK&rf^gNWbXzf9}djV+LZ85#6$Lr;qgQBqSx=?lV0+mEfVP#ywxgy-N_ISZn-!qvBd-4k`PC&5)D^N=4w{J+guYYOTpoTbQBdHtE z#b9GO%aJ3&J>S$Qn2%goO-eG%TLts@QZVRH*7FJX98Ga_H+R+14SokNP~cO7_}^kg za3m5aCdcq4XKifmR`@>afybqq9u2GbNs#hX6EsA@eAod^^4Us`zi)b@8m4&U$}=F> zJ?Kp>;`)nev}59Cn4#tyyDqwki3vbxbOweaFZHv-d&WFj0y$i}tAo)q2T7OAv0~ey z_w45AQ+@|xPNbz7pEE2t!JD`XqAH05!&-lEypY34rBARXd(j9UYzbIzTT`D{RvPfAO#Zp$3mAeNWlGBtI(AjmOgTwje%Z*5&0^kms~wMtD#fYHVui=@HntN0zE=qE`-&(hKQ$1T2jni+@?O zYE^d6PYHS)Sq>2&Y5?_Vy>)TAP3vgbI?Kt^HnjBgWy>((f6J{ALRaw^B;q&^<$OYxh3@5y)El^^^R@Xr|?oYMRY!~!X0Bt3oi@R>Jx3^~!o1p;{s<^atHLl|w6b1bu+F{dDwR@UC^FIk$hKYqX zBbiM8obSqm)aWko@6`Z56H30kJ&H*4CeBn=O>H+!{3%RLO&Pe=)~2Lne$l=EXHgow z>om)KsW)QgBAe$4Om-1^div*L&I)8P&*f__bNsZVGx>9#MPX6M)lq#K|0YwljpxDj z>#LBzuOfjH19LFvkd1Mx*KOK$WJUsBK=)WBI#v#ZetSEK%;p<(R=R~N5io+UG8-DK zkI0zP#SOl2p}Iy%g}96px}B(9ol2cppx+lPR!|6W7{9ckAArB@DyEG#ToNzTtFoxJaJ|0U%63|wc?2q)7b zBEp2rDF3tempjNf&egwMHP{#v*wGL6rsk8142!xmZ!A^!xduri1HLrgZ6s6^{e_&+ zct}vN4BW}|1MP+G6rF|cWqyi(kCU~#vNt{y-uCeMCWxQI+N-oH=v4i1UzyIIKR>rH z=ELbJEp7B|u%Xx5v#XcSQt(*>}+mbt*pPfB_en$6`_AAJf zFsj!K)Ebg(M!e%xqo_eye#EJAk=Qd@68axYer487JX%^~vlRt~m#PbYUlyGez3GYK zcc+hwJEE_yR{rq|2{OqXI zngDfD<*%on+3(qkdy~VR#Uy8)3?=_t04w!ooT=Ntzc{DmSU2U*4p|}?iU*ghYtHeX zQ0&pxYICZ-kL&u5toqgesn)jHLXiHSQ>1I~=k@1)?YjEmii=c^oy3OZIU0t788tP zhtTPvCN{vLD@CJ~nGs)$%H93buV`CH(b0}~Kl3k0Ab-F%Z9ns4o-bqtyECQ$<cKA=Vj#qlNUW@Z#J&WY*gx?npU5!VyZA(b*Lt$mfPEL1U z_c{a>*v6Sjz_!=3uce|o^sO4U+mhV2Zf;^Ot{+Q5gEl!I!iIWE2{f`M*4Dd|dj|*a zVdvr6S=l8Wo|c(>Z@XarBeV`cDdgJBQhc)QIxLvfhF?=J(~P&)s_0u?HHhA9PhR=z zEF?ia*MWW07tKaW8`C$OuYJzpKH4L&9RT|s6p^NMn_eju)|j4;T;cQ|EiQh0%(|`h zecdssJ#}_0i1oQDKc#&20vY7oV0}rPTFfCYAF->e*Rb`wNOOsc??n5pyp&Lk?4^fG z$C=ywJ{N}btk*~|OLUNM`ZV7Lx5f1=EN8K{`Gl@i3aG*gE=fOo6X{ZawWiBe0LM;9;tEYe%DYFjDNq9Ousxc4v|w5xx)Ohf;l_fh3%Tjr&{s#T<7 z^iLT_WwpX*-cZkDcC=t;tYOY26JEW;QZ*LT)K|u5UTh>0+@^_MPJYXJ{tw|&6aY)- zITm~(BG_LkO)j2WXp+9YDMB}c!`RlX=!!?%HLCfj@}U*yu9hj0?#u1z=FE^SZbp>z zB?L_@Hlu>rQ@o43cGOpJSyhV&L3g@Nd|L;qD*`;Nm*_0g_??Y4Ujkw&FfCBM6URo^ z5Or6~z`%MJ?iwrWi%a(QvX{mMPs+-kgUsgj>(|9l+R<(KwFSYpENH`L3Uc>|OT?%Z{>%g}Hk06h^N?~B ze6GBn>ARuW&J0@2V8>f#Jo`KQHTUn~7}$*c#T#0P)uh_+6$;2>PN3p}ka=s^QSg3iI>Nvx|r@Ra8`rPdz8H zDxzjm6Ow#PQISeby$Pm=`UFV}GLm;ua>rd}M-RaF)`!rUNSyj0pO>tYwu6rD5kG%@ z<>$00SYKHYh47La`$%h1=;w!=u&+9p(#R-deBdK9m_a`s)_tB4dVRs|NYXH-nc z0G~^1Qxck`)~sIr`clu9B%^}eHCG`qW)i!y8p1fj{>x|kq!`i&o~6-5?Ffg;^H;AP zJ#yjmT4Q6Wcje_h*i; z-b8W}C&4P~x5zlsYFGLxnK>dg+@4GD;&Tf0^7BJA?z^R8n1mZODoQs%oIp8I0QViC z?WXo5w7jzH%-;?HxIa7-h@?2|=v$NatfKDk&h&gnx6UH_d@NK$iSu_@AS2|V+qUg4 z>Px0GKU}$VUXzUSHyp=EK(WjRxvw-bUr_i%+9~>d8BxV2c`0(J!((r1(0A1uGLeRJ z>1R>l%CXo=QoX}wGclkN18-lZo9=2`+MY8$e2$JI0P$O<&|IHy`KEibMD)~#r zNpx9asCcfTn(>Mf#dKud@tpbli-Lwx8(&Rg*%QG66zXoE5VVfu zvLZUM5YP59;lA;5Ym7ywbL{>m^H( zgI9nyg&koN2~lxnilN)3nIEF>Dl5xcG6_z~%kjt6B_&2y##L`TmSn-gQgGgxYM4h1 zmz(Q1SEVPjseh`#VqKPH>)8WI`Rnxb8{jWvnw`GbLE+Wi9cvMn^*0ybELcISP7e4LJca{XrJPjVm>Gy2sa-QyC^dYDav%188!$6{ITnNP-ynR$_tLjY-R zZ+c?dUA%nH-@o#;$)4^W0oML%T^@`b1qG{DrZ)7Vj9}_RS85# zM|Z<|slK(fvch*{eB9(^X|IhE7n)e78KEU3Js4=z;2r2>Ut9z4%8fMs@}IM81*tX* zj=o`&^4JaS;T_Dwj+`C}cXxNhB)hn|w?o+A_4e)CQV+NRi{k-MV%6EO(e*yYYDwky zwdc-tl1OM7H)prFl3G_KR?A~-G@;JoO-6BJ@~pY}{g*E}F~Foj*}>!(Blw|NQcB9o zur}ra1JWU;a&5x5)S?xoB!jnlM>#rjox}(%>q|z#DiSD1cVlAqB_-D=%*RLauD^Tt zZjFRzz1d2_1-Jgp+nG+fZznXHCb?a|zo-kB(spy}3zOTiefxfia5d-fpmXW@IHr0H@%>5QguMb!ueHXGyVtLy08_uW9n>9|T+ z;e*38Y?AxY1tj{CtD0H>upmR+5B&}7@35LhqGQu;s6b$1ejm%l{qF9w?6+t!9_c~f zqLcJ|{{W{1)&>LdlO{8;C^qUXwQ}0C_mSk zzfO7sJ0PgtP;B8qkT@MAn8LKu_db9A%-i3d=Ujxn|G+KUZ+MW{JyxB2A7GA;0JP!2 z9>0k@8MS25Rj(hC~K8WInaP^P0>$<)hLLn67X%FaUF+zE@ z4Q~Is)gFj{8j|(vE;va7-Lz^4`JEGXFOO}*@Tk23KW$*Y_4)1P?8p2j0XPFhd+!j~ z-=dYq9FZ=*hVAwD_eG0{^1txnk3!JGO0%Hpf#}X-nUN% z@b?CwdARRUYZo}b1Tu+3D;2fjKr!pXtm&3?jz4jO`x3h&g^aGV{c@qI8C5WJ}EltADa z8~flc%^I0Rt)J0HFEq!+<4EoyD_!V=hE7Q*^eifTLcT#;+$d7Lvl5xYR=^4&pQiCNYr_`g$P36#zI_kRJ3Vjir=nC* z2KWtb@dgjuVoq;!euQBeB``f_{}7zP#KW@21)CTTJyA4yW?pgU!!ipqGY?jYJ+_s= zOrOT^aSe~K&G_qP3~aI+`y$N|cpo)80ms2h_Vd3OW8BAkJr>!`?b9(%z^s1?)Fb)S z>C-j83II+#Anu4~P0b0_0%Am;|EPB#f+;+CtT(}p)jr{D-(xT4Yj9FmwHtE{KNt>~ zp6K1x5c439fw}g%C?}RLPP0S0SppHf1D0Eg>hL4-49nvfrK?ke2U=EcZ47(|ClSU` zPv_B&1E_@aA(XhK$UzUg?QIw(T6%Y}(QUD9bF2#Z9>m?`&><}3>+k(*4oTsG14=L~ z*1)4bmG-TyNXjRTjal>;js3*8eKGbRIvs0>SJwvn;{eNLvk*g7pG_NFc0sks4tVfn zSK*p+Yz-NG&oI-nY!^=N-M5bjZ5n_ze#1v&DmA>xrFYS!@nL@kO=aKRcCvuE?X~XW z<4CG;@ug*^>BP`2&5^SCWY9Ats)Wb;pt)H?0EQv)Ke2*veoF1)0?;XQ;X=~y1)|Vh zZYW2C!LI-3n&zR{Uu}k}o|>OVy~%x`Z^&d{lpxOMHcHJGO!Ye_eAClrCqy1)tEf45 zHKiEJSt+`>)ot}$aaZV{$P~wo*$Q0p$V9kr|?Kf|{xEJnWeGq{N1Liaksx;enV_mXOWUshP z(DWEai#O(EjQwHz$k@*XZmAthL&%%Uk(q0-(#LrhVYubIb=nGs2UZOxkxTamLB=8m z52njO!w#^iPlhZqEE$I}@s2GX4_g|!yQJ4Jv)`IhWos!oyFyW=8ZxG{p1J$*?!m|4l!6nMOhiq29cUQ&|QsseZdY%M2%yzXO@|I2{@`FygQw8|0@=`e zFIXp?Tb#T9rSSXU;0C@_Dg0O+G`?Lm={TXYVDJ-h4(tp-$-8?Fl1WU+&+klvqZz(n*~$P=-3(?8m`kycdjjJJhJLxzpxTqQ`WMD2a-r)Vq%ab zut4Nx+1STPq$P~|Kc58xp_A{j9Z&#CUtixhOW)|}aL_suRPNjot}`Ik@8#e)hfYzA z4nV32)~d5te{>St0I?tA@(7~&VB53>7ELPbIPZEZk2_2%pFVxFs7T6VWl5NH3}J-H z`SY({cfyU`zV{9v;&@GkD5QirSEr8>B(yzyPN4j?fmHQOxObx$a-NquX_1XAUk~Z- z0KMb(6J3wDuAud>LtqOI;~`v+4;IsNQ-fU@$=aFLj6>94&{?u~ao)2&!@@bUa6te} zXN?pC`Qg?ly>qBt)HgMiVe?#eZ|j!8&KNVsxZjN0)O3$x*wHoM@1DeHIm}99+xF%i z$}c^`dKA!c%hZH?T(wKi6#n5ONOMCf;?RVx@d#nD-8^=voiN6L%u8YPYeF@d48Q!0 z5VGTW1C3@1K~KxsGV~)m!u=p{bky(>ss@?gmhQT8C59>lUjSGA9BsZW=mrJ` z>RVdM+q3O5I#lDa%4(qovT?tiXG9!dg8C;UJH_QO>o+k}F?GSopbRvB&?G~WJBHuM zIrTbQT5_R981zW|%}KgzD7StHu8zfK#)kcWf3oqLI7YM;uP%)C;c!=Pnv3K0=VQFt z>_nd0o@87ke|5E9r(xEwZ(evmg1<*Es^M|_*s(P?l8LaQIBZL%Ur)2V4lub_vhAnV zt3x9rr&YLCdu2Lp$1br4PhyjQJj3+u=S)W~tOXKJLDI>ze$sekd0bO0c>kB(yu1b% zJL)uI6wIxPG(cJ9wH@ozU_ri#GAa!mENE%RNr2=wRmP;dEc8h3l8`X$IdbdH9h0d+ z`<05QZ;k3f3FMKc*b;|!L*4KXVPe8?4PU2HHv|g4NQK|h9{m;a+#Fb9d7`W}!+sKL z)~sP-V%jAty2o!H2ZutXeYIbz5PRy^7T@WoF!0(;B++=Fa0X$Am6EJNs--HARhJ=< zoFVzOu1g~74Ut;9e%lU(pG9W^%dA#o36Gt7XGK)#G#A1)Fd8>@%H3y>?aL9V^Zf<}D6-|DH z7AGo2TwHu=8Y|FrvW#7^v@gAs#d*uS@*^K$M zPj+s6dDIFr#PvW*E&-IB8WG+AD}xZDf^!!yQu8E6j!#clPJU+xk|7tb7IO*rR~$GI zHT8@FN7-7c&6`bZ^y#8xmqMb*HR5S4O-&~dKBbGRQIh~qs^|FLrqu8L_>2jgD%cZ) zH!1I##A(-QS`{LC7rE3;i?g9+3n#H3;@h8nY~5?c-(Jlev^M&F6F6H&am|{T$^TdlBj^aH1*Q!=MPRGbIQty1TnkW@kWqnsunf z20hDGc5!g5U$^OT4{A&fO_G-fc!6d5!CXPybxYDEaq~|% zBOUsp44=P<_QN^!Bfx7Wg zGE=;}8<3{C1J=q9At41o;OLOOlcp{sbB&Fy`^>R(b#%iZi`r}4<)awi0C(XP5d8+S3C~PS zXwJ^VGcy*1M!AkyQpx@#Z=*110URz)A@6uV?3RP)7;lb^sBx zvjFBgO(=*&0KD03GNO6ib&)s}ks=^>Dh)6RXE8KT(g~2ktT+@6>>$e@29l5f zh(kzCJ;z}`ac8;GI0|mmKn>Ojr={LoU`f|q7X$&7{*T{4VH2zdsqUkdTpSMvdg&m? z`UDyodBL=nPYCpB2ksEqZh`Z`1&D{Lft<6maCV-C z%Qujzf$g1&0Tps^-o+b#5#4#`vyRfrE;?!VROw^n-TVB^%N+vg_O+c>BDpIedHezz zt>8OZ437Zd1P7SIsi;a61SDl#xI?GGLi8peKm^Pf_--V?mMp+(_(9bgjB~z>kjIW# zVJ;IXYJuMmDh?XoUO9`Q&7i_a< zHI7}--yk#QxEe0FwbYyY~S=fr%=1<@-2$pAraw0jmbZ2IV$1bf@5>w zfPCih0Y&Zipz!el=N1o}VeKd2(Enc2eyV~W<9?F1%u$!IrZGsC@LfyV>DkoJURN(s zdl_Ks0-IZA&-4k1!oPw5GmIg75YgHXlLtXmRpwLhPRXhofFyx1Xad46AB;5!*8vDg z@oHm0kWuXhv*2D^o0EUZouYzdXHNsEc;F^BgQLOO(}FXSypu%ot_JBVXU{qs5FQ7? z<(?a6Qq#C+*=PY?lW**2v+fLo12`8evxB{PW?29P5b#0N zY-u2e948G>1jlh(;hjZiLD6?!Zu2kg5>pD0tGkSot3OJ%yQ`s*BBhYL@)0!N_{Zm8 zpk7M?R5d=a=uYi_v>H5EXmA5;wcmlozce;}sNfBtc_Vmy^-m zZp_SNQnvmEwy1IU4Qso-k&yWoqqiHo=mND7|lCzXcy|>^`Dnx-QC{i^^$S! z^<0(AJUnKpN0^4zLL|~N976r0V%1}AI$P$xk2ZT9x2{9IfF_jNbqQXBxtW}r>Zd%8 zWN!{khA*c2sW7Ap?<+MN#pv1hbM*-40IHv7;6O0C_=@fXwL9)Gbc4MXU>yq89^CB3 zWx(&BX=IRvo}BCj?exn-*ioT?hc{P63l5g~!#~Zq%q%QwV8I5aN4WI+u#F)#i%KYX z&x0+l%Y4$Qb#kn_^aUu??6t~C_7qPQ`CM^eWRc{Al#`Q#V9gc6J31MBuPf9 zsu>okJ`$p-O4Q+6l@rctbz{vG7D?G4!nM4TUnHEx3ux$MLMc7s*O4egf#h3qva)@l zd_aigRfQOMB<(XuUH!3hNs9MY@g>m_l-J2d*BgBXl#LNY;Ikp$DN4L37L91G?{2w- zdH+2ri4eKf9)Vm;IWoNyXkucr^Wzawn=S7~A3ey^ZRLz49qKnYRQ=Kw0R)_fJ${D6 zh|1ye=*p?P`Jl|}TC4|IJ3sqS2EL`j)ijz~9i6N&s_2kIo383;ofRd?YB+6dZ(=!3-E=K>;%g$jW zcXhSGbF(ED-Qy=pQ!`m8v{7rYH+AH{wS~NLzxXGJf@^3g^>6ny@IeEmxr^gA3>AVC(QW5Kx) z1vC^x03@@==fu0Tp`x-9)qi@D=$ckiGPbfiz5yLrjv7H}fPy4$lW#CD%)w!b*ZPRZ zVsbuk87Nf=P+rM^47U1YE7rxY!I+846nf4(9SJnVZ^ry|Q26dOC)D(w9`KAiW z%D5q`am2#zK}2FQ;N;ZHGcu8uoBMoW0ixC#CJ=<4n4CWKA>3W`#~94*xlNsnoUDf& z$8XL}4}AL=`F2h+Few9o1ptZOee_nxX~d-ch*_*b21Ba1ZjZ>`h7a|0K=t>*J>M1p zu2NT1ySEyTn`XsDfnF}fo%zzn&Zt^bFi78^h@&vTGooK4v|eRbX(4_8W6wn#|K2Aq zzuf`FRZF8xB`G;MDlflqh#~cbZAJKXK(Ad0sz{JMGNioMltj=DS8)3Dz_6ZzwLX&Re z$&K#sh4*KCx(MJ2mss_6CqRRA{(AUdirD{O-^2oT z8E1v%=9Br&tMhx;7_q7b{$#Bt93A#t9k#qY2X?TaoBp1-m+`A@yx*PkIO#ra5PRSr zs`SRcZ@w}bs4UmLuDyKz%LhE+M=~ z$j7IZLr9U~CxT)35T2s1se2iAtz@2V{%WWedtwUuTfG5qd^tzed&rW-w| zsyCM)%XG0ox4=BlXj&9GKN}Lz@rjZ{6{IlRySg+$nJd^^!dHve>?`$pj*lpk9h)9N z*7~J^;PD7pu=#VbQ#64a%=S>4Obr{mi82+aD>_#t0R*h|hlUytQoWBqf_;fOhl`Vc z?fbpL0guJh9H!|PDjSA%kWU`ktT7&XP9=P9WHXF>4y8! zw@XAP3Yeq&`GBk`wD#DUw18dN4j}`Lii^u?IK^xL1&9D3*>2{}AC;0)2#UO~i1~ew zw_tpf84cJGA;06B2aymP7%azX4GFnc)&h7}`$1R$y|vWW-rfyuF;OX+s)O`NlRNQW z_}hEjRzSN^JQLK2XX;v*UT&2MMLye`@+xAh-cbdrLi$kIR!Wyn`&3*Y(@dBHGVM^| zl)D0yZnFJ)4)t*0*0X@XoX+SdAlZg?l;@8`w3!}a99$fK+6w;B7xpu#=j7xh0eI~T zm;c_cx8Q8b&bGI=b7RJrJ?Fak-VS)8*Ac)C?gCoFYT4eIA#BJ$X~PFoUK>{6#OZ0X zsy%AUE8AZJlfUa)!!>RS*xOn23JR0~;P~3@zgHD6Z3Ge;lpMfDfQQ>h8XK;jD(W-T za9Ui`b)UyNYRYq4K_T%lv|DsBDL{8G@GU`}TlM_rVEcme@(oePiE}JK0Fh`fKtJDe zJ*okw1DtkL_C1GTki#Xpe!0w~1y5vie~wZgJMR?k0`m4pvkpX}xrGME74S*b)00cw zztJ3CkGbXt)yh55cY%_g3}C6hR(_H%V*nebpb$K%k`UZ0^3%{TgLRAS)dtqROz84N zmun3b`Un}kZai4=?d0&>{}nV;X=FtBAQflB|+hz{iq@B`C5r;;;~@9!PM1h z_tc)8hdD`Sd!DL@7kbtd+q7O={ztY1$a=70bO^n};TCLuqHbUSTTJmXOcr#f$G?cZ z?$z(0+qjYL-$T_J>M>=aesyOKE7LijiTH(yDs?=+8Wq9l_g3&zfI9ECd#W9M2;IRDG{!2fGE_a}Qm)0Do2NB$n$ zAO7ZPwN0=O*JT0;^%38?y{y?5ldm6QLNc|Hw#F9J;<>|JsG|Kw); zk1j5V!V%B?b95;Wj=p+YWmD@s@_HV9#W!_B3(?xpy4bX;8P94Sub>*&OfOq9UJ!h} zl7*(J@XwPPTg@9+upUaUEm-+krR)$|Ff$G3YU{*>-D?*Ene%Pb4RtbuS9CShhpa86 zLxVeP)YUaJr-LV%5$O9B8{v?+XzDp-lPF222sgTK@0cF)K6UCd4*rO*rfwRy%KP*Y zw)cbR!5rBC`CP#FbO9as^ugsaobqx*yD8m_Z|^K&ux~uec0Bl!bVB)Mb~5kr+|@1B zRH}#VnFokaZh8IpEX&rI^9gcoYxKs}rxrPrBb$Zl>ybN2~4O+h$n|03~h8iQk-7D?Simq@3lZ11CUsH`xi1-db0F;VKn5K3(D* zTVXp6pRS0q9y&DXGOU)=W2r+MrjD*eigeN?HiI8l@Dnn`AX_qOL+fIYYg+Cxzc*@n zhyKb%%>xlPS!mCk^4BLF8^s-J#BkkMHBlw)y2@4)PFGvEf-ON>CYDErc3iVVf+BB- zsjw{+jn=A~cOKzgV&C7kL5bg(aUSB0PmwSqWkXDB7eu3ixnC`lAsAh${#e+B-Ie~n zru=$P@x62mi*VkHUlC@F#(GtHWF7U*w57k)-<7*ee(7}9?WdI;I_bh=d=Rd}tn?B? zoqA)Rb*n0QYmk4zNeCzhvTB(X=$ql@v4zLx(@5}WaB$)eP^Y5r(RX#TkE|YV&6N2W zj7qldEr0un6}ov@WRmenU0<~?4MltNqNBD)t?0sOg@G7?ZE$r#uk24{yBOwEmtkgH z6l?IO>FnHnyWmgbg+KP!@LbkUMqi_FgGx5EbU}3bZt_)>F^&Q+ zj7#*IOgZjPEOgHmMLd)&_pP)(W*geiU)a^?Sj+$1VZ;>Mpf4n%SJqrA*D|HGu%|cA ztn@kmu?i_2oO!xWZee_2fqA-=uXlTUN?CjO<4UA(6ft%S|9VT}!R53@4UG}Yu0uQB z{Q-KP<7WEkq4lFlF|rUX4kkU4$XXpIrbN=n64~ybCh;#IN~Nv|HB2I_v@m`_#>R+r zewkpCwYK0g=?>cx$_k$^dMnh#i(lTc=x!bv3_I+rFR-e;&rv5$xxKbyI}kQ@k+dqu zCI_|nl3%?zGy0-$zVo4CUuDa5uKO08v+W!1rN09|^93AYdLQW9hiev06)fMt+d1fe zdJtN7jfyNpi35HwIx3>*-7tzI7O7$$Vx(%YA4%#2*L}ap+&86LJghEY$B~CXc;P3F zEXIyn#N2uUFUi()tI;rzl&zRPwSP<&sll-;)$)`0)S}xiZ&x!nD_dE}n%Byvt7vTg zP@<(?mEeO{*c0sL`Sq40=%p#|6MtU=qbz|CzNN|0d-Gcq4LzeGOOD@T7B@C7 z_jd?Nv{4sRUU%S@Xb@_?v`FwaYs+H{?ccc_i{}<)6O^yszjbLU#%s@xaHbZ#sI~rMth<{k{Vd5Bn4bx;i zLcpbBN-e$Mvg=T?4oe+JV4~oBBF+|N;wM_MPrdhdem?h?V zz~AA(p|qNazU(M|F)+Ox6~b-SU36E>ecLehqvB&wyV_zMUHZZ}f)tuXJAM=L(N}ye zBTUm;Dsgh^=vAfN(ZEKzws(nk9p{TcTf$1yxP^R#S3~%;Mf9|T(2Nfw<96=LMop{6 z;h8eVM4cR0d6khQ+VY+k>ZqO9((i=$XRu9piU)i&%+_lk-Kqld4J8BE`v#454zW%h zxF%IBbLO^*Gy|C&6l$B3XR+$h9@ee)RC`5q#K+`R(es;X2JRL1cIw|ykqp(a56q*@ zd1gdKg!Ot$J^R9h9yUo^gHpM}Yf&R>Q8k>Jh3(qa?Q;uxpR^RD3yx1j*gc}B{6%&3 zbHm9->}py}EiFe((LEi?i@R_+rBIu}Jz}hLA};yh=EW~sV7>0rgBFd59_gUuY}^wq zI4R_8>lAf7T%wc8b?Mc_fBj}#x#be%{OX8>jz*0hj-ebi`<5iK)_D|)@$8+Owt&tbycFByyB0=Y~j-J4$C{FzP z_04C#X{eop(ToTcev$^B{P`C2`G43diIEWBY_{5sn7Ud9Dnt-M#ZM5C<6 z4|V*C8Z@QXr`46qpR#n+_pKW=%cvXjD!pO4qLYXjM|pu(c(j*X zS+R4uFI!^aK|}Xoj8TmhYE1Y*I7}o)WP9nd!IK?Jh-G5a-28b5-oE(I|C#R(Q~~-m z&)SiOr}u2n)@3(?iv<fPua!K zxzIo`)tKl>`j2n17RAp9qB)_phNu?`9|x`(vG%bH3~%tVbGRUo1cy@HRVJfdqkK0j&agEXx;BTif024Y>o|)7#bAA?AIn>`%GBVu*Sdl!ch7i6h{})3x`T%ufEj;q zeC6H>;PpDO4oxi4?YNO2Fkl;Y7b5Cb!ddh9vn($<+)o`78OYQ`)*_Lcv$o!qfEi~< z;NK><+lMz?JTV9#EsevU^wbne=Bmn}B)r#x^|!wmowfSd|H{P+UAlkr*YDRz)r)bX z=L|>j^&ZmKOOy}d&?SQajfrC>@DM%Akqn|ZH$Z>Ter}8fqOUV4-s1SE^~f7HA_%4 z;U1aK@j&9CX|ODvo*U6b;NHhR1@e@~7ViR{V!M}MY0?4a7ZzJv|7hEXH-G0VU4Ki! zJ-52cPsKmje0WxGJU}>k)Ni{GJA65ZuB=^aPfbi&+q9aKiX2ri?9Mn9@w74A|Ls<^ zr_Zp>p}l9Ju)T$&XYD{yP9a5Zt>R8MwmGa7^72AOVpTW)6`#C#1 z+=RXNrAAF4lTPlamYVHBW*a-l!xdJtW8tk}PI)V}6THM^&O(zdg_%nk-2BDYW)&iuF&+(+=Q&;(sss_P2|V|5a`hAoZJ6Utc5{C7 zA{*J-qJgBmyE#v(kir#v@%-Y-XBYonxVZ%9Ghb=Gq8Bhw5|)xL+B^mABI~7So8#uk z+>ST1`m@2t$f&HUiaewEO4{w@>aqIy6uN&cC125N{ZZ@x&|VUIjgH-$lbAfAjUy;e3EF7 zR3H-B`EZp`SYi?h87b`%y{~Viqf=d2f2eC_UIEmUT9*fu!1S3Tw+io*^s6%>(!a+h z^E#Tg?MbJn<;2xcASg%?*eFZ**NW04fYEnFb*%MeW?C$j!fGzYCru3uE$sJ@*e|C= z*yZGU^~);wih;C1Uc>Q%EyAD%fOdU??5h{t78Z+Q)%Oguu2JtN+Seak^}(QHSEev` z5IWoWvvYHxda4q@$?5@Nb*7e~2WwS5NY10)5no+C+OV+h&muza44e*cEr`iN?W=y# zlaj|;wn48X@UGd6uI+wrxSrT~*R8Yqu8)>O3*Gv4ML!q0Xlfs?+KX>+7=->d-e20iXDA-N8OS*9|`fsuR*Hy+uH<~_ZP$K`~wMu z)O?P1BU()Q0EKgYK|uw$mBtx=6My<`dJWs1A1$neC6crVfwZH#5*?a3H zt6?p7l{Wy*b6fU0L9;-zu)VW$Fql-#1{63Z2%_~cYYuxL%ci23qn4BGW*rGv8Ts^T z=fsB`?lW95Q^x)~9HTHsUI1Hwny*_r@f96?(Sa2RdWpWV^k=sKfWscHN zplVoheNx~Mf;kGzH|23@!|n)#K~1-p3;R^Rem1PqS&5?XJbF&_FpYu(Uvk5DH*+e! zl!+g)?cZiSZdX5xU|0$+7zx+DV_GRhD=V6Msuar;|3Xel>Bb4*b@;hh0*c*K&CO9h z-3=S{*La*}X+?H=0}_M}ZWz4&b>&)F9jF6_W&w#adY@0tYqva44)3|DruNU2d9Y-- z?#1y zBA()ruTw3xr$reE8a%{qQ3Q{fpWbzE*l9eKwZcuW4nJE+HaiknJ@+xGZ|8tdlfUg> zL}I*B5Hen$X6bc&YmyoyF#0l2Gh+?!BGxC5mO!K!WJxg^^pVSH!!E1E7|0}qkC|bS zQ6XtRLiEt`?d+_{UiC4R`vh3krh2Ov4bwoT(%{lnN-yzgE6(_xF&lQ9(UOIgiRwhQ z+CQoWZlf(FqqYiLuM=OGi*Rl+6Ra;2Dju2JCm9}ZDcr?QOvgL#Mp2&E-!n%x7A0O% zkn@#@7&C*d^V-SCzAxNwB_Y-DqLclI*dAJ3<#3Kuv-BF$490c_H;zRd$yyXmGc4{$?}QA97UJra zyX6}mnj1LQcBJ)?B$mh;B)jLj_us@DeEY3MY8j@d2pyvQOdB0dzx>ACNEI=yaQ^s` zB%}{RYm5NZDHD$<_g(}DV`fb7P>b-`OE?ObPqMeKmWaz%s6lkULpb9t>sb{P6JLnD zb_$x=-=YJ+kXjBBtZiE25GInWU!TOxg>m*uDa6&Pi#g)stL) z87Y{e>~So#Nlzt>tkaZpxjrI?MYNwqHV-1bTr7J(ufH^M7CXz)>dVk)!t@3^MDSeh zzt3cX-`uO0%7z=3Q*oq&aE@VWc1rQ2PkH(#?YTu9b&bhOM`6DfjzhP z8?tKDz>=f?S_*L~vtLd2v8w)vIIHgh;jx@~Gn`9z@?prR+?xloD}AtJMKO9g)yd2` z(f!V>x4|0!UMi^U^71k&%g>MwVo&^c20Sz@GP>XS6P;UCP+RT%J<9TBlUOumio}~Q ziKreb+K^E&S`IzEaT|tF>@zTIZbDqdwJXLGf;Wi)!Iy;3?>lbn*vN*`wyitnOBPY! zak;B+WDPJ9?tV_XgBb5wxk-6yZ0Nt2w;tVKA+)mKP;R&Vo4IpB zBKeh<3gs~z3|k>ZKL>yPN{*YZM#bmzC%g{Mh6(<_U&SNLF)dP+a)lqZOw!cQeVU!| z$6p;1<<~D`(<2438fK2V5Fv=22vD4;v}dfN|o7`05)LX6)XJ`rVmmqG2$VB(O;aN0!H%xfK$ z?1~yb73>^Kdk@UvZeLz#&Bb&Ov$ft3mND01#3z&;Aq4LPQ!O*QA~La!7r${fB)5xt ziWcQ5fp@oUwbjX zZ+sXM4!Ig+K)T7i^Em5&Tp7C6o-pGmWecZe`W_)=?D%8WgywB?;nwTwOJe`mbrG%i zC@aQ*E~=%T@YyAu1Fr;$*yrE}?5ScseO4+kn$PnLQf9t%8M4UYl}dq@awc}sgtT1` zJF4Xk{ySZ8%Fd1(j}AO0D`vj57?Km}bWK#XrgO!=2qvn$+KMq00y-i8y#5)92z5+) z(C3zw2pz@v7u>SkpQIKGZ~oW-c8dLw;JWCgP+I!_Ta;m+CM6{Pz6&bK3C>z0SfK!Y zRIBU3prk%tdjKsUxk6y>70t(QTkOGj{qIM6n?MRC^qX;I9thdh&?pWq;FcuZX2iSu z&iD?q)6v_xQy&@9zaRCF2?09}ty_&WbO-ge@zCS<6Az82D!mVC4NvXoG!tVpuyqtin@vnlBX`9dacN|*f<^7-CCSJoQtm&9DyF)*; zuis^T|KbHnY6o#&KmSW(??~+P@d<-kSEFb(YL@7*v373mke0_aU5`sg2LW=08uaML zV0^VGL?P}WhSy^vB5x;#CvlAk3wKdawvvW8^3x!r-eQ{=^l|$B=bG<1;$JPd#(|O< zx8@vId{it2DP_@Ee1V+9cD2XG=IzTo8sowFZ=1W9RNH_i*Wd5XJh3L+lgEAM|14@m zl!;$oGb-J=XV<)RZ3o{P>8sQ5h@UdKOuBgZ71Ljlb{xk$JV9qj8u3T%R*^R;r*xv= zh;<_-Ji?DX_j^}|=o&Yx%0lJJ?@MB>+@B0Ui!7z$5wii!LN~@4r_lt`jSoi+_0#jF zYjOewSV*ZgvNerm{-;T)$fyfu8+1thB=uSdOuA+G@Mzd!e<;HoS#%gctNdIHvs>@>j=U4!+K185b zwt~cSA86?v%QNAvz)JF-4QLM4iGe!pC}_D{eAtbJFYnZ_!Oy>zsgtt{Z~Rq~F|4b0 z0{6Z^^uAF-FWKl0WthSwE$|ndlL8pA02>@|gJNl!K-B6hRa&qHsy4C zh_H+CCxQ5ktSah{J|5P`@&~R-)M|bQFYFyi-#1=Jtjv1w&pkkB3G!m_%K2jL zPYc>5`(?ZUc^nnixLF=@WCb~(!3(&gs$r11Ilbnoub)^b_B>F5iUw?Y*p7yR<(GbL ze~QYKg94g0tFX4y66{X;TQt>lJ-893;X`QWu+SB#q=sKx!TS#gCv5^i7h z`qecBZ9#fkPu%KB`$?C*Nx=#~G4#r){25LNKx4_0#Maj;A#E+>8@usA)Q4gKq4%h9 zliP#>sRD}_LB|9_d1N*k5sOKMNHmp z_ep`<6b%YiRGPWbYZqZbl{pgFCS5O4y_mNAT=CPejts*}DXayWwNc;ISM4D`D3I>a zaN{>X+>RiRy}RNBW%dMje!I8Z`*2ssVWU;-* zh)rW{BVOCKogTLMSc_%+p#8(rb4l!?{UEicXiPWUTT~3JlY>$+fy+}aHJ4jsJJ(=3 zS5o;NNt`)=6p#_XjE7D@+6;Yuq9y--uU6GlTva9=(dk z{C)<$^`gf!m%sqC>@UI@Qe&nU3EH+zTUNRbZI^jvp=~6}mBeB(ZKg|A`}xaM*mYDK zI*&dCm_hLOYg5Wzl4Q=be9@$8IhGrjwmh45j<2x{&2`%a6Ukdu9JwA+SS;;ub$_1T z7@4Scah)t5$=C2idhV{!)ikGr;J{jicWBMCZb0h$T3b7=u--H3?9YUK<@azu8FB;H zh!{2l=Ah>E3cE2-vzCHfobr-9InH$+S{fxHzt%eLs*@Hs&)ObZCBJ;DRtUR6ef6Vg zXsDb5pu1iY9R!)k6BA`e@A2=1p6mIsz>>P0{Zd{ZJ1L}|AgryeO^dao5)w2kQ+X3< znHU&kK-_HT4CQKQSjcDSX8Gc?{2Bni%fr+j2GE|YEK{9M^Y|`EY;i=a zQ6a$eqfl*;3wuZ4hsWGHpRdA))RaWwb5{wKr$v3x>optJKq;#P zL(L2ntEGXc?@*P~2Ix&gLHik;(0hAf);88pS8BDt6o?c1O)$%Xx`l;gVTp<-u~%C# zYAVD0cd@}c|2j^JKx5^rY0E$Uf&3yL{6L{mTYj}gJntbJ?>+`k7Z&d&!8)tl(1sS0 za5oPDZJD3hO{xZao%k9am!Me%wH{|tCbKaa%h!jeZMG%Kw14{{EdmR&swzUcZ5+P$ z0AMKvfZy*U9wCSx(kI7JkD*7Ua1hV$YN#cVWoNV_WQjvJ@YzdIaP^w_M;5~=1{|CD-lE|1Gdu)?*bOl2k55#>cjFZwyw%Cn?cmhW{Gy~ zUFe^z3_DyBETG`4FK}_XzNQ(?Gb&Et*UWk4{lz!oM5g=`S4 zi0+6;e|H$@>kb;^$m5g7n(Ln&u!@_{CNv}!UZ}3|yi$j$mL#_DQ#5`WXME?-aZ9z1 z%U#V;ckzM|Gi=Se+)Y1ELN@liGjOiG1I=d(9kLx3D-tnU>o*Ee4 z&JaB@k2l2dit(o;^U16s{feHuI3%Zd=RBsrcisR;@v{cd(sZV4ZSWhxWuw6*zAUBl z;qgHF+({VT-3d%r%3&P=AuIyLj-@i~>Q=vpLGa|j98s1Wp1|{HKL1Ow>2VPglOp&w zj`L?t@@Qo*G)NQG*UK7pC(AlL^%uL@>y^qr>|%t#Rg|~e3kef7gW6`35GYY(O3AR` zVbPj1X=g!SWmWx*DJ1G~%lG3cHO802kLD_tCgDb^N#>n%o6AE)zim1@(T!H{HLcv% z-c8QLBteD)1=xEFHLT-@a}8j$Ewgp$a;zpW7EA)wQmT_e?^6=h3mLxqFs6!$ze$MS z!i!CLJtw4~T}8)_fGpCjc#L_KXoD+R)p90RlbkQZb))&3o?w}V88802+ex+dLsOvUGxsZIEZkw&1oX9Dm6EVq%_3e74 z&Rn&LzAFjU?{aDDAd93cWAG>Zc2;jR$b}EnhaIMzf7XxK&u#VH^wmZhW~RiaqlIkf zWa%S~46gd*WnT3ud?J4>IaSaQ@kmew`>biWHo#%5&b;x?Klg)WopXnR;C2)O7^ZB0 z7-taMe(MV#Zo8C=7czgbQv-xvbHNTt9z*PSCLewGNSy<_D&lm{kGn~K#jE=s$Pede zcRVnN5>$l$(jmF=*WfHO9+Q=V?{Ow7DER7u{2w@YoSXF^NGCnPSI~VT(etSY+Cxm1 zlrln}<~O-d-twKF$&vUE>X1fc>rfcM7=iO?#N49h_(xA1xTQ*bn<4MDbuN4u&YCKD1n^gL}Hy|yL zqZW%AE%KeT^BgY}W8AA^H!b!Y;@jm&j&du0Y|e58>%i$g`6sa|UQtuAl6t=(?O@tH z!gv+W|LSjk*AcUT=om`*;_x)md_Gj0(+zhNDLCD!PR+;yTn1AOJhWTROS9U^hY{OM z;68#R?Tq(@aC%lxrA!9(HjP{4N%kD~kUrW%$sSLM-Up2`9U7~b)#-0|*GmzT*@NcE zjSsa8d1O%Dif(t+&oV}As3tv%e~a~DKL3*|ME$DK;NtOZl+i6ttGwtd@961Wc-2tk+?};c}BuLIVZ zaDRt9dg!W~fvrN|m@7siISiuF(pFoC?aUH5PPOU;AqZ>lnw}7Vaap_&89iYhN(-0SkrZTG(3c*aW5hbl{+PdT zfeOXSBDraY!>4oEJ-vquK6}>#n+p0D7|c=MMAwGsAE^MIo=dcCb7-rU6;@EsGn7!9 z@jCoK<)gIqv`e<`!sEy`)7;E$&*aaXPuqS`kYGWsUoU`z^FL?=XQhwk4k=k5r+fMi zVXb+?q~)!gm=YRDcUo9GYC?CjxSPyf9{_Yh6GO`X2y zl?zw0SfmsDqk6LHhKKapud5fEVhvUUmkqbY=XmT~z9+x|PlFx3pIzR2T zYmy6-NVqKA5O1^a``4>~=Z&Kzz&a>y`60T#b@JPVpU4_HU?f^kbMwE&m3Xj?tgl0@ zN7LS}NU>Kevl1kB_z++RXA9bM}Sv-v3#&9b|)=jhExZZxxOu+HqFR zACo}lJ2Po8lBbnO_&P(J*ap#xa*6}X+fIVMD;aLmhP^A7ic2Uw#8}#fSQTI_Yg(hd zB6y7MF9-<(kCPH}-x#?M{jte1VXMb~iM{ugx8m1lXit^KKFNpozj?Mh^sQ2MTK z6;qUY3!BNyQMS(YsA?n(Zu(x5S*(xM1w+x_k0{BqXotq6?_UlvnNx#^@=7yg z-bNoSo6_l(7LCRP1UyWIE|T7H)_$|_Xo1{SmymGO+3}BtLXj^Lw6Wc5Ge$On#cEMbN86vr)X7^Y-%y+5^GK{JT>*{Nil}K42 zo!2o8l@lo#{7jpyAd)C8&(!1$!<@{`@@%Cj1d}iPNeOais?Xu zJD{sYWm10NUo6eDh)!2_vuuyHgmw7id=vr5#ZJk_Mj8Or+c*zl!8|9+#K>Bgj+K&7)rqE+B-&g{Bf@TZH_+^aCN2qb8-@IM?T&{ zZ`Q)b(T;4{TT??CQ#D9T`3pVdEEn67>a$PKf?~NJwP~+WRxPH~$|l3+N6w=<-R&jS zKYqADSqBuLQPB%DGOe}(f@8GTB)jbexB~U{2Nq^NA30gBhiQ;3sTy6dUszbYO=}b@ zet?Yr+@NPg>auBeZc~g=XD!%qW$EPwp)#7U4X-(pMeZ}mRtl3G3TZL8NAKdRSoPc_ zJRito1rw+=`5cr)pFT}|9MqTv137QYHfU!*_Hj|go23+R=&dvDIaisRn~x(7ROIC1|~=J&t)7fD=nIKhFR z@bhPhRZWXcmCw8MpPrgGs*RhN(8nt?0O70aKYn~!Sv}y7zWzr=nMv&5l7{!{pz|$y zTA8X|h`$MZI>AZEcoAGoo#v}dy=V#v)=k5~;{ZF#*>}C4%Dt(Oe{h-P0-5|(zHz*H|G%mv=|Kelyu)8Q|1bW<;tT9)5(md$=dt!9g*bMdQv0r5{UliNWY(XU z_cd()dAhIM^qsNhVNvZdRXpQD?kd4?`umq2+EbiY?cls#kcN50kws6@-cmYQp-LBqwxH>I$$wTuXg590A%u)u%n8cqBrR!j%r~iI3HVEH<`y3JOP6JKXyf0r4^9*VVJ$F|# zFMgc6VnKpll1h%kyj~e;NTkeV6Mu9V{nje4L8IB#T}l zAtRVn5)|r>2=5)4k5hA7<^n~ILP5yNa^tn}l^!vrT!(23&^?cMEFDt;PqOLsvubD3 za=^tXvMD7qlm`i?_FTFp{p>f@D&R4++F2^jQ^|~B*2Ev;>cLk92pGV`n18h4kOx`; zo=h6F3Idp}Wc$B|Hsk^Z(z8zkrsPb(Tw$=S4Oyow?Cnjk{`tqZE1qlQ#4w03ncL?O zAH6c9gkG7<2fEWkfaHZv7SOp30O5z7sWi zPt`_S4;N&9_;5i^UOti*vbrAyx+>RwDn1MJ_~C5Gm85y>v>>pM!)*K(KTGJn+(X&!W}L*N1|RFT*J*DNW0DK{zfpLCmiZXpW-$<>x?m z;Q+1)-jNePjwp34Qu2e^$JF7S z<@+n?L1QaFi{}6vUJW2m7;5lq$fpK0*{MJ<_Y<$3Zqe7TP+cH;1Y`z^M(^hjS@^7**!cwmOnC3M`q528fbzYBpM3MF!CKO=zNjCURN10 zF*&)d4-~64Su~Hcz#V^dbjSl46s{!QF2dkW3fx2zDcCm?dZ(9BC+L0ub+oD?^y)oT06$|u< z1bvUI6jMd*99U>FiopC>SXh7o((^GO!gTf$@7rxn?I$D_Q}L&Gieujn^tCi9Y$>Xd z$m2}6Gv!#>$f^FL4ZqyQlzT8xyuMOC^1ZFAi)W;yuTP+o+-n);v^&#gUTUyudrwSE zOn{&Nr{CV6KfQqjHmeQf?CXh(zWPezu`bTeF(DnNZ0X(I0%8`XS&P-)A8%iPW`&T? z%>&wr7BAjJ1^F27OhEF40bbn@2c>2`K4=``D1L}AmK;n6&KlbeT zfQGfv=2$$Jg+`&iWBr_TJ8tALAp6P{fz~WJ^QUPIwArNs^Jw9cZ;EsMM)o3z}!7JI9OgxbumW( z8h|syH1#{(Ssoax+9a11kO&0a<3N@?-sKkCZx}IyBICn{Dt;#(Pp77)!1@&MJ=Fd<7=JVXC8}qg!cT2e8jhYM7O&x1ick zufwRKa4m1|T3g;kGB*7Ju-i^K`fY*1W3M|}KLXrZAF`50Wq=7k%pdZcoTK67R0YN6 zU~O5D`n%*Y($tE;JlN%K7)89j*f|Ptc{qG6U60g$XN6wq|Z=sYHy zbW!s0Iaqiq+dmIVux&?6&URv;#g+k#m5!ag=ibz*U+G!{;OSp^b1eZ-`mFo_OCETP z4wq{15kOZds?i#z1d!ksXPgY9sJZp^LLio4^X)^#nYuezH!=YQ93XNO09aT9FtrQ_ z?oI&0f47eD8f{=~)zwyQ(4w8A4KLRb1LHhH3>$D;w0wPi`G$%Tcs2&#UfJFO86_6( z9YsJeED5;1l%=Gmy+^!GG42{bi-N~`#~-YmSwNI4*R&1FH<5b$F345F-sc<(;I0A` z=FqF7GQcAo0)&sStgN37%kHc_!o=zKeYLYeKUy8_CMPZZwN>d4HTmIIXeg$2TgYP3kj;ifHqMGui{!e*d z9uM{Y|EoIHIZDnsg-S@s7Rs7+lF(QpYu3qH$PzKxbqePYB1>c|TMQ=47!0G6ED;i8 zLbi~7-`BaXPx1Sn-@T7}ANT(5_ITXuuX8eHKJ)&(Kd<-e^?W^F&*y4+o{F042+JK5 z{a3f1;$oWoLLx-QouAaJq2X~Ve&@oH`Pmd4n-yf-p6%(!tnT~WH|WgHONhUSVBgoN z7uur9H9zkB&M&mnJ-yWy%%cm7nl?^x!j9Pe_o1?~XC!~Qe~tDZ^BjxUF%I%Xc#pfU z3MsY@ZMS;a?p|?>&AA!j74Q5e;EWKDrkX~KPFuSA`)`w6ExXhmIyz-z?ErDROU;gh zIl<40fZ)6PW~ucg+{?0!I-$Ycf1%U(huqAYAxQmqfBu`l2(bH*ycKWz;hDSA#FZSe^+-rxkX_N$+tTG<=zrw=}HkR4)r4MW~fS)C`j>F%zI}uOwkpEx{H~i#9m#dMZ z6O{bW!1q%gWMnNaT_5~Pp@ElRPvR@n>p}e+uC}{57Sr`V& zpPanBS(p2QL5~#&qOP=c4=9T=K{_ceZEz~Gnvrcix7W}64>>uxd7r+P7A<)%xjfLP zqosK`ftF>EO1O_Ahu>;w+pkF_GJ%QUV5B)<+=bwJSQh72s}DH-P!n4kaUB6N{SO!tHyb+1SwV z>G6pocu=KdgiOAbOe%qzit~F92+P@!3ie34OJk?+Z2J$Hnzoa-(rBegtcXhc^Cpk( zWRXD6!<#IG%AV%G-rjllr-fJlgAF968e)8v;0_qlwzph`h<7?&;nWeW+*-b}|EHfu zX9uhyRT%Adjx!}pfu_o(sAy2QRAu)xP4SZ%Oi*;OD7*H3qlVhz_#>qB!D(=q4H$4zZpHdhxX;)Zt_5t$THB*xQsGN>_nZ93-wx931$?#lw~J z4WRUpGPWRSBWM>ng4+iqpLZwbl(3Ab2aqfjdv4?P>f7YXeNj&Q*r|Bp(^Ywa_#N zVo9CTAXm+ zqeqVf?e9*1@q|m%2boI>jQZf=3ylo~bCi#-HmJk73gwV73k!pse=)rq| zULy|j7k;pt00colNrphc&M0gguXo;5RblUdEpJ_9Gf^MO1@bnZMq67TjxaBiK}}l` zoHJt601A%gdjV2{%OT_=tjoC|&vYlHQp&pCB`_F!9n7%Ay_Zi-eJ)UPa+*fAJ>}K) zYB>jzQ;!#zYFv)et0=`M`+AgCR93o$1sa;4@TM#buFjz(JSGJbP&7Ab*^$jSD=7Uz z3^UKi$7ga0Y&pT}Hf0VnvgKSXVrSGkGX)B zw=t})9U{>!Q#Qdydn-$VPZFY3T$L)~US z)mfwkTCzw{URZbsx%W^RG%ZxrJ7^f^85!m&LD{m@s@evRkO)pfT}!UDmt9W;zE+># zMp6jVg3hH&ZzS+1%+1a1KfivkJlXktqH_Ns@+S};mT({EURzx~R=-5Ew;J-wuUeyQ zx*D>w;wvS$%kd(fW+TEW@ylA<*Vv?8^{nd1x%&@&drzV0M~Ook>oxj961n7UP`8I4 zKGVZ=fei(yG^bEWhU)X6jp+=c#jGIFEm|9qa@)UBIkZCs43qDIR&JWxhzpmnaPRrU z)gZ6?uoV`q+P3Hf@>;Kz@be&Ie7O2N_4CaVsJ$kmn20rgbo&gw( zHj$krpErS$@>ArQKwf^vGN2Xgz6L*K`~?4td?B#^JyZ*x2VsDcKm*-yYt0q1+zSdD zlWttHvfWqJ)I?>lN2HMN@%>Az^e|2~R<3=MUH01^o+9$Hg4r7q_N=UJZBH_X*8I#k z5jz3^lf&ZJQMhUgxi#xsgW#>UtiT!s9`n{GK{HG89CK)8Q@$CAb+ES5$+SHB zrnQYtX9N^vg^|h0PWPryIe}zzBP_wQq^ zKuFwhae~N~7F>dY6Cqm_K2-~> zS@??iggHQ}CI`>R$aI0zktihNw?O~g57x$NYdx$Mu(AgC+yw{hY`;Y<+1DTWSkzW= z!!tS0ai%S4uf=DrU@puhDG5}A>WkRv3X7u7$7OC+=aG~dxnK82{}ddT0%cd^Dr-S# zI4mo9+!o)8>85!*GO~q;CwtmHfimB&FJh%HC3fUS{mdr3)p1elM+J6mBFk32Wp1UB zF){AS^2mDT-k5tDnUv&sMTK3G-EXzPw5|XwlEE8GaMCIpT!3l^s#Oum-4kF>Amz8= zNP@SvsFECVPd0Ttd_`IL1YkyD;T$w%$AQt^pRF&Hc)|Ff8oYgCT5*Ob?>vZ(UH74Q z_Ut%Qb-|M$^L@d=Tzk?AkDd8>5RO4)71Q9ez>zy~OU7gELiwg~!Ck9sq`P z41@7k8yfQ5)IQbnkVKaBl&r^Qh&vY-BP(*_!EnWiMzpGHmcv)WhCy7ypmXeQW;J9? z?c22XleZdF$w!{z{1KU`K2NW;HIT=>y3rR7Pu1~(fgZOo%=bsvNk!2o-=QGAlXd}M z98^cSyP&cPdutR=-z%%SBg<5xbKeV4Y_5mWDGKZkj#k2KsEogYT9h6D37*~~a-=gC zFWvy1$tTeZA3`2Ix`GC2v^M-|?fs?%EU36qqFil1B0AB+!othT!c|lHE-prBop@12 zdU^pNDJde2R{2=iv@}(ACN~nyMsfnxq97CxPfg{0{v4WPAf&hO&G!YP!s=Ba6G`2$ zlQfeSu-;wi?Y;_uLAR&eVt!@CkdmWc4CaB58KHU9e&RcSUi

Rw+{|XyJmRnIhDv z03*j9VV46rSdWJH@6j_AV#+$r#F3})MC5JER!@Oz#cS@dk1wu5E-)4kJNPK@D1O1I zbfBwSSU)HFWm?+sw{MwHX906PTgRxil_j6lleq2856W;+KvRUVLA+qc#uRZ1LOaIK! zKX86qUWV;__=O>Rt2b1tYJR>`4#?MY1LQ2w(A^1@4z-aEZ_4U!OH5aG8l&QmQ{iv{U;o`;BoI3Y!AB++%SjB?(w75&ZSea9x zwD+1Dik)BsoCGJ8&7O&J|8UXAr@!N6_J*(x1 zzzpOwtM*??3z&tBbD=#T;kX_E*<5aC5lR=V3m)`{)}KEtEi2myM=I=WL%<#v%(myt zNu{OW0ALA6eVJ)v*a$|C1@hQEA;y*kyjC%4g_(;>3ydX%ff1q59uW1aUqW+DP#I&`=1cige5NH*E5d#DRRu_Hb@TuAq5U z1@l^1R>e5@((?f*vNY8#NSzV|Rhp@Cyz_6rZ9!Qi#Bf5?G&?(1E^Z8P90Z~GL=+xi>C@jL?@_`R*;7lkfdKm(u%vcxe+F##1^`PZ%2ue+d`RE(r`8`C7i7y*4f z4UJr64^i6^6yFmB#4ENKXEdH6}pJ)=G4O zjJgVKaNPW2V!9+OO&E<}q;LfcCl?<>wE*Dr8Q>!W{)$Nc#>dA~zqCMYivaXhG_q z;NXt(JrD!=^WMFC?|su~-Zvfr;c*I;93Bqgvcw>F6|Hmaq9>%jdrvqw#?f9u>tK9| zT4%R9`(l|fpXLgY50Gop*Fh0<6cFAsii?W{V}Ch(xOjyZFm7S<$3-)@z;6lxn!$(i zbKQKOLwBm8ykln}MS;XGEIgevLM1dag0BR@sYeZo$=E)#Hif}qSERwErWOLWxoMDT z4JRlr#ueRiYyN9=^bk@@`5JWfnN7)+bsb;D^+Bq=Tre~hnVr6F4e{16$pv0b}XjFzx+2 zEQ~%hK9-%EP)mBZV9YueX;0YRq|hT7pAsC;n1ZS3qc3J(u2BmXutG?adT zVVs|zztc}J^B{XE1{}dN0ng}Zmt}3}JWy{Tx1tC5KAdw)ooW{ch)dJZPlv z^xT=822G$GV}e@pi<&<9l`k%u@$<=G6UhgMGyP*(=IidbGT3?@Vj){-Y zo*z~M#qaap=fQmD6;%HDBPkq0A|hJwn5qHjTk$e%b~XzR_wKGrZ{ps4`}D~^fc!E} z_4%&s0|c5MN?42PAX7pKy!cb;T|6{G-a`=%0`jHV3rbOtI&un`ZxYs*CZ6761=k@^ zoG1VgVrXO}D>bzO^|-It?kO3>1Q2)uY<(f$$%DSxa6zSqXEN_v*dD0yn-bTuq3^lO=Cf$GZz(U3jFVf^&LWQG2Sus6l%0=4|xus(GBf=5BTdcYBQ|VNm-A_fN>S}dX6-i67}8O-CG^-Vc@7-4Vi>82;s9e zd?+6Oi&w_H;7e9YbAvmHT!qtq@zy;e5{DVdH(ziF3!A7U4`Gu8>#KB;J{gDq=3ngo z6_wm}OXDe^V`5R|%l+f*eDLtD{L0!Mm&Q}5-}2O$)L7Of_Z+JLLq~bq=508z&HNVRWfaW>;3Iuqo0ks*|6RNYCLwWcPZd z8OiuC;H}f#SLb#TmXZEDOvTs!jPs{sqR3zU_&K(Cm{V14hYAipy-xoEQR)7l;hy{h zX8!ja8ibVcC3o_UQhdjq&O4pEM4d~KgF{1nhAgUZ=Z>xW+5`c0BPz*}Pe?v=SB39V zq)m~Hppd+JXQ#@GK0~Dc!PBPp>n@!AX==`sA7OmF{cw6`rR(p?`k2F{`Q?9=HQvP;sD zdK3RUU8z2^hoWr}*$aF4;TpBOZ(Lh_r+t9-O?cx$uUEFzkWVyS_7n1a4n~r?5 zv}Ad&9KXu-97AF3ZexXE3 z^^@As!Sc(VvihRqQ;B^T!#MR0x(4;0!M!I_$lG>(?p zy743i4h+U9FW#7Zr_9n)nD6}S=<=0OPSv`^#xF=wG&YtEWq3Wf@<5*FH4xYeFWmp5 z{RSMWvAM%QKzdsn#wxzD;OV;Jf|P(mLz8FJbB4>QctAj7eYObXXHr@)j~AVl71xF8 zFo#aX6VO!;=a9{Z$){}d9xub(5jZ~~$@g~I-I=z?T|{9gKVJy*+V;#_ol}kByRH)@ zK2p@OIDxPFX50bgXGd;DijW>ye^U}fm7|V<>Gwc&(0iyfm4Xga*f_DTpzt*I>U0a; zxfiLg`UU6cw%xL{Qle_2&W7@6LiNy9;aNm3Z&-NP5GR6g=zTzvV~&ycpNfUQ}3^m|?Ff}sy`G9Hu9JZ5^EcAG^vy&!&VyCJac z{rjbFNgkAkj3w>R>yx-W+bzPR#_RZ}S;p`L9qu}3?nr|-WcDVqMef{qu_#%1En^Uolk<7V~9vm@;(?%D&|5l{Ooe3mHvzNu~ z=p)e$1%mI3Mt`12##H2|{<;iXg4^Y&mv7IfFL|fisb}ot&1f|{u{#RX2UPGkj!vDi ziRVY3Q$q}XU1T|UFxxXJ@pNu=X`3Hw37bOekFA0rM+K>F3s^U8v>!P?)sAsV|h znx+MZi3RPI<4*XILh=kv*?W9CwT|c621i@13XSsuUHgu(KZf~%jnT9*V2(JMl}A6B zs2m!y?(xMw%e>}0liAI9_%K*^aWVbw8q96Cxhmxj%^~0IwJZeMyLR%&yZ56&(zHKQ z<3DHqel7x7dGPUnLHr%*RPk%P2F2z9hLbs*NFK!O`Tezy6{>gu?^3*WTG52s22X54>Of ztZQZx-pjY3Kb$NoMq^=TllRiVez}eYyxDV^6FQhywU70o;mvf?Sl6svE^n}oR$PSv zGA?XX%fE%BJ%9+AaDJf46t4vb zd1q%W%8BIMXFfkaAH|Kl3zWohRaG3k3_q4=mIFqATyy~{$>U9#Ol1~Ia9Ek1@}g~J zMiIDs#g@*E<)`6R(Y__nswp^K7WOMp=9IodI@_EZ}aA2yHe=7L}bOOSFFz zuni21KMz+w0i{B#2>EPd!nA?)5C=jRm9VNkhg<}-MkuRu`1e$*AqneD#aB7KCRPD` zAPL2h0R}3!L9q@vB4;4eQIGSxg|V%DY-HcJ{TuKdn~NBgf)#MUptD~Z=O8%u2?NiX z$nL+1-VkaA!riwPn$E&V3#GS`bc~rf696m7h=hy^wIL6J{nGON+pUkynz&AO5xlSZ zZx&zx1FPHaisVuy+#NiNbYQm#;LihH@}DH^K3&#KDE|0_lMD0|xzSKA2Sb^j2i_xg zL-nnO#Tc;OLt5#`{u^(%16)i8zM3JAzq8<#>*`qT1zO^?r>EP7O#sefo?5{hv2S&4okGq@E6W zdD=_ljLzgSL9hK|vwVL&cy#RQ-batnDW3jAJy(C`d2ssfs$WNgXnf}_qS!6diOtU& zbaXE65Ei1J1628Q(2WM25~rSDp@g{_)&4@s8#)Hr4%Dk? zohw&L0rG*boa;>Pd<7DMz@1M#eBdGA`1zbl>>WTe7wPVU%y5EYh%tafc6ernS4v6> zu%bVig}l_G?tx!5(zs4j35$lt{?+yO za|_AP7R?G{t@^am=NyH@>FZ`{7(%lcu&+$JwwKV@k%B3Ng3uB%&-p7rA=O_Psmg3Y zVQ^4yD8aHT_STatCh%YOvDfccUYM!Rms5w?_g-NUIB z+`K7IxM3JVS;fkt*Hl~kG<2aH1O#CW+laX_1!H9EHZUVC-Klo%nt|d2vz0#DrPd8# zu!0kK)gAxJ%1WE_$3rS5?~SGzzwX!EnyuD?=PM3?(6k^1rD2zg&?jIGZ2+XD?Dhl^ zSiKADc2OxQcmUl*x@-yd`aJ0DY&-fRN5~c4QvvjuDITT+SQ~;}n=Rb(v9gh~SEGO= zIXp1%0zgf3x1JxN;gS(g26~Vg?GY^Q|M=L+Q6DRi9n*HQryhwy441T_4KQr5+%VM< z8xau!^`~!>)$H6{$D0R?c5`2OWL)|KptHi8?V=xsch0l4*|+b|!_;^0-o3mv^m)ny zo*MqsZ)h)-de1ck1*-^pKPkHs1U79Zx0$UYFi&|XN21-hEBAUwK z|E>WDmH?l%rlUm=+&ik+pSB0^rSjkFVlyUVpeq;Ec?a0%&ALd!zOX=me&E(}cL{AK zD+@78Vqw861s}l_kn1=&Ud)g;t|2=q_z2dt&=g`{ds>}5*v9cBDfp_Cm3bz}u1Lf; zods4S;nkPgu;8V1; z9!fb~VfUSJDVyP8Vc*$57Vk#u;d0!<5mvIkcmD%2VAthSB^}0P^H%6jg7{5c;A4jT zS*i0Ji;c>yi8_E$P>Ya@R#_;@(b0KZDFjk^=bx;_z0B3;O=|Z_i@*v^>;4L2v zZw6~eepp)49p62Bw&~$W9&Js_|GfOiemwuh(vr8;T$FV5Az;s_r}&ktK`E|m19)Xt zI2#vm)7^mI(G((Uz0v1?OF{fhfkBem@H=1% zhr-Q(*@I(1J-OYHYd21H4gl-ZR3H%Hpao-NPXvqL^%2x9glq)&=eLt`_g_ID=wAzC zSWQuOb^F@n0J2`yf7=}p2!Hn3I`AiI?yS2^5xB)dDE|xihAi2Eib`YLpm2bVcwTwODmmm2*hlUibE^4asH_~$V(W{a|d zkLddM;>qjfDiQ4NO%@+9H8-F9xqL|aRQae|#E-oj(1=#xkzdJN-28n^JJBt?^@H7k zfUj_to0U;w5>NT}Y;?a&F1Cp~)|%)>v@smmnW3Vy85j`IpMNqxpV5%qEUf|{+Uj%G zU-^YhxdNp~WrlSZPX#W_Ud1XL-FZYPiF+GX^{#gw}$ z7QS^WG!O8d!lv*CE_^IvOWA?4qLV0JD=eP8qvxb^p>IKP=k*B)8Ht4XEPbO7JRJ1a z@hkh-wc|gqj{sa;lF5BclaUfaUv>FizWcX7e|$8ZAy@TThUZ+v%vVE`Bkk8O_8spO z-4TMJqx;e>T9m%%_NnaL*u5awsZ6`IAYFf^0WN28elW1RR^qU0^M!xVTA!N_$~4O> zlsw*@4y1GWXZnBbpM2GSj$K}qhHKmX;RSfGU*zbCPBUnUXFYCuHV{)u zM0GGKpMjO!Z~fyGNPYYIS;nLGs{G1F?QbOoWyClb=nMz{;;kM1TyPPs1O0bMKH!L~ zsKnh~o41k5#Yjs_drg=9V*L7MZ=cgOkx3FXiNLiNAS?%i&t*QdfBPX+L6#llNZ>Jg zU&a9bs^^-&rZ=;j#d9W*^b5ev*Rn3~paJd~?<^w53j0n3?PnQLM~)W7zx!N~cSY>u z%vTIX%MLTne5m>H-2&)sE?EyShCrd9oew7ju<8zW5uK~(=_i49WdO(YtHTGB3S5!q z@TZI!e&}kbq+RDyJ!05X&WU(w!h{pj`>CnpphAwl2&eo6C>ceizk2mPM<-)mIRfkE z*48Lem9x4!2~v z6i;Z#y43BDzsfIvJ}+dtntA#1_$UYMnP;cM#(Ia&y?aREpkHLm0ElERtf{19S1ttG z#sL>-k_&i!{VNg)GgOR!T6J(*OtPN}idLb2^z36QZ%VFk#|pbVB%9V)2<^P{i;L|~ zIF;O~W<8K6`tk7aWSbCWDMV+EjI0z&qBOqVwrC6rj)waBk3Co{6>=h$=QA~-aibtG z1>%V(#cu~7=Q5NX%F3F$5bbZz^!m#9t``R#@x8KV&mNv{g{l!G^~4z%LCV%j=>>vk z56{L>iJUb0IE5&Rz5ean`w+f8umNLRZ?`8%Oth0$d~0egh_VRR1v28R=H|(UlM4k_ zcSAxFxYJr+v0xG*IYSu&Ef{9zX2zSOSn46IFe&lD^Xq0h0KGLT9r0I&+)LbV(+y~t zktC9L0U5&w2^_?Bpj+fXcy6zvU2>oC%QDDYzrw&81o&_;l1YN~G4r8^fPf!klF&TL z8*bQ^sfjo!!c~ukNio;od;-erK;xH1=%vWUJS3vg(Gb(9{$V)AG{+w}h^9L#o^KdH zJU!KPYXnvG-dfbIIk7A%9qe+GjDaTDa3kuRR}-Mk9wf6UXsHRJ=a=$$ zz<;>hU1^)w|n4P#wV;Ia%oLmw-Kt zIY7?H7loq1K&zNbB%$) z@iZE#yW-;FAe~0iD@di$QBAf_gM(EItX`&B4FN|7oaK)-Ilzbd(V)60xx>lAf*WuD zC6=3l$7sRjgXuU=S8uUh5i-1r)>)axGCyx?T!Om!$HQJahvfKzEG#U_Dk`tkgR9Hy5Fxc7mx? zawI>UcCu4dWf)|F_{79h=)jhIw7R;W0Wf#3czUjNl`pZNb)1~?fv03NE-8$ysIiP~ zvK92&(viVVr-KX{jJYa8ceEl?l7}D2@;U>{cVO>j0XH4SxnkFssI<`!@j#`9l$y_Z zMgVT8d#j{c_sStiq9b6&G#f?@a$pmur>3S_&LHD@kalmZa6EzGTOJ26aJFxK>3Q7* zn%&C2i*VZ@E5%K>1VXqW*fg$~?x?`LVL(p1;T+Wn@90<$HK<@B|32O0sxA?BV!^sV zR9Kj~>DdK+=Zb=>Gh~uR6wJ2tgzgOyEc-I|;swLd_&7}J9dvjT5Zqqj*%s=*7T<)_ z6Ugl!9CXukRMP=Q1N5?ukPyU%E!Krn>#<52xS_s;2c!Xloa=Byf`V^@vf(+jK}j&#IuTtO-Q%!CHAiOrJ57 zAINhL!-_DDdAg|cC4_F#lVOHEDTja+Y^WY5tb6}Hukgj`Tmlp=kz2`_g_L_7(S{!opC$TY=Ek`vhZVaama-62Xd0f73R#IDmv~ z0$(EvNEn7WjWkbB&Y$$o=l)x_HF|}flS}vCx~=_Rb`dZ5gT#NLqE8WgZ0F}c zm=^5*dH+9$UH)%>h;1g_8%kj}TSHS3F7-{b_0C0>jy=;*DZBAl^dtil84v5_qCe>o zTv)j9%fp>ld?|*5zoDTyu4nqytS`u0xahks{QSqxZ!fKTfA>{((Z6wGCmEp&-2SdI zySohk=hio%>fJn}f;P4OD&cnTWi8Yan9MiFmW6|rOHECUnH#1f&n!za&jhiJD1S_- zSoh5K%w_%kWjQBj&e2o3U5bjz{wtHMX?pIHFz5la869|l^>{DdVC`@&eUTCd9WvlR z1%~c?(b90(M5b7n*m?1-1(OPl9s8+rLPJwyTk3;{4W=#ITN{gux>osRC<%K#!y7lO zpmH;fn~OC>iP(OuW)ze;tI~Sm!g}3gClXs)`zEBKg+JSM6=%Z?cIv)^NBGX2n+)<- zFvvH}#>SBw19$eNsVZ_Wm!P`COZDA&1va|`yKaLhusm33FV|NGDgzc~>fN#@)U;5# z!oK!xC63oI`N8w!BTZ+vG|Dy3Zu{=MllJyuhzO#`4<=Nbr^jLk(xfMO+zDC^Mv zDiVk&>Xe8nU;}xYRtM#<9n-VyE`JfBkORZccGH4x?y4Kh_LRbyUbFJzb}J!ARMqOH zoBK?MrUfx5d&PGJCPDp$S3FU7zdlMnDW>9ROw`%%AUZTe^8qy`COaGkHgf!{w#)Ns z90BOdW$g8@`fLh{1LZOvqp6BuOHG<78C@=M6nA+OVCfES$tpe5lbOs-CaVQwtgQ;pOa@hcTcxW%Hn>Y$(TxwH@sGhY4dCs3{NOKj`WYcaQ!}&B%4y(Ptq%Gt zRKsMpd{-4Hcls6UJePFVah?CADe;0*RC~Uew_`V1Q|wlgPLZv@6V?M7;xG#vo5LYw zLJ*MoHj-x|V&pU)ojuPuOD$iTfB}f7Py@umRI3_A#csXKbK$IJ^5#q1=EQ6>5_asb zRxSHgt7=GD$*#{Apt~&pxvJ`qiJvCwQcA|V0Zo7*s?H+X^>G;>`AS&N-jtX0c~(Lr zn+Y1^0u+)1L(}rp;qNw0Mu|yrQ8(=*| zuo^i6V3tut#3_C8lr&XTb{}>#9|qtj3hIJbnkYop(1UWkQBNf-SAT{w7(_!iMT9&z z*x(z!zj=PNV4#{XS^2fQ$+vJEGu~H)V&V9)rcPeAMQ}KUey}|Xb<9NLO+M48`<%hm zoN03{_|q`rudJ;6zAh^#N1vn&^z2mf<~&Y^DCWOCQJ&_z@jHscckz1sdN=LwgOCQH z)>ic>ZxkQGIC#eBDA%wghkBn;&Hz^s&IV@ynR>|M$(Ow=D;rAqQm_E< z#v$MctWSRNr)|mH8-0C*L*X1+4K1DB=iir2njt?A-Rb{aWQ0LX7qhjEwTTb$ZGg$R zVzDA#@|+hG_iXQplgkI*m<(1}7oa59y9K5NNf)e=KRvskW#;DJ(`@qI`uuUdN-qYR zTO-lkK0xc&i)d#vo+Nm=PuOn-F${O8Xxw`YTZ58ggR{gx*EkENM3#zQGOpCU8-)pJ zzQZwPw6mLHi4aNRc|8uf94MzSCAqlg@SeJO zuZo8UN*l6|FuzXHpSO0LTufDByBKr=ba%d*(EDKP^=96y9igqZ-f zFCa`-*QJ5-1LSZZ8LI-xAz@=&@T8ozOF{WbiE@Nk*F|=Od4Bkt&dyFIrw?%xBU}+j zC?=tCx2gGNh22xo=a?a^Kh;{A?f-kYW7`btZU|#;-^ij!I;t}u_5c##>o4y>_O?Wc z!$1uRXBqjncNJ%Z+)Mb_(MA!nwxZ$#DBBksMNHJUA=U}{MXkv_<2w1 zG`rU*C)3b~1326x{A1vOq^_V=Q*WFQ!KMPxmYcN`HP5?{W z@-6nJ3cHhvNVx`~@T}sAeV$nw-DCz<8NGplfdmk3F?IP7p57=QKgHtRB^$tc_N=54 z=id^7K1m~YJckXaz*3fQc|$kVTNKPlm#+qc{$4%Z>Zt8SrGnQxsMsp*eyK?VfjkdJ z?ocZ*?d=rLUv_&6#q2MGbq7u~WLa z{DK_Y)u2vu!+Uw!=8U%OA?9<|JMv)xIyVD%QfTNG{Vzyr`*WUY_`vl1_n&~pl~POt zn;D&9P0d^CE+glvf5dkMS{HW=yUN2arcJrWb`lMjHaH+%-6R@si|ehD6Qs@P@}a(X zf}?Q1f47^7UfN%an%aG<|0p82bA5FGW2v{@@lfdb{zO7wQPlhX4*&fS;J-fb!?2+~ z`O~1K`{-x>jP7|GSNxf(bv25o98o!8#kuT0Zo z)|PGQrBMSH)<-+S^Yr_sFV4)G@=W*Oxt*OokB3lAU1SWpSJH9gdBhwm2^{?=tF5l#ubI>`jovek6`FLiwwn<047*R)_P z=9p>s!kMHC4I8m)g}fZp0>L({DZoaZ!$Ooeyw_G^sPYy7@i&R4C3VHRzp%$F-{4Vqz;<(@44 zjJZ7eJlnFjMGp(_$*re9-rh6sE~H#KSbzN!SxN2n0seFKX73dLZC7OImY7jZa|B)o znZ2j6X6YtN49_g}-Kc$$7=6RB+gEMcUFq0pvPie|^X8;R9fM@0!W7-j?dlM8qhO8z zYN^yxOpw2Hc|Y!oO{Q2@@zz3m(Z&kj*d~{~gx*lzfuw8F8Rr=NDcSase_QC9YUG&ityarFB2X`E zZlJTBoz~^ftx91HZfFS;-`xOospr0TfW+yTR5k7tUjD;D^tYXl4sf-y{x_I`F7cld mj{ggy@b35f_wnruZBGC{or2u(u^{9HXyt2H@-N@~<39nEKMDZ= literal 0 HcmV?d00001 diff --git a/static/img/install-rancher-prime-home.png b/static/img/install-rancher-prime-home.png new file mode 100644 index 0000000000000000000000000000000000000000..339945a389bc8daebbc313444188f91570edc49b GIT binary patch literal 79391 zcmZ^LcQjnx_x>b8kRS;n${^8uh!VXdqDAjyOa#%1&M-<65xox~dLO+<8?Ok0=)EU8 zqXaX`DD%7WzWJ`tKfk+{Wtq9>+`aeN``ORl=Uky$8cJlObfh2R6 z(1S3}FVuuqE^TClqm857HDlu@JX*zLhZCeG+sIdAbtbK0rs!dVLN)X-sX^}egV3-C zABkvYji1ULZgu~d^_6XvWv7hm7L9*z87IZGw#=~K;PpDL;mKzSFk++KaC|9xSf=3wf$z_AFr# zt*+;>_rN{`cw6ji6;B_%;^U`hN|N8^;=9Dg=PC3>&jP}TsSRNT;ZRRC%DGs?*wU8 zJNYT&UPAV5X23#vjh?u&T@H=UlRuehsHkju61Y+%JT}YHSk*rXDdy$nr93o$`?@bh zUo8C#{Csb5@m1evab4X4jjdTi=Z)6j@bBaTmQkdk8ddj)u8WuZCGBJCr0n5)sg!7NjAWLt`&VOzl#o>erF^>Z$o(zkY2zRa2gIR#6EJ3lC2{ z6X$rIJh)u<^{c|AV$LmC1P-&2b9Qz{H1l^QZ6ME0WxbW481bhe+wmh)JjEWw77<&4 zd|q?pie^v_Upb9;a^Dxs@_zn$XGQ36(&^r_Yr{d2>BeW)Y}9#AJzdH;Zu2U$O3EW^ zjk#7eRaIf<`R2x5bTJbZ+mCeVrn0vM6%`fyC9$~;ZfoN+)gBYjfR+eB4=9#NpmIAa zgfWhaq6`pLwjX=L#D)d3@WhZxr<9Q8)mn#$5MR%cs>$qMth#UgWs2mh$>vKY!T z$LSdcJ@VRlQ3`3QYpZ+eEo}bvS|shGXF7hyjevDW^>49JQB#k>YxU*j<@ay>m1ILu z5`(+ZTRS2qq|by7&K7ZvKiXjD?F~C3-&Y@j=6hyn3}>lzk}*7f>{F;-=QNirHEKmp z%Z=?z?BQOL4)&LZ;QZ|O&6-L~c=Yu;o@Ck=bU7cjuIOZZUY1^Z-T%4h?c2AFD>HY- z#12;biqT+Us~)PpG)cpQwE;sF6&1*F95E~`EKJyK^*O|)gIbl7i_5kmnhL7GzxNoM z6rTFn<<(qks%tx$*!l;0r@~W|zl{i>CN(v6(U&hqI_;oK1iQQfYm5lor#lwLk{3g; z-GPtXPa4`KMZd3icr%*rp*MyrS(fmq)pYO2n8`AS+}JABjgPj&nkZWQMSjTQ`Nx#v zJF3^X;xL0xC~N`WjPuk#e*Q@)PyXej%SDIhdIt*I4zu>9ij_M}HMozJ-?Kxi+N=*| zc~C#^9xsEK8m0;R>@UAgswMbW98ji59Z{Npj@j|Lm`;KFxNXSvG|AG5P#MP(Ovh0^ z*ad(BnuYr>)uLL^L{ZdC@s_XBBhX!4`n#y+=}HKec6&T4NQ+(naEl!78m~l$PNk;^ zhyrs-*T~@vm;CaAI>Kq}54WaLWCKvE{b@6tw^a3rsHvz%vA2;-#Oj|PYg4j6*V5M3 ze#f2ulv?}zAC<7{$_OjlYeXQf)Ol42jQ@24qHR4*4Jb~ z3t<3g0bj3oD)Co-WILSOD5o4Iu#JdXW>ml?C95Ti*dy{aGs-T}yQ8Cn3>o!TZsku+ z`p*2v88WnQ-m*t8X#QH>{*)~`S!DJ*eHljV$+_TT8j&&hY_fa!?;3t}OUjfUIpaZ1ztw~?#}!_-IC zQLld_4;A)sWMyW`8NP4{1~9AEbK68c`Jp^u?xGnP`|*;-8Ft(`6%Ea$y*;kubezdG@S+f4N>3?}%>YX6wl z4ZmnsK1!3$%n^!>N;DEGb2f0a(rR&K>_S9@3eeIN$F=5|Gv{9HIrje}Q+2u~eDnRH z7w^)EdYzALF*(_LSUeEF2c?b_p>aGmq@<+6*8QJ}EV@lh!W;o$w4GZ6tWUQsAad4V z0&C6}p0NI#qyrO@xl2#Hb6&7?Zw(e?I3<-|LDmJTM+TUV&3j$n9F*hK|-`ftU$EUV3XYbO-iezIkiYdzZCdz!DP@*83%QM}K^JB;vC8^b$zyC(6cV8{E)`Dx#NI z$oRC6kDjB0DFCo^cl%!}WFlH~xP3VLl?}`uqZmF5*0#K#Zo6lUU|Yfov5oBoX1{Z{ zVHSS#^XGDwXm@VjT2FCq>gpEmVl*f3v@8^VI?mK_N=(Z#hl#6fy$6H9*qIYvA}LYU09V791Bm_b=@@0!CHFHRYVed8c%6 zTR_H3zh|`tECWbk)efenNCc7_t2W=Y|LnAGhpIdCLhzsMEnr;mkFYZ#yTkPqr0lz+ z8>CL3W`FuxoOyf1fQQGO&s26k+!4I+$B^T=Gw)#VbtAbY4!3e^v_u@rK){_uqW+twt z#oIfrFEYxAMMNC%a9biRYJ;?Nf(HXH$XYe!Pg&TM?To||qK0ym>;ZgiyuhLLU%Z&* zjPb#36tHzrcyf=)$6XSDm9;hdi?b7xdZ#pi+##CP(tvE%dymE9rdrouk8ebbX)bAq z>k!siS~2D7YS4|Zn8&ahUnw{#e`*xZFkPd#4L3rJ9lLD8YZck0qUU<5^oOSm#a=up zE2(lkf5&>63iyZwb@QJOjTY(tagfjA)%?tMD)RC{e-es?4d7(lyu1!yDF3=KEl1`r z+2ba}=i?|*tn|~I4>i@$8=JR?Yuo+=a`|P7*_my)L zdy5@dr`r@km-%>8=*=VReus+BFZR#>PCnS6Fzxm&cKVUemm9PL&d2cWIG26D?l?=+ zz4B{37cGL%IuES;p!;^t=+iwxi^ck)IYXqEtihR}`r?ITChntLVfb?Zly#a@IE(=r zH|NPUPq_{d&0!!@qB{=`4$v2lb`xyRdASU=v@!)PI&FYu@aXMet7H3`g*(dlBK=ns zn;-o*#EwyAAzB7n?2A1D<)O~M?bl|&rvAo}yfX;!_c&K+;~;MurX^ezfpOK=u?*?; zrM5WMDa6@6-KUQ{l486|lj=ve>^%SeS)6u1( zUEVEc6TS37>{y2Sf66JoKDhdHej}@{54Snr4a(C4rQ!X=}aRWIR=VX?5uy86}@zN_nfges5gh zpr{RFTl%X9$mFHfb>Jy2aMn-B9Ifo^y5RUtLIr<~rwGUHev%GnsKBi%H-#z(H560m z0{<B-qByb7z7^#m6*8UJ&PK(qF^1n^Bxn;FtcX={0bg?k--P<=r|lwfzNDOHVQFhP_; z9ba!1)q$U)l;-ULwRvh=QdSDk{Vo;8%{Nhwlz(gU^|6RtWOAxh^NexW0KwWdf+{{9 zAGaPq3q5K#YOGWq&8e`!>S>tbC&_s*Ok?>Yxw#7Ibx}m={~rhXI+WVE1ntaQX4e#Km<6bGW)6OiP9gG|wI2HX)p1ZIVsTsgc}j2NNoS!H z9UJlHYvT9JTqu4Ec>|;S1qWt#%)7J~-YB;*)`+tIXBBsjJ-aLn@;wrQeA}2KxA2D3 z=Vr@uLn0yh8H0*L5oOJ+583Gj%0y@8Wa4!UJQs9=LSZof>Byh|jkhc-T;t-26lG#` zYnao?WtmoMVJs~d?Hxp)2Fv4fIt+Psgx z-IR)HbLiDsc(aD_Kn}zuEc|fwN94}F)G`i|+y5)(TukEXwcNBFvY6X+1BX|?bJkgL z&36A%(|9itZ5ViE14YRTZw<4gm0de8o| z@LZaOF=+ukv3L{%|J_~BPo7$`(2f~Gyf$WxmA+sy8Y^}-R)f61Eg+k z-eMySXss(YloJQ>A^$xx_j@Jp)Qi~{U5LCl|JWL4TBrd2#kF}7c9Je-5$7fU;r^|w zjaMezotT$#sHo@kL?3MpS-~C_)(*`a~@3Wa; z2Fbj;RO>JXHs*F(3q7z~e27;ul8RAa^#p=@P5x(+z#lJ75u{aLdq{}rt_j@lG62?a z`$8DZCU#FRL+j&1;zGsXTQO}Bg4~f$$EG?Ef(wS<4pQLNqMd~g?yCK9{y@gwI$o>m z4B~aAfsVxm>U_A)?~k5o59ofw4qq_P0j_UfeAS^hZY`C+oD?+Zvu{%LPxlSNmGR@W z#$2Ppx%qGv0gURxAlOR`ti z3i81zCo|VD20`0nBHb3!QI5tvq>p=C8I1W@$L8c~(a270a)eUBNAL6p=^Sc%c%>r$ zKY~E)Oemh0jp0JS_gX&Uj*2%C{*iH5WhL=SLRC%T6CN$yn^LP5V@aU_NEctq4`;t z@BhvRBpscY6>jr-Rg=)Y)a*7fn|G)CjL-`AgoVPNW?-Pk^5|jvMyZLZ9arK*&iiTb zEA9eC{l=b$iaVHx1axTqpcpFrlUvy4H&XhGue z6ph?b+~x~=>+8bW*TPNCKqIpNB$ehljwiJIHqw5BVX`H^_*mXWD>Z4kv?bB zfd92vXJJ*mp;MT*S&upOped$DuCQrO-1<-BGIPYE{)Vcgi9JnW=WuexN0&UA!5saL z7m6t)P{1B^p`I$dFBl_>IvsIqS7AAbCW1q)Pt)rq;u->G<^S5d40uf8TJ5x2L4lp) z9g)Sx9+JmZCZFmbb_z>s-^^Sq{Mf1I*w90IZP^GB5s_`y3|BIIFHe$KnT&)O%Fpaz z)q*@ZqO3e7Pn|~(VCRaABrQU>NX6%hA9AlxR`C^&(3k&-;lUaGrxu$@R`ql+jIj2A zy~sDgIPO=1Sd!p4F%d1gPseA3dbH@-yk9!MINoj`@Fn-#ClSRmS(#ToXI2j& z3x+)-l>63#8@$mMie6oiHo`>>C!E#hG6K`G5BW#ktmN1 z1}nAknraWkqv=ncKG|M8Vc(8_F;kTQezQE9zJA)txd{8be7W3m0zYYUE>jh+3h8tm z?)}?s6BGW`6XZvag*?Z_wp$rMJ_7T&R4O13PRn+6)21Ud$lg~GT(P=Npt@a=#RZ^n zajJp1Rd(`jvD6)PE|VLQQLazgo|P|DEOD-$a$BfdUOMl3?JHDyoU$I_FRfICtimLm zkRu3$5lwftlq_m#^_;lDBk`mladSENZO{Fi3LgN(#aUU`rtnJw`HlT+=KD-AbodV* z5BdU`t?CnLHsYRz(KHb#ko=X1WO%p+$$N#U(u$Eckq~BGqp<4;zHX8_vqWmoMts$u zws_!SsCWAF6hn3;_}$>^piH(P;pxH0qHZ;PD(A)y*S|7bHfB23-&=jJ<40D|$aE=l z=9=p{W--nE2)JF0L{h^N-U3SxH6J)eU_btb3{0vkg$$uAA$-h&5avG?sd=Iicq!OIecCA7-?!=+LWr z8nzs>RLH%`PC)QsZOSdDuO76)dBiKd~;nQ8yAohoE{b$ z-EeDddNO)I<UfXb|eVCR4UsfKmDb zlY?$6!EZ@xUAi-8Uoz(-{A^ERq9d5ve$hcS#P< zZc3w+@yW{kiprszh+nHFB?MV!$BgWAE09cGDd_0Y{F*t>B1WZW%=##dL;|aCNE?31 zWCklYxJKK6psPq^>(ik=@N39-o6y^GK*hdFPde z1O|?(ZM&6P826CWwNw@408B|9F_%PzziGAvL%PgGpxZ#1N2Jq5)KWF>v2ufT==u7= z1GXqH_U0rHJ7(67fQ`bn0>4)uM%h#c6&!g5z2E>ztskLx_~T+R{9RQE8Pra~S*u0} z+{IK?i9(8CHUacTe8+#}c1?y`q#S5*v}MOb~e2H9djw(ei_9?&*P!*58^X z%bOX$aiWBwrZ^EG)_CvqeWdv}nebJzV#z}2f-m8vpaaR&RYm-+k)*2%NJjo((4g@P z*;?;uXLG9uN#c`c9CL|C&!p9Xh(SmF&J<{BmAJlO&%dxe_rx>o9Ja5}7eb72S~q)J zH}~qF>!38YO&=ky=R1Z?eb5>v3v7v5hgg0`V8x?7jcJ0D&Rhr^m5N)yA5Uyl{YTYN zqFtxCF_+5`;sl0-SP(H&e)El}_mjV5%1ffH(Xo0X3NPQMv&F-P3p|N}ojB6&2;Z^2 z94_Y-r?E@e<-|ZN!YJ=0cf%9(>A_GzS&?eiCB_SZgSVsDqx!R4(_3DP2s@zam{7Ct;HiPkMBf!M7_3W$ur!EI z36K2219wWm54x>jar*Uxtyy`F-=!Qkl5T<~r6U&Qjf{n-S0DD?%NbVI(-%y7SV(!B z82b>Bds#kw(Fdry!nU&8zX^)BNEqV@_!Qq3CH72I^Hr7`z&!7UR#lOJEHlGwO4Ow{ zdvgTeX7bBj9enp5taM&gZCPLpP8j5%((z=L3;)Ac_wwh|v37-?kVHij=XJ>K zNRb&ThEMlbPXHqNN%&geO@z}}Df+aJe9&I%-b`WAN{4It!{& z$G1CqC(Ry21Gy8Q0nZc}hVQC-1-LU@&ALfbA5>2cZ#xl4&iQLe0FfJSvD#N=VS%m3 zJ!JU{Ie!KRM!lkf?v#~E$Gni8C;t497&J)D`?|U5W{?(9FUjx#2c;F^=LqP3bnZaE zt`e^;&I1L3B(xf-i|>aRWf%YcVO@cM5oOuCI9!SYg7hhey=KGs{5tb}*d}0Z1Z@jZ2niHh(O^^<7X6Pxzq!w>Pxh zEhFN8<^+NM*?Fl#TJgh};Qoxk<3SXH<6rFii0*c7kNASFT`?%SA-Okx|H_QPk0UB< zV?ZJwpn@A5dL>m>_!H-1U8xJlpQ*rHbH!BzcMooYVz>d+0c`c1VcUta#*y%eV}O57 zdU=mg$&+_<07Qr}*!^atcXe1H%A=dmxB5|9?{zeMXie7y(HHYK$65kZWg;lx<)2w? zZm4Y>eIb+ZoW6etgn1Ta1t|0UUcxUR!@n)5_)HFSuC|Z%b=yq@>ceU2cp;MV)th$@ z-~bowZeLg6@A?x9G4}x)BFdL}%OL6RS%9(l%W~riX!8$_O=HCFrU|$-ODJemV6A>v z5d^&^$ay{i&nYo`u;{bT^33>(lKc!}OdV=7mxew?x=1TZA;SLjXx;hL_8u0N_I-I* zS1OYg!<{`eH|=}nySrek4wK_)NSz_7n2ar>uttw=(7K|N{PY7k-5ZnropnWp+7^pJ z_#`4P#)4<_q&syuZqwKPyNlkEXDcu+3DMcRY5rP8HUj+&qvs<0JaO*%1HE^PyhrB9I_ZcMT;84T7Pv)!DQ~+6 z3;9#Ak8&%fG8^z(Qt=TBVidv$_^dA%aK^D+t-`A)d)UR9ST4K~SOX|H(G;m!& z!4G6BDk8SJ6{2?-kIkofu_7?%1896mYK=>mHTT*2__8_Xsv}vzP_0xeysJ-{%kaJD z1nB@~q2phFju8TwZSVVl=olK+)^0zIhnxk8W~}C2wz`w=F{QKKhI2wLMc%&WuN*mz zW2GV(`BjWWT|J$%qj+>L04j9Dpb`YfN8SC`)YFG`GTh^Oa zAJ8T$POwtc|1dJav~73itp5Ud{1jOd0lJUd!YRbPJsgI5z;{ip3?RaE>Wn+0#D9n< z2;`YFj(jrMlItc#V9R^^yX)Jgh0U}9c8a{*+*buMvuA$$4`E+`pimTMk6*m=YMrk0 z9^lG+A0BTYfjWsXvZvILaG5^GZbILfb^3mruHmoYe|HK3=QzLXyp&5iZFY!7TA0R# z=+?Po7li!=H-I?!1;7{3m|1@8x;5JV(w%%DT7a@%@@h)q8qcQ3f@tVh#$ai;CdAtg1VDI*;k5uO0Gxl>b-Yi-o)e7WqpZa%)>K~`& zl$|MWI`#1UA?4Xe>?@fCO`@E;ZcI z=wAQ9D&``I)!}#9ArFC4B!9vN^?(joh;R3DdZ-Sc%sB8vQ=~@Oi|bLb0MVTz4Z0=q z6d0xH_nv3h7by^?uvoI;4k{{^Y+oen8k$Bzk<^6zHGYdFIiWD?Q zK&@bt6cazK_L2KOkbn049R1xJ*}+0O9ALLk=_k#3&wdEPy%*{|I=>4_?0zuR`_$aP zSbab^=eK_^Qg)dWa)5~f3Phb2tyT%Y_ZpA4{G<;*B{fqw#U8au<95E^mM}jqE8h!Y z$d4yyDyY^xZ}fLv;e%DZi9}Ajzm!ZZ*4#Zw(V&yjDS%WP4K4T4-p{595Xx^mfPejc zn=W9TQ(a=86^=$HZRXEp=#Pcvtw^qSvt8{MoJQow+3=<8|u zNOUW(JGr-bH;+CVW)B@a>#)~1t9m9NeF%*$zX}@GA8!lN627ae@1V5*5afQNsBiUh z5oy2ApRz_W(Z*Q4g0;R0RZZ!p%kIDr^+LZ{$DI$e;TGbmUULT^YqH;bLPq8d-Y!^A zzW62&ZXdx#kGnestNoNyZ&hQi6yLnMmU3iVUFjJA+1z@a9xDEn z;5ryNlAl(T#aC`X29jfuL@of4#Gz(i-3jbst*d`Zv+L}q==s@f%StjG{P%9KiQ0o2`l+57JQV~s5Gmm%pp<_`CXHQg z+6aErW-fsq53rqA!;hA;Q&0n#zzoid9YwyIwX$+Wk)526HfES zkhoGbneN^d7z-CjTK^jZw)a!n|;XN zt~Fgj7Qz?wH0W$+aM6{%405(Tz5T;Su(Mce%s!gQW+cjP%IBT1`;Slwi_H#+waFH0 zWPN>;W8TH1HD{AA-oY~Geg$@)Wu`4A%_VS{1NVzy4tpD?a|)+2nU*yv`0hNP1U4PN zj>keXTjvjw!{%|%tqvI_mPdCt!k}=|kX3y<>{oHvab+-U>6{Fyh5Ep-X9aibq{eN2 zmx(O972#-{WsS#uOc!{OB|_gzb>nCxMw?>;W1F_h*tCF`{H+^rAq9o}Q- zr=sRD6UyR|%Gy0-rn|Pe2W6~8KT)yFLCA_LY0934&7WB2^gOtaojV1AJr|8}(->#F z*_b!420Zs(l|`^hiWxR^AIO*$$(-yiU`I#7YZlWyrVVzu?FWiyQw4vqVq!Ll}a?t}mCIYP&DAApg*m&8eP>GA@X}%l6>W?|SCR`5d*P$b=B{K^$ zs)l^ta@HMp?ROk0)@92BavjISal=*=>nJAh__3Grr_yGBxTS5Ao_-!(&M4E!LN14Z z#FOeIQ;AlTa(R`h(1O4DnIXhA0@o!o zQtZYwN;%M6LLtMW&Fjn*nT%0~_^kxfJz_o)Q(Y1#01$C|n`v1ocOOr*vi*iiW-uP& z%dKNjoA)b9?nCuuf51|V5(h9`)UOy|?+Riz7Cpza5?w0ihI~~fwZJKMFGhbiI?OqO z+d@!Ln*R#G)tj_`GDph#K&8+2=n_#TgtU8p|>B^8+ zA-I}naxfhZ!*v>BhKncAWm5}-s5VHwt;y328Hp!`=R0hU9`822ej9<^mgNY!C+x@2 z_`$8OYuNEp{II$;MFLw6((3{Vg?JVqoR1QvkKaV5cqi=7ZsRb0dAOr(0d(ttpL%O! z078Rt_;=0xu@$%fZ&%3v9?`bo#?3To_}e;OxPicr)6%k{?xAuDxX#2}wb`kLgu1nQ zuWrYT!1_rN(+Hole`Zw|Mgp+$k;lOTclkpL!`c7{C^955sgCU%!A!8O0o>CN~i2AeHwhG7({lbK}Js0 zP#ZSt(^Td2fV4f`K1dy;XG-mQBtx-z7HMg~5tw=|pmyHRt6--If0fMf&F9Eh8O?>Q zFZML~AWrreu6Xx;L34e-FGhHXux0?TNtBAmc=a(r=`EG_>sxZ0PyvbQuvS&iotI$P zXgA$#*GN?K{AhTJli+pxRSgyDZs}*eY_UxYg}%)lXE*KdhknDD&}JU2)hsU zFH77_+PJvRKj`lvYxuO7sYyrn+%c=pCXifWj|%S5Dih|&J#K#kUkJrJSMnb(K|M|? zoBY{Tgks5X4kz)AhvTWWmZ>xuH!FCtQx*e<`n{h>;V4+KpE2pKxH4f>?sPQqHvGBn zd3ri(Q^C;)JRA%CRN|a&lyL9zrZ}y1aH=!X?(P1^HM$-eElh?2IeUK*s zI_V6=g&zQ`2m_4yBha^8^l{}?tF!7B`+$-M_-Xt#_usiH)29RWn3Fm-7&a|AN~X&5 zb@QeNANTBiO1c7-f-Nr7xqRc(9XzL*PZ zQ9To=`8^>!5?^drGa()@2oXywYM~5@KMlT%-+utX|JZd$FD<#R1)tVE4h8$586o(l zq#E_pjR@0=!eWkHC{3<6TXD_tRPFTcviDE(9IlMZW0Z$6lSEx+f$oZnW@H9usIZ2IjAhV0kOXPjosOvp(1<0!DT((y78I8)35 zx_sP%hez+>h3cH^se9!2aya|BP$_Jk8{#%|=X?oiFS51a>oNWlk-l>GshI5)ymgf6 zu2X!sqymkZgtiY>)YRCxXU;95zj^Zo{78~gn3dzg4JQd5+q%I&(rVUZNYUb5S0>wH zPMuifujHHv%{RUKB0uNwIm1V$^%7rHvD&VW=D_TMCj8*b2Hhg(1+4LK4YzhWw&{kU zz|J)JXI6S#7tK~zTeU9|SAp7T-L%p>*da|+$ID8?I=ED+RLA^|Y0fc{_2|;Pqm5X@ z)_kbO$0Py8`9`G)e4UnQb@X5d#cZ*y1?Bw@+AESr=z@`*aan(HQzcp7w5a|fI5F2n z^_*Yo)$5vL9!LIaOXLihZ9-l8P$;Px71x1SF9fNgQ`kbGJt%l?xUn{-KZIfT$q#v z6;OjP12s|6RThqoFD>BiQ-yLGf1`;Sl-U)6JI8h3PoE2%UC=?q4!9v= z7Ww{%EzW3Dj`S>^T}XadP#1bpb}sLrHG%5YO2qI<{ag<8g-|8`%{bPk1;G^8{x;V$ zotBg7COh}!cOjdm6HqgOn{l}ni1$be71SE-*sW5lTjf|gk|mk;rGqo}muJkfQ+KP{WV^I-A` z6-uI>*kUq)*4)~3R{izJV1c3^?}c#~6}p(m2en5-Dg{jWfp(bjuL|1_^;SB+v(%|2~=^k9mjbpm1)sRFSpfa zY4Zz;iW1h8%yGS1_lH`{B+(+!)_jv8Ef zwqXSWX8wv9O^B-&nq$ZE>V8ivuWx)CdB($Rn9*9NN3Y|<+p3pwmv1zC?XKMrK!1AT z5~puXL9NY>tk2I+u8Y85;1gtT`ow;``insY)l;7&d|P?SZZli02@j$+irZ7uGkMMG zGmY7_$NfnBJY;RNC{xtM=&2D!=cPqzH_$@#J+8b8oVTYx`Jlt3u0*GE3c3_Er#6&p zVE|dNTX;f|kYfkm-`UJvV9V5|c|KCuT=)FmJ^g-sEIS!f7UhTNL6VTDp$*E`vSMeL zDpP{Q^wM!J_ViT1x#FhT3tz@+arqVM|mJl$wl2&if1FW(Dc_xA8}ad9%x+4M&z{!8cUQVAc$kAwRePs1DeBCpx&Q3{6DJ2?JWXwXjOfp^aF z#Acgh3K~sfMFTuBwN~de`&L{58Sv49A|`dje#lnN3sdgXSMNl9hyB%Mxtgv~Ojr#_ z^_BbI_mr*V)tSfzyyGFx197esnu_QvTuS2c7_{jbH zkuE;jVN9lApSm@%ypO&$M!@vsbi4R1yFzZw6oQpS_tfn~Qq0~yGIll^`}?G8{nzq2 zdJ)66qswwbDHWPT6cKlIZ_I#ArSo2gfuzuwXEA`1`bxd=A%PLpSU6$Y zxTeeo;le>J?$hOd>pJ;YrSuXDoOB+ct@XQY`DyDkqXk^Vt(TSfvA3V-AdmJPuhhQL+Sd)PGUIg{Me}pI*WSnj-+C*F% z*_)U#2E#+J##ad6#g#~by|8nQHqR-g-?FM8K3|;L;}89+3L#Ek_D11K6^SAk-gC@& zG-hK|7QJ**jhU&04)ZNcmk(76Cl+G{GN47WEfr?-floZPimW%kIy05D9Bt)Hs@0># zC<0>K!$l|4x}L`Yr^A5Vny9fFSxBBm3Xftn!^*aojSlwtsipeyr=2E`xXp6pB-nk$ zjR>^v=TuvBL1;QNFG}a1RYXH-EHq}I3Rp{VZkf$D=m)h6WaZjtb^(OS8#q)u+GIVw zOqyv1uvy@bSdRn^x{UJR12v5QFFZzJ{!U^lZ=|F}HjX1;r}Db}*+!20ZWuM}6nNDw zp;bYob0{;E106$DJr#9GCt-v@X(4U6E!W&Pe1C4;}%^%AWIj{4gURo zO3ioMs@G)6{-CpO-(4=}w?f!Pc%_E@eV3cee8QL$K#^WY4bd$&3Hu{H?OdE}~9gSxcy|oxb#>PrtiyV-<}g51^*w_`G?Pqm}(nvv-#E#oXiNhM@vv zTR%C*HYK0>9#!TIt4gC(}4{Hw>>SX+$()pWj zkI^BtUqS`)9xBJ#y_$&wT+xa(@mV%-?yuYF0hKEpY8AV_gYqPy&3q^84_FukVNI^)_BKEsUadg+sN?)$cMv;|m`LfkiH~2zfO#_<`zA%q1(G%U55Z z#emJ?Xyi5r!}MNIjH}4uHx{b87o{c@4{K4h`vxm*BrhFU`4;Pcd6}5qJu`G~fEM;C(~)QWTkGHn zx5Z42dmjO88CwMVo#(u+8N9Z>L(`hgu^^)qZU99Z%AVGmoo`K;R39uLqa0OG;=@{Z zjnky`tfPnavc@#{Q%ZjXOh^yzivJ=H09W)uQ3Z+;_0R0Bw6iJv5>XljZgF;{f zp37XTysb$VFg`5evxVl+Z6Cy07L&9HfMEkw;v86g4WrCfk&60tpC!W${ z@pdFllPkG|;es@rqR6sx2es)>z59mV!ON?;cx|^)o8rvNqPK6g^h%2RUc&AamrfZl&cQ)8FezXuBj}E!G3}D__=Th&<=F zInAbN*KQQ%>-azAW+ml2Yn=P5Odjn_VHm~S3s21zrq;|5=d*Wr{bu*68WR(Xw*uLG zQfvI-eo(J2BFCbrfUTPh7hw2Nu74Fbbm+X*|0xq<;`Ff{H+Iir0^MfFW3|Fmd@vwe zvi&QmIvV9V!kbnZ&2luNrMF8=F{r(N zg0Sl-QNLOt;C$sBtUlL_(~`S(b!x`rfNuaDE-Gupl=i#jhR2)lBPrsoqmFp99HJZ3 z$##z3C+2e=OF6Lex6$V=Qr7EW*SA-&1O33kUS;@`z4FWL8}gcya&DbvdQBcNsWPP` zNNy_?B-bjVeb&+MweF&4yk zt{~R~sD%vbq8=}?V(ld;;D#@-R~BTn*Zh6nQ1+&6$9arKdz?ocVMk_?HX3*e z)+1Y^MhXc|d$}PwUIpi_Lu3LmFSU-KUd&9e};jrB{Um zm-+=%KL~0|aX&thSo#T1H5xB7u!)EgmoOB#3(qg$KTRN?s~9w=#mgVUf>Ww->9~<{^i3$3T=FSl zu_1D9#O3g1n#WQk?8sMkzD zA)O!C#hbJ}Go03u;&gRTqaHHaf9)QqZq)(XdpA?l;?QJ*OghH{{{i5$r9S-V*rp0- zH~#y70rqz1?9h&f!B+Q(uCXjKpFYUmD*M=U+d{aLFZ6a2r_UXcp)Q*{k%B(YU(F^3 z(p|ek6QihiP5#!c_p}Jw*W2kEwT7PG5_mtr{LH@wx-;u{@l_*7TCjz#$=bdfx?MMHPKMO92uF|9P`Qn4(y% zAl)l&xPG?G?vSeGCt)wgJy>P!=IjlR*@E36=XQ-W*gThn5hJV0c$_Y#uG}mqzWgEu zePhruF{o0i_v^ zuA_DP#9-gO87xPD_a}Z>e^uj~7qnbxx^I|5%O8#ReS6NSwq1ZSWIFw435J(l$btsop5Rv9P-U|I z1|}iUL)vqTV_NuzZ|kr=(@8`2;S+ZZ*V<+x^cZF4hdIZEgfEn50A~^i4^wVneie^z z^+Q`2cZTCf$Y`?3wTe`oiZHW7BNyF-%FUFcmZrAawXqLWsO~W+b z2#>B|ZQ`H02D*`6TjZQsc@lHUB0wM`D#YvI>vM8awhQxjl2LXE6SYUJhSCIc-NRqT z%iI(DM#XN7SI@Zbn=_5?Z|!y8x#Pb-$;2JOG25UGyj#KTc!9|K(W%uyxq0K6fcS>9 z$G71}aebhQ%&{YlKl|07K*f&AlE$yhMdLIhhM1$x8LyVStcQi#fZ%B}7Y361^{i^j zMkD?vRkl~LP=a)8N}?-934f0}q-eF656Zk(7_oR>QoIX~CS7r@66V=iICrK)I;n_S zB(x`ePIXARtyC%@2xu36)%U-H2*O$4h3nMha?SwRmlB)6-hX2@?NkD??k#^&^=kC z^8yva?73vwa6gJ8zOS19V>oVmX8`@fBSRVSaB-@5KHtwO9M?<1p++x7YXj}9^Bm$AP}731h)ki7I$|D&SJrX z2X}Z+T2Va|v>-c3CX?d2`YE@X{TXVhE;a0%;S>>7!@i^QCIp{_er z*PD{oNqx{&z28y2-x)p8%q$M$39EShzuG9ARn}N^U;;B;sZ6^e2qV79MqibzXi*BQ zr8dd3pAMwhQ5}-QwrLpCh~jPq1hNMvzG0=k2{nodvaAcL)G?YXXN8rM?Z&c&nqD@V z5rg(%)?GQFwCYrx5yo^**0XP6)iotUO1-f&%#JlBBk>$Ja4D~<28J+B*25%kpHhtR zy~}Kp1Or#KI&jq{g4__t;r?aJ1yJL5S3MO`;5JEh!w|}rWnHdxgEuFO-y?ZA|ArD0 zMK^>|*NDsVH=DhaZ_zOhx}n)^mJ zr>&!pY8k-x{JO*BB)CtNafN@vdcbvN&^bnx8Y-IUou_;l3pu!8i+TR`zXUwFfziP5 zczG3$5vp}cx{s0n<1lCDD7PVu+7beLrI&(qB6Hv7HsY58@Qtw~n}ACdyj;~bU6nlG z98)$zc@mwlO-whd&$jFMb`MC1`YX-~vQ?R=(+bQHlA_}Ce9VT@5yT{`zI`YxS&csl zrcpzyrAMu!=gv3PFdUU|Y$IH1e-t$ctEN)Td-cO8_cSIXv4shXZd zW-6&o|9GVqEX66v-Z0{*PQOW#YrBh=uiOXRy$PH6j>;SPRf~noWGiJvdCyIrMCxH3sPVxB%oV>SxJOMaR}B_KYw-J~Gv-SQJ=G-o zPsj!!lppZEnddy>=a8aK>ovn-Kq66TxCt11xCf|4$yCYpE8uxvt=yV9S~56!gD#$5 zeg4cjQAS8Avq^ZKSo6#O?Fd>pE6tvIXntnYmT%`i$A57?AiJ*YrUS8xqTN-SZ&Tdd zg$GDQ$4#+k^2G9ecEsZs`Umki%7tB3Zr>pGozH^>JcH&K`u35aEwZZ&b@`b7&Bo&PzwL(>Yan(!+)4HIF<3F9o5zZMQ%kn+EoyzD%4=g*r8W>iCM8AWzIfCv@?oo$)`} z30Lq#%f{eaxcjgind(7uX8rjNEA8wL%Aj;THQR5d93KLF0To)ssMQ+>qUEINtd|Ns z`AnbSkg!1?&#%xhY&B@6V0QFonE#)Afipy&akEpUPE_itpah|@!~CkLv{X=l%yO+> z1@0ULo0!_OvTd0$-iGUBdC+`SQeGx{@Wm(7p=xq1>ZDiO6N@j@j!ED5_`kisW&v0> zUw4bsY_hQ583W{oP%r|U;u)Va&ilJx;V5M;?QaVX=X}f{p1J_f+?`u(j-Dj)@vE;Y zNKMOw_Y=+#9Wu4?rna>COESiMO`L4lvCYyw9%sGjtrEW#T0A#PmrhhNFnOrIATXPt zDP?j_ohUY;4B{V#TL!W`ezyQReygQ4m&XgzB28v05TaQfJ|D;=@laak#LNd2m+y+( zt%3|p&owE~SdMx9ok?eQ@UaOfDTS)$Wr$-P@+P4w?Ft#dq0G)ra#GnjiBh&AY)_t(sKslX!S|-~TSoOlHSyAoG03g$XKvdTivRw;TxSq3Y>X zw~iY}a%SQ7#2(}+vH0Ntbv_c{WW7`SElcd%^E~SQ_6b+8nxe)sbG(~$s@ z({syIwvj}%)0NT)sR(II9Tln5j)3|8T_Lgdgm`9YpZ8Pz$sf{p&tSTsy#+05 z^v_lY9QbLdQBdrvh?ij5J$M9cZQ6 zL_k?lN3~HuNy8!lo z`&5AJ%*)!kxr-C$N8^p=DW zrXu~1#R7Rr)N_1tPx1+|`+^6YmKe3P7Y?oMZYRZ^F6}2@M|xOPROTd?a(pf z*2RoK9GN<3RjZtuA`%xi8^cREF3F)5EYfb`m}LL)89I5Cn^n;jeBz);vQi2oJW9Hf z7Xe2I}y^X;~xj@2Vz_T;XnEJ=3mlubsl|C5c9#Wxt%MIJ5m5BCGFD=j^0 zV>w1-EMkpFbJVfZ-k@Q(minyT4w{WBY1~pdWk3h)HBJ9hW^keO>V7#s#|Y0?YfWDj z>EQJu-)SnDVi6A1QqDpXN9Q1Ay{`!<1}cEhrK@7siXP|$7#1k#(roSIEE%y+)Iya^ z9uL(w8lVTd%}> zsIwU1(dZJzuBWSRFS_G8S(Tv#bn!r3UBF~_{nIziP%%o(S<b+-6hp*X z#JBpgepRf#9OLH{ZQ&7eWSCM=Zp?v{w^c99QI*#aJqO)}AZ(*42CPz2BwTUJEbR(61Wyi%F%%TWyJG9E=D2rA@DjS~8eR{agB^RXiBOmQa$2rDI?hJ*kxMNTLBo>*@sk z)ejDpg1)4q8M8{>-q@HYK1t{HR0vmg3l}WZ!*|y@`M{K4%hKx#=+8K|L{t2fIMyf{ z)L_Zd1d4oROcqiN+IN%4fW<;9Bu>#bL-u<&p1Nbm|snoijsD1NO>k?J#6jcin{{1%hiCU+hTIZ8cwmnRFN_8?3 zk~mTfDv)bcd4jS66WPf=dVac_r$UpmTa&W=_CsyLLQYhj7@xcR$;(IuEDXyckMfB8 ztid9_V6ovW>wNChLXzI8i|4Wy=p?U0LE!G5% z3oF%V0Q%dy==W$_#OxYSOpCA0CAr}LSqZFmq6r#QL`2xTXQi*tVtj2>r8n4rk zMtHs?G)SyeOsr(lA_&hdtJCFkhdLD}4tm-ofXYd(y`U4LudMFkYmWyN>D>6@cTq8h8hn#%Gt!onn!P-5(}dU(qefjA{{r-p{p zS^>TQO~(otDD%&woqqf$qo=6Yv9a%#=x>+k!35e`=Ny~B)DMZYK_ z+E+5*(<)^$N8g;euB7>*S}`S?ga20q!l(eW~%an@p6c$??Z;J1d|` z4naPOv??rCN9RFv=1d(TV~)JQ)e5U34=DeFK6rF7@*Qgp>pzP!;J)O0w(NsFcCbD6 z{Sy7n68-Zf`s<~WbsvZTS#fQM9@|{LaV3LR9A$%>I-f&1tVMh(N%);zvG`Ob|L>R0 zdAotb$=4Ds1dM(T-=B%v@M!Lej9MOiM{y3r-pX8`LoVPWrr8^@eYVP%q|GwZ?$UEy z3F!QCpJRU4+7?~n`A9RZuckc1Z){Xn;569(uox5N$4GkBI-9u_@anEx;vFzN?O$DS z_9-^trGkqo?agN3@!C2lQNLgLRlyk`H&P8IBp45cC1b~d}F{R5BPo@{;tF#6e5&ZBm2E08B93B73hVCFPZroqz$1=w6&9|T@q#G9Q!9% zEtUNeG&)vtg4*=12f48&pJrQge%VK6l+K(i=63iDQ-KE1CjX`abXS^~exZa(L=`2d zHP`rhn;farr&t}35$7~w8G2yb+aI4k$8rj8Fl4Un?879-g!5YcK}&&Ou#4;3T1|}0 zK6SRKn=Ksd+BSt4T9W)*o63H*Tv0R)si#@8c3X-$jTuzS<26JKx!_?V?XM9DGYSL7 z9w?^{9=z|d6#STHFkgm zz1yFfVwJvM0tcR$qp6a7f9qL|{19!*6ZM)fclkj&->K}1ESFfkCDAnAR%&^mzXVL_|6nJ6Ix3^m|U%7~k6AInf{qQqR znqgsYZ&8{IE1{HLz5asQWI>sJlQzRO1%E1A_lA?{z@wVT!VDOd*ngw?(I-wo>!9wx zqlA{kV^evOLhfuB5D4GXYiY?l^In+W@@36f$I~2N#-Sn`nFvG6K-q<)8FM?=6Bt~) zb|RR5d!}whks|QRw-SWYa%@LlaJ~yHcKzd5Vdq{Ii$kj2T@NVZ^hHG1aIu3Q`JcUz z!qyuys8MH~4UxIemnUF!P^a5ha1$p6)OimYhTE{7&N0 z_n}+!kc4tBd>!zTHplCL9qnX>;^m=&SbVWeu>)eu&u@!bmJ){$;c=dg35g8}tmG%S zt3pEP48#6bU*aeOgq*|mn{#YZWrOQCiNQhx%qi3&mW-&@A#6#tf?DKQKq;-h2_rr! zt&0~=3CtP50;tvrRpvYGC{f#5A)+YKFNO0DA20xSDmuxfRVI2maX$#*-xgw(fA-dy zfm^c4%bW%k)`tgD6jGZZ6`VA>uIF2W0V`w6B(L>arwU$$J#Aqz1*d_TWB$fm&d45{ zp{`W5MF#{kD2-l>q&()A|5q-`aFzAB*280eMAp>ugi1ttI=@pgZM>%^WV@LhF4dr# zi-VR9Ie#QAlK-$i+VllSKO_&^N~ct%7AOP?gR4PuNV>p?vljJa_+ZYV)>VV2GSmKR zmJ2Y`hxnJlayM6|xN`q&tV-5y#X)9YO=YDxtkjwkqoR{>9w;NM;G$N9bip4zu}k{*gaZ!EtFP=k&YO*6vPlIaDevJE zM|SBJOPAMte}~T9I-auXMqrKllH|4X?9Qu9@2c&XzEG*;G_$hnjU6f@GwhvDZ29_87}3FGICInc3+JQ)$*{$w$QM-898zWZeV|7Z(Le5u(>f^6?fj;oC$|?_uPp z=0mpIT=post<%k<@;c`;PtQ$wh%Bw#bUQA`V|o8PUo zd*;#h->5RnDheCdY+=MDzNl%Z(k*^>qMSrj_U@Mp&(R&J*p*Qknaot(A@nkn4DQ5$)w{;(Rx1%B{ ztY}G#O5+uYc*xf^`2{T)hT7>_Y0?p%<_I`ApH-6rojB!ghR-CQ&DG|^I;}^_zhF!+ z@4QB4QZ||@7lJ2M^1cvcI=C{?Qm3BJH~Vj;KW`cUXCJCnjq;%Q&lKeAHrZ#l+DNL+ ziW2@75ENFkH))?|N8)P8O>A6KwM5%>QwOKFXw>D(lcN0YvZ`RovfFJ`RW2~qhaic5 zX@b%46Xn_oD;;}=vc%aCpmNaa5H0h8t6PO!ue5LruS-KA75pD!*jo~_N=r^(pl(6 zK2iRJ+mO&$HC=@FG{>*H-ToF;(89|2i8soB%4Ji1AFW4A+V~-~-a>iyR%KU{;F>t1zYBb?u2*yJ++g{t(fWsgBO< zJYIGRU+SNnNJe^w5;BWakiz=H0NY@vMokm`h&MV#;P(Z_#K+ii=mnz>-=d!}$8M#|tfbIY2PV*R`CWO3+sw^gkEpc2%ee~8u{~%w7JqTW-0P8|T$O+#~ zK-s|Nh>&&C7R1kJv-dHbB3VncNCmGqf?#f??{XxhI;4}#oVte-&%|X6%{5HaxT?MZ zD=f^}8wWT>fGu760h)paByYFI@Ta&}!2D}qyUicX5EA*`Vh*TV)j#e8#xgdo)h4Kx zJhXS%^RV|${QA6{^4?OL(drta3W1sdr!IXi_1Z~paa4w4M({ucREhJ!q`;}!oa?)_ zdo9>tODUaLSB2|D^6%;cm+UC-#{mVW!SP-#?gk;BiGX@M)P9wx{$HjO`p4h#?F z*#)HI?oK8tbf)9JL$f}g1^at?X=O)^#MFd(6HNVw1t{;XW!z-PjB<-!bCJ%#z2zW4 zHgisQh@%7n)|{(LQ!Z9@5UUh5vhTMduFEHUDW8^cVtgdaTxNd496WBtb25pOC_#N~ z?*S#ODkzE<@l~Z{xp>Lz#TcLN#Gqo;PG znAhHBN6P!3m1vT2-;Mfa9*Gnj)5zsw527AZjm;$-vo275RD(kqsJM<=P0tO0>|CJ9 zi32W-)P;{ckH`ZJjPL5)^g6pYM3e?p*cP-|tgWRplQi8f-3vr52`ckq?;F;MGrtKe znBG<0_nFKmsaMF-r0K{OTI{4KXz-_e)RN!%UOnWhtDAtP1Sq@Be7>ju7nBF%L-EyY-7esN>f4(xj(Ty9(x zXUjL<`o7=sb6KPQN8hNhNJ=s1PQX|_Y&jh$Dp}6)p90Jz(<#AiA$QR4k+w(Sl?fIc zh}T)p{$jy?7i#JmRmO3FIS_oGWZ%>=O@T4zHDrJQtAf@>jd&Qn)LuwUjCMPGG2K5X zLH(r+a_WLNrPUYAWVQ6F93R28K4}KZH;mj__CZhQ-~fyqT3I_fFFIG7VB<`aPFxeS z7e!RT`*5t?^L~Ejjb8kbKjh*=Zv0sE*`Cgxe~fFnrYPt2UZ52uFB(1hz6$5#>I8-w z8p-4!7^B}YiFzm!{cqUOa1d~|-B6cGfN>Z7IFd{1n@&OsnIW-1ix5F}Ip7iWJvR_4 z=i{82>5IyI^zyUq2~^H3#|9A}9HjY-JCmwFOsC%BQCclEMm6&5*fj8hCU&FB)$qMH z7!2L&!R26PMZg+qkHPw^I~olHd7_oAn!v1nwm1Z z6H~@C6+3?Wj63W5OI^;BV4dFx!L%wq0) zoGovzH$y|jlmMh`Pi(tBX~IfMe~?g8A5fk0TpD)KNwU(Z5J1%cst-`c#GEH3Hi6bqsod zSY;+WGdz3n{dso8wJ;TCjt4%q3fr`D3)0zTC!_bt7FOZ{MlV@a7-bHKm!n38$ z1Ly1*Ox7AFM&{goxamu^1N1S&=B^NI$vd>ONJLBfSIQdz-vtN9TjW$JrHHOuaUjma z5H&P#Qge1w%WZi#ZgF5FnMRW0@oS)}*I!UOa$8%wdO{_ipwypMIUhDxcrvM_vxh!b z)KY#PCZldaR6aVqUc@z?$0%cW01i7ff^b?~pbC^ctBTgd8T#63cBmbT5H1$_z5A#S zC2(CE7>|l*joy+k=~PL+e{O=iDWusDy8P(!dr)wgzn#eS``IFkt6BEcubbv^jYGAv zMn&lY=b{CEA``}%tq9IE@wKk~^g5!Js>deSkyV}VPo!8DOl9;32zoT|tM=`Y&ubZn%dN@%OVqoQ&=8=09R2Ac$aG7+{D#$4Wr1eRW8F;L`=IPU0^6%1C5r|0Ot>Uyg- zQ_~MHQ^$_KCoBOtIPabdah+k>?L6j`e18iOEIkR#7w{6wXk@gsEO>7!CM2l3QkecE zDzP>n?cfkASQ9Q%tIE1mGtmuwruA@i_7FaF^=+`p14`x9A;zfcOgFsw`1@n;lP;#; zmLDTSA|ngl-{Y3?ps@P`80=BpZfvClz?7e)4;i&>Wf^AmNI}rem$D z#r+%>)WZWnt)FFNmb>!l)b?;a%Win5Bu5+KsR4eF1UBPz36($7!l85$?z6uhmgSqS z2RFOJdvIg;Q3~`vu)x@R;QNKLT}yJhO-;3`%~AOcOpQdyW8^J2D>g_F6uxZ>`10-P zC&8ho`U}I~KANppvR-wp?;bwdlxyE8HH=1>dM^JppWmY30UWipTv}7;VF0Q5kst=j zk3GQY4HJbcFgEL*fuU05x9g(hYC3kmE_BXO{*)lgCXR$6j^|q1^oU%pf5YZ^m@{zF z{5S9wKwVqt5ks=qqz%6*6;B1n^kclNeAB9v%n*z(lfTwqNXWXk)?cI?oiO0k*46p4 zFPMTO^g+_<2wvOwX#%i4DCtSfM^`>6&{ek}>vmM$s!#iVHlKR& zyErPdlvkggcc#Q$ocYT!B;6%Kc0L2W{B^qns9z1u)^_Ney?f*We6%<-IHu0Hn${7e za4EcJ!}+XH*jH6|){Nh>ua)SePVP15qbL?)iNbHmwvuBjT7t8tPQaH%OwQ^M!R@~e zkYOy!dR#5~gQntz0gVWOEHJE>3vt{v4TBB)ZK2mD#<|LT%0Drq3=ex^m8$Tl)3&1y zGzZOzJXKP1@cXI;6Qy$;OeL8~W}ykP^RiWU+vGT<4nLhE5@;p}7n8*;q^vsAm$%aW+V$@RmIy?+p4^Z;L{^95+0xmP7)+PcR{ZKkd_vHRK{&&KgdcFKf%9gBRE=NDI%Gs4}8x-o8SPP zGifhh;{qpkmuac=e|M8+Wt1DnO0m?XpGuD*U`$R;=qbCo!sk-FMH!rf3I!ttSH8Rw zO}BlT4cl*Ejo9QzBt3IDgMA|0i+*0FdYvCtY$-8|XsYFmdGg=rYU-{6NS1EV(9{5! zo_1%%=ZT2V&&1k2AmEyu5lkI~Cn+V1uPJ!!rl9;<9b&j)Rl1iyo?zl6JDu~u1g;dd zp=VtK6J?d$=V-q~{*-LfBtu|`+56tI^4?*m!}J9l<+M2h@$~B8*L7dSfKON`fk6RA zl0OXj`StkLhhL@+LaR-!=;uQunA3zM7#f#F_BcZSsWFtdzb$qkFSjY&KaufCyWdW% z*%~m#aSu8v(U;U|Pc#X5faJ|tDE2cY03a~Bzx6zY2GEDQgg4De?)RHzhjjmh`)SeZ z3mcWAM3}G(0C_-!hpWjyx+81P?X02HdvCR#}lEve0k4N}w-L6FtcoC5WdJKdyBE6;6#_#sm+6>> zD*A046&!DX#dIfG3@Z{!`riB?w1Gacv(Z8TZe-Ar3F_`qvOU_uvO$;JmqnK#t2MZV zH|p@b=Y$DTo}T1(rv%}&OBemEYFVXD5}CX#$C9TE{CKsV1_V3Vfe2wl`2g{x^OS3w zRb@Aoi)h&+$T<$-c*bpQb)3>+j3l!*wxlUQ76USR>E&5BfKr_(^xfngmMu@Z0RUP9sS2;nq~Tp#^Y4l?qKQkh*a z&(8N{2fB~QzsWlk=VIEFiwc-SrHs=_jeEar)dpkf69+CGJN7H>igOv%W?$R9Eycro zfB<08-&%bl;on*@;?X+H1Pd9Ae{i({uYOQiO^Q_(tnSxKEF% zm~%E@X>U-UZt39l z&~J2^a+rTw*WUg43ji*och)x6xLu0?xKL`4s}aT@4=&{!U;?)7T{{5%#4|p5E6y(z z$%^zA5uBs?DBC3YD%WPnC(-nDM*U`+ak5-Z9R%>Koz6oLD^h#SZy2ak zh$x)43RYDB_V`CuSk7|JSbs_{kATVFusvt?&!Y+7CgI$iUCe>kaGb-?JcD)75)!S46(k6=SUFGi~|7r43bAKwB z{eF}EUr_n?8&1BzEAjh2fck&19bl##|6+r`|C0Lu{C$S_|AB?z;4Gc~L!z^hS?1MqV9nu>LqIAPqyvE`ga2L`w9P_ zBsI#rUqcvs&uLm^Ru)X+sN|@x@*f`3F=oWagvv0@y2Z zwC$JEy(!CfkMZl}TgR5Ggv*~>p-!@+IlnHmzLzTaMS^!kuJ{Or?;LKrwhgisSCkU4 zeu87NiaA6)a_``+5jnbMLw2U+N%^I=+wRl6=w)#TxdvQCa{XtAQ|~lm{zyj6?21pb90ut=Y3X+f72jDus@6FuscbC zNJyjkl6>hr&CYAKBCMuq)hJ0*(SE)(X5}v7VWY9!Yny4Q(McnlbzVN!zR5Xq`NKgx z;zOf-ojo(ntw}8)(&9g5P4GNkDc^4wz&lvQnTCOCU);1ZWy+Eu!2w|Kkw3V&tf z|Dux6EM$6vxWQe(tdhf2fkdUHs)ik-9(Z##Fbi8+vz52 z2eXi7fi36nlnz3@jtZHHuB~lT*=q}eo0B+v$CS$kKlQ?_EYrV zjNfj&ndf>!uTytKXVpiV=NiH!6YJNM`wbdiTRNdK?wg3-!b%|{+0+Pvr48+Lqk{uW4oPuoMdzmDG628&`9IB0j!Y)Ma*dbc_?EV~?kZTzuV zeLh&{uPm~}4Z%^X(YW+IMQ%CBFWf!bwx0@hxcUP2EF&)lAXOli>je9U9g&}k%!@@T znU_zNw4=|uaapFHlioqV*Ha5;y&CC-r(=8uM>m%SI|104cWEv?S`|QrmUYrIiwZsi z+$`@v=En(0LY}dC!7-W&vs5B<>sC+-|f3NHMwu$RWJV8h>ow6KuI!8#+rY6tMoa6|)n={75P^?OhJ`7~u0dE)^+X*(Y2_cmH`Y z)*@fQZ;`7YaN5i^Ry80}bmVvTxpAYJ!*$hjdyk3qK9l>%n?$PkZez^#=DB}`H$2ys zS5)(;|GnM)hV#)(nt^L3Gw-%w%Q{D$rF+o}{g~sd(hrl{=P-`tYzI5y^K0Zs`}+4mg9zhFq;Eqb)=O8#c7DQhajz@zZtml?}AP|@wJ|3g;W z%#XaWvF>dL!O=Z6uQP$0IWv~228%2(ivF3l??y>@f={FT!yCQRfx2BamboGoMPd00 z&z0nJ!)3V}cUk2{_vBWeYmm!wF`?_IM8#xZg}2x={OGFhSl7yKiNif~`5G2^9*3J= ztfBXSEu@OKBe?90clp!X-z!M}{Ced;WE&*%_+?b&UjAluG}g1vv99%T6!X0I(a(68 z#!&9ziSIUr!#HRRR#ZLelc|5XJhp?|)b-+s80vg*e$yG#TF`bo2|6D{QJ4&^XwcOV z(k;?c!4y)D!z#MPeJmMb5fZn^bor)#5$!+0;%)s{Qh%G~wJ^Xk>o4N=<8JRe^jLq0 zZ8n6OUqiKTPuOjs5q5b`;Ctx*D6Y|bZPs`eH0ko)=22F}!`S77V|q{c*j+-Xaed`M zwSxarHRCp@`h3^@KG$!V!y4W5T)}s@Q{}96??PB8acRSK58GllKkE)!f?RWI@%Zhs z<%TH3|M08VF~dsEV|{Mn1?-k*C!$)vkmYgB`hJOUbZUntvv6z?w;%OE(%`Y3!R2_q zaHsi{d1^t#v85IPv6Y(oF`)JKJI}7!*g_G9qKIDd!_LYMVp;^$zpuY#ed+PI?dEQ? z;=7H$Q_^V5FSMH}MfYgFqu-(kE`_uGP=+tq?=JmzQ-e0k>rpt0C*fRt4W4{V8*zT+dhoo8YJSS4r6VzJR@ z(W&%t7K-wM8nD#(pW98Wf;foa2rZ`0Qz3Ci_?<v2pvd zvlOc>SLpN&{6Y$GNE*w0q9TdCjXfQY-;n5dq~x^qRBZ)4ks`;$A=;XZ9K%NSt|eU! zG_&AM`MM#!aUUv`LX>8Xw`adKX^Lb|BhVx=AY z;PR+7gSeF=u6er(jaYfX9&2=`cF5>jC=Q~|6j^_6H%wo=B)PXA` zb9*Bpyx=2ogwUtpC*nlIB7gtY(?CQH)*bHQBl!eDQGYn*bR~bZ)!oDS=FKAS{N?o9 zu;I$_``}Fg2%9t@E?ep5;on<6=JPDA^X8MuRqhE{ug@`>g9}UG`TlGD$1x-~$si=Iz=6L9|Db4yTC=+uo8(Woc-3KOrq;3=y)3Zy z6Vl%A^p||>U_S5yXma@VmNrO-k_r@gUaUgcpTCB>-nT&v!)-hLz_@IP`UD6@xmL!s?|+Hmi8!Q(|`Wc2IIP>{y) z5<{Za<-{W!1xGbUYK0UF`Q1a65BsJHNs*~hA8yyxzK@2mJ|u|>rFHF-x>^4opTeAP zP{SC;k9d_4Pm^UYzgt(~E}J8xMH3dt+1e91qth`RS`iQS$?Xb5SbH-g0bi2A*$eVl ze_8|Dvki7wF&AnGLLQYpSU_0gh``+vJf;(_Lb1b$d6{P%6ojuy!;)VvTvMzQ za?FH00i+$439G)i?7{ueooTdY#E?OVyO}!^imy%m@grldIeSBV+?;8U=Qqb!%XTE9 zs>bHmVY%LlC!?a48f~-m$hO()0-C)W3Ee;yV4Z9t^J&@;?fJ<00@ zS~8a=XM2l>;f#cxbF2}R>!(i=e%`$NJo?Z*aj(Fb^ZDnctv>-SM(-h}WQMsb60AvR zJ%{ZFv((Y6N2xxq>EieNcWYhmy^FbBN(rMee(2;0b5ST(xyMMoL}-soE0HI7eF%T? zi$E1ck)q6=K^7r^s-6IVq&OO0`lXK^45w8ELoS8HZ+( z<2Z5oroO_cAuDl`hzQY?(L81nX@ZR(1zK;^1~Jv3`!->loX523Jy5qnk(jc)qBC71 zURs_Oz8}I-m5nst?ieQBRcyJ<$}`G=D-&Lw@~y;GTUY-D{3vr-8e4q4>qA$&xx{gu z<_pG|B$^v_v&S+m+qM(F19=k`cMN!bb+T@Inmi`~0;~wLqfCza===UMt{fMyGDIqP z#vdvl3ohNe{pVwBN38t8mma33b;*a)F39BSdMI@k$x9cBGk?iQ=6-+PrC0}GT!Vbs_^cJ z-1*libkK!Zr+?A)y5aV?RTZ_$S`^&=wbVvXdE_Tzhd;?}%rS*zyy1T8?8PQy3TnG35 zo9UgUrdMDnXwF4krEGIJ1Be>7uKPU)s(ZU1rav^5znLo0crn{*iN1*?H2R_3&tGDp z=GG9z-$_d7_G%mH+j~{{!+KlPh79ElulGi?sD5(?&vc10c{1#bX>lyi z&`1?kz|5wz(s*Bx5Lti#iY9O7mj|J50po&aOv#Y~K1_2ycSXeZ>u2*d4CXlv1d-E0 z(>sQWx&$xm8H}#)=sb2_jZ)!=5a3+W%srj+Eq>Vu>o+%(v%zfhx zJy-1cHj^qHp0u{@>swUbG0Lg|9td_#guhvV14xPTf+UF(0k;n9mlr zHECO1V#Q90WV2LZ;r4(b{;F#m`4)a~_%XW(Vd} z0XSv8<6FkotfnZY@Uc}{!FNHYqaY<68>BaH_ynIqH7jAL%*llC^DdGM>L_!z$+Z?x zEyu!!4r0(Soq*A+Ylz^7a|&{H(&7bUUWbyWI6-1!5Kexc7mmlgahJ!d6fIv9Vy%_e z`gJCL)Z1F1${;3l+}?WL)!y^UfH{ahG$J+i&iBU^!sT34rwch}&dt3$N%+{$&fYF| z*dO$)yXV8;+wY8f_jZixwr(F97VFm(UL8f7>=0g7(^W$jaX&np9=zD_%D0W~Q_~v2 zd>wV#KOgm-fuyfXw?7BWsA}iL!qkguG|D1gtaXTJ?f`zfjXP-Q&N7yh;Z+HPBb636@qIOWvYRx}wsaovw` z{_@(HNW;-0+N@C_;|EqKt-y9J=ok!Aw*E_R4CZLCi$%PciNU`<`s> zhIxKR`nJs7w}+dAbW>+mhy4)3Llw4k2-Y|0jp+-faOZGDo6P2oH-RC}VT5|KJpNCD zR4!w`_(*7OunYiY@QxhE0(*>~C-3bZkkM$}v~06nwm8$SXZps(P@m^6^^=vjdIaSJ z3nT4;#QbV|SrPy22M_LokG7b;m`$N+ z!lt6Mv|-YNVc}vICZ5&u=8y&KS9CrR6X^qs_+hyuIMTD-clTK#5)Hc`D6L8Y$Rn*h z-mqFs9tleyHLfz^V%D`EGoT~?(@qpCmHEiw_L3-T(}STFKE-NWCSKKxqEo2ShIUc# zw*y#rT_^7^tYhTa=NNIK*mf>q_PE|LnI@ic$bHIaRx-?s9b1i=_;V;B>@_F&=KG&k zi$%&3=;D%Fv7ME8(;!b6afjR;si!}zjnnB1Wj0KGF|Af!c>7k94EvF{t01IVGlnLP zfj#{uhuLo~wflI&&-NqqeM`Y38X`P%qQC35LeKF`uPOaIi3uiy3sI8z)c!Jfduw$J zYWAk6le)(5++=mBTya6G52|}2vES{2g>V`_W!zHwQr{fU?NzX5%ks{+QdmBk21&K* zv}*@^e5z2J5!EOEt`~k*RiU?gU4u+esKnzDd5+aknb*S6ZZHjmqa4?h@X z?=S5ng|(ua@A^5;r991>`h9otXfljcBm3nw1K*Bj2+AOv3SM!hM}B%kWngupGeO#K z@~{EFBGN&i^zlR11ScWa*UaY*8{f|i5<5Sc6dt2A^&VGl3|4`ERmdl!U*oYllavmP z{rHd(SQA|n#L(o1Jc^b{H=E>pUq81U>m=lZ%)PccOK|)FCd2K+pCZ~NoPE;yYHHNS zrX$^Ay7ZEjy_SX|+*exljmU-n_@`EX-P*6Ekc~lc)@|OjA7RaWci3YJwZ6n;LA@gk z#}5+{!x%bJ#W-WH3HBAMQ!7|aRs~ONKW=~@6Ph{ohzyxtDhO8x<+3p&jlen1{JQK)WE8;`#cczQv@_+VRb7Vjh7k4|}xyOloMy&PM zoo0pS3);V&>~!0YO(Lzec4ZcxcHaQMgPT&-z6&as7C?#VUFWyRQC5ZXOD^|hvgdZ- z8!a4Y@GP@_w)u3`@{CPC;&RxXNj(C0q;LFN4rPYoMkH6^wcuQqQP08b^;$_rB^-*` zUjc#&ZSGPIYpb{Q9;zg?%SOLF{h=z>b4X#OBDpe02Ib1Q8xP+ZyC4*pcn zmX~o8+*6(8L_5+`l_4O*G#Q1X)^*JBVqdo|7${CH|9E6t@$Qy+bDqnLF%q51=)(uE z5k#K{kUq=}>^*Yi_H6n{v~&u;na7jD5xw0rQ@qri)&F!;g|PwM)+|QRHIbUu0f;EpsryDVzN2yuG zg8o_)iC!t9GG#@}n-%-R%eq5CKUl1pW@Hv=Yx?Td_h+xs4`^nbyCd63TV?wAaNILZ z5TiG*h{^sBbzd13$I`BgyCk>|Ap{97K?k?s1cC;4f;$8Y?hxE9SP1U!!DVoFcZUH6 zxx?Pycg{ZR{<`a~bI-c13kMwGZg1FFh|9a9q1wb@*UsGI09_ z5~P)Ow{lgZ=7z3lt{-15WDG{=Vhgol!;dc81$$vzb2Px!o2J1C`|B4rDK zt5uM6^mMcNn`;DbC$8KfogDR}EZW(ayB3Zk`NYhIaV*Mz`O&4u1KclS=*y7`luPuL z?!!m-Whb6}XhO~5irg(kZX&|{&2$0+kv}oBdfnG&obRvF!FAYlA`@0h+c0a}y*fR| z7)ppAPF2C0sCczzOB+q@=Ve35YIvRVMBa9^f(u$eN8(=lC~Y#5Lp@>JS^AlYNO&ox z+UgARr`iuh#-}MP$7&~as*^KHnbkiZJLco;Beb%_#Tz|2u^n(7J3G(OEz%u`I^?fb zR6JXRK5TMO=_});IFCt`vNzH@;ey3%w7HDfw-Oyo&AJ3IQ|#C}gSEO7*(!J4R_t4P z8(<@eyhqov+JV>2K!p!!*oe*8dF$0i?%AgpXu$;8a;W9@d1-DlE!;P`!&XPYx1 z&*#p}y;R*c41ZWwBY|&<{`oLJJEj#S;Vn0N)zFZY&@q)yt%sY}uvmN*{B)M-L-D4& znH9GdFb<_LOr?1dp;u5_uoeC@MMniBYiBx`ghPM_AaSrFm5YR!oK$Hcd(!K4%AS(+ zRE}C4#<@{BzPYD%p*(vYdY}MuP&_wnZl+Vp6)KnCQylBbS2w`Sy=KVz0laa}w0I`5 zSMU*)naX+W7CUP^X@{HbBe62*n>+EmlER2uyWsS>fk&Edy*WPv6_vqQ<}~kXnE|`8 zZ}MeJhwnc)MJOw;tl?mlhz^k>ymUw@sVG4@IX&Tgm#21`8xXmv@%gK1y`@XMtOJ@{2jt|>t2y#0+> zr7r(S%No4KDE*tR==?>ny}o6t;$4moO~cXjW|@ed=skSh@WQ|w*p*P(^6N(V*X=g zJjh_n&OV@j$sm*a+$K6JsunU3JEHX?%GOhKkl&U)Z<(LE;bA~M2Vc?a3}Zx;X^T_1 z-`N4ZII;ZCbLJb)$d;M5kiW~r^3mtWvmS4fuTrLRgh`!={2^K*s1JB#$>(ra&K0*~ z6;8}tC&11#B7mr;*RRyothI*W9$!xAKKaoz00UWlm}Sf0amFD$fg&vAFFzG8uO(%mIv){<5QzBcDcTqZ4GG6aTCdP4 zNB9UCw@7O&`tY%c*MXMJS_}?(a%~Mjd&@LL)h@d3sXUpqSr|KKg`VwUFZ93^)Cw7W zMNZZgaz=VLa^YG*WaQx1@^-dZ{yB>U@?2Ox(|q(yRUZ}Z1#ry)|7IS(fAGH2Rjmh_YfHYaV7qFOAqsa|K2M9hg-bNA@bDXg=`3n z`**9iXx?iAyEyi3bIk;(sOp2ixSxPc(NLC+zb5}%wm#85RKkCK{aoU+v2X_Efm zs+a#UA#LqQ^ABFI2yTVHL;lE>iO$g&@@&Km@Zrh0wzmNVLIrZcUEu-6H~&>0G*490 zG^(sHk(U;E5^p)h_~I!$Vm}0j-#Y8DA9U;SoSbcnZgWkU{|Fzdf?m@vU-(+I9#!fJ zQp2Q~MoaL={%(i^tFC>~H+CBNax%rTP3`jZ$Nk%Ayz<`3A@WSwCll=>lEtu}?u8;Bsn-uv-1>3z4K5O&mW)Kb6VtU= z4Ydr2xf2d8_AR-3X;0kV2K)X`E6b?fS1{Q4@SMrC{BpR}Ub9B%+RXKBXiywp%u(BLf zU&k+y6!QID$j=X?6AcRVqBaY}3o;*z7C3E)Br3I^kKF(K88!S&ko@6HE#8J3!Fl>MyK3#Qvuz*LJ;O0X_K4Zab)j52b`X;jHpQ1ECkkS zv&g>MZo)F`U)~qV*&{Y060pRU?&To5Vg+ITl1knwheoW%cTTEKi)XY4MM?YCcZur& zt9SSvf7o{u?5!fd1-;JbcCKg%G!o(m^8qFOLXFY#zO|3HJUfY9EZ1m+298PkyFD*^ zizB)-H`i+S-8hb^#x$pjuWdFey|~&FwMwO(QqQhvt?XeP}%D7m{QPT9huk2Xg!rILFo7DSlKK zWde*?4xO$Qsh{Tm!XKWO_Y`bks2xgNkHS$cnzbgHtkdg&DHAvyuhQTa6iDR76ZF!m zHq>cb3)tOrQ)gu86OtJ^*lx&mllZBHz12ExPeexcFHTi0Ow+;9_$w3Mgshf03$f<$3I+JDs?4&T6@GYhN+CGWjFiO4!9L%@A!$&m zcKbm5gZFptq#nC@EA11awmr4Ppz>#tora7*J^n?XHz)-8(?9v1;L4qR%1qq6$tyqP z8SYYtjAe^jgvI~v6Ug=6cItf$<82P4e?FG)4l|+Cu0e|gWcJ@9_(R6HffE-Nrdcc9 zwBVVyzfE0NM%b16E3e5(R>#A}HKnlgOSbcyruT(*F?#Wb2G66%`F_K>E`3TIj65~l z!bYBe4~cSa(a6Qa9#v>-_-%9@E{^XJ003geg+6D1A@v1XjqgAIS_okVjT+jL{1DT5 zcbeLR4qlR&mihF#Xgo+tP`l5BgBZFhggSKZG-$lh1u=}ERJuEjX z+V0LUv)_(=&`ktmb#+VcLG1gRIZl?|gdg6kwYNmU*f|<2yUKj<^v5KghF@FY^-VN6 z*$y|di8TWknqL#%j=&nv&Q{x%c*kgA>KQM@6YkA75r1G%%N5D8FNxsD%Q9L}+8;R8 zf>---mR5Q6)9)DS3R8cKI5#T^)p%~;sZm%#OR0aY#$fIm+z>n zH%2~OKBus=&lUmK-WFgSiVX!_|N5NMCiT4Z$IPEkrC81)EU8Q+4td4&eEjOh{+KJX z_i3JGqE#zm>a?$nY%+{i%);hnm~|Z)G0NIkx$WDWq%;MeOJNexrf~t*g(iRQv%3>| z?PTd|ir!Bz)eiRCXV^w_SRS$k4KImB4~#Fh?{V^Tl=pGWkh7Z5mI^Ko2vkS09|z#V z=cV%w1t5Ct@wpS~6rOA*FiEEmX)y7gVAzhXj4bO(PMR!u>#oKO=Qqdr9o7_d2o(p^Y*Pf!aa#>;l%a?2txdF8K?6AR3DK_lnG)J73(Sh$b6 zQYt_1VJ^34s(URahKuCUhoirY64xL8NO?S9*ongr9!4~);=LVtTOhL^JbcAd&qj|v z{N1oeuJlP|_~z2aNc-IMJeyzsoI*t|0>W3HRn>t(r}pRb0oMYfK)SK^0P^q@a`J58`P4+$-XO13{7Lz)j2)3OTO;*;y zcow}Lr>Cu7_QXa@w1uf2Vf9=_uKB5ZY)tZ7xJHPK zhVNE|*t%CTjq1`BIHGQycWMdp-Ye!=8A23dcIBL~-Rqh6| zM((ZD68H?gV-aTom^7WoAgs3y$SjnO(zpo3`*LTg1ICAAXA)O?Y#&h$nDj z56d()G}f%@vQCF%u{x?S(-0exnQrz=7C3=H!)jf zBQFb4{s!!h3VbcSLlA#cQo&+Tlx=nR=~3J997J#vNmq=o7JgigWkAUe%F^waJzsh$-#3!uNH%{lEc?IvYL zB|15Ocd3^siMQb~d!KJJZ~nMRl6bayv~PSTMF?j^v!0EHX~2`yt9iejt*0Skk!-F7 zRP%ISk>a>uq1|h}VT3z8sKUG{qrh73)7lMedoz&kNV+M*XWOe7&Gq(%H)1j4YgCYVe zO~3kja*r+3hAfC2eaqeey3y(1?+9ot2IuOHln(27#>)B^mWbDUmA!r|t5LOz7~0PE zTpxzvUH1k;z)aI?%~SnA%av#@e;CUJbClr0RwMOJ^w>o-mv5qEPuk@~4#4)KSWQTm zd?9A=&a+~-R5F+*khjU2me-qb8b_f}s(Fpy7KbCcxzqWFEp2JugBVz)yDnj0rS6kO z$K{d=Gq+keATSkcr-nH;;)((9dkq|9eKY!U^!4$W*G7X7zju| zCVtSsd!tsdT@Etx3aj?Kk-=fHx$8ZAoz-;ZQzww`Z+$DdB+(b-KG*7nt+1HO{ULH!$tI5mj~?8k=n$MS+C_{YB+wCgl>R zupb625g%kHtIc#qnZ9%tL~sMFUxQg4KI^5<+iT8qQ|j5B?GuSZ)1X*HhMSE8ek=O;Q9efQgL1qpeuoPbPEKb(0%4 zD~XYaQ?CZYC|ogwz_-;v);cL=&WVcqKShkbkz@@D4jXyc5@C|s+dn6MG}xl5w54`e z2}Q;3@pan-hxZo)-y&6Ll&(3g4}OD9I=(44uAQ&8dYh2TP3^#g-%)9x^ z<8I1EQ~Uj@jCgbs5%5u$;%j{fkjNpyvK!gfi3&i-<9q-YwHLj&xPN$+jrZdlP5i^P z3Nw11=G!k5WecRkS`GohVW8dm3v1#PUTo4n&z_BBg@A{e%%9eoxiy$KrkdC=;rPwu z+6vrA6+DWS2EE1wOxi;ylNQwE{9(oMm#OXVioZ8Kx;1Ds2tI!0*GV1OD1OUC?5$`} zQg%!he*UIP>50+#P%)?LPI}(S4`T1SGOF*%vJBbAE@LXSWG}s(}|y? zlJb$1+7(^9PBVL#aE~pX5AnPQXEQXN%j(8S4-Yl(c1OaW8>^{_P>>nj#Rk&0&7cJM zM$IATW!7ou!m!gU;)KJp`}B>Ez}@p#VhzSQE2N~!$jdEM1uZm3DFe`2S{lcEjlI-I zkClh_QT3ATz01=rVycc%wxltAfa zqD^Wp)GkMe+Y%uuPHZ|)Mvf%A_dwv?wtnb`Q17a(po-YuBN@Qv9!rHu96eQ zW9=X4;)yZt12?hI-HXBN^S-r>XWcx#!}Hyvr;;2CAClj=CQ*%DzT>jpc<@&zbzRF< zKCL<&8r446R0oUDfcJ-sD_c|8ZRtKd0y(q;A+G=~=6@D@1PykPnHn=yq0?kx*c>0s zFK*PYOE%mh&@W8LxOSzZdNokO8NW}P_5`7WRm;7rD*|7C>gZg^rL|YtstT8xJyG17 zx8U2>^+^I}mJ18+oZF?SS8X+5&07h1*eG~{iAtp)mq(CXwG94tG+LF3-L3Jk*KzQc$hXk5O;QP?{XrT^9 zqyeRf^&j}vxHoZTf@#!QcQr12$ldu0uumgX#g~6R9er#5U_Ik*+Jdx5e&t#7?o{BJ zqTBT;N)I%^Ib;oMMugZ+ZpB9toYo)FB)|QqlINlOZNE{aVYTm~b7XT|37qWsdOKiz zy-^(N@qq^W$|ETHa5z_i%h}n+MFb9=YpawPr2MX#qYrb+sLtan!^fC@n6KFPexT;9 z8*Q0;Detn$(qEH|4oBso47XOl0oXo58J+lW%t)(G?>%}v8pKmZlC*~{%Pwwk&4a#M*6&_tS&uz!R`PgL0)t#ZB zCFhgz?f5-tGW1FMQt{TD^I@OgTm`!coM5-P9l&O~HBzO~I#VZ^3BJIp<*I^5uTAJOEV0{5fY7LXu>Q{TakG8)U>UjD|>wCpf(1myMhX5|!HU(T>> zS@5TW^+9-yjlLpigF7%ymH{ZRuA_>}&I+aFr=}b04&U;i^MNv?t7GN8-?Z+#kyp?~EQw5l!as+8 zIG9u9(%AeI2bX!0WgqVCh>&#~+>Ob)N2Z*4prZmfasgyB9KigF~k0eC;{bcOuHE(_}4{$<ztxYu0lxAuq$GMo(UUVEL9c_?Gd z9f>1oo}bq{)+Wy$kN#m^_b*2Dhhc1_n}wSD39~$9=uzs2%yRChdDQ0C@3ll=uiB_% z^sKhFagi4QrE@wHfAF|pE5u{`Bn_|>r&R6gxL$Z!?LTR zOS)XHq@VUCtE6PDcE`th$AJ)8&tEI9ub8k}r6D)14W~J;8KZtFjtGN1)eQ_&E+-I_ zgPBc0zB)&%?P+@-;u;_iNiC1df=AQH9PXkR|8Qr%cfw&j}-|S`F`x z2mjc&DSK#bDL!v^MlPxdZFA<7eo>);0AfbfVowy8{Ws%0EEZc?ys|Q*S{2AeIS9Up zrd|l2+7SpT2Y&;%5B!8zcgH#X64X@NO*dr%lR?D+o>XY;qdA{%rT3gF<;s^;&A&q* zpCaW?S;zG2h|L=9mYSfvZ|D4_8y%#xvLSq|_PKe(Z=&co!J~tX7yAY{M7O1YMoc{?y5cm@1HoxdgY*ux^|%-&Nx&G23Su=a7TKD{JN*1Bc#UQJrj1)tugj62`3xhzHh*?u+F zpBd$RMk7O$7NUKX}Zw`z#jrxmds-kH#N@yo0tXwqa! z9hl-lgFRa+d>;G3{O(FF>K0+$u@=sTQ|O`5nOzfo64I)8r+Ctc@k>2rLUrL{*bq79 z&I>xZrrF16-igjOI@S`OKI-5PZFN6wL{g8)!-d*^%$E+sLibI>s|)_2Gh3I5`%4|* zg(Vzq>5OGdg;CDO9;z1Q-jVuCm+_m+jHOF4jA9i=1a0>($?Kq!xB=17-xBUc@oA@o zM+J|B&2AfDYEOTwIWNa^w=|S6a{gX_y_4*bt=5RS#MGyA%FUhOqUwm$#x#$DBh!yH zk;o*wg`cCgmxJKm(y7r2^&AM;xwF!#m@56UG@(MnE70F_ZsFXkRZhNCvPW~d^TW02 zsEu2Ia>?Q zQ}xg(7f_IA-6nsq=WSVrE`ibo8AdeD=;1bsK(PKORk;P2RXr?gHxn;5F|<41C4wl5 zge#_hc$&jLA77Jrm$U4Q^r{b!c`S0!w&&W$u@tdcGW!ocvFH)40_zns_%t|5UO)5l zCePzGIZAy;1mBsrd0)V`(ScEg1isvna97r6Leb`>`Aq~CNgtWrL)6i*zsRSD5u5Ak zq;_pxh1FM7fxOrWyW`c}^JkCn;;9)elP&m0SV=!8(QPl4LBA0IX+vWt{OOH#l7>|TV{vDlwIGU=) z6_tqQ%%bTnz9j|cgYFE)=-u)4a!1Js}?4XX#v>{ z2%_DX8%A!Y$On46GmBnknNU8=wOXSpYO8V$u!lV$O>LI4yW4dnRV2uPnZ>VXFb_}M zNeR=A1mw)d@mevLD7}+6U#t^Y_NXhAY|s_Kdwr(|woMOJd!c(?%9f8-nF65Fd4+P& zig;v9+T-Jpw*G*8#`CDbPYBuZp{vOffY1@j@;uZ1gCBo#W<;1K8~&4I zS@Brg=XMB2*G!!6SE+&pV|mBfCMo>1Jz*NwsRF1cl0hH5T}q|*KdAPH$fZKpN{62E zTRpi-eQXBBR3VA~;9-5<_ML7vmM`8i(i6b(`*fW|rZYMq5zxX}}>k&J*z-)O@TQ$PFn@r!NaWXe|8AH%c=k*e7Q#&d%5 zFBH$gfk+7k`n113FF9J=wCpE8C46hpEh@s=0O?ZF(@#6bgv_E~T)pL_CiM0e%nXNC zu*Ihtai`bVgZE-4jgQvL*gC=8XOJ8-jtVWHqZ@6#uZ8T|Hj6>;&@2FN!3E}9)B_k9 zvn8dSMb6{=-v7JvC6So1-F0Z$R$cwxZMK z9qRe#ms3E)R!CCOSvhv*lp?-uC-YQ@lAfaMg&=CE_3pKk;4QdPriM5eoD4uiB9uqu z0h7SIE(hnF5`6&uhVy~ zc#PGL=EV{Hw}jr%jU{#E`2NY1cLG7XsTiw?c>CBwUipu5zVS{UWnI16W|FzO?LN@C zx%)-a-a;PgNmQVcr1tsJ^jeT&FY|tN{McodF6ZdpE8HV&OM;hIkyn$ez43KB6EAP% znc*AglOifBWwSt=&_GM5y>I4zewbV0)F4PgLXZ~g_o)WxjOYMQR>Aa#&1JUM-OsCXLh+be9zkvU zFx7K~lFZDhQvA{HzXfj_PL;*Q(GWg_%Vs*ff9gf>AFbxshR{(QWWN2oQmR-*jn-eU zFxvYH)>$#VHNSgjY{i3>4XI>AAmb}n zn$TltvjkVf@hgiemBjO4CO_z2AQYmS#Vx7WrdLasdHp>C3<=rdkK(+^3{-xTNhD32 z-YLl@v?C20aR}~eUXDo z3k$kj=at8isVSCEA|!P-*D!@0k3}=3KT*KVU_vIU(2Tj-8gC?Qb|-Mv(NaV1{i08D zM~eWr-DoW-H5=maA<9_#GCI7TKcSkKf*QB{tl-OXx{KV15vAwXZZ;zcS-v-;!CKKB z4Y?=0&u@^fJTVi6VxxBkZvs*EIx+`reDp+CV^7fahPANT0NCZzcA&;OpQ;o2b=dkk zU&Y{#1(3la_3i#UH+CF(XD38c2Ou)Gcs1zQ_IcegFPVlIwUP|zkSLBUj8xh8lhIWuZlF@fOylG%S0{jwOAlML((yh0kczJbEe)#ZBM{~MvLiNrbYO^+&>i9SQfbIR z&Z7a&HolU>WM7)=Ku-^<&_V9&pAXdTm*U?9IRjRe-;Xs7<+e<;bH3^2#VUIaB!1g; z2|3q%xYr_I;x~OTx@mp5T_M71n~S@_cknvo{w!nqgON7s0kIt9i$E*hU}h>N!-sI+ zRQRH}EnJ0L3nZsvM9dbJQT9!PE8xdA9?gr8R2_YN#;b=whMTUZZ520nu|x!1L_^!BWRfqwCD2QhQ((4FWN*5qziA^&;_;``YE-R1RuZ;c;o zZ4*Mfnz#hq!81m0rUf|KS%D}_6r#e32R{vnG%(CkcPjWl%DF~9Ny{r3ZDy)?Ht|L-L=M@j!)Ods^2PIv>>h5IFHi+saMAMDr5jgr z{D3vFLLlno)Nzbp;YLs?s{`bWa;hE4Q8gI8%A}302triqT$D`CLd3Qug|&eYzK-z| zgUwlTvEjA7A?reGhom&<^Bl{5)9ydKqEy5L4oZV?++c6ec^ltuzJf&aUT#;E*N`Cv zY;bk1-PxI8>r+@c>rs+AG%3CW^_D*y*xQo^TP&=l-96YhK949v@Yz;v*0szX7$J19 zGaBHCaFaaYC0_7Uv16w1Yd~|MZV={sf?!#7xIexHtb-xfb zIq83ZA9fKjGSI1FmQr(ouq#(_cXw`n*%c3p#+0R^ie*AW*?vzOT$B!FrydG435rbOf zBEZ|1JIg{Q8Gm@Mys>;8j|AiyyvCxp<+R87Nw%i28E@ zI4Em-_0z!oM38*z%1iK#>iVO@s}t7AYx zsKsAN#%flf6eJiefLC+7vEEZBQ)Bu5sl6){1BDJ2B#3kzrgN+N{2u#OpD{fJ-h@=F zhjNY!dnG(D=`=9p)yFwl7P$cHBBdva+xKKaJtEOsO6({%PgpFY-#4*XAF{u2?`a~3 z%~5^>c(Nm!0+2Wy^_ppfi=xJIIOV(u6>5W5R6EP59=;J;rNM(3TQ5H5gcFS&vAMM) z0C_N67CW2C@*NICUq-%hu|SvDY|Bf*hjp__G(7g zROY9)kv}A@GsfghCsF?g{}&UDE20*DbPDfRRIO``yK6}p=5Dk=AJPDijz%Na9dr#M zc#UjbOSd}wDU85?ZdOyOVIUeN#dm{x|7c8a63qQCIg`{MF9L0_yK-wgW&_@)t&a>; zZ~%~uM*dWjh1BBczK6*w@n!K~XJZSc=1tf5sc1i1fum9KsxwnxQDMtT8?6WnH+voXx#9t1 z&PyE6npJwAs;PNBy_&I5Je!l^zl9u2+`!8nKKl&UtaLh_M(A&SU!>nz8s4Kts%+?= z9KN+g|B@K7UHLoHn8)$?jbPs?_Qm%zVep^yf%CunyX2pd*{(bh8JM9kG!IwgWF@d( z#iBEXb#I$HaS*F}yHk@o+lVA>8-D=m5u>L3EV>Qmhkn$d2+li3I&#q|;OV-4_UGR24z%y63t(`{f&1$@51#6p5iq@)ADd;#lt^defmCYr)AmG>*N z?LM_oI#(cC#SsJ`MP~VW`*emYis3U5Jt>v5dOit?Uk9mUbrna8SisK=eqxB*P7SQwvW%;NIV;ezqO)DEN42uul+8wD-<8FDAScLw)SgZrYa$z z?1P;=sw&0-VbHZyXNg;abFptZEp>q}JS)3)D@vAsO|B1>Upqud{W&R;~jOFSM36wo89h=@bZS+2BLT268~6ua<;?JVwc=XSsq4z(2Y)IEzDSJ$(twqa|C}KqD24p2p3i z>B5Su!dSSgo%3C_2-hJNlBWP_n^4@{JQ}#}yN*z|VxhJ)B(ZbiW~>R}hzDbn){Ggw zL>oO6Gsh1TD+}Af*nl1l`?G(FZD%H@`od4dv#Dp1Exg-Jt=GkARQ{7vMm#wG<4~}Z&~u3S6z|g7%)UQBXg;BjRC?MJ*WA3M*!=a4`clH?ty*2COBH02f-@yO z{~#$dpj;hcz{gdp=2NLi209c=ET_5h{K+Q}RGYK%khtV-=5ca5lgZZutYVDkXGG$u zQYjjeNIaSe_-jnfnsssJDd1*Llb7!|57$J99Lu6Rnt~w25|~vdCP$Jki01u)S$D@4 zNrP$4sR537Ct;>mbd}<)Lwv6VhK%6X?Cbk@_#?Y}GBPbBff?O7CqLwx5i!i|0@P7P zF{gBe3hixs?l-SXdMGIo!r=NgtBm>9%*m$E8(*b|@+Z9`iia=SrMyQwC6<{-SHbE` ztM59(UYpwvB1&OB#yxAs4#I*xCA$4a;@Nb3-xh7*Hwlx5NEU3cXUl5y%1H(m$6!IK zVnYuFg%?-f2WP4cvE)$4x1WLi4Hw&x89E-;cXp<=v?jt>c#gHg;Z*zc-($6?;`s1s z*a({C+NIS9(6=hr?87>Pvf$C(3baYmhd3~>MZ5e^`Y&=B)$e`PO$=T6*d}9n?5XZf zDRcKL49^>tdKqVc9@J3Xi9f~Ry&6<~nzB&BKin{RsCknhdEL59cpHonR!7`hehAp9 zcXv$TIOMpOCy~ls7h=6zcQ`?Z*VhoJAa1K6ZVNa+Zdt1KE&hxWDNNGF6WmU5>mMjI zYI1Y+JpPo+;$|@83RGw4)9Ei89Kwx#-gd8RbpX@8M35yiq$L-?lp89|w+`e-77iU% zB+oOh2Yggpu>Tj&^+f~LNw3DC#)T#t#{2o}sC3j)b}7OPGhduQ$^#oBSIe1*2c{O* zydDuxvUG$lKi}aPZjBr_l=QIX2Tr@jd^?>zT&&z3(Nkt6AN~jT6tn$^Nmc_mxwG&0 z29v@X$8Guw?%iS|`WGm-w`ZycxZI*h4;5&9_1~Ml0|Co^rW6$V?Zf62FzI%T z1Y8d&k56`>07Ln;W)Fj51fq6qGS#(N*b`ZuwTQqyjN3b-+xr?18wwLY=zqHB8-zl>bXmS8&g?oc zv0Ua4HH}Ni4xw=(XZ71}_wMcXO}n!ncq#_}X~q)de#7I)ar3g@g2P)4wC+R2jy2kx zkvs6Lu>no@43YU5jLo_K)ntXB<6wzp<3SVBXGVC-_Q3nrH&uk3L@53QVpaGjHn4{~ zU5evnFwzT}8n>im{ZiIFGlpX=@s{x)$4SnNsfYDorD+ZBxf;rGKi?phC{<%RRdfzt zCkb|&C8WYigb52%#^BcnhQLK4KX%t>20kQmTg&j*C z-1Ki@{X{@~B9fbN;U=Qg7-roh;ojJxoiX=6j}ZLOk86{Qc|hv zOi|^Jcpfv1#)CD}w}Nc`fh;pF{I_a07IWXvK3(3L_Szh{GDzK*xkq@qzn2=OoTb{a zNQ@%xn+d}nd%Qt&lPEWxK5-hXDG~{RmDES^o%vi>sxi3pQvr+Tz~0rL?}}n9J;gt( zP;cMWtxXIcP6ey#pqb@Xu$45cWjuDcRPVh#dECllq-aKyquDj(#!RX4(7e)DiNvOj z8r0dLRb)d@OlxBY>=CPJgQZs36=ww~5JD(C)q19UY^g4e*I3NM(f}hG>|uF+R^;+nR~C^>W1H*^Fs2D*?$JyaG=P$v02L;#9HX8P*xtQ>@_U zcfPi)oYq**4iJM2BnKL?YvwaK#4|a+ESm0+(z2FQ+V8I1MBHe8rFJ`%5oD<0ICiAW z34yo-OhKdA-4~LqKI|=3_Ybf!FmF!oz(t5I!5Kw>5Z-8hqBYOv#m9XCW zur6W8g1W+1^)uk3p3sKwyK2Mi6aC}v$Xq-vVfQL+5#s-)&A`$pRpI`XY`^8yhp34i**5~1E@lARs zu|`x77<27d{UqOyTc75v@0acsX?+OsCT*RVbcV-Tp6uGNh=#4obVfeh(3WC9!Yk|pJfs4}% zn3%mAPL4BDT7LtMUs8ciQrnPfyhx*pXRhj-1lAt)-S%*K(y<5tZfmG}E_i$(zoC&} z828Qe9mIJ7tohngVb0gvT}yEiXeB<)!_SKl+}AO(`&#K9c&}oC+qc9Yn>$rP+}wrF zmB63>!cgAOcK%2kMP=CO*u#Hi?b@2&X7$1C1ooF>zD0A@8`{1#NhEB%S53ff0L4BQ zwi>)1E*Wu!4Prz(GHn@qy^}6ap}UAnw3thgulSSY(=q$A?Wv-;ICH+G{mJ+XSdNG4 zx5rbVmrr%4I9F2U_0lzbWUdgNj4EsQGe0H!#oH&KIxK#BfqOe4Aoe04@e9sy55NAA zEd%IFB4+6_mv*+-7wUq$vj2tQLQfZf+yeUnN1#<1{qiVH*F5#?ki#=-_ji4vR*rvU z2tPHyG@4-!0QX4AhNwL8hKW3Vrxsp32$lf81=!h#`{1RW^^f%5r{b62j~EJPmmfmg zAimY!!K$61|5Qw_m0oa2WSmq_n^(|WD5JZ1yr1b{f_Rs{v&Hk$ppY%DR1^;J%}?hA{a4_BWOg?EHozEc90Nx$_=Z?dj|FV}0*}!Ai~GI!QOMtw zrq@{?u9Iu>!~m_ByZtT!TDy9?$A<%|^2-~ijKZV$zjiqb``$F8AwnGQ<^23amDhS` zsiA+u1z!2-L$R?#)8w7nmHxkF_FTXOS<%{|KR|fSX?0-$|{@*{FIV!$_isi2o zlg9YS$l~o4pMX{G6wcksCv|4`rke?BEn5fwNckR!W8}2{K>y(P4b=l?-FDJ4*zK%^4-l0`t%;kJiAwloanhRSrBe0;oc(p zpZV`G4}XUB*C)h0tqInTnN5l|_VtGf-nO)y@pyw1@=}o33d-f!)of6YP=dh z7TaldMgcwy#@A`)f!x<>+PI@Bgj^2zGn785L0T0ss@<)Xr=oZ z19?$B9kDT^b+|?1370u;$>op&C|wr)52K-0WdG%J$OKeBc;FAf0Jd7$(fD)B(d{H{ zFN+2t8+cc+4P+AEv!Ptn86)|Z#Tn=m>5p8@`-M&-MC0@j&FoR@Spmgo@d7i27S6gLf6NLaI;~>K4S8tKICa&MFY!wDk^usGSGj-q`Q!JtRYzMj)wIJ z`&OKA)3IEvcn1v4C|wgOb?iSY6^ZIn_fc1Ikh78>Ex9L_x`6Ym`n;KA^7|&F{}*p> z85LLa^Z~|zU?ErtIyk}IHMkSpA-KB^GKAnB+%32h90m!_;O-8CyX&y?{N>$u&z}9T zA9m-=xpRAN&%M)CUDe%H)xYZgJ2n>o5hH-K%8!R!20p?1^1omdAWCQ$i}eg*iwBkl znFM03R^N&pNtGH<^O`Z%9SvXq%@Ln*%;Et?Y8D-L^)Ce+B>rsXr0n(Ww3U&Qvp8AB72Jld^) zsp9_}PhAy6wNEYzeoRVap`zMXZl)R zkw^eC-?2IWYrUttKg2xNNI<=}-&rn@f>0 zohVv~rba{i&CDWsbLUx(S?&9SIa%{wm?vn3c*I3_Yj2^QK`>m;N14s%3D^|-vX*_A zblL4-h=PK$;6urfLr$OZf}qkv5^!Nsd$m!pY_baH*Q8ZvA42tr)A~_?JG|fj&_ohBc!|$ z<&MA~>#IV#6sgrwqcaQ}Fwewi0U^*ZwdJjS$In>lNL2_?L9QT@NId%R<4z>zNsEo zuJ`%z&xq}!ug;YE_M86p^JUd`G_#?ET-ya_wPKxY4gGA3&C<{I!&V-SXNMsrYj^lN zS*=gV!&;Y!3Z++OMrq!PiX~`JIeb6Xd>IKoC4oS8n+sTp0MN#+MSdB=86o-LY*4P6 zX@RHjrBDBv=m=IUsGi=|37|aziX0FGHa`87SYe@}C79b#KVN}NluKb$Q_V7c4698inF@{cGw7z^nXYA>XWE1V}_jku5--ftJz=Q zB;A-~x|=Ll7ZYSlAK#FZt9*x}F{`HZFnOk~o*w7jM66v5U1Z-M6fFI*)fvileZ`+H zS(n?dIf1u!SJfr(D5%un8KlnZbK=%_Y;u^ZCQ2uv%(*Eq7tuyp0SyL$ae2jz1*uI|4!IML6 z0`z=ecfQ?@-4FJJ|F-nhLT{`ezvEeQdY<8(#B_m7-WS<>{fF_aGPPio==|$Qkogzg zgI361Km8UoD;p#KnJY!ocNeN+HYt0rs9)myfJDvAdpLV%8CQL!+a6OXF*lm%?7*Zq z=2*&YC%QEl^at)$$H6fd@Qd6N4FRe0Y9A}F-XBPT(ry_kyk^$78>`r1WBDC;oIm+l zji%fi?DYGqR1FIxmen3^Jk!ct!27T%nWUb4 zCpOlo5&q~)s4|9q#F>-#OAI7zsw5v5CC7{vqg5UW98Tj2Rlt)V0w3W@Y^qC9n`|i~x>>u>nSP`t37YPo4xXF`@2LG7VP-BN{vnOb z?I13nXKTkf)T-+JWF`i!y5x5Cvh9nY3DSHgzg35$EYRCxG+eYDnNMxA*~~{P_s&}0 zU6*Ea=rpY0+m8-hE@MshNoO~%HoW0qr*^P?EpAc!dj%j}Rvnv`FfNbe;obl!W~Z-1 zl#>!J?YB71Xw&f?_Bxm)7sb-2M{tprc&`oz_~m|BX;(MA-1Gin;}E$$QFr2Yr0r>O z$K{i~R}f+^J064y&dGOjjuPZ57A%`(C&PQXta9C^aEynJv5Rq(gb@c!GB`&M2Iq<- zqnPa3#?*tkH)al0r@Jwj8z1s#I&kU_LVo?sE?kZC`zspYMa5Hdf@8?QHxkD29_4&@ zG|9}9a=9zWo8!mVL^_G4>$%SlBVl<>F;Ss$Ahp_NFLdt^ysb=gR-dMuSDDFt=Qo$R zKs6o^V#Y`fZq;~KD-fLN-$Am2+Tnb~V6Ke+36u7_^B<^q%~+1(#J4z&vF|%Kff3&N z^Nr{GdAAog7nHLdei$PJ+<9ZuCOnY!fk_NtgDN&Ty?Vaa7E|k=_4oKGJlPNEb;OdYqAl?4_mg*eMJ3T7*a_qg48C)}$~KP!L_ zZZ8*L3>F-A=wdpvMK3=+<92UyW%K5=p-VmPh1ek?~mux;R6;KTL1!QA~8B530U8Q<& zSi3csAWnT4HX9IQ3@cShUGxy>yc6DHD+|+XM%2&ME2snpm^XIx%w>1{6+70QsI&Lg zxlQen)a33iTQ-^0dOq{QpG+HpDFlSt0?d? zk`&>cMA*4Jd(8CnC1dpHEuL)K);h+p*6~m#e2U%EG$>Sg#!npmIVtKu=J27uM75F3 zj)ZtL4qLI>VfUGz?sB}5M!$dDDNa}j6dWC8qg-$8Mo_m82}MBCpSm}*e~e{i_iR*> zT5Kp*%Iv$neCRTyhS9Hb>)qCwH)5D~At^bZ+C>$wU44~&`4fYiw_!r# z_up6mZ>L+ks1jW;LX7Vnl2a9x=>UWtyA>(hqiqS}2 zzWA3F)oeQ4bXM11ht|m^M8S4muiO)}zFJEW-?X*{HaUF}vs%)oy9ZaOg{S6?GKd8B zzEMge*IEsg#B0|g`dMFkk{2Fk(9&2gr*`bcVfBKurP*)bx>5@?BtYXE+l0ns+oYrp zxYgc2PSpc>sfG0tsoKgeo_!1U)o0n+-#dJ3v@-itkJ9t@>^<_v%qZ^tK~@c#jeeYg zdc--byTH;Mq54~k4^Q4nRnJp@Da)aM%~jQU5cfxotxup6wLrGiUe0Rq&+%U3XHEYs zdJt3;4?%JCw$pppd~IDX+fiVG@j6xEVBc%PkT`{E^{ucm;hoqEgJ}|;5GZ{zd#)}r z!>A=!l|uf_i-OtA%?QJ1trQ974@MxOz&hftVNKn2I5q-Ca^>c25cA~t)M#ax(pit1 zl9z%uBuzM(EqCN~u#jLDAsf9$yUDj=sEyB+o`ieMN&l|`3nshqrcGAi4pS6DSmbV2 z3|{q9qr;w~<$L`{CJO6q0g!He=-g1%`iPNB7$=$8u{4RdJ1dppgTJ~T4ASLcQ)4~; z!g?KwXtd^PHBtU>r*EE7JdkNOXn`oAswL=-b4dOYqg3SApMpd&pv4{DkHkQI)O@N{ zYe(-V55($N@C9ye5vL@c6xm!K%cnOVpL#@P=<)>tj_rVF4LK2j-TxYcH@@?5N z^xU;Z5UDzhNSb?}w^GZ-2EN;z4YL4WD5ovfZ%wtbY z!EQFmEPvLH6HuM~1Zrx%RRCET=DCk}^z$ut#I=TWV}qSBY(Cfb)#@lVc=o>^UJ5U! zYSf1bKXzssGwFRRlR&C${FpoOno z3O|UKn-7O{#J~TZWxnB!%{y;PI>v!AaDnDp{}^n8yql|j^yN{wkWm|=#Efeuna$*r zazPoNTyEN%@EDd24@To&>ID8gMHCvHkFUV5b){J1hV_7>Zdi^clC^Qt??n>-#E-4s zhgBPxq+C2FUzMx{W?@KGpA124M~?uz0(|MrNjSTmQiPjZvT<+zK0hRQC0g8}9UVQ@ zF^`R)ZkMFmEVS4Qi5=>O4LK%Ku-lWIw$^2YHiC>+9%hCC&n)P2ri^p{SPSlzK9u>z z=|+y5x3bt!4Yd?0n-B)pl+O{n{;EpC;um}>FauPKq-iRqe{yEuG` zVbfZx)``QBFN8hQ0rtXIY5mKhcNHEVag7nGbc=PnL+U~`>gbPOCy{els{};~f_W^J zOs=m^L#-x5U<%>J-K04hN+cC+iT52@t>bbNPH74e$$#iK*uIiW33!7H2MgJgA@Lb5 zBs)VP2Uyx=)aqs2d24!pBv~wB?doIP*7)!0NP56+x~j}Id}g9YPprrMiX8j>mv*vS zCR%5V9(Vy>5;Ycm3=KTtF1G=KAf?=v8%M?!o{E_J7~!dOD&PKOLr; zQZq)^hk2FpreZj&A*wXyIYtrp?VryEI1a1X?Tx*x-Vde2Sbf)o03oIX1^v6D_74vK=(S6nAC55>5W)E*ljoE+5@ROYEkT+ zt9Z1U$E?>L39Wl|u!=8{^I8Z> zIF&Px?0zECuVZL4!3bH|E4F?VpiFoSRB zf}1n5e)14%!Hn)yY81V_=B&m{1UsPT4G!$Ug<1})({|DyG8ZtzR3S5_p++JK2!8)6 z8j?}6jmKNZjGbwGB%~troTcBFoX@UU0?$^-ZnHeyG8d2)TY+8D8V&q6>~evr&T+(q zjn0EQX}@f_aJJ=Uv0QyTICS}i`^Jle^W|g8V-9)wcQncn7-l=9Y_u3Z$%Bcfez#xbVo=HIjFJYsn+<_4smTjdjx1Y!0*Y$i%^4Rl$AV?XCOx(Z=+IvR zm`_oKI)dSFlE^0j_C(N(z}XeEcxcCCT^J&aj0|t5i+c={I8)j&sG5P|6WUK%oc`S_ zWaA9P`cuze;9%kY$btYXEw>L-bLx4AALmd{YJ&-gS!qIZDb1K3H|c0BlzNSoR)>&c zT#fY1OH-YLMWG6l3QgN!GqcY;*fF&hVkptY2MJgFhQV08Ep8OvqYqfI0Uq&?4v1u? zCJ37D4#uCo*;Rf5(wiiYV#XO2|3Qm3*8jueyff#2Nyl+_O` zxxghmdE9nR*)E)wyx5^6yRhVW)jQ`|`p5g*fM|&~c+&IgV<98Hyuu;JPCxf%Z?xGT z0~>(m-OIT(M@m?g-@slBAa7x)eR}_isH%NDOg2mVlXJ$lXC#tQuUM@Qz@bYnFs@<$ z9kO`^11k9QC;CrQ{@o?!q>#LFDq6sX%y3dg56_`k6RFi4Dg^%_gB}h!3?!XEd`Q2QN+&A=c!se-g|1#DylP8HuUKF z;>;yQkhqB}qqtKHmKW&W!w8vx z&VI$QdLj*2{Va0W5g>|a+T&t+=rvh7Q|PRGI?QH41N&>vMJ!L0-fvc1Ud-KYKgpsAhbO-$`|{-H!(L8naB{zk;9-8}UAF&lB%O6HOux0}myp)J zJAZcn>LE%eXs!*w)|&V8YjbzFq2*^IqXmX#$yY|bPoXi)XKg*EH zHN{%o(V(6CF4_ji{2#dXl|rzRH5eKFzrMp#TGpn)aenb@RB00D5!z7rd~tlK=JDdS zL)-X{JL#3|TzF5j6}C5*ZO}j6S#f7zHtHzq7MfI?mT=Q?#V=!Ew60&n>7YmwasJKE zOX#@25!>rqC+gpyGbn}Zk8N?8G%?Q0$_ZW@FwG7`{W3lMQO;A=6EV3e<%ZX?4LNI% zjC;wSy3^o$#cp4G#iuXGI0gw)UPpG>?Jb(Wd$y3@(LH2i@Mu*6|3;i!?oR|2VTxZr z8k$W$Gsjl%O0D`lQLTnr_P`ey+I>2KXU6!pe3%jO)x(l`9KU1wH`O^J|NdNd5=CL6 z_?48o_;LEyMF{px63m6#TztMPFGtfo6yNcJfDRDt3dh{J5k~$VI7?a6qrJndE#*8F z{3JNQ55_N->LSuQ66d zqQ!v>BZ?H8x}8mezu?`7tzWkBz)4PW}nIGn{d8&P=Yv=Tz-Yn7AASgFzP&VFW zn2iNT*)BBsx1Gaxk_z|0LA56DMw)UYx_%10F$gD?# z2|xZ>K;VzI&-M|?KtkIe12D0Zm&JFmYG-bNkOB%FxM z^%bSCdeQM?5q*y_*}^kPiFZQM*9|hLKVMOKBJrwM+6dVPTTQ@0v8DP-Y(J6Cc?REB zd>u0X`ow91!XNiais-Q8E@@_W$aK&iq+cDK;(GR;PVxM^(i_pA%qQwLo+`znIGl0| zJk553=?%7~Q~%hYC6(LqJ65m%i7f<aRH!?z^b;4FFnbB*Yb@(8ugR`Hp!_5yrQ^cEB_uWGcYiML|Jmk!)TXIsn_>K# z@OMrq=@)WRs;js_ENkiX)KjD{EGmfG6m^qt4{{G>!JcqfAy?@q)vY5<+cskzw)-gN$Ho zI~?&Sg69t>p0KlERC{xR{V~SQK&|2T=UCsn`T*-3A5D87s5ya;3!_wnon*vw%zE6M zxrnuEa{qB?mB`Ah-GHL@P)(Ow%~HefXl|ApT0+rWDPGr`;|$<)KLfJn#yp{Y!Bpf| zBG5NYuN&_lK%}dD=*|dv`v*H4-!XKlh9b8|Y@jWWnZ)#f&@$3`n4SH;w`_;~VdC}Gp6f^b=+@X&L6Y^pys5nC>vN8WrCI@BXH4d-)zn!= zcr^7=q072&mE$u&M?_*#?p@i`Wmayho2q7b@Y)ap4M`_ve`c?O17rROI?HxuM@Ty^LvF2#Ta>r3KrHtkkDZNpSV);HBr&`I2a5__zOlFM8m=|IcY0WiQWLvi}zH zKUf*SU~VsI?g@X zf80JHy-}d$KmYKddlP%JB&9WRoTlOp-c51!dGf%gbV`{;g15OVU%&?DuCf1auzOwx zZ}Wu2OMI72vP1+ z6yW0_Rcm8$!ekTA!Leo{J%%hzndu?4UXvO6GuMXqV%jSs1@WWNNzXz?BToQ#bcy)P zU&VHS%%uDO5Sums3wMl7yVj6@h=q&yv1fSFj>|DkMDet@a5QsAi9vpGsEkb<4|G7D zPa~A&B%ODet>p(-zk1;(5lg|mPiBt0%IE{p7_9DU9~ynZac^Trb1n*3#KTy8C&>+% zD|^_BGz;DH6H4yMCIgn}Vn9!)$48H`ly+;1M9x(I=IZlxS0u?js#Kf6abq^U9}^jo zz8xwi=*f&~$Xea#`?2TdkLgnNJyl;pirr-U^LdeGj!~Xsl+3BEP}Dvbkv26I)LHi1 zMp>t$HOkDRccdSsmKGs_DB)Vw&v+twEFzG_>!<3vgx`1X(q`lfyW9sG9d_4ZD6Jle z$o|tuj}zax?x|%D)q*mAGm03i2z;Ga{D@Wf-8XbR9J+i4dfg#Zlh2bCnKogAE-|31 z_xF)~_U!WDV{ROlMu;l1#LR;_%f}y%ru<{*A9IYB80<;28-=nV*#4$obtRn=BSUtz z0-RoWy7P&*6f%n>|CJ!CDjZT;-q_)bCBs?^xv!-Ky{ba>d>HNu6s%sC=1HSke-W?) zGJK^KMvJpV9M6pvA5C?g#+gEuetSPMv@~MWdV)x}K@Fj|Y_+^)7qdf1eMq4cqMl{< zqoW;gCg1RyW&FE=IP7ogtm71Wo9|m|auSS5^>n)OQxW8~8iAWwMvxlvaQejEUkAvP z5~9OedOeF3!E9i2;0aw{B^oxhbiu`WeowD5D{J-0#dm8gH|&Vi>f(ft-)hX!0i%qo zJXls1|4>uvf2i5}E3kB?spwIK1i+n+Erg0KFQ4PIBAao!H0|>0bsATNY!UNC)15HF zGy|TJ`>|SDf3mH{ZcJ#ky&c(U)F>2&6&j(GuezIdMF$|`cCdlIvdZvvgUvOcX%)-kW znre&L1gH-FZv2nVn6$?P=;w48P-5lgmj_l^fJX8W;0fStN$62EvBJcEmz^m4i~P7s za6Ql{kvlA(b+wug>bVnt<1gZ>E(8AU$~9%4s6yYO_a7bUj{P=Qu)L`}MR`iO1fjh@DLZ! z5KW1*8ItqreV}0yqLtf%30mnnz~1Z3#eBOmPjpufxH(a4l}KRx(A~ykHEXqOV1hH| zClrNnKfafs3%u&fnvM<`7zB7i8~A}<^QISaL&~-K%uH>^UWztZk~y9{yNy1Bj!9P)ONahyhMf70Pz=9p8`-zq3Q{xBQ~gn~QEa<5 zs1%}%=OHhLZQxdRoFE6k)FfS?V{C-#*vx~;P5(3Kc>hC$;^MkcGLw*M+YvUVJ*U^# zWiv6AHFFSYNRDsYOg)CktFXyxU+^USH zZi=T1*;6`(U4#H%g{hj;ru!6_-ir=~P!kL4``V{?kGuT^y!)}J)N02sctmczbDSiQ zbycxeH;4!cis4|{TDt`JqU`hSc2LH|E#F{_Plkb&$Ua9_vmMW_-ZkY*sbMBxRBg#5 zYmW@EK|!}}wxiu8dIpZSXCUk?bJ1dmgR}V}jUM-z(9Vr- ztb_2Ld|&CgfZIlDlh1!f(tJB7^jyJwIRD{I{}>(Eyt8L>6UOpI=h^!DpY!)pU1<3H zftxj(dvufSWZzM%Z?y6&hVNqT7MS&KSF)+^k_tRXmX`_A*2vo>r&7Y+4x^MIaDRS*-a ztYNEov_33iHR?ZdV`oZQha^spDX9SHt>GNvDLUkxNWbOXbrlRTvq@sLekg9UU!ky? zLqJ9(W3r#xVEv3oNwhe7mrlB$NcXLw=7+l6r+7K)dK=qMBRz9Dic#-@a!K|?o$>Mo zvL&`2(24=CBqn{i{d^0atvjKsla-Lwwz2Jf?L_HhVKkRk08w!ZcN$ShU&L8|jqLr+$*mx?Sv@lnpt^Fn6ZscVD zp3Xs_H3|BMgRT)d?KT;GN!X($*VFHEquff_?+=y z1X#q6{T|!cPjF~-!LR4P&$6^P%RNSdVK2}q8 zdXq&ROd?zMWYl_N#bhQjkrCs0V#u2yajN-;q9zTHMIusGo+ZG+h|}g4f6eac@XfEK z-bz$M!{vj(IpS)X#%Fz0a=H8Mv=fdafly{tca|C#%>&uR{=hrv21T)UJ+->ubIEK9 zYKWB5TO#8=3MqT-)5eDdxRQ1CeIEOg2Kj}`r&@Fz6?yMwzY--1G`!rq@1MxE60@GM zl1Nr{fUeaxOlXiFrrb~D>A6ql)>)+}jHE4aoQy}*+7k>nJ)v9hmJ%Jh_Zj9y_1N8=cBuwek z&eZ3!%Y}PlUdwe~AHJf<{02>yyL0>PWhVy41MWhZB7Xsa%FyX;Qm5;&&51{F9D6Ym zEcwTjSc350SyB#X!T6dcb3-3TjRQv4)t%1PnC7jW1&w_7^bu^sZq;rzD6 zVxAD9z6)~H(_Ku zwRUu4CT`1fuiGKz>Utn`g7DQG52mmc;W?to`BOtpT_m z!_B;77+opSMDSzzWCGI)MxlDe$f8Bp*JVz7M3>#CuIWFgjzh06J)edzf%Y0#@n3du zm7x2mr{6_=dKvAV1Mxb#3!VXHUw6|z9fofs3B4Gj+B*_!PoAS0HzDJ2ED^F0u?J%D z!4FFgtXrqV1HAyv?IVj2_Va!v;K3ca0sjl#svb`88P;mE>#N)0lOFxk7^6+R7$;|l z4Vu7~6KGYE8oms>(sUYZ68yee1I%zc)1K(%uTBCKDv}D8k<=FXc26Erlr*e7Iu~qL z>3nVKtLi{1P64v4a8=c$a~7}unCovP(Puc;r@Jyb>k>)_De;9{>=M=Q-!=v7!GIr< zUo?LGCBt~>VR*&0toL4xFSKmcCpM%Js|0Cs$@zxjW&3Ck{p@k~K|O~~@bo@q|JGJp z@3Fef^S-*Qf#Dr#EF#TIfDz4$NyMayiNz<`XLClw6<4-ozqJ6V)$%bp-_`KSY8i-W zdzxB$1W8lsmJa2s)C|Yo{nm@s!^jL}$s!HH_KS!jff0$uC+Vf7wcVOoi0%o+;6I%M z1BKCeCxen8dp45Kt)YWOpR^gPzJ|_@?me^l8E5t{=Z8ZgO*b%2LAV5!@cBBe-zh3gei?N^U;Nq!+BX+3^hB{*`!A!{tOD%sg6VAw8Z zRKqq5hvgzk?sJA4g-4xtDB-NbqFRk5ZsNn*$XXR&q|R5;TD;w?Gn`W&{)m~_=qIl` zI+9yNF;zuqR1&f{iu*X|Esz1(WBozOATjG^4{#F_P3J4CLd zH7@IV>xcZP@0nMhYim$ZJ5PF1G~LVL5PS~%Fk}aHFN7^=e5$0RprUB;1e4peLnD@L zKO8y}A>n{}ljXRtyHTqi!*T&@J@u!n139@K=UtJ_@~L;9Uv%oi0sX7p#DEWGIy^ng zr$|o6^V$gv-Z6x0!1(*#QbzX`h5=rq&;&k&W$FANoxltqNk zUM2BPuftI^F6OIKuR!qaukCyRa_xGfV;$FpG1aE_B;2jH@bw%=;#TnRhQHOJHWChQ z`R0O>%iiS$&IfNZYCk|n5-vYU3zbYdj_-)uu@1{w=92=2Fh$wj-tUIG4iK6|{=|Mb zH~u+{m`L9n$(JXN&*jkK)XD5nf!nRSOrx6Zmm>5E-S9S+)1>+Fr__Mp4v6HqW6j+= z=tx#y=CQbDVOZ~%M1U8#opj~lG;1Ra!0!lITNJNwLkhgOfB1vCztDjEIAfy-reNL) zb4bR1jpBztn4{VccLcba43Xo6LW=97_xWap{b}~8>^8{F-vuj#1&|pctH6WDObfOuzig;~ShJXI>$iTm@S1IIE%VJ62 z6=AS*$H$+-m-s$bM1Yo77pNSrY&PtB>0FuR_%3G68)qhuK-u~6((|e?k2~;dpjP}P zGP7TG+zE|)(M465ktuF=JKxXXqHK}Ob;Y{1@5IsIYrvD8$!BpVp)Es#uAY|uDX<$+ zM8|Uy@EYtQovF}2E7I3Vv}jIj(vj7&;OY*auK2YbXS&!_VH&S88^#$H5!$H|PE;7Z zF)4%%d;J(dk&FTPTg{9?Z{kn4E4P?8o6dvWbeoP-R(q5{0TYMD+|W>*s*MRFxfJDk zYUYfINF(1vM^6Y_<)blz9Qn75yZ@JL|^_hIP zgnc~uOq72rCU&>C#_cFAi$9gcm+l{c-F%k4#tOW!G!XLQ;(j?s1~D;i^%qrcOsE%K zjL8VIUV|I)UG=c(9Q>-|-6MGDW-7#b_xxT?6WCytBpjBD@#*FyU72&&-?s#B&1Xk0cgqv)X#DY7$aN&oNs3FtSl^mL94xIB3cA@zb1Gt!Ime z3jx5DHZRSv-;QP)c5E)~dH#r&H67$HB~f+X9B_k*;|D@#tXXneHaXn)KJ9gtMviUd z0hG?Q#+)t1x`)AC3+I<|HPvUqEy8Aei!)OzKWZ2`7 zRlv%cY~l{v7Ihz25cV}Z+?{Fr%NGVxK`Ox(&#DIVRh0Hnwe4Z|61Av+ z@5XHX4OQYhac|nSaCeIK>9uvr=yok=l$l=1l+e0X#fy`_KH!FIJ1D3WW8slf<&kI7 z2c^`vCcv|e%3z5IC_LU2jU+Szy{+*-8sC7$Qs!HPi#YGGO`OSXQtt-t^|zL>K+P%Ps>XnZVR#{IaZ<90TZf^4e1`97%e?d5S9X=K{7E2Q$t690= zNHxftK#Qs_vujM6AHtcYrGGYsk9>Aqc~#Tb-rHf}Ky;01KM2G?->f@%oGP@Uh7M9+ zo)D^9x}VGt>C#|+k;;SZPPp{42&E}Y!eiZgBdE_uVj{G%)dHURxqG3bH`K^=fGY&{ zBHz(~N55`~BB8%M6&1Ny*TSgJ7w4e^NCajtwbOVe|^~R<_e~6pG{PA&W zjihUGOR>mB_A0=A85I8koDJa>X7TyPxhnK*n>DuJ$$&bKNCmfmLqsewiggQ^YA?9T zrE5$uHAe6|?|zF?N4F;uhO7=KWJi)RU!hVIGE<|8H+b~6tG}k3ey+RI!U?@$Z9-k}6SE+kMD8z+A7odL?}Bx3KJqxkBWGwEm9cVu}`ijdNFKIrJRe z%jyR^L>Dz})2w=V3$2XtfVQTo{X|R|g$10rEZP%$^&M6u#-if4l1I{p6QsGBI-V)h z3i>gnOJ%|Sb1oWN+CCTetx@!*cGdK5RL9+M>{e6t>~@4Rh2|P2EoiL)Wf=Os{Q$-J z8_U0EdaFK`Uyz@fwt6bi_uoVRP%`_M^Q9`|5f~*gLMYVQK5=plfw!z@3#pqKMwdLX zaEEi83r0xrbtGXIA8QReBC)-0b3IOlu7vJ|`lt#p4Y8DlhO(ex1`@4K1|De*$0ILo zJh6#jAN%r`hQLT_B9CL;adkyu4GX9hM(dU)-q60DB|I7>cXzgc^~d)y~66kpn|p-4Wn%QZVbn!U*ri zKGCN(u3yv&W5&{;t4`ABi)$~(87e`o=ZO&cF9_lNtasTZSBGmEb`r8nwjG2Baix=m zr|MT#++nxEV+GbD*1sA};od@1&Ss#58l-%Oqcx7wDrRv|Jp;C+V^MFu*%~&{tBVIQ zyPDSKIPxL9y=ji;e_V!S`kriLiD4LzT*VH*=g5($4~ooe{)P2poNcFEOCpf8QzSI5 zhOKL(W-UfX#`5c}SJ`LI2VZlwQ_07KS3TUn6{3P7)A+o%TwM>fsvW6^{BGAP(s>-n zD{6J%{-fSErulu?3=Auqg28i%HIbgB1@B5SuuMl521s;l~oY*9S@vj5QoQA*{&OWn+ zx*s~P26gv24P~upDT^o_&V9ftnkr~vII3EosW}d=m?K&3bgC}yFn|*S90j;N?1A6No|wV~IkmFQ(@3 zCyIrAYq*F5+^0d^5o`H|hpL`NCp&ntHd<|;1{3L}Dx!%?*dOKEpWK+_NmW?V#{8tA zf0>p(WWfzMFqEaHi%CD#}XG+Lp6yzZsHIl$KpAXk!d*IhFJEt=R7hc zTYfHJEPwU4MKd(J(Pge$6TjYv*vua-&4T;;4R=73)4X5GJ@|0bvnJh@8g$RM$YE9Q z^iG~H6PzJchFj%)$Pcfx=Zlt_JT^M~nVa8_i?^8!jZ`F9MOT@U+N^`;<5Xx3)t08702V`xZ05k zJEXXXc!O(vsC_Qbg?CQGyH_p5wbC!&W=HFa#*R21Ds@^Jg;ynuC%rS|(po2;M~$vE8N7dwNcz{Nyhsd={lV4iIJd3}f*SxI`9a)Pt0o z)#6_t)eD^YVk6$z$h|STkP`SyHP_Z1X&9mtXwH7;?-xIRtMV|t+!ssQj!%;{nUI|g zPWJHAR)AZ@{B9AI{CJY~|qyO#NQ)I>_3vkW%?=Jh?#}D}`jAeXQGKs}%Ai^pIztoG&=-kW6 z-R6e|BYDI2;GevP=X*0stZl~-q9w^%+)_0hmS^CM~cqY6JuDMPh@AAvPVNa zRtL%uR(R_z)UkB3Itx~I&+lep*qk+lhIV4Mpf)FFYR@iBcjFi7S<;ILWyuxWL6|O| zSv(0s1cier5XZJBF@ZiU3|EgI{`!e)vu1zTcI0h&!8`JM7|1FJB&RRH(T(uJq04wOl?X&u3OBH zQ>S~+jq_;V$`)`1#%*hV!t>y@kATn%0Yi4XL||>?cPcuLqGO*jswMWL(cw1=X%xul zx$D_e@U9n80ao(x#qahpY?i~5tRnX)S1ID22sUAHz7>f&SYF|b>F*oM9UEYQltA}p z8xXB%Ay+o_;UU85BirG~YURIVFVn&pB0+DgEX2c8*zF0-6qd%TyBZvTUxKOXa@O{v zJRe3$@osEddXruD@4WYcecwL?$!dYyQ_lMvHdFII={quLkM43MHWZ-UhAugIm!_sDr zaiS2i_!&Bfd3?Jn+@&V>=IA8bjAu(&ZH zhtcx@#aw04Ky?a|-JtuGrjz@(4eU{xZ$_9v(H5u?CL=p?^>m`HHT!)D(Y}pk z?rn{e)_dy~!9*!1J;W#s;TY}{fXE8zQpzTM^pQ)}M!}?R^Yiuxy#_W>*=zHwJr4xp zO*!paOMx+cUnI?nh>yvw0KwDtkk@VkiqE$}Dc8eRS0GEef`Y>@dVudDmwvG+oWHn* z?)i_|KJ1>%Iqb|5o^H?2M$jr$$(4yQZAR&i6@GQS!ILf;QV_fMe6axDHS_Pk!~hu# z0hARFAdb`dh!6w5><>!>D$0DpUx^7=Ltk~?nNHT~j6av}How&D80?|^*nV4Oc1D3| z@0lZfTt!C--=fKP>z%~SY$LbKjB(yqV<0eXHk8HVPu#GUcIEp-rLp3Pq)Ghn`QD#y z+F>qUcdb2IDD`U&b&%*c%-TcA0tkq-Es6o$5l%9g< z%3uaanmTIoXTqmXtgIFY0sZAUpsG@i`A$v4d`~KFSlKV3qUrpV(}UpDyA=Tvowz<+ zso8u5*%aPOjkC^8a+E`=IPpNk_MwgDx)y%R$M-Y7zqIL`X3oSZbQnVQ zPu##c7j81{F zEbC51FhVfux%T9lW|c0o>#C$1QY0GqZz3xRS;qLsb&c&F8(*(XkJVefXIICw=(0xY z5<7&eN=O^BV~i@S&aZ^P$fvFT#AdG%xr4+f==HXIVGT34zGvt#uDpA^D%s-BTofD~ zi*rF7r*Q1qERdP(`kW73_1|~F$DV4GO&$2~8ig}{m)J5&aBL|!0fC*2te0L@cbXOa zbkO${&^*xtno~KHxxP!2U6-c5=@sDW`2&wFYwhf*ht;MZd__Rv?(!GemWOK5Op!In z*o0(t_kR9<@o>zubOTC~R)Juptlz#$)x~EOOoB-O*exRXyVS%u zHTQ@V*`~ zVX%F?OZ9@=k=U6*V4qH9WkTEHuqv~idGUU9zE89yaY#A5HJwJ(xC9jt7^#qT#TXX0 zE-7B>S$?apAb5s!4dFJyA5?4}p2XCS4r?%|U7F_{B1%0)cxvab@69r+x&3}fGjomA z?&smaF_x4pteo6nChh8Nwyr;_M|m0eMg8Nq)(i7t$4{O=K>lWCjn6Fig0Et;oc5R0 za0=SLdT{u(+Qq2`VR}O1G!BkID(EJBb=k{1r`yKY_I0K=ZmVz1km!ofNI6?mJ$Ko( zj$lpcx6!GRaZ>vU`xpxgS1bafnj-!2w1xJ$k9D^oS zqpW9#=Rx!{mdLqxFyoB#kvnGGFHh#OZWUeq@My<=#n;~hg4TSw&EG7$Y}yEkZ)k>F zKU7&hRRt9jp({OJ7Z6co$Yo!5ENt2F(1)?^tmCs^Gh6Sf9J7c15D#mpDoKieF~FN` z`dX^~2_8kNaKCH|efUQqE8vtjH&)u#RM7)$uF&ZiNX@%3_t*qIeRaY(bzxH6VY}x) zXCSAdq@;j*p&sjtI2KI4thHy4ZNq5Z>O9?yi8*A`o_O%kUnAvi9>wPq73F0guoNEH zR%oM@;#<2j3e}h21gHi&>g+02zDCH|`CvdTW#P4x$uZ^Vr`ct!>?`YM<^AQL#_hYh zpRNZH%{4MZQ=+SG;8oAM_K$qwk|8!7bF{kNuwi{1hsz~ImH1d7F|zw?d_Oxw0ChHF!K_?- z37=pV?(S*LXD{l2Mv9ogqEaF83AcqXA8208)$DMfkiddbYfKkZ4HsT9Fbx5RkQeYJ z>BgN4QviPf$c=-cpLE==ltzEokPGUQ%WV@Y&ftK3#jP1sy4gw4BcrkMyvTG?*@LAe zcquja&mfWwRe8^H$A#~q7BLKKT8+Hrmy+4RIO%0s8Fd{}H3prSLb7_CR0mFVbukgN{3~@Jd`e2w; z43kHPjXE!;)M;i){?-$zW<@HZLsimA?H_x1^$o4HZXSr1Cl%Pa9}6rE)eU`A8WgxM zcZMIv&(r$ME~BZI#jvq7=Di;lMR;)}j%gqy47YlUp1(FR>ABZORGHZP9y(L0&3S&S zO3UN;9~n(6$~Y4x~i>?%6n*1939VUv^M9C)w3=ZJ(ywyRf5TGk+9|8K-T?%Lnu71;~j} z`p6giKq2Fj1LEkZ8h>VNzqjmunL-jyI40-PQdIh2wj5|aW#89=+B+>nnYv7d z@_Rphi&W2A`Mr#1O?}dOwa0G>CC47hfyjnjTD2HED6P@D69oB#Y7M>@tdX4P0(~=< zb(CnHukM1kZ@s&jsb^^;WkJdJMlt_dJ_h5iD19TFJ&d|$r>^}xJXoWH{uNmDABb4r z98)DxyC1&EADaBtfZzZETVp08cwhBLz#fm$ItgGo;m8(9x_77W?ua?6+;-IR{o!cY zh7rW;tjbcL?Uyr}Bk;8am^Q}RA?s8@ATejGzApZ!7r@sbK;Zf&&fZSxHu&Kg`1A+2 z3;;{&KThKR!0!G-I{u#I|12Q{fX0s;;by() zM}FD~|0BHl*S`I~$xyR{{P=-?5jkh4i=D3j-UAKn>iSpJMc(x6+U*1aUfe9(;W2pZ zmibr&y)}S9*U`M&;{_95j%|a%C%Zk~(UIlaHV}$o+aqWqOmN%yJzbD<+h99k=LE#A z6A=5_Ve1KqEd^{T0I{WjJ+%O)M(mjqdse`f0=5*er2xplKam2?ux64l#$+XW>oyW= LV4`1)z7YC1MFcD? literal 0 HcmV?d00001 From 9694df1d08c95ab7f118431812b5040d00cb5c98 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Thu, 21 Dec 2023 16:14:26 -0800 Subject: [PATCH 23/77] Fix - Update file paths with relative paths --- .../aws-marketplace-payg-integration/common-issues.md | 2 +- .../aws-marketplace-payg-integration/prerequisites.md | 8 ++++---- .../azure-marketplace-payg-integration/common-issues.md | 4 ++-- .../installing-rancher-prime.md | 2 +- .../azure-marketplace-payg-integration/prerequisites.md | 6 +++--- .../aws-marketplace-payg-integration.md | 3 +-- 6 files changed, 12 insertions(+), 13 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index 9e9259729a6..0ab5d3d4aa5 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -8,4 +8,4 @@ title: AWS Marketplace Common Issues helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud ``` -1. When migrating Rancher to a different EKS by following the steps specified in [Rancher Backups and Disaster Recovery](/versioned_docs/version-2.7/pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. +1. When migrating Rancher to a different EKS by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md index 85ffe57fbbe..da875b11172 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md @@ -4,10 +4,10 @@ title: Prerequisites Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible EKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please refer to [Creating an EKS cluster](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress is installed on the EKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deployings Ingress-NGINX on an EKS cluster. -- Get the Load Balancer IP. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the EXTERNAL-IP. -- The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS is set up to point to the EXTERNAL-IP saved. +- A Rancher-compatible EKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please refer to [Creating an EKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). +- An ingress is installed on the EKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deployings Ingress-NGINX on an EKS cluster. +- Get the Load Balancer IP. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the EXTERNAL-IP. +- The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS is set up to point to the EXTERNAL-IP saved. - Installation requires you to have the following tools available and properly configured to access your AWS account, and your EKS cluster: - `aws` - `curl` diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md index 4c7492fe3bc..d55db537d6e 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -2,6 +2,6 @@ title: Azure Marketplace Common Issues --- -1. When migrating Rancher to a different AKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](/versioned_docs/version-2.7/pages-for-subheaders/backup-restore-and-disaster-recovery.md), Rancher Prime must be reinstalled via the Azure Marketplace on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. - 1. Uninstalling Rancher Prime may not cleanly remove all the resources that were created by Rancher. Users are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. + +1. When migrating Rancher to a different AKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), Rancher Prime must be reinstalled via the Azure Marketplace on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index db0cce13e44..10a0656a221 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -70,7 +70,7 @@ You may now login to Rancher dashboard by pointing your browser to the Rancher s :::note -The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](./prerequisites) section for more details. +The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](prerequisites.md) section for more details. ::: diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md index 4a66f89712a..d60a356b039 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md @@ -4,6 +4,6 @@ title: Prerequisites Before using Rancher Prime on Azure as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible AKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the AKS and Azure Container Apps service are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress installed on the AKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on AKS cluster. -- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#7-set-up-dns) for instructions on how to setup DNS. +- A Rancher-compatible AKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the AKS and Azure Container Apps service are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). +- An ingress installed on the AKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on AKS cluster. +- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#7-set-up-dns) for instructions on how to setup DNS. diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index 4ac4201261f..9c7d429eaa5 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -184,8 +184,7 @@ version available at the time of listing. Typically, these are updated quarterly, or more frequently if there are security issues. -To update Rancher to a current version before the marketplace listing is updated, please -see the following [documentation](../pages-for-subheaders/installation-and-upgrade.md). +To update Rancher to a current version before the marketplace listing is updated, please see the following [documentation](./installation-and-upgrade.md). #### I have many Kubernetes clusters across multiple AWS accounts, does the Rancher Prime billing still work and enable tiered pricing? From b298c254cd1bb2f73cc92b1774d54b4f9d117c95 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Thu, 21 Dec 2023 16:50:00 -0800 Subject: [PATCH 24/77] Remove reference Rancher Upgrade docs for Azure and AWS --- .../aws-marketplace-payg-integration.md | 6 +----- .../azure-marketplace-payg-integration.md | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index 9c7d429eaa5..f646f9889e0 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -180,11 +180,7 @@ No. There is no choice over the Rancher version when deploying using the AWS Mar #### How often is the listing updated (including the version of Rancher, etc.)? Cloud marketplace listings are tied to a specific version of Rancher, usually the latest -version available at the time of listing. - -Typically, these are updated quarterly, or more frequently if there are security issues. - -To update Rancher to a current version before the marketplace listing is updated, please see the following [documentation](./installation-and-upgrade.md). +version available at the time of listing. Typically, these are updated quarterly, or more frequently if there are security issues. #### I have many Kubernetes clusters across multiple AWS accounts, does the Rancher Prime billing still work and enable tiered pricing? diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 31774ba8c56..d1e0a1f0d0e 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -166,7 +166,7 @@ No. There is no choice over the Rancher version when deploying using the Azure M #### How often is the listing updated (including the version of Rancher, etc.)? -The marketplace listing is tied to a specific version of Rancher, usually it is the latest version available at the time the listing was last updated. Typically, the marketplace listing is updated quarterly, or more frequently to address any new security issues. To update Rancher to a current version before the marketplace listing is updated, please see the following [documentation](../pages-for-subheaders/installation-and-upgrade.md). +The marketplace listing is tied to a specific version of Rancher, usually it is the latest version available at the time the listing was last updated. Typically, the marketplace listing is updated quarterly, or more frequently to address any new security issues. #### I have many Kubernetes clusters across multiple Azure accounts; does the Rancher Prime billing still work and enable tiered pricing? From dd46955d9c924f934ccbdd2f226a96f4a7aeaaca Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Fri, 22 Dec 2023 13:33:02 -0800 Subject: [PATCH 25/77] [latest] Move files out of pages-for-subheaders --- docs/faq/general-faq.md | 6 +- docs/faq/rancher-is-no-longer-needed.md | 4 +- docs/faq/security.md | 4 +- docs/faq/technical-items.md | 2 +- ...install-upgrade-on-a-kubernetes-cluster.md | 42 ++--- .../rancher-on-aks.md | 8 +- .../rancher-on-amazon-eks.md | 6 +- .../rancher-on-gke.md | 8 +- .../rollbacks.md | 2 +- .../upgrades.md | 2 +- .../installation-and-upgrade.md | 40 ++-- .../installation-references/feature-flags.md | 2 +- .../helm-chart-options.md | 8 +- .../installation-references.md | 9 + .../installation-requirements.md | 38 ++-- .../port-requirements.md | 10 +- .../air-gapped-helm-cli-install.md | 14 +- .../infrastructure-private-registry.md | 8 +- .../publish-images.md | 4 +- .../other-installation-methods.md | 6 +- .../rancher-behind-an-http-proxy.md | 8 +- .../set-up-infrastructure.md | 2 +- .../rancher-on-a-single-node-with-docker.md | 28 +-- .../roll-back-docker-installed-rancher.md | 2 +- .../upgrade-docker-installed-rancher.md | 16 +- .../resources/add-tls-secrets.md | 2 +- .../resources/choose-a-rancher-version.md | 4 +- .../resources/local-system-charts.md | 2 +- .../resources/resources.md | 29 +++ .../resources/update-rancher-certificate.md | 2 +- .../resources/upgrade-cert-manager.md | 2 +- .../upgrade-and-roll-back-kubernetes.md | 4 +- ...de-kubernetes-without-upgrading-rancher.md | 2 +- docs/getting-started/overview.md | 18 +- .../deploy-rancher-manager/aws.md | 4 +- .../deploy-rancher-manager/azure.md | 4 +- .../deploy-rancher-manager.md | 23 +++ .../deploy-rancher-manager/digitalocean.md | 4 +- .../deploy-rancher-manager/equinix-metal.md | 6 +- .../deploy-rancher-manager/gcp.md | 4 +- .../deploy-rancher-manager/helm-cli.md | 6 +- .../deploy-rancher-manager/hetzner-cloud.md | 4 +- .../deploy-rancher-manager/outscale-qs.md | 4 +- .../deploy-rancher-manager/vagrant.md | 4 +- .../deploy-workloads/deploy-workloads.md} | 4 +- .../deploy-workloads/workload-ingress.md | 2 +- .../quick-start-guides}/quick-start-guides.md | 6 +- .../advanced-user-guides.md | 0 .../cis-scan-guides/cis-scan-guides.md | 17 ++ .../configure-layer-7-nginx-load-balancer.md | 10 +- .../enable-api-audit-log.md | 2 +- .../continuous-delivery.md | 2 +- .../enable-experimental-features.md | 6 +- .../istio-traffic-management-features.md | 4 +- .../rancher-on-arm64.md | 2 +- .../unsupported-storage-drivers.md | 2 +- .../enable-istio-in-cluster.md | 4 +- .../istio-setup-guide/istio-setup-guide.md | 34 ++++ .../manage-pod-security-policies.md | 2 +- .../manage-project-resource-quotas.md | 6 +- .../manage-projects}/manage-projects.md | 16 +- .../monitoring-alerting-guides.md | 14 ++ .../enable-prometheus-federator.md | 2 +- .../prometheus-federator-guides.md | 12 ++ .../advanced-configuration.md | 6 +- .../monitoring-v2-configuration-guides.md | 14 +- .../open-ports-with-firewalld.md | 2 +- .../tune-etcd-for-large-installs.md | 2 +- .../about-provisioning-drivers.md | 51 +++++ .../manage-cluster-drivers.md | 2 +- .../about-rke1-templates.md | 42 ++--- .../about-rke1-templates/apply-templates.md | 4 +- .../about-rke1-templates/infrastructure.md | 2 +- .../manage-rke1-templates.md | 2 +- .../authentication-config.md | 30 +-- .../configure-active-directory.md | 4 +- .../configure-azure-ad.md | 2 +- .../configure-freeipa.md | 2 +- .../authentication-config/configure-github.md | 2 +- .../configure-okta-saml.md | 2 +- .../manage-users-and-groups.md | 2 +- ...on-permissions-and-global-configuration.md | 26 +-- ...re-microsoft-ad-federation-service-saml.md | 6 +- .../configure-openldap}/configure-openldap.md | 6 +- .../openldap-config-reference.md | 2 +- .../configure-shibboleth-saml.md | 8 +- .../create-pod-security-policies.md | 4 +- .../global-default-private-registry.md | 2 +- .../custom-roles.md | 2 +- .../global-permissions.md | 4 +- .../manage-role-based-access-control-rbac.md | 6 +- .../psa-config-templates.md | 2 +- ...up-rancher-launched-kubernetes-clusters.md | 10 +- .../backup-restore-and-disaster-recovery.md | 18 +- .../migrate-rancher-to-new-cluster.md | 2 +- ...aunched-kubernetes-clusters-from-backup.md | 4 +- .../deploy-apps-across-clusters.md | 4 +- .../multi-cluster-apps.md | 2 +- .../helm-charts-in-rancher.md | 2 +- .../ha-k3s-kubernetes-cluster.md | 4 +- .../ha-rke1-kubernetes-cluster.md | 2 +- .../ha-rke2-kubernetes-cluster.md | 2 +- .../infrastructure-setup.md | 4 +- .../nodes-in-amazon-ec2.md | 8 +- .../high-availability-installs.md | 2 +- .../kubernetes-cluster-setup.md | 0 .../rke1-for-rancher.md | 4 +- ...checklist-for-production-ready-clusters.md | 12 +- .../recommended-cluster-architecture.md | 2 +- .../roles-for-nodes-in-kubernetes.md | 2 +- .../kubernetes-clusters-in-rancher-setup.md | 18 +- ...quirements-for-rancher-managed-clusters.md | 12 +- .../register-existing-clusters.md | 10 +- .../set-up-cloud-providers/amazon.md | 4 +- .../set-up-cloud-providers.md | 8 +- .../aks.md | 2 +- .../gke.md | 6 +- ...usters-from-hosted-kubernetes-providers.md | 12 +- .../use-windows-clusters.md | 28 +-- .../horizontal-pod-autoscaler.md | 6 +- .../kubernetes-resources-setup.md | 28 +-- .../load-balancer-and-ingress-controller.md | 12 +- .../workloads-and-pods/deploy-workloads.md | 4 +- .../workloads-and-pods}/workloads-and-pods.md | 6 +- .../about-rancher-agents.md | 8 +- .../launch-kubernetes-with-rancher.md | 10 +- .../create-a-digitalocean-cluster.md | 6 +- .../create-an-amazon-ec2-cluster.md | 12 +- .../create-an-azure-cluster.md | 6 +- .../nutanix}/nutanix.md | 6 +- .../provision-kubernetes-clusters-in-aos.md | 4 +- .../use-new-nodes-in-an-infra-provider.md | 8 +- ...rovision-kubernetes-clusters-in-vsphere.md | 6 +- .../vsphere}/vsphere.md | 10 +- .../access-clusters}/access-clusters.md | 16 +- .../access-clusters/add-users-to-clusters.md | 4 +- .../authorized-cluster-endpoint.md | 2 +- .../use-kubectl-and-kubeconfig.md | 2 +- .../add-a-pod-security-policy.md | 4 +- .../manage-clusters/clean-cluster-nodes.md | 6 +- .../create-kubernetes-persistent-storage.md | 20 +- .../about-glusterfs-volumes.md | 2 +- .../dynamically-provision-new-storage.md | 2 +- .../install-iscsi-volumes.md | 2 +- .../install-cluster-autoscaler.md | 2 +- .../use-aws-ec2-auto-scaling-groups.md | 2 +- .../manage-clusters}/manage-clusters.md | 4 +- .../manage-clusters/nodes-and-node-pools.md | 28 +-- .../projects-and-namespaces.md | 8 +- .../nfs-storage.md | 2 +- .../provisioning-storage-examples.md | 6 +- .../vsphere-storage.md | 2 +- .../new-user-guides/manage-namespaces.md | 10 +- .../new-user-guides}/new-user-guides.md | 0 .../cis-scans}/cis-scans.md | 14 +- .../aws-cloud-marketplace.md | 6 +- .../cloud-marketplace}/cloud-marketplace.md | 0 .../harvester/overview.md | 4 +- .../configuration-options.md | 8 +- .../istio/cpu-and-memory-allocations.md | 2 +- .../istio}/istio.md | 20 +- .../kubernetes-distributions.md | 4 +- .../custom-resource-configuration.md | 4 +- .../flows-and-clusterflows.md | 2 +- .../outputs-and-clusteroutputs.md | 2 +- .../logging/logging-helm-chart-options.md | 2 +- .../logging}/logging.md | 20 +- .../monitoring-and-alerting.md | 42 ++--- .../neuvector/overview.md | 2 +- .../about-provisioning-drivers.md | 51 ----- .../backup-restore-configuration.md | 12 -- docs/pages-for-subheaders/cis-scan-guides.md | 17 -- .../deploy-rancher-manager.md | 23 --- .../downstream-cluster-configuration.md | 9 - .../installation-references.md | 9 - .../pages-for-subheaders/istio-setup-guide.md | 34 ---- .../kubernetes-components.md | 21 --- .../machine-configuration.md | 9 - .../monitoring-alerting-guides.md | 14 -- .../monitoring-v2-configuration.md | 15 -- .../node-template-configuration.md | 9 - .../prometheus-federator-guides.md | 12 -- .../rancher-managed-clusters.md | 23 --- .../rancher-server-configuration.md | 16 -- docs/pages-for-subheaders/rancher-server.md | 21 --- docs/pages-for-subheaders/resources.md | 29 --- .../single-node-rancher-in-docker.md | 9 - docs/pages-for-subheaders/user-settings.md | 19 -- .../about-the-api}/about-the-api.md | 4 +- .../about-the-api/api-tokens.md | 2 +- .../backup-restore-configuration.md | 12 ++ .../best-practices}/best-practices.md | 2 +- .../monitoring-best-practices.md | 8 +- .../rancher-managed-clusters.md | 23 +++ .../on-premises-rancher-in-vsphere.md | 2 +- .../rancher-server/rancher-server.md | 21 +++ .../tips-for-running-rancher.md | 4 +- ...and-best-practices-for-rancher-at-scale.md | 4 +- .../cli-with-rancher}/cli-with-rancher.md | 2 +- .../cli-with-rancher/rancher-cli.md | 10 +- .../cluster-configuration.md | 14 +- .../downstream-cluster-configuration.md | 9 + .../machine-configuration.md | 9 + .../node-template-configuration/amazon-ec2.md | 4 +- .../node-template-configuration.md | 9 + .../aks-cluster-configuration.md | 2 +- .../gke-cluster-configuration.md | 6 +- .../gke-private-clusters.md | 2 +- .../rancher-server-configuration.md | 16 ++ .../rke1-cluster-configuration.md | 10 +- .../rke2-cluster-configuration.md | 4 +- .../rancher-agent-options.md | 2 +- .../use-existing-nodes}/use-existing-nodes.md | 20 +- docs/reference-guides/kubernetes-concepts.md | 2 +- .../monitoring-v2-configuration.md | 15 ++ .../prometheus-federator.md | 4 +- .../prometheus-federator/rbac.md | 2 +- .../reference-guides/rancher-cluster-tools.md | 8 +- .../architecture-recommendations.md | 4 +- .../rancher-manager-architecture.md | 10 +- .../rancher-server-and-components.md | 4 +- .../reference-guides/rancher-project-tools.md | 4 +- .../hardening-guides/hardening-guides.md} | 20 +- .../k3s-hardening-guide.md | 0 ...sessment-guide-with-cis-v1.23-k8s-v1.23.md | 2 +- ...sessment-guide-with-cis-v1.24-k8s-v1.24.md | 2 +- ...ide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md | 2 +- .../rke1-hardening-guide.md | 8 +- ...sessment-guide-with-cis-v1.23-k8s-v1.23.md | 2 +- ...sessment-guide-with-cis-v1.24-k8s-v1.24.md | 2 +- ...ide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md | 2 +- .../rke2-hardening-guide.md | 2 +- ...sessment-guide-with-cis-v1.23-k8s-v1.23.md | 2 +- ...sessment-guide-with-cis-v1.24-k8s-v1.24.md | 2 +- ...ide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md | 2 +- .../rancher-security-best-practices.md | 2 +- .../rancher-security}/rancher-security.md | 14 +- .../security-advisories-and-cves.md | 4 +- .../selinux-rpm}/selinux-rpm.md | 2 +- .../advanced-options.md | 10 +- .../http-proxy-configuration.md | 4 +- .../single-node-rancher-in-docker.md | 9 + .../user-settings/api-keys.md | 2 +- .../user-settings/manage-cloud-credentials.md | 8 +- .../user-settings/manage-node-templates.md | 12 +- .../user-settings/user-settings.md | 19 ++ docs/security/security-scan/security-scan.md | 2 +- .../_cluster-capabilities-table.md | 10 +- .../general-troubleshooting.md | 4 +- .../kubernetes-components.md | 21 +++ .../kubernetes-resources.md | 2 +- sidebars.js | 174 +++++++++--------- 252 files changed, 1159 insertions(+), 1159 deletions(-) rename docs/{pages-for-subheaders => getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster}/install-upgrade-on-a-kubernetes-cluster.md (80%) rename docs/{pages-for-subheaders => getting-started/installation-and-upgrade}/installation-and-upgrade.md (59%) create mode 100644 docs/getting-started/installation-and-upgrade/installation-references/installation-references.md rename docs/{pages-for-subheaders => getting-started/installation-and-upgrade/installation-requirements}/installation-requirements.md (83%) rename docs/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install}/air-gapped-helm-cli-install.md (53%) rename docs/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods}/other-installation-methods.md (61%) rename docs/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy}/rancher-behind-an-http-proxy.md (55%) rename docs/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker}/rancher-on-a-single-node-with-docker.md (82%) create mode 100644 docs/getting-started/installation-and-upgrade/resources/resources.md create mode 100644 docs/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md rename docs/{pages-for-subheaders/deploy-rancher-workloads.md => getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md} (60%) rename docs/{pages-for-subheaders => getting-started/quick-start-guides}/quick-start-guides.md (60%) rename docs/{pages-for-subheaders => how-to-guides/advanced-user-guides}/advanced-user-guides.md (100%) create mode 100644 docs/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md rename docs/{pages-for-subheaders => how-to-guides/advanced-user-guides/enable-experimental-features}/enable-experimental-features.md (89%) create mode 100644 docs/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md rename docs/{pages-for-subheaders => how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas}/manage-project-resource-quotas.md (90%) rename docs/{pages-for-subheaders => how-to-guides/advanced-user-guides/manage-projects}/manage-projects.md (56%) create mode 100644 docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md create mode 100644 docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md rename docs/{pages-for-subheaders => how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration}/advanced-configuration.md (51%) rename docs/{pages-for-subheaders => how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides}/monitoring-v2-configuration-guides.md (74%) create mode 100644 docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates}/about-rke1-templates.md (58%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config}/authentication-config.md (78%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration}/authentication-permissions-and-global-configuration.md (69%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml}/configure-microsoft-ad-federation-service-saml.md (76%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap}/configure-openldap.md (90%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml}/configure-shibboleth-saml.md (91%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac}/manage-role-based-access-control-rbac.md (73%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/backup-restore-and-disaster-recovery}/backup-restore-and-disaster-recovery.md (73%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/deploy-apps-across-clusters}/deploy-apps-across-clusters.md (67%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/helm-charts-in-rancher}/helm-charts-in-rancher.md (97%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/infrastructure-setup}/infrastructure-setup.md (58%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-cluster-setup}/kubernetes-cluster-setup.md (100%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters}/checklist-for-production-ready-clusters.md (77%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup}/kubernetes-clusters-in-rancher-setup.md (78%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers}/set-up-cloud-providers.md (73%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers}/set-up-clusters-from-hosted-kubernetes-providers.md (67%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters}/use-windows-clusters.md (84%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler}/horizontal-pod-autoscaler.md (70%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup}/kubernetes-resources-setup.md (54%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller}/load-balancer-and-ingress-controller.md (78%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods}/workloads-and-pods.md (92%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher}/launch-kubernetes-with-rancher.md (85%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix}/nutanix.md (65%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider}/use-new-nodes-in-an-infra-provider.md (92%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere}/vsphere.md (64%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/access-clusters}/access-clusters.md (71%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage}/create-kubernetes-persistent-storage.md (65%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler}/install-cluster-autoscaler.md (91%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters}/manage-clusters.md (68%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples}/provisioning-storage-examples.md (64%) rename docs/{pages-for-subheaders => how-to-guides/new-user-guides}/new-user-guides.md (100%) rename docs/{pages-for-subheaders => integrations-in-rancher/cis-scans}/cis-scans.md (87%) rename docs/{pages-for-subheaders => integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace}/aws-cloud-marketplace.md (75%) rename docs/{pages-for-subheaders => integrations-in-rancher/cloud-marketplace}/cloud-marketplace.md (100%) rename docs/{pages-for-subheaders => integrations-in-rancher/istio/configuration-options}/configuration-options.md (81%) rename docs/{pages-for-subheaders => integrations-in-rancher/istio}/istio.md (86%) rename docs/{pages-for-subheaders => integrations-in-rancher/logging/custom-resource-configuration}/custom-resource-configuration.md (51%) rename docs/{pages-for-subheaders => integrations-in-rancher/logging}/logging.md (80%) rename docs/{pages-for-subheaders => integrations-in-rancher/monitoring-and-alerting}/monitoring-and-alerting.md (67%) delete mode 100644 docs/pages-for-subheaders/about-provisioning-drivers.md delete mode 100644 docs/pages-for-subheaders/backup-restore-configuration.md delete mode 100644 docs/pages-for-subheaders/cis-scan-guides.md delete mode 100644 docs/pages-for-subheaders/deploy-rancher-manager.md delete mode 100644 docs/pages-for-subheaders/downstream-cluster-configuration.md delete mode 100644 docs/pages-for-subheaders/installation-references.md delete mode 100644 docs/pages-for-subheaders/istio-setup-guide.md delete mode 100644 docs/pages-for-subheaders/kubernetes-components.md delete mode 100644 docs/pages-for-subheaders/machine-configuration.md delete mode 100644 docs/pages-for-subheaders/monitoring-alerting-guides.md delete mode 100644 docs/pages-for-subheaders/monitoring-v2-configuration.md delete mode 100644 docs/pages-for-subheaders/node-template-configuration.md delete mode 100644 docs/pages-for-subheaders/prometheus-federator-guides.md delete mode 100644 docs/pages-for-subheaders/rancher-managed-clusters.md delete mode 100644 docs/pages-for-subheaders/rancher-server-configuration.md delete mode 100644 docs/pages-for-subheaders/rancher-server.md delete mode 100644 docs/pages-for-subheaders/resources.md delete mode 100644 docs/pages-for-subheaders/single-node-rancher-in-docker.md delete mode 100644 docs/pages-for-subheaders/user-settings.md rename docs/{pages-for-subheaders => reference-guides/about-the-api}/about-the-api.md (92%) create mode 100644 docs/reference-guides/backup-restore-configuration/backup-restore-configuration.md rename docs/{pages-for-subheaders => reference-guides/best-practices}/best-practices.md (95%) create mode 100644 docs/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md create mode 100644 docs/reference-guides/best-practices/rancher-server/rancher-server.md rename docs/{pages-for-subheaders => reference-guides/cli-with-rancher}/cli-with-rancher.md (67%) rename docs/{pages-for-subheaders => reference-guides/cluster-configuration}/cluster-configuration.md (50%) create mode 100644 docs/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md create mode 100644 docs/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md create mode 100644 docs/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md rename docs/{pages-for-subheaders => reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration}/gke-cluster-configuration.md (97%) create mode 100644 docs/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md rename docs/{pages-for-subheaders => reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes}/use-existing-nodes.md (67%) create mode 100644 docs/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md rename docs/{pages-for-subheaders => reference-guides/prometheus-federator}/prometheus-federator.md (97%) rename docs/{pages-for-subheaders => reference-guides/rancher-manager-architecture}/rancher-manager-architecture.md (50%) rename docs/{pages-for-subheaders/rancher-hardening-guides.md => reference-guides/rancher-security/hardening-guides/hardening-guides.md} (62%) rename docs/{pages-for-subheaders => reference-guides/rancher-security/hardening-guides/k3s-hardening-guide}/k3s-hardening-guide.md (100%) rename docs/{pages-for-subheaders => reference-guides/rancher-security/hardening-guides/rke1-hardening-guide}/rke1-hardening-guide.md (93%) rename docs/{pages-for-subheaders => reference-guides/rancher-security/hardening-guides/rke2-hardening-guide}/rke2-hardening-guide.md (98%) rename docs/{pages-for-subheaders => reference-guides/rancher-security}/rancher-security.md (88%) rename docs/{pages-for-subheaders => reference-guides/rancher-security/selinux-rpm}/selinux-rpm.md (85%) create mode 100644 docs/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md create mode 100644 docs/reference-guides/user-settings/user-settings.md create mode 100644 docs/troubleshooting/kubernetes-components/kubernetes-components.md diff --git a/docs/faq/general-faq.md b/docs/faq/general-faq.md index 93c58e2ab93..146761ac85f 100644 --- a/docs/faq/general-faq.md +++ b/docs/faq/general-faq.md @@ -16,15 +16,15 @@ Swarm and Mesos are no longer selectable options when you create a new environme ## Is it possible to manage Azure Kubernetes Services with Rancher v2.x? -Yes. See our [Cluster Administration](../pages-for-subheaders/manage-clusters.md) guide for what Rancher features are available on AKS, as well as our [documentation on AKS](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md). +Yes. See our [Cluster Administration](../how-to-guides/new-user-guides/manage-clusters/manage-clusters.md) guide for what Rancher features are available on AKS, as well as our [documentation on AKS](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md). ## Does Rancher support Windows? -Yes. Rancher supports Windows Server 1809 containers. For details on how to set up a cluster with Windows worker nodes, refer to the section on [configuring custom clusters for Windows.](../pages-for-subheaders/use-windows-clusters.md) +Yes. Rancher supports Windows Server 1809 containers. For details on how to set up a cluster with Windows worker nodes, refer to the section on [configuring custom clusters for Windows.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md) ## Does Rancher support Istio? -Yes. Rancher supports [Istio](../pages-for-subheaders/istio.md). +Yes. Rancher supports [Istio](../integrations-in-rancher/istio/istio.md). ## Will Rancher v2.x support Hashicorp's Vault for storing secrets? diff --git a/docs/faq/rancher-is-no-longer-needed.md b/docs/faq/rancher-is-no-longer-needed.md index ce33edd6aec..3f825b0f048 100644 --- a/docs/faq/rancher-is-no-longer-needed.md +++ b/docs/faq/rancher-is-no-longer-needed.md @@ -19,7 +19,7 @@ The capability to access a downstream cluster without Rancher depends on the typ - **Registered clusters:** The cluster will be unaffected and you can access the cluster using the same methods that you did before the cluster was registered into Rancher. - **Hosted Kubernetes clusters:** If you created the cluster in a cloud-hosted Kubernetes provider such as EKS, GKE, or AKS, you can continue to manage the cluster using your provider's cloud credentials. -- **RKE clusters:** To access an [RKE cluster,](../pages-for-subheaders/launch-kubernetes-with-rancher.md) the cluster must have the [authorized cluster endpoint](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled, and you must have already downloaded the cluster's kubeconfig file from the Rancher UI. (The authorized cluster endpoint is enabled by default for RKE clusters.) With this endpoint, you can access your cluster with kubectl directly instead of communicating through the Rancher server's [authentication proxy.](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#1-the-authentication-proxy) For instructions on how to configure kubectl to use the authorized cluster endpoint, refer to the section about directly accessing clusters with [kubectl and the kubeconfig file.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) These clusters will use a snapshot of the authentication as it was configured when Rancher was removed. +- **RKE clusters:** To access an [RKE cluster,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) the cluster must have the [authorized cluster endpoint](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled, and you must have already downloaded the cluster's kubeconfig file from the Rancher UI. (The authorized cluster endpoint is enabled by default for RKE clusters.) With this endpoint, you can access your cluster with kubectl directly instead of communicating through the Rancher server's [authentication proxy.](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#1-the-authentication-proxy) For instructions on how to configure kubectl to use the authorized cluster endpoint, refer to the section about directly accessing clusters with [kubectl and the kubeconfig file.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) These clusters will use a snapshot of the authentication as it was configured when Rancher was removed. ### What if I don't want Rancher anymore? @@ -29,7 +29,7 @@ The previously recommended [System Tools](../reference-guides/system-tools.md) h ::: -If you [installed Rancher on a Kubernetes cluster,](../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) remove Rancher by using the [Rancher Cleanup](https://github.com/rancher/rancher-cleanup) tool. +If you [installed Rancher on a Kubernetes cluster,](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) remove Rancher by using the [Rancher Cleanup](https://github.com/rancher/rancher-cleanup) tool. Uninstalling Rancher in high-availability (HA) mode will also remove all `helm-operation-*` pods and the following apps: diff --git a/docs/faq/security.md b/docs/faq/security.md index 447fb53d7de..684444e7303 100644 --- a/docs/faq/security.md +++ b/docs/faq/security.md @@ -9,10 +9,10 @@ title: Security **Is there a Hardening Guide?** -The Hardening Guide is now located in the main [Security](../pages-for-subheaders/rancher-security.md) section. +The Hardening Guide is now located in the main [Security](../reference-guides/rancher-security/rancher-security.md) section.
**What are the results of Rancher's Kubernetes cluster when it is CIS benchmarked?** -We have run the CIS Kubernetes benchmark against a hardened Rancher Kubernetes cluster. The results of that assessment can be found in the main [Security](../pages-for-subheaders/rancher-security.md) section. +We have run the CIS Kubernetes benchmark against a hardened Rancher Kubernetes cluster. The results of that assessment can be found in the main [Security](../reference-guides/rancher-security/rancher-security.md) section. diff --git a/docs/faq/technical-items.md b/docs/faq/technical-items.md index 8437ee3995c..db2500b7fbf 100644 --- a/docs/faq/technical-items.md +++ b/docs/faq/technical-items.md @@ -55,7 +55,7 @@ Node Templates can be accessed by opening your account menu (top right) and sele ### Why is my Layer-4 Load Balancer in `Pending` state? -The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers](../pages-for-subheaders/set-up-cloud-providers.md) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) +The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) ### Where is the state of Rancher stored? diff --git a/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md similarity index 80% rename from docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md rename to docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md index cc8c3754f48..a9ff741e47a 100644 --- a/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md @@ -24,12 +24,12 @@ Rancher can be installed on any Kubernetes cluster. This cluster can use upstrea For help setting up a Kubernetes cluster, we provide these tutorials: -- **RKE:** For the tutorial to install an RKE Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md) For help setting up the infrastructure for a high-availability RKE cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) -- **K3s:** For the tutorial to install a K3s Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/k3s-for-rancher.md) For help setting up the infrastructure for a high-availability K3s cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) -- **RKE2:** For the tutorial to install an RKE2 Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke2-for-rancher.md) For help setting up the infrastructure for a high-availability RKE2 cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md) -- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) -- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) -- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) GKE has two modes of operation when creating a Kubernetes cluster, Autopilot and Standard mode. The cluster configuration for Autopilot mode has restrictions on editing the kube-system namespace. However, Rancher needs to create resources in the kube-system namespace during installation. As a result, you will not be able to install Rancher on a GKE cluster created in Autopilot mode. +- **RKE:** For the tutorial to install an RKE Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md) For help setting up the infrastructure for a high-availability RKE cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) +- **K3s:** For the tutorial to install a K3s Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/k3s-for-rancher.md) For help setting up the infrastructure for a high-availability K3s cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) +- **RKE2:** For the tutorial to install an RKE2 Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke2-for-rancher.md) For help setting up the infrastructure for a high-availability RKE2 cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md) +- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-amazon-eks.md) +- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-aks.md) +- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-gke.md) GKE has two modes of operation when creating a Kubernetes cluster, Autopilot and Standard mode. The cluster configuration for Autopilot mode has restrictions on editing the kube-system namespace. However, Rancher needs to create resources in the kube-system namespace during installation. As a result, you will not be able to install Rancher on a GKE cluster created in Autopilot mode. ### Ingress Controller @@ -47,17 +47,17 @@ Examples are included in the **Amazon EKS**, **AKS**, and **GKE** tutorials abov The following CLI tools are required for setting up the Kubernetes cluster. Please make sure these tools are installed and available in your `$PATH`. - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) - Kubernetes command-line tool. -- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements](../getting-started/installation-and-upgrade/resources/helm-version-requirements.md) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. +- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements](../resources/helm-version-requirements.md) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. ## Install the Rancher Helm Chart Rancher is installed using the [Helm](https://helm.sh/) package manager for Kubernetes. Helm charts provide templating syntax for Kubernetes YAML manifest documents. With Helm, we can create configurable deployments instead of just using static files. -For systems without direct internet access, see [Air Gap: Kubernetes install](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md). +For systems without direct internet access, see [Air Gap: Kubernetes install](../other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md). -To choose a Rancher version to install, refer to [Choosing a Rancher Version.](../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md) +To choose a Rancher version to install, refer to [Choosing a Rancher Version.](../resources/choose-a-rancher-version.md) -To choose a version of Helm to install Rancher with, refer to the [Helm version requirements](../getting-started/installation-and-upgrade/resources/helm-version-requirements.md) +To choose a version of Helm to install Rancher with, refer to the [Helm version requirements](../resources/helm-version-requirements.md) :::note @@ -77,7 +77,7 @@ To set up Rancher, ### 1. Add the Helm Chart Repository -Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Rancher Version](../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md). +Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Rancher Version](../resources/choose-a-rancher-version.md). - Latest: Recommended for trying out the newest features ``` @@ -107,7 +107,7 @@ The Rancher management server is designed to be secure by default and requires S :::note -If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination). +If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer](../installation-references/helm-chart-options.md#external-tls-termination). ::: @@ -126,7 +126,7 @@ There are three recommended options for the source of the certificate used for T ### 4. Install cert-manager -> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination). +> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer](../installation-references/helm-chart-options.md#external-tls-termination). This step is only required to use certificates issued by Rancher's generated CA (`ingress.tls.source=rancher`) or to request Let's Encrypt issued certificates (`ingress.tls.source=letsEncrypt`). @@ -135,7 +135,7 @@ This step is only required to use certificates issued by Rancher's generated CA :::note Important: -Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation](../getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md). +Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation](../resources/upgrade-cert-manager.md). ::: @@ -275,7 +275,7 @@ Although an entry in the `Subject Alternative Names` is technically required, ha :::note -If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?](../faq/technical-items.md#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate) +If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?](../../../faq/technical-items.md#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate) ::: @@ -308,18 +308,18 @@ helm install rancher rancher-/rancher \ --set privateCA=true ``` -Now that Rancher is deployed, see [Adding TLS Secrets](../getting-started/installation-and-upgrade/resources/add-tls-secrets.md) to publish the certificate files so Rancher and the Ingress controller can use them. +Now that Rancher is deployed, see [Adding TLS Secrets](../resources/add-tls-secrets.md) to publish the certificate files so Rancher and the Ingress controller can use them. The Rancher chart configuration has many options for customizing the installation to suit your specific environment. Here are some common advanced scenarios. -- [HTTP Proxy](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#http-proxy) -- [Private Container Image Registry](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#private-registry-and-air-gap-installs) -- [TLS Termination on an External Load Balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination) +- [HTTP Proxy](../installation-references/helm-chart-options.md#http-proxy) +- [Private Container Image Registry](../installation-references/helm-chart-options.md#private-registry-and-air-gap-installs) +- [TLS Termination on an External Load Balancer](../installation-references/helm-chart-options.md#external-tls-termination) -See the [Chart Options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md) for the full list of options. +See the [Chart Options](../installation-references/helm-chart-options.md) for the full list of options. ### 6. Verify that the Rancher Server is Successfully Deployed @@ -352,4 +352,4 @@ That's it. You should have a functional Rancher server. In a web browser, go to the DNS name that forwards traffic to your load balancer. Then you should be greeted by the colorful login page. -Doesn't work? Take a look at the [Troubleshooting](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md) Page +Doesn't work? Take a look at the [Troubleshooting](troubleshooting.md) Page diff --git a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md index ac86ad0ef25..6aa9bfda5ac 100644 --- a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md @@ -10,7 +10,7 @@ This page covers how to install Rancher on Microsoft's Azure Kubernetes Service The guide uses command line tools to provision an AKS cluster with an ingress. If you prefer to provision your cluster using the Azure portal, refer to the [official documentation](https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal). -If you already have an AKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have an AKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Prerequisites @@ -23,7 +23,7 @@ Deploying to Microsoft Azure will incur charges. - [Microsoft Azure Account](https://azure.microsoft.com/en-us/free/): A Microsoft Azure Account is required to create resources for deploying Rancher and Kubernetes. - [Microsoft Azure Subscription](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal): Use this link to follow a tutorial to create a Microsoft Azure subscription if you don't have one yet. - [Micsoroft Azure Tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant): Use this link and follow instructions to create a Microsoft Azure tenant. -- Your subscription has sufficient quota for at least 2 vCPUs. For details on Rancher server resource requirements, refer to [this section](../../../pages-for-subheaders/installation-requirements.md) +- Your subscription has sufficient quota for at least 2 vCPUs. For details on Rancher server resource requirements, refer to [this section](../installation-requirements/installation-requirements.md) - When installing Rancher with Helm in Azure, use the L7 load balancer to avoid networking issues. For more information, refer to the documentation on [Azure load balancer limitations](https://docs.microsoft.com/en-us/azure/load-balancer/components#limitations). ## 1. Prepare your Workstation @@ -138,7 +138,7 @@ There are many valid ways to set up the DNS. For help, refer to the [Azure DNS d ## 8. Install the Rancher Helm Chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use that DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -148,4 +148,4 @@ When installing Rancher on top of this setup, you will also need to pass the val --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. diff --git a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md index 6563d4b14eb..85c83a2d503 100644 --- a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md @@ -8,7 +8,7 @@ title: Installing Rancher on Amazon EKS This page covers installing Rancher on an Amazon EKS cluster. You can also [install Rancher through the AWS Marketplace](../../quick-start-guides/deploy-rancher-manager/aws-marketplace.md). -If you already have an EKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have an EKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Creating an EKS Cluster for the Rancher Server @@ -142,7 +142,7 @@ There are many valid ways to set up the DNS. For help, refer to the AWS document ### 8. Install the Rancher Helm Chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use that DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -152,4 +152,4 @@ When installing Rancher on top of this setup, you will also need to pass the val --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. diff --git a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md index 26a3fa905ee..a3c3518e4c0 100644 --- a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md @@ -8,13 +8,13 @@ title: Installing Rancher on a Google Kubernetes Engine Cluster In this section, you'll learn how to install Rancher using Google Kubernetes Engine. -If you already have a GKE Kubernetes cluster, skip to the step about [installing an ingress.](#7-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have a GKE Kubernetes cluster, skip to the step about [installing an ingress.](#7-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Prerequisites - You will need a Google account. - You will need a Google Cloud billing account. You can manage your Cloud Billing accounts using the Google Cloud Console. For more information about the Cloud Console, visit [General guide to the console.](https://support.google.com/cloud/answer/3465889?hl=en&ref_topic=3340599) -- You will need a cloud quota for at least one in-use IP address and at least 2 CPUs. For more details about hardware requirements for the Rancher server, refer to [this section.](../../../pages-for-subheaders/installation-requirements.md) +- You will need a cloud quota for at least one in-use IP address and at least 2 CPUs. For more details about hardware requirements for the Rancher server, refer to [this section.](../installation-requirements/installation-requirements.md) ## 1. Enable the Kubernetes Engine API @@ -184,7 +184,7 @@ There are many valid ways to set up the DNS. For help, refer to the Google Cloud ## 10. Install the Rancher Helm chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use the DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -194,7 +194,7 @@ When installing Rancher on top of this setup, you will also need to set the name --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. In Rancher v2.7.5, if you intend to use the default GKE ingress on your cluster without enabling VPC-native cluster mode, you need to set the following flag: diff --git a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md index 249cb053af3..1dcd9426ef5 100644 --- a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md @@ -78,7 +78,7 @@ A restore is performed by creating a Restore custom resource. 1. In the left navigation bar, click **Rancher Backups > Restore**. :::note - If the Rancher Backups app is not visible, you will need to install it from the Charts page in **Apps**. Refer [here](../../../pages-for-subheaders/helm-charts-in-rancher.md#charts) for more information. + If the Rancher Backups app is not visible, you will need to install it from the Charts page in **Apps**. Refer [here](../../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md#charts) for more information. ::: diff --git a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index 824683b1ea8..3932fd5c4b9 100644 --- a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -36,7 +36,7 @@ For migration of installs started with Helm 2, refer to the official [Helm 2 to ### For air-gapped installs: Populate private registry -For [air-gapped installs only,](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version. Follow the guide to [populate your private registry](../other-installation-methods/air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. +For [air-gapped installs only,](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version. Follow the guide to [populate your private registry](../other-installation-methods/air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. ### For upgrades with cert-manager older than 0.8.0 diff --git a/docs/pages-for-subheaders/installation-and-upgrade.md b/docs/getting-started/installation-and-upgrade/installation-and-upgrade.md similarity index 59% rename from docs/pages-for-subheaders/installation-and-upgrade.md rename to docs/getting-started/installation-and-upgrade/installation-and-upgrade.md index 3077b14edc2..f9067e831b7 100644 --- a/docs/pages-for-subheaders/installation-and-upgrade.md +++ b/docs/getting-started/installation-and-upgrade/installation-and-upgrade.md @@ -18,7 +18,7 @@ In this section, - **K3s (Lightweight Kubernetes)** is also a fully compliant Kubernetes distribution. It is newer than RKE, easier to use, and more lightweight, with a binary size of less than 100 MB. - **RKE2** is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector. -Note the `restrictedAdmin` Helm chart option available for **the Rancher Server**. When this option is set to true, the initial Rancher user has restricted access to the local Kubernetes cluster to prevent privilege escalation. For more information, see the section about the [restricted-admin role.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) +Note the `restrictedAdmin` Helm chart option available for **the Rancher Server**. When this option is set to true, the initial Rancher user has restricted access to the local Kubernetes cluster to prevent privilege escalation. For more information, see the section about the [restricted-admin role.](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) ## Overview of Installation Options @@ -30,7 +30,7 @@ We recommend using Helm, a Kubernetes package manager, to install Rancher on mul ### Rancher on EKS Install with the AWS Marketplace -Rancher can be installed on to Amazon Elastic Kubernetes Service (EKS) [through the AWS Marketplace](../getting-started/quick-start-guides/deploy-rancher-manager/aws-marketplace.md). The EKS cluster deployed is production-ready and follows AWS best practices. +Rancher can be installed on to Amazon Elastic Kubernetes Service (EKS) [through the AWS Marketplace](../quick-start-guides/deploy-rancher-manager/aws-marketplace.md). The EKS cluster deployed is production-ready and follows AWS best practices. ### Single-node Kubernetes Install @@ -42,7 +42,7 @@ However, this option is useful if you want to save resources by using a single n For test and demonstration purposes, Rancher can be installed with Docker on a single node. A local Kubernetes cluster is installed in the single Docker container, and Rancher is installed on the local cluster. -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) ### Other Options @@ -50,9 +50,9 @@ There are also separate instructions for installing Rancher in an air gap enviro | Level of Internet Access | Kubernetes Installation - Strongly Recommended | Docker Installation | | ---------------------------------- | ------------------------------ | ---------- | -| With direct access to the Internet | [Docs](install-upgrade-on-a-kubernetes-cluster.md) | [Docs](rancher-on-a-single-node-with-docker.md) | -| Behind an HTTP proxy | [Docs](rancher-behind-an-http-proxy.md) | These [docs,](rancher-on-a-single-node-with-docker.md) plus this [configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) | -| In an air gap environment | [Docs](air-gapped-helm-cli-install.md) | [Docs](air-gapped-helm-cli-install.md) | +| With direct access to the Internet | [Docs](install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) | [Docs](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) | +| Behind an HTTP proxy | [Docs](other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md) | These [docs,](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) plus this [configuration](../../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) | +| In an air gap environment | [Docs](other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) | [Docs](other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) | We recommend installing Rancher on a Kubernetes cluster, because in a multi-node cluster, the Rancher management server becomes highly available. This high-availability configuration helps maintain consistent access to the downstream Kubernetes clusters that Rancher will manage. @@ -60,29 +60,29 @@ For that reason, we recommend that for a production-grade architecture, you shou For testing or demonstration purposes, you can install Rancher in single Docker container. In this Docker install, you can use Rancher to set up Kubernetes clusters out-of-the-box. The Docker install allows you to explore the Rancher server functionality, but it is intended to be used for development and testing purposes only. -Our [instructions for installing Rancher on Kubernetes](install-upgrade-on-a-kubernetes-cluster.md) describe how to first use K3s or RKE to create and manage a Kubernetes cluster, then install Rancher onto that cluster. +Our [instructions for installing Rancher on Kubernetes](install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) describe how to first use K3s or RKE to create and manage a Kubernetes cluster, then install Rancher onto that cluster. -When the nodes in your Kubernetes cluster are running and fulfill the [node requirements,](installation-requirements.md) you will use Helm to deploy Rancher onto Kubernetes. Helm uses Rancher's Helm chart to install a replica of Rancher on each node in the Kubernetes cluster. We recommend using a load balancer to direct traffic to each replica of Rancher in the cluster. +When the nodes in your Kubernetes cluster are running and fulfill the [node requirements,](installation-requirements/installation-requirements.md) you will use Helm to deploy Rancher onto Kubernetes. Helm uses Rancher's Helm chart to install a replica of Rancher on each node in the Kubernetes cluster. We recommend using a load balancer to direct traffic to each replica of Rancher in the cluster. -For a longer discussion of Rancher architecture, refer to the [architecture overview,](rancher-manager-architecture.md) [recommendations for production-grade architecture,](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) or our [best practices guide.](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) +For a longer discussion of Rancher architecture, refer to the [architecture overview,](../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) [recommendations for production-grade architecture,](../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) or our [best practices guide.](../../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) ## Prerequisites -Before installing Rancher, make sure that your nodes fulfill all of the [installation requirements.](installation-requirements.md) +Before installing Rancher, make sure that your nodes fulfill all of the [installation requirements.](installation-requirements/installation-requirements.md) ## Architecture Tip -For the best performance and greater security, we recommend a separate, dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and greater security, we recommend a separate, dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. -For more architecture recommendations, refer to [this page.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +For more architecture recommendations, refer to [this page.](../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) ### More Options for Installations on a Kubernetes Cluster -Refer to the [Helm chart options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md) for details on installing Rancher on a Kubernetes cluster with other configurations, including: +Refer to the [Helm chart options](installation-references/helm-chart-options.md) for details on installing Rancher on a Kubernetes cluster with other configurations, including: -- With [API auditing to record all transactions](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#api-audit-log) -- With [TLS termination on a load balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination) -- With a [custom Ingress](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#customizing-your-ingress) +- With [API auditing to record all transactions](installation-references/helm-chart-options.md#api-audit-log) +- With [TLS termination on a load balancer](installation-references/helm-chart-options.md#external-tls-termination) +- With a [custom Ingress](installation-references/helm-chart-options.md#customizing-your-ingress) In the Rancher installation instructions, we recommend using K3s or RKE to set up a Kubernetes cluster before installing Rancher on the cluster. Both K3s and RKE have many configuration options for customizing the Kubernetes cluster to suit your specific environment. For the full list of their capabilities, refer to their documentation: @@ -91,8 +91,8 @@ In the Rancher installation instructions, we recommend using K3s or RKE to set u ### More Options for Installations with Docker -Refer to the [docs about options for Docker installs](rancher-on-a-single-node-with-docker.md) for details about other configurations including: +Refer to the [docs about options for Docker installs](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) for details about other configurations including: -- With [API auditing to record all transactions](../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) -- With an [external load balancer](../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) -- With a [persistent data store](../reference-guides/single-node-rancher-in-docker/advanced-options.md#persistent-data) +- With [API auditing to record all transactions](../../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) +- With an [external load balancer](../../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) +- With a [persistent data store](../../reference-guides/single-node-rancher-in-docker/advanced-options.md#persistent-data) diff --git a/docs/getting-started/installation-and-upgrade/installation-references/feature-flags.md b/docs/getting-started/installation-and-upgrade/installation-references/feature-flags.md index 176fc240314..f10a4fd7ec1 100644 --- a/docs/getting-started/installation-and-upgrade/installation-references/feature-flags.md +++ b/docs/getting-started/installation-and-upgrade/installation-references/feature-flags.md @@ -8,7 +8,7 @@ title: Feature Flags With feature flags, you can try out optional or experimental features, and enable legacy features that are being phased out. -To learn more about feature values and how to enable them, see [Enabling Experimental Features](../../../pages-for-subheaders/enable-experimental-features.md). +To learn more about feature values and how to enable them, see [Enabling Experimental Features](../../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md). :::note diff --git a/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 340f33603d1..21bc34464e5 100644 --- a/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -11,7 +11,7 @@ This page is a configuration reference for the Rancher Helm chart. For help choosing a Helm chart version, refer to [this page.](../../../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md) -For information on enabling experimental features, refer to [this page.](../../../pages-for-subheaders/enable-experimental-features.md) +For information on enabling experimental features, refer to [this page.](../../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md) ## Common Options @@ -85,13 +85,13 @@ kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{ Enabling the [API Audit Log](../../../how-to-guides/advanced-user-guides/enable-api-audit-log.md). -You can collect this log as you would any container log. Enable [logging](../../../pages-for-subheaders/logging.md) for the `System` Project on the Rancher server cluster. +You can collect this log as you would any container log. Enable [logging](../../../integrations-in-rancher/logging/logging.md) for the `System` Project on the Rancher server cluster. ```plain --set auditLog.level=1 ``` -By default enabling Audit Logging will create a sidecar container in the Rancher pod. This container (`rancher-audit-log`) will stream the log to `stdout`. You can collect this log as you would any container log. When using the sidecar as the audit log destination, the `hostPath`, `maxAge`, `maxBackups`, and `maxSize` options do not apply. It's advised to use your OS or Docker daemon's log rotation features to control disk space use. Enable [logging](../../../pages-for-subheaders/logging.md) for the Rancher server cluster or System Project. +By default enabling Audit Logging will create a sidecar container in the Rancher pod. This container (`rancher-audit-log`) will stream the log to `stdout`. You can collect this log as you would any container log. When using the sidecar as the audit log destination, the `hostPath`, `maxAge`, `maxBackups`, and `maxSize` options do not apply. It's advised to use your OS or Docker daemon's log rotation features to control disk space use. Enable [logging](../../../integrations-in-rancher/logging/logging.md) for the Rancher server cluster or System Project. Set the `auditLog.destination` to `hostPath` to forward logs to volume shared with the host system instead of streaming to a sidecar container. When setting the destination to `hostPath` you may want to adjust the other auditLog parameters for log rotation. @@ -206,7 +206,7 @@ kubectl -n cattle-system create secret generic tls-ca-additional --from-file=ca- ### Private Registry and Air Gap Installs -For details on installing Rancher with a private registry, see the [air gap installation docs.](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) +For details on installing Rancher with a private registry, see the [air gap installation docs.](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) ## External TLS Termination diff --git a/docs/getting-started/installation-and-upgrade/installation-references/installation-references.md b/docs/getting-started/installation-and-upgrade/installation-references/installation-references.md new file mode 100644 index 00000000000..67a379702cd --- /dev/null +++ b/docs/getting-started/installation-and-upgrade/installation-references/installation-references.md @@ -0,0 +1,9 @@ +--- +title: Installation References +--- + + + + + +Please see the following reference guides for other installation resources: [Rancher Helm chart options](helm-chart-options.md), [TLS settings](tls-settings.md), and [feature flags](feature-flags.md). \ No newline at end of file diff --git a/docs/pages-for-subheaders/installation-requirements.md b/docs/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md similarity index 83% rename from docs/pages-for-subheaders/installation-requirements.md rename to docs/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md index e10104ba6fb..d866b032994 100644 --- a/docs/pages-for-subheaders/installation-requirements.md +++ b/docs/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md @@ -11,13 +11,13 @@ This page describes the software, hardware, and networking requirements for the :::note Important: -If you install Rancher on a Kubernetes cluster, requirements are different from the [node requirements for downstream user clusters,](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) which will run your apps and services. +If you install Rancher on a Kubernetes cluster, requirements are different from the [node requirements for downstream user clusters,](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) which will run your apps and services. ::: The Rancher UI works best in Firefox or Chromium based browsers (Chrome, Edge, Opera, Brave, etc). -See our page on [best practices](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for a list of recommendations for running a Rancher server in production. +See our page on [best practices](../../../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for a list of recommendations for running a Rancher server in production. ## Kubernetes Compatibility with Rancher @@ -25,7 +25,7 @@ Rancher needs to be installed on a supported Kubernetes version. Consult the [Ra ### Install Rancher on a Hardened Kubernetes cluster -If you install Rancher on a hardened Kubernetes cluster, check the [Exempting Required Rancher Namespaces](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md#exempting-required-rancher-namespaces) section for detailed requirements. +If you install Rancher on a hardened Kubernetes cluster, check the [Exempting Required Rancher Namespaces](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md#exempting-required-rancher-namespaces) section for detailed requirements. ## Operating Systems and Container Runtime Requirements @@ -41,7 +41,7 @@ Some distributions of Linux may have default firewall rules that block communica If you don't feel comfortable doing so, you might check suggestions in the [respective issue](https://github.com/rancher/rancher/issues/28840). Some users were successful [creating a separate firewalld zone with a policy of ACCEPT for the Pod CIDR](https://github.com/rancher/rancher/issues/28840#issuecomment-787404822). -If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).](../how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md) +If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).](../../../how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md) ### RKE2 Specific Requirements @@ -63,7 +63,7 @@ If you are installing Rancher on a K3s cluster with Alpine Linux, follow [these RKE requires a Docker container runtime. Supported Docker versions are specified in the [Support Matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) page. -For more information, see [Installing Docker](../getting-started/installation-and-upgrade/installation-requirements/install-docker.md). +For more information, see [Installing Docker](install-docker.md). ## Hardware Requirements @@ -102,7 +102,7 @@ If you find that your Rancher deployment no longer complies with the listed reco ### RKE2 Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -113,7 +113,7 @@ Please note that a highly available setup with at least three nodes is required | Large (*) | 500 | 5000 | 16 | 64 GB | | Larger (†) | (†) | (†) | (†) | (†) | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. (†): Larger deployment sizes are generally possible with ad-hoc hardware recommendations and tuning. You can [contact Rancher](https://rancher.com/contact/) for a custom evaluation. @@ -121,7 +121,7 @@ Refer to RKE2 documentation for more detailed information on [RKE2 general requi ### K3s Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -133,13 +133,13 @@ Please note that a highly available setup with at least three nodes is required (*): External Database Host refers to hosting the K3s cluster data store on an [dedicated external host](https://docs.k3s.io/datastore). This is optional. Exact requirements depend on the external data store. -(†): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(†): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. Refer to the K3s documentation for more detailed information on [general requirements](https://docs.k3s.io/installation/requirements). ### Hosted Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -151,11 +151,11 @@ These requirements apply to hosted Kubernetes clusters such as Amazon Elastic Ku | Medium | 300 | 3000 | 8 | 32 GB | | Large (*) | 500 | 5000 | 16 | 64 GB | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. ### RKE -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -165,13 +165,13 @@ Please note that a highly available setup with at least three nodes is required | Medium | 300 | 3000 | 8 | 32 GB | | Large (*) | 500 | 5000 | 16 | 64 GB | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. Refer to the RKE documentation for more detailed information on [general requirements](https://rke.docs.rancher.com/os). ### Docker -The following table lists minimum CPU and memory requirements for a [single Docker node installation of Rancher](rancher-on-a-single-node-with-docker.md). +The following table lists minimum CPU and memory requirements for a [single Docker node installation of Rancher](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md). Please note that a Docker installation is only suitable for development or testing purposes and is not meant to be used in production environments. @@ -190,9 +190,9 @@ For RKE, RKE2 and K3s installations, you don't have to install the Ingress manua For hosted Kubernetes clusters (EKS, GKE, AKS), you will need to set up the ingress. -- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) -- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) -- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) +- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) +- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) +- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) ## Disks @@ -214,8 +214,8 @@ Each node used should have a static IP configured, regardless of whether you are ### Port Requirements -To operate properly, Rancher requires a number of ports to be open on Rancher nodes and on downstream Kubernetes cluster nodes. [Port Requirements](../getting-started/installation-and-upgrade/installation-requirements/port-requirements.md) lists all the necessary ports for Rancher and Downstream Clusters for the different cluster types. +To operate properly, Rancher requires a number of ports to be open on Rancher nodes and on downstream Kubernetes cluster nodes. [Port Requirements](port-requirements.md) lists all the necessary ports for Rancher and Downstream Clusters for the different cluster types. ## Dockershim Support -For more information on Dockershim support, refer to [this page](../getting-started/installation-and-upgrade/installation-requirements/dockershim.md). +For more information on Dockershim support, refer to [this page](dockershim.md). diff --git a/docs/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md b/docs/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md index eecd8dd258b..f7a15e9de27 100644 --- a/docs/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md +++ b/docs/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md @@ -180,9 +180,9 @@ The following tables break down the port requirements for Rancher nodes, for inb Downstream Kubernetes clusters run your apps and services. This section describes what ports need to be opened on the nodes in downstream clusters so that Rancher can communicate with them. -The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). -The following diagram depicts the ports that are opened for each [cluster type](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The following diagram depicts the ports that are opened for each [cluster type](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md).

Port Requirements for the Rancher Management Plane
@@ -204,7 +204,7 @@ Refer to the [Harvester Integration Overview](../../../integrations-in-rancher/h
Click to expand -The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) with nodes created in an [Infrastructure Provider](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) with nodes created in an [Infrastructure Provider](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). :::note @@ -221,7 +221,7 @@ The required ports are automatically opened by Rancher during creation of cluste
Click to expand -The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) with [Custom Nodes](../../../pages-for-subheaders/use-existing-nodes.md). +The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) with [Custom Nodes](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md). @@ -232,7 +232,7 @@ The following table depicts the port requirements for [Rancher Launched Kubernet
Click to expand -The following table depicts the port requirements for [hosted clusters](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md). +The following table depicts the port requirements for [hosted clusters](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md). diff --git a/docs/pages-for-subheaders/air-gapped-helm-cli-install.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md similarity index 53% rename from docs/pages-for-subheaders/air-gapped-helm-cli-install.md rename to docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md index d6fbc09698f..792a49a26a4 100644 --- a/docs/pages-for-subheaders/air-gapped-helm-cli-install.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md @@ -10,7 +10,7 @@ This section is about using the Helm CLI to install the Rancher server in an air The installation steps differ depending on whether Rancher is installed on an RKE Kubernetes cluster, a K3s Kubernetes cluster, or a single Docker container. -For more information on each installation option, refer to [this page.](installation-and-upgrade.md) +For more information on each installation option, refer to [this page.](../../installation-and-upgrade.md) Throughout the installation instructions, there will be _tabs_ for each installation option. @@ -22,13 +22,13 @@ If you install Rancher following the Docker installation guide, there is no upgr ## Installation Outline -1. [Set up infrastructure and private registry](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md) -2. [Collect and publish images to your private registry](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md) -3. [Set up a Kubernetes cluster (Skip this step for Docker installations)](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-kubernetes.md) -4. [Install Rancher](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md) +1. [Set up infrastructure and private registry](infrastructure-private-registry.md) +2. [Collect and publish images to your private registry](publish-images.md) +3. [Set up a Kubernetes cluster (Skip this step for Docker installations)](install-kubernetes.md) +4. [Install Rancher](install-rancher-ha.md) ## Upgrades -To upgrade Rancher with Helm CLI in an air gap environment, follow [this procedure.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md) +To upgrade Rancher with Helm CLI in an air gap environment, follow [this procedure.](../../install-upgrade-on-a-kubernetes-cluster/upgrades.md) -### [Next: Prepare your Node(s)](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md) +### [Next: Prepare your Node(s)](infrastructure-private-registry.md) diff --git a/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md index 981223575fe..07b6b01097f 100644 --- a/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md @@ -10,7 +10,7 @@ In this section, you will provision the underlying infrastructure for your Ranch An air gapped environment is an environment where the Rancher server is installed offline or behind a firewall. -The infrastructure depends on whether you are installing Rancher on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. For more information on each installation option, refer to [this page.](../../../../pages-for-subheaders/installation-and-upgrade.md) +The infrastructure depends on whether you are installing Rancher on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. For more information on each installation option, refer to [this page.](../../installation-and-upgrade.md) Rancher can be installed on any Kubernetes cluster. The RKE and K3s Kubernetes infrastructure tutorials below are still included for convenience. @@ -29,7 +29,7 @@ We recommend setting up the following infrastructure for a high-availability ins These hosts will be disconnected from the internet, but require being able to connect with your private registry. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. @@ -116,7 +116,7 @@ The etcd database requires an odd number of nodes so that it can always elect a These hosts will be disconnected from the internet, but require being able to connect with your private registry. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. @@ -180,7 +180,7 @@ If you need to create a private registry, refer to the documentation pages for y This host will be disconnected from the Internet, but needs to be able to connect to your private registry. -Make sure that your node fulfills the general installation requirements for [OS, containers, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your node fulfills the general installation requirements for [OS, containers, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md index 1bd1d3314f0..992129fc684 100644 --- a/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md @@ -8,11 +8,11 @@ title: '2. Collect and Publish Images to your Private Registry' This section describes how to set up your private registry so that when you install Rancher, Rancher will pull all the required images from this registry. -By default, all images used to [provision Kubernetes clusters](../../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) or launch any tools in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. +By default, all images used to [provision Kubernetes clusters](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) or launch any tools in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. Populating the private registry with images is the same process for installing Rancher with Docker and for installing Rancher on a Kubernetes cluster. -The steps in this section differ depending on whether or not you are planning to use Rancher to provision a downstream cluster with Windows nodes or not. By default, we provide the steps of how to populate your private registry assuming that Rancher will provision downstream Kubernetes clusters with only Linux nodes. But if you plan on provisioning any [downstream Kubernetes clusters using Windows nodes](../../../../pages-for-subheaders/use-windows-clusters.md), there are separate instructions to support the images needed. +The steps in this section differ depending on whether or not you are planning to use Rancher to provision a downstream cluster with Windows nodes or not. By default, we provide the steps of how to populate your private registry assuming that Rancher will provision downstream Kubernetes clusters with only Linux nodes. But if you plan on provisioning any [downstream Kubernetes clusters using Windows nodes](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md), there are separate instructions to support the images needed. :::note Prerequisites: diff --git a/docs/pages-for-subheaders/other-installation-methods.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md similarity index 61% rename from docs/pages-for-subheaders/other-installation-methods.md rename to docs/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md index 7cd497a8d48..c5bd443da43 100644 --- a/docs/pages-for-subheaders/other-installation-methods.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md @@ -8,16 +8,16 @@ title: Other Installation Methods ### Air Gapped Installations -Follow [these steps](air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. +Follow [these steps](air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. ### Docker Installations -The [single-node Docker installation](rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. +The [single-node Docker installation](rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. The Docker installation is for development and testing environments only. Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) diff --git a/docs/pages-for-subheaders/rancher-behind-an-http-proxy.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md similarity index 55% rename from docs/pages-for-subheaders/rancher-behind-an-http-proxy.md rename to docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md index fd8a41b8e08..39b75558e22 100644 --- a/docs/pages-for-subheaders/rancher-behind-an-http-proxy.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md @@ -8,10 +8,10 @@ title: Installing Rancher behind an HTTP Proxy In a lot of enterprise environments, servers or VMs running on premise do not have direct Internet access, but must connect to external services through a HTTP(S) proxy for security reasons. This tutorial shows step by step how to set up a highly available Rancher installation in such an environment. -Alternatively, it is also possible to set up Rancher completely air-gapped without any Internet access. This process is described in detail in the [Rancher docs](air-gapped-helm-cli-install.md). +Alternatively, it is also possible to set up Rancher completely air-gapped without any Internet access. This process is described in detail in the [Rancher docs](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md). ## Installation Outline -1. [Set up infrastructure](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md) -2. [Set up a Kubernetes cluster](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-kubernetes.md) -3. [Install Rancher](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md) +1. [Set up infrastructure](set-up-infrastructure.md) +2. [Set up a Kubernetes cluster](install-kubernetes.md) +3. [Install Rancher](install-rancher.md) diff --git a/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md index 7822fa065cd..1cb41c54fbf 100644 --- a/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md @@ -26,7 +26,7 @@ The etcd database requires an odd number of nodes so that it can always elect a These hosts will connect to the internet through an HTTP proxy. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/docs/pages-for-subheaders/rancher-on-a-single-node-with-docker.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md similarity index 82% rename from docs/pages-for-subheaders/rancher-on-a-single-node-with-docker.md rename to docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md index da5b39209cf..049bf762a2a 100644 --- a/docs/pages-for-subheaders/rancher-on-a-single-node-with-docker.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md @@ -13,13 +13,13 @@ In this installation scenario, you'll install Docker on a single Linux host, and :::note Want to use an external load balancer? -See [Docker Install with an External Load Balancer](../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) instead. +See [Docker Install with an External Load Balancer](../../../../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) instead. ::: A Docker installation of Rancher is recommended only for development and testing purposes. The ability to migrate Rancher to a high-availability cluster depends on the Rancher version: -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) ## Privileged Access for Rancher @@ -27,11 +27,11 @@ When the Rancher server is deployed in the Docker container, a local Kubernetes ## Requirements for OS, Docker, Hardware, and Networking -Make sure that your node fulfills the general [installation requirements.](installation-requirements.md) +Make sure that your node fulfills the general [installation requirements.](../../installation-requirements/installation-requirements.md) ## 1. Provision Linux Host -Provision a single Linux host according to our [Requirements](installation-requirements.md) to launch your Rancher server. +Provision a single Linux host according to our [Requirements](../../installation-requirements/installation-requirements.md) to launch your Rancher server. ## 2. Choose an SSL Option and Install Rancher @@ -39,10 +39,10 @@ For security purposes, SSL (Secure Sockets Layer) is required when using Rancher :::tip Do you want to.. -- Use a proxy? See [HTTP Proxy Configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) -- Configure custom CA root certificate to access your services? See [Custom CA root certificate](../reference-guides/single-node-rancher-in-docker/advanced-options.md#custom-ca-certificate/) -- Complete an Air Gap Installation? See [Air Gap: Docker Install](air-gapped-helm-cli-install.md) -- Record all transactions with the Rancher API? See [API Auditing](../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) +- Use a proxy? See [HTTP Proxy Configuration](../../../../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) +- Configure custom CA root certificate to access your services? See [Custom CA root certificate](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md#custom-ca-certificate/) +- Complete an Air Gap Installation? See [Air Gap: Docker Install](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) +- Record all transactions with the Rancher API? See [API Auditing](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) ::: @@ -75,7 +75,7 @@ In development or testing environments where your team will access your Rancher Create a self-signed certificate using [OpenSSL](https://www.openssl.org/) or another method of your choice. - The certificate files must be in PEM format. -- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) +- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](certificate-troubleshooting.md) ::: @@ -109,7 +109,7 @@ The Docker install is not recommended for production. These instructions are pro :::note Prerequisites: - The certificate files must be in PEM format. -- In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) +- In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](certificate-troubleshooting.md) ::: @@ -199,13 +199,13 @@ When installing Rancher on a single node with Docker, there are several advanced - Persistent Data - Running `rancher/rancher` and `rancher/rancher-agent` on the Same Node -Refer to [this page](../reference-guides/single-node-rancher-in-docker/advanced-options.md) for details. +Refer to [this page](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md) for details. ## Troubleshooting -Refer to [this page](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) for frequently asked questions and troubleshooting tips. +Refer to [this page](certificate-troubleshooting.md) for frequently asked questions and troubleshooting tips. ## What's Next? -- **Recommended:** Review Single Node [Backup](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. -- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](kubernetes-clusters-in-rancher-setup.md). +- **Recommended:** Review Single Node [Backup](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. +- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). diff --git a/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md index 1ec111444b9..1a4519e1bfe 100644 --- a/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md @@ -82,7 +82,7 @@ Rolling back to a previous version of Rancher destroys any changes made to Ranch --privileged \ rancher/rancher: ``` - Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) + Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) :::danger diff --git a/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md index 2a3bdaa29df..b458a86bc73 100644 --- a/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md @@ -17,7 +17,7 @@ The following instructions will guide you through upgrading a Rancher server tha ## Prerequisites - **Review the [known upgrade issues](../../install-upgrade-on-a-kubernetes-cluster/upgrades.md#known-upgrade-issues)** section in the Rancher documentation for the most noteworthy issues to consider when upgrading Rancher. A more complete list of known issues for each Rancher version can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums](https://forums.rancher.com/c/announcements/12). Note that upgrades to or from any chart in the [rancher-alpha repository](../../resources/choose-a-rancher-version.md#helm-chart-repositories) aren’t supported. -- **For [air gap installs only,](../../../../pages-for-subheaders/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version**. Follow the guide to [populate your private registry](../air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. +- **For [air gap installs only,](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version**. Follow the guide to [populate your private registry](../air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. ## Placeholder Review @@ -151,7 +151,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
@@ -187,7 +187,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
@@ -222,7 +222,7 @@ docker run -d --volumes-from rancher-data \ --no-cacerts ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
#### Option D: Let's Encrypt Certificate @@ -259,7 +259,7 @@ docker run -d --volumes-from rancher-data \ --acme-domain ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) @@ -292,7 +292,7 @@ Placeholder | Description /rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) #### Option B: Bring Your Own Certificate: Self-Signed @@ -328,7 +328,7 @@ docker run -d --restart=unless-stopped \ --privileged \ /rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) #### Option C: Bring Your Own Certificate: Signed by Recognized CA @@ -370,7 +370,7 @@ docker run -d --volumes-from rancher-data \ --privileged /rancher/rancher: ``` -privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) diff --git a/docs/getting-started/installation-and-upgrade/resources/add-tls-secrets.md b/docs/getting-started/installation-and-upgrade/resources/add-tls-secrets.md index 290f180adfd..3bd6babc719 100644 --- a/docs/getting-started/installation-and-upgrade/resources/add-tls-secrets.md +++ b/docs/getting-started/installation-and-upgrade/resources/add-tls-secrets.md @@ -46,4 +46,4 @@ The configured `tls-ca` secret is retrieved when Rancher starts. On a running Ra ## Updating a Private CA Certificate -Follow the steps on [this page](update-rancher-certificate.md) to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. \ No newline at end of file +Follow the steps on [this page](update-rancher-certificate.md) to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. \ No newline at end of file diff --git a/docs/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md b/docs/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md index 7e8cc826dac..23f68930049 100644 --- a/docs/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md +++ b/docs/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md @@ -15,7 +15,7 @@ For Docker installations of Rancher, which is used for development and testing, -When installing, upgrading, or rolling back Rancher Server when it is [installed on a Kubernetes cluster](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md), Rancher server is installed using a Helm chart on a Kubernetes cluster. Therefore, as you prepare to install or upgrade a high availability Rancher configuration, you must add a Helm chart repository that contains the charts for installing Rancher. +When installing, upgrading, or rolling back Rancher Server when it is [installed on a Kubernetes cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md), Rancher server is installed using a Helm chart on a Kubernetes cluster. Therefore, as you prepare to install or upgrade a high availability Rancher configuration, you must add a Helm chart repository that contains the charts for installing Rancher. Refer to the [Helm version requirements](helm-version-requirements.md) to choose a version of Helm to install Rancher. @@ -99,7 +99,7 @@ Because the rancher-alpha repository contains only alpha charts, switching betwe -When performing [Docker installs](../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. +When performing [Docker installs](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. ### Server Tags diff --git a/docs/getting-started/installation-and-upgrade/resources/local-system-charts.md b/docs/getting-started/installation-and-upgrade/resources/local-system-charts.md index e48012d6af4..4e07236b0fe 100644 --- a/docs/getting-started/installation-and-upgrade/resources/local-system-charts.md +++ b/docs/getting-started/installation-and-upgrade/resources/local-system-charts.md @@ -14,4 +14,4 @@ In an air gapped installation of Rancher, you will need to configure Rancher to A local copy of `system-charts` has been packaged into the `rancher/rancher` container. To be able to use these features in an air gap install, you will need to run the Rancher install command with an extra environment variable, `CATTLE_SYSTEM_CATALOG=bundled`, which tells Rancher to use the local copy of the charts instead of attempting to fetch them from GitHub. -Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap installation](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) instructions for Docker and Helm installs. +Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap installation](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) instructions for Docker and Helm installs. diff --git a/docs/getting-started/installation-and-upgrade/resources/resources.md b/docs/getting-started/installation-and-upgrade/resources/resources.md new file mode 100644 index 00000000000..5d4fbf24fc1 --- /dev/null +++ b/docs/getting-started/installation-and-upgrade/resources/resources.md @@ -0,0 +1,29 @@ +--- +title: Resources +--- + + + + + +### Docker Installations + +The [single-node Docker installation](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. + +Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. + +### Air-Gapped Installations + +Follow [these steps](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. + +An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. + +### Advanced Options + +When installing Rancher, there are several advanced options that can be enabled during installation. Within each install guide, these options are presented. Learn more about these options: + +- [Custom CA Certificate](custom-ca-root-certificates.md) +- [API Audit Log](../../../how-to-guides/advanced-user-guides/enable-api-audit-log.md) +- [TLS Settings](../installation-references/tls-settings.md) +- [etcd configuration](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md) +- [Local System Charts for Air Gap Installations](local-system-charts.md) | v2.3.0 | diff --git a/docs/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md b/docs/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md index 513b46ac4d2..5b2e379c06b 100644 --- a/docs/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md +++ b/docs/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md @@ -8,7 +8,7 @@ title: Updating the Rancher Certificate ## Updating a Private CA Certificate -Follow these steps to rotate an SSL certificate and private CA used by Rancher [installed on a Kubernetes cluster](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md), or migrate to an SSL certificate signed by a private CA. +Follow these steps to rotate an SSL certificate and private CA used by Rancher [installed on a Kubernetes cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md), or migrate to an SSL certificate signed by a private CA. A summary of the steps is as follows: diff --git a/docs/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md b/docs/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md index fa870013b2b..dd00964ef02 100644 --- a/docs/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md +++ b/docs/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md @@ -266,7 +266,7 @@ cert-manager-webhook-787858fcdb-nlzsq 1/1 Running 0 2m --- -Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the [cert-manager docs](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager). For instructions on upgrading cert-manager from version 1.5 to 1.6, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.5-1.6/). For instructions on upgrading cert-manager from version 1.6 to 1.7, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.6-1.7/). +Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the [cert-manager docs](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager). For instructions on upgrading cert-manager from version 1.5 to 1.6, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.5-1.6/). For instructions on upgrading cert-manager from version 1.6 to 1.7, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.6-1.7/). --- diff --git a/docs/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md b/docs/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md index e54524ca7ad..a916003a9fa 100644 --- a/docs/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md +++ b/docs/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md @@ -36,9 +36,9 @@ The restore operation will work on a cluster that is not in a healthy or active :::note Prerequisites: -- The options below are available for [Rancher-launched Kubernetes clusters](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) and [Registered K3s Kubernetes clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md#additional-features-for-registered-rke2-and-k3s-clusters). +- The options below are available for [Rancher-launched Kubernetes clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) and [Registered K3s Kubernetes clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md#additional-features-for-registered-rke2-and-k3s-clusters). - The following options also apply to imported RKE2 clusters that you have registered. If you import a cluster from an external cloud platform but don't register it, you won't be able to upgrade the Kubernetes version from Rancher. -- Before upgrading Kubernetes, [back up your cluster.](../../pages-for-subheaders/backup-restore-and-disaster-recovery.md) +- Before upgrading Kubernetes, [back up your cluster.](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md) ::: diff --git a/docs/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md b/docs/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md index 42c0b6348a2..a474f770b1b 100644 --- a/docs/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md +++ b/docs/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md @@ -14,7 +14,7 @@ The Kubernetes API can change between minor versions. Therefore, we don't suppor ::: -Rancher's Kubernetes metadata contains information specific to the Kubernetes version that Rancher uses to provision [RKE clusters](../../pages-for-subheaders/launch-kubernetes-with-rancher.md). Rancher syncs the data periodically and creates custom resource definitions (CRDs) for **system images,** **service options** and **addon templates**. Consequently, when a new Kubernetes version is compatible with the Rancher server version, the Kubernetes metadata makes the new version available to Rancher for provisioning clusters. The metadata gives you an overview of the information that the [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/) (RKE) uses for deploying various Kubernetes versions. +Rancher's Kubernetes metadata contains information specific to the Kubernetes version that Rancher uses to provision [RKE clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). Rancher syncs the data periodically and creates custom resource definitions (CRDs) for **system images,** **service options** and **addon templates**. Consequently, when a new Kubernetes version is compatible with the Rancher server version, the Kubernetes metadata makes the new version available to Rancher for provisioning clusters. The metadata gives you an overview of the information that the [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/) (RKE) uses for deploying various Kubernetes versions. This table below describes the CRDs that are affected by the periodic data sync. diff --git a/docs/getting-started/overview.md b/docs/getting-started/overview.md index cafca0a14af..472c2f14fbb 100644 --- a/docs/getting-started/overview.md +++ b/docs/getting-started/overview.md @@ -34,21 +34,21 @@ The Rancher API server is built on top of an embedded Kubernetes API server and ### Authorization and Role-Based Access Control -- **User management:** The Rancher API server [manages user identities](../pages-for-subheaders/authentication-config.md) that correspond to external authentication providers like Active Directory or GitHub, in addition to local users. -- **Authorization:** The Rancher API server manages [access control](../pages-for-subheaders/manage-role-based-access-control-rbac.md) and [security](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) policies. +- **User management:** The Rancher API server [manages user identities](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) that correspond to external authentication providers like Active Directory or GitHub, in addition to local users. +- **Authorization:** The Rancher API server manages [access control](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) and [security](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) policies. ### Working with Kubernetes -- **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes](../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) on existing nodes, or perform [Kubernetes upgrades.](installation-and-upgrade/upgrade-and-roll-back-kubernetes.md) -- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts](../pages-for-subheaders/helm-charts-in-rancher.md) that make it easy to repeatedly deploy applications. -- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration](../pages-for-subheaders/manage-projects.md) and for [managing applications within projects.](../pages-for-subheaders/kubernetes-resources-setup.md) +- **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) on existing nodes, or perform [Kubernetes upgrades.](installation-and-upgrade/upgrade-and-roll-back-kubernetes.md) +- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts](../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md) that make it easy to repeatedly deploy applications. +- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration](../how-to-guides/advanced-user-guides/manage-projects/manage-projects.md) and for [managing applications within projects.](../how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md) - **Fleet Continuous Delivery:** Within Rancher, you can leverage [Fleet Continuous Delivery](../integrations-in-rancher/fleet/fleet.md) to deploy applications from git repositories, without any manual operation, to targeted downstream Kubernetes clusters. -- **Istio:** Our [integration with Istio](../pages-for-subheaders/istio.md) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. +- **Istio:** Our [integration with Istio](../integrations-in-rancher/istio/istio.md) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. ### Working with Cloud Infrastructure - **Tracking nodes:** The Rancher API server tracks identities of all the [nodes](../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md) in all clusters. -- **Setting up infrastructure:** When configured to use a cloud provider, Rancher can dynamically provision [new nodes](../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) and [persistent storage](../pages-for-subheaders/create-kubernetes-persistent-storage.md) in the cloud. +- **Setting up infrastructure:** When configured to use a cloud provider, Rancher can dynamically provision [new nodes](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) and [persistent storage](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in the cloud. ### Cluster Visibility @@ -58,9 +58,9 @@ The Rancher API server is built on top of an embedded Kubernetes API server and ## Editing Downstream Clusters with Rancher -The options and settings available for an existing cluster change based on the method that you used to provision it. For example, only clusters [provisioned by RKE](../pages-for-subheaders/launch-kubernetes-with-rancher.md) have **Cluster Options** available for editing. +The options and settings available for an existing cluster change based on the method that you used to provision it. For example, only clusters [provisioned by RKE](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) have **Cluster Options** available for editing. -After a cluster is created with Rancher, a cluster administrator can manage cluster membership or manage node pools, among [other options.](../pages-for-subheaders/cluster-configuration.md) +After a cluster is created with Rancher, a cluster administrator can manage cluster membership or manage node pools, among [other options.](../reference-guides/cluster-configuration/cluster-configuration.md) The following table summarizes the options and settings available for each cluster type: diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/aws.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/aws.md index a3fd249d35e..91b82597680 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/aws.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/aws.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on AWS in a single-node :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -90,7 +90,7 @@ Two Kubernetes clusters are deployed into your AWS account, one running Rancher ## What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/azure.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/azure.md index c9b968077ab..82917ee7857 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/azure.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/azure.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Azure in a single-no :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -76,7 +76,7 @@ Two Kubernetes clusters are deployed into your Azure account, one running Ranche ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md new file mode 100644 index 00000000000..7027172fede --- /dev/null +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md @@ -0,0 +1,23 @@ +--- +title: Deploying Rancher Server +--- + + + + + +Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice. + +- [AWS](aws.md) (uses Terraform) +- [AWS Marketplace](aws-marketplace.md) (uses Amazon EKS) +- [Azure](azure.md) (uses Terraform) +- [DigitalOcean](digitalocean.md) (uses Terraform) +- [GCP](gcp.md) (uses Terraform) +- [Hetzner Cloud](hetzner-cloud.md) (uses Terraform) +- [Vagrant](vagrant.md) +- [Equinix Metal](equinix-metal.md) +- [Outscale](outscale-qs.md) (uses Terraform) + +If you prefer, the following guide will take you through the same process in individual steps. Use this if you want to run Rancher in a different provider, on prem, or if you would just like to see how easy it is. + +- [Manual Install](helm-cli.md) diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md index 81442f401b9..5d3be8eeda1 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on DigitalOcean in a si :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -69,7 +69,7 @@ Two Kubernetes clusters are deployed into your DigitalOcean account, one running ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 5c52b03bc97..226a2e291d0 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -15,7 +15,7 @@ title: Rancher Equinix Metal Quick Start :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. The Docker install is not recommended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. The Docker install is not recommended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -42,7 +42,7 @@ Begin deploying an Equinix Metal Host. Equinix Metal Servers can be provisioned - When provisioning a new Equinix Metal Server via the CLI or API you will need to provide the following information: project-id, plan, metro, and operating-system. - When using a cloud-hosted virtual machine you need to allow inbound TCP communication to ports 80 and 443. Please see your cloud host's documentation for information regarding port configuration. - For a full list of port requirements, refer to [Docker Installation](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md). -- Provision the host according to our [Requirements](../../../pages-for-subheaders/installation-requirements.md). +- Provision the host according to our [Requirements](../../installation-and-upgrade/installation-requirements/installation-requirements.md). ::: ### 2. Install Rancher @@ -107,4 +107,4 @@ Congratulations! You have created your first cluster. #### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md index 22ef8bb7ec9..ef465375c60 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on GCP in a single-node :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -72,7 +72,7 @@ Two Kubernetes clusters are deployed into your GCP account, one running Rancher ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md index d262b7e2fff..07afc518a5a 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md @@ -14,7 +14,7 @@ We don't recommend installing Rancher locally because it creates a networking pr Your Linux machine can be anywhere. It could be an Amazon EC2 instance, a Digital Ocean droplet, or an Azure virtual machine, to name a few examples. Other Rancher docs often use 'node' as a generic term for all of these. One possible way to deploy a Linux machine is by setting up an Amazon EC2 instance as shown in [this tutorial](../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md). -The full installation requirements are [here](../../../pages-for-subheaders/installation-requirements.md). +The full installation requirements are [here](../../installation-and-upgrade/installation-requirements/installation-requirements.md). ## Install K3s on Linux @@ -151,6 +151,6 @@ Now if you navigate to `.sslip.io` in a web browser, you shoul To make these instructions simple, we used a fake domain name and self-signed certificates to do this installation. Therefore, you will probably need to add a security exception to your web browser to see the Rancher UI. Note that for production installs, you would need a high-availability setup with a load balancer, a real domain name and real certificates. -These instructions also left out the full installation requirements and other installation options. If you have any issues with these steps, refer to the full [Helm CLI installation docs.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) +These instructions also left out the full installation requirements and other installation options. If you have any issues with these steps, refer to the full [Helm CLI installation docs.](../../installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) -To launch new Kubernetes clusters with your new Rancher server, you may need to set up cloud credentials in Rancher. For more information, see [Launching Kubernetes clusters with Rancher.](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +To launch new Kubernetes clusters with your new Rancher server, you may need to set up cloud credentials in Rancher. For more information, see [Launching Kubernetes clusters with Rancher.](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md index 73774d54f0b..eb56bfbe452 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Hetzner Cloud in a s :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -71,7 +71,7 @@ Two Kubernetes clusters are deployed into your Hetzner account, one running Ranc ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md index 587da5e2011..5d4e03fc6b9 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Outscale in a single :::note -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -71,7 +71,7 @@ Two Kubernetes clusters are deployed into your Outscale account, one running Ran ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index efd3465ce22..484d86b20f0 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -10,7 +10,7 @@ The following steps quickly deploy a Rancher Server with a single node cluster a :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -46,7 +46,7 @@ The intent of these guides is to quickly launch a sandbox that you can use to ev ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/docs/pages-for-subheaders/deploy-rancher-workloads.md b/docs/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md similarity index 60% rename from docs/pages-for-subheaders/deploy-rancher-workloads.md rename to docs/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md index b2898cd513b..e6042decd34 100644 --- a/docs/pages-for-subheaders/deploy-rancher-workloads.md +++ b/docs/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md @@ -8,5 +8,5 @@ title: Deploying Workloads These guides walk you through the deployment of an application, including how to expose the application for use outside of the cluster. -- [Workload with Ingress](../getting-started/quick-start-guides/deploy-workloads/workload-ingress.md) -- [Workload with NodePort](../getting-started/quick-start-guides/deploy-workloads/nodeports.md) +- [Workload with Ingress](workload-ingress.md) +- [Workload with NodePort](nodeports.md) diff --git a/docs/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md b/docs/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md index 92e71d701c5..a1624912313 100644 --- a/docs/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md +++ b/docs/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md @@ -23,7 +23,7 @@ For this workload, you'll be deploying the application Rancher Hello-World. 1. Click **Deployment**. 1. Enter a **Name** for your workload. 1. From the **Container Image** field, enter `rancher/hello-world`. This field is case-sensitive. -1. Click **Add Port** and `Cluster IP` for the `Service Type` and enter `80` in the **Private Container Port** field. You may leave the `Name` blank or specify any name that you wish. Adding a port enables access to the application inside and outside of the cluster. For more information, see [Services](../../../pages-for-subheaders/workloads-and-pods.md#services). +1. Click **Add Port** and `Cluster IP` for the `Service Type` and enter `80` in the **Private Container Port** field. You may leave the `Name` blank or specify any name that you wish. Adding a port enables access to the application inside and outside of the cluster. For more information, see [Services](../../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md#services). 1. Click **Create**. **Result:** diff --git a/docs/pages-for-subheaders/quick-start-guides.md b/docs/getting-started/quick-start-guides/quick-start-guides.md similarity index 60% rename from docs/pages-for-subheaders/quick-start-guides.md rename to docs/getting-started/quick-start-guides/quick-start-guides.md index d4f0f9e26b9..955135a1d48 100644 --- a/docs/pages-for-subheaders/quick-start-guides.md +++ b/docs/getting-started/quick-start-guides/quick-start-guides.md @@ -8,7 +8,7 @@ title: Rancher Deployment Quick Start Guides :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -16,6 +16,6 @@ Use this section of the docs to jump start your deployment and testing of Ranche We have Quick Start Guides for: -- [Deploying Rancher Server](deploy-rancher-manager.md): Get started running Rancher using the method most convenient for you. +- [Deploying Rancher Server](deploy-rancher-manager/deploy-rancher-manager.md): Get started running Rancher using the method most convenient for you. -- [Deploying Workloads](deploy-rancher-workloads.md): Deploy a simple [workload](https://kubernetes.io/docs/concepts/workloads/) and expose it, letting you access it from outside the cluster. +- [Deploying Workloads](deploy-workloads/deploy-workloads.md): Deploy a simple [workload](https://kubernetes.io/docs/concepts/workloads/) and expose it, letting you access it from outside the cluster. diff --git a/docs/pages-for-subheaders/advanced-user-guides.md b/docs/how-to-guides/advanced-user-guides/advanced-user-guides.md similarity index 100% rename from docs/pages-for-subheaders/advanced-user-guides.md rename to docs/how-to-guides/advanced-user-guides/advanced-user-guides.md diff --git a/docs/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md b/docs/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md new file mode 100644 index 00000000000..790b7e1b6c1 --- /dev/null +++ b/docs/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md @@ -0,0 +1,17 @@ +--- +title: CIS Scan Guides +--- + + + + + +- [Install rancher-cis-benchmark](install-rancher-cis-benchmark.md) +- [Uninstall rancher-cis-benchmark](uninstall-rancher-cis-benchmark.md) +- [Run a Scan](run-a-scan.md) +- [Run a Scan Periodically on a Schedule](run-a-scan-periodically-on-a-schedule.md) +- [Skip Tests](skip-tests.md) +- [View Reports](view-reports.md) +- [Enable Alerting for rancher-cis-benchmark](enable-alerting-for-rancher-cis-benchmark.md) +- [Configure Alerts for Periodic Scan on a Schedule](configure-alerts-for-periodic-scan-on-a-schedule.md) +- [Create a Custom Benchmark Version to Run](create-a-custom-benchmark-version-to-run.md) \ No newline at end of file diff --git a/docs/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md b/docs/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md index 98ea1abfb3e..dc19b0a28ea 100644 --- a/docs/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md +++ b/docs/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md @@ -14,14 +14,14 @@ This install procedure walks you through deployment of Rancher using a single co ## Requirements for OS, Docker, Hardware, and Networking -Make sure that your node fulfills the general [installation requirements.](../../pages-for-subheaders/installation-requirements.md) +Make sure that your node fulfills the general [installation requirements.](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) ## Installation Outline ## 1. Provision Linux Host -Provision a single Linux host according to our [Requirements](../../pages-for-subheaders/installation-requirements.md) to launch your Rancher Server. +Provision a single Linux host according to our [Requirements](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) to launch your Rancher Server. ## 2. Choose an SSL Option and Install Rancher @@ -170,7 +170,7 @@ http { ## What's Next? - **Recommended:** Review Single Node [Backup](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. -- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md).
@@ -192,7 +192,7 @@ If you want to record all transactions with the Rancher API, enable the [API Aud ### Air Gap -If you are visiting this page to complete an [Air Gap Installation](../../pages-for-subheaders/air-gapped-helm-cli-install.md), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. +If you are visiting this page to complete an [Air Gap Installation](../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. **Example:** @@ -212,7 +212,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -This operation requires [privileged access](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher). +This operation requires [privileged access](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher). This layer 7 NGINX configuration is tested on NGINX version 1.13 (mainline) and 1.14 (stable). diff --git a/docs/how-to-guides/advanced-user-guides/enable-api-audit-log.md b/docs/how-to-guides/advanced-user-guides/enable-api-audit-log.md index 0697f327280..403ef259a25 100644 --- a/docs/how-to-guides/advanced-user-guides/enable-api-audit-log.md +++ b/docs/how-to-guides/advanced-user-guides/enable-api-audit-log.md @@ -63,7 +63,7 @@ kubectl -n cattle-system logs -f rancher-84d886bdbb-s4s69 rancher-audit-log #### Shipping the Audit Log -You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging](../../pages-for-subheaders/logging.md) for details. +You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging](../../integrations-in-rancher/logging/logging.md) for details. ## Audit Log Samples diff --git a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md index ccc1c4f4bff..41c3aa82aea 100644 --- a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md +++ b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md @@ -8,7 +8,7 @@ title: Continuous Delivery [Fleet](../../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md) comes preinstalled in Rancher can't be fully disabled. However, the Fleet feature for GitOps continuous delivery may be disabled using the `continuous-delivery` feature flag. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/docs/pages-for-subheaders/enable-experimental-features.md b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md similarity index 89% rename from docs/pages-for-subheaders/enable-experimental-features.md rename to docs/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md index 0e5ad863608..778f2b05451 100644 --- a/docs/pages-for-subheaders/enable-experimental-features.md +++ b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md @@ -6,7 +6,7 @@ title: Enabling Experimental Features -Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type](../how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. +Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type](unsupported-storage-drivers.md) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. The features can be enabled in three ways: @@ -23,7 +23,7 @@ If no value has been set, Rancher uses the default value. Because the API sets the actual value and the command line sets the default value, that means that if you enable or disable a feature with the API or UI, it will override any value set with the command line. -For example, if you install Rancher, then set a feature flag to true with the Rancher API, then upgrade Rancher with a command that sets the feature flag to false, the default value will still be false, but the feature will still be enabled because it was set with the Rancher API. If you then deleted the set value (true) with the Rancher API, setting it to NULL, the default value (false) would take effect. See the [feature flags page](../getting-started/installation-and-upgrade/installation-references/feature-flags.md) for more information. +For example, if you install Rancher, then set a feature flag to true with the Rancher API, then upgrade Rancher with a command that sets the feature flag to false, the default value will still be false, but the feature will still be enabled because it was set with the Rancher API. If you then deleted the set value (true) with the Rancher API, setting it to NULL, the default value (false) would take effect. See the [feature flags page](../../../getting-started/installation-and-upgrade/installation-references/feature-flags.md) for more information. ## Enabling Features when Starting Rancher @@ -57,7 +57,7 @@ If you are installing an alpha version, Helm requires adding the `--devel` optio ### Enabling Features for Air Gap Installs -To perform an [air gap installation of Rancher](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md), add a Helm chart repository and download a Helm chart, then install Rancher with Helm. +To perform an [air gap installation of Rancher](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md), add a Helm chart repository and download a Helm chart, then install Rancher with Helm. When you install the Helm chart, you should pass in feature flag names in a comma separated list, as in the following example: diff --git a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md index d34b03f676d..ac7861a0d83 100644 --- a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md +++ b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md @@ -8,9 +8,9 @@ title: UI for Istio Virtual Services and Destination Rules This feature enables a UI that lets you create, read, update and delete virtual services and destination rules, which are traffic management features of Istio. -> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster](../../../pages-for-subheaders/istio-setup-guide.md) in order to use the feature. +> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster](../istio-setup-guide/istio-setup-guide.md) in order to use the feature. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Status | Available as of ---|---|---|--- diff --git a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md index 5c86ee60a66..4811efbae33 100644 --- a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md +++ b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md @@ -15,7 +15,7 @@ Running on an ARM64 platform is currently an experimental feature and is not yet The following options are available when using an ARM64 platform: - Running Rancher on ARM64 based node(s) - - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install link](../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md): + - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install link](../../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md): ``` # In the last line `rancher/rancher:vX.Y.Z`, be certain to replace "X.Y.Z" with a released version in which ARM64 builds exist. For example, if your matching version is v2.5.8, you would fill in this line with `rancher/rancher:v2.5.8`. diff --git a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md index 284c3f23bd9..aa0c6df0a43 100644 --- a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md +++ b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md @@ -8,7 +8,7 @@ title: Allow Unsupported Storage Drivers This feature allows you to use types for storage providers and provisioners that are not enabled by default. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index 3ca93936f1f..ccc2009b0bc 100644 --- a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -23,11 +23,11 @@ title: 1. Enable Istio in the Cluster 1. If you have not already installed your own monitoring app, you will be prompted to install the rancher-monitoring app. Optional: Set your Selector or Scrape config options on rancher-monitoring app install. 1. Optional: Configure member access and [resource limits](../../../integrations-in-rancher/istio/cpu-and-memory-allocations.md) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. 1. Optional: Make additional configuration changes to values.yaml if needed. -1. Optional: Add further resources or configuration via the [overlay file](../../../pages-for-subheaders/configuration-options.md#overlay-file). +1. Optional: Add further resources or configuration via the [overlay file](../../../integrations-in-rancher/istio/configuration-options/configuration-options.md#overlay-file). 1. Click **Install**. **Result:** Istio is installed at the cluster level. ## Additional Config Options -For more information on configuring Istio, refer to the [configuration reference.](../../../pages-for-subheaders/configuration-options.md) +For more information on configuring Istio, refer to the [configuration reference.](../../../integrations-in-rancher/istio/configuration-options/configuration-options.md) diff --git a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md new file mode 100644 index 00000000000..4682e638ed0 --- /dev/null +++ b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md @@ -0,0 +1,34 @@ +--- +title: Setup Guide +--- + + + + + +This section describes how to enable Istio and start using it in your projects. + +If you use Istio for traffic management, you will need to allow external traffic to the cluster. In that case, you will need to follow all of the steps below. + +## Prerequisites + +This guide assumes you have already [installed Rancher,](../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) and you have already [provisioned a separate Kubernetes cluster](../../new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) on which you will install Istio. + +The nodes in your cluster must meet the [CPU and memory requirements.](../../../integrations-in-rancher/istio/cpu-and-memory-allocations.md) + +The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) + +## Install + +:::tip Quick Setup Tip: + +If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway](set-up-istio-gateway.md) and [setting up Istio's components for traffic management.](set-up-traffic-management.md) + +::: + +1. [Enable Istio in the cluster.](enable-istio-in-cluster.md) +1. [Enable Istio in all the namespaces where you want to use it.](enable-istio-in-namespace.md) +1. [Add deployments and services that have the Istio sidecar injected.](use-istio-sidecar.md) +1. [Set up the Istio gateway. ](set-up-istio-gateway.md) +1. [Set up Istio's components for traffic management.](set-up-traffic-management.md) +1. [Generate traffic and see Istio in action.](generate-and-view-traffic.md) diff --git a/docs/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md b/docs/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md index 664ee75b85e..779edde32e1 100644 --- a/docs/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md +++ b/docs/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md @@ -8,7 +8,7 @@ title: Pod Security Policies :::note -These cluster options are only available for [clusters in which Rancher has launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +These cluster options are only available for [clusters in which Rancher has launched Kubernetes](../../new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ::: diff --git a/docs/pages-for-subheaders/manage-project-resource-quotas.md b/docs/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md similarity index 90% rename from docs/pages-for-subheaders/manage-project-resource-quotas.md rename to docs/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md index a3bc8183b57..ca734c02b26 100644 --- a/docs/pages-for-subheaders/manage-project-resource-quotas.md +++ b/docs/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md @@ -10,9 +10,9 @@ In situations where several teams share a cluster, one team may overconsume the This page is a how-to guide for creating resource quotas in existing projects. -Resource quotas can also be set when a new project is created. For details, refer to the section on [creating new projects.](../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md#creating-projects) +Resource quotas can also be set when a new project is created. For details, refer to the section on [creating new projects.](../../../new-user-guides/manage-clusters/projects-and-namespaces.md#creating-projects) -Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to projects. For details on how resource quotas work with projects in Rancher, refer to [this page.](../how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas.md) +Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to projects. For details on how resource quotas work with projects in Rancher, refer to [this page.](about-project-resource-quotas.md) ### Applying Resource Quotas to Existing Projects @@ -34,7 +34,7 @@ Edit resource quotas when: 1. Expand **Resource Quotas** and click **Add Resource**. Alternatively, you can edit existing quotas. -1. Select a Resource Type. For more information on types, see the [quota type reference.](../how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/resource-quota-types.md) +1. Select a Resource Type. For more information on types, see the [quota type reference.](resource-quota-types.md) 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. diff --git a/docs/pages-for-subheaders/manage-projects.md b/docs/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md similarity index 56% rename from docs/pages-for-subheaders/manage-projects.md rename to docs/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md index be308c7e342..0b16e16d3bc 100644 --- a/docs/pages-for-subheaders/manage-projects.md +++ b/docs/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md @@ -19,18 +19,18 @@ Rancher projects resolve this issue by allowing you to apply resources and acces You can use projects to perform actions like: -- [Assign users access to a group of namespaces](../how-to-guides/new-user-guides/add-users-to-projects.md) -- Assign users [specific roles in a project](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). A role can be owner, member, read-only, or [custom](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md) -- [Set resource quotas](manage-project-resource-quotas.md) -- [Manage namespaces](../how-to-guides/new-user-guides/manage-namespaces.md) -- [Configure tools](../reference-guides/rancher-project-tools.md) -- [Configure pod security policies](../how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md) +- [Assign users access to a group of namespaces](../../new-user-guides/add-users-to-projects.md) +- Assign users [specific roles in a project](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). A role can be owner, member, read-only, or [custom](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md) +- [Set resource quotas](manage-project-resource-quotas/manage-project-resource-quotas.md) +- [Manage namespaces](../../new-user-guides/manage-namespaces.md) +- [Configure tools](../../../reference-guides/rancher-project-tools.md) +- [Configure pod security policies](manage-pod-security-policies.md) ### Authorization -Non-administrative users are only authorized for project access after an [administrator](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owner or member](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) adds them to the project's **Members** tab. +Non-administrative users are only authorized for project access after an [administrator](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owner or member](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owner](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) adds them to the project's **Members** tab. -Whoever creates the project automatically becomes a [project owner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). +Whoever creates the project automatically becomes a [project owner](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). ## Switching between Projects diff --git a/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md b/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md new file mode 100644 index 00000000000..bb8f63019e7 --- /dev/null +++ b/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md @@ -0,0 +1,14 @@ +--- +title: Monitoring Guides +--- + + + + + +- [Enable monitoring](enable-monitoring.md) +- [Uninstall monitoring](uninstall-monitoring.md) +- [Monitoring workloads](set-up-monitoring-for-workloads.md) +- [Customizing Grafana dashboards](customize-grafana-dashboard.md) +- [Persistent Grafana dashboards](create-persistent-grafana-dashboard.md) +- [Debugging high memory usage](debug-high-memory-usage.md) diff --git a/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md b/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md index b4f9fcc166f..589875199e8 100644 --- a/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md +++ b/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md @@ -8,7 +8,7 @@ title: Enable Prometheus Federator ## Requirements -By default, Prometheus Federator is configured and intended to be deployed alongside [rancher-monitoring](../../../../pages-for-subheaders/monitoring-and-alerting.md), which deploys Prometheus Operator alongside a Cluster Prometheus that each Project Monitoring Stack is configured to federate namespace-scoped metrics from by default. +By default, Prometheus Federator is configured and intended to be deployed alongside [rancher-monitoring](../../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md), which deploys Prometheus Operator alongside a Cluster Prometheus that each Project Monitoring Stack is configured to federate namespace-scoped metrics from by default. For instructions on installing rancher-monitoring, refer to [this page](../enable-monitoring.md). diff --git a/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md b/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md new file mode 100644 index 00000000000..4651e682528 --- /dev/null +++ b/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md @@ -0,0 +1,12 @@ +--- +title: Prometheus Federator Guides +--- + + + + + +- [Enable Prometheus Operator](enable-prometheus-federator.md) +- [Uninstall Prometheus Operator](uninstall-prometheus-federator.md) +- [Customize Grafana Dashboards](customize-grafana-dashboards.md) +- [Set Up Workloads](set-up-workloads.md) \ No newline at end of file diff --git a/docs/pages-for-subheaders/advanced-configuration.md b/docs/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md similarity index 51% rename from docs/pages-for-subheaders/advanced-configuration.md rename to docs/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md index 87efa2a0f9e..35de246d3de 100644 --- a/docs/pages-for-subheaders/advanced-configuration.md +++ b/docs/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md @@ -8,12 +8,12 @@ title: Advanced Configuration ### Alertmanager -For information on configuring the Alertmanager custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +For information on configuring the Alertmanager custom resource, see [this page.](alertmanager.md) ### Prometheus -For information on configuring the Prometheus custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +For information on configuring the Prometheus custom resource, see [this page.](prometheus.md) ### PrometheusRules -For information on configuring the Prometheus custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) \ No newline at end of file +For information on configuring the Prometheus custom resource, see [this page.](prometheusrules.md) \ No newline at end of file diff --git a/docs/pages-for-subheaders/monitoring-v2-configuration-guides.md b/docs/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md similarity index 74% rename from docs/pages-for-subheaders/monitoring-v2-configuration-guides.md rename to docs/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md index bd0de341f46..46e41afd605 100644 --- a/docs/pages-for-subheaders/monitoring-v2-configuration-guides.md +++ b/docs/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md @@ -12,7 +12,7 @@ For information on configuring custom scrape targets and rules for Prometheus, p ## Setting Resource Limits and Requests -The resource requests and limits for the monitoring application can be configured when installing `rancher-monitoring`. For more information about the default limits, see [this page.](../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) +The resource requests and limits for the monitoring application can be configured when installing `rancher-monitoring`. For more information about the default limits, see [this page.](../../../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) :::tip @@ -29,11 +29,11 @@ Instead, to configure Prometheus to scrape custom metrics, you will only need to ### ServiceMonitor and PodMonitor Configuration -For details, see [this page.](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) +For details, see [this page.](../../../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) ### Advanced Prometheus Configuration -For more information about directly editing the Prometheus custom resource, which may be helpful in advanced use cases, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +For more information about directly editing the Prometheus custom resource, which may be helpful in advanced use cases, see [this page.](advanced-configuration/prometheus.md) ## Alertmanager Configuration @@ -41,15 +41,15 @@ The Alertmanager custom resource usually doesn't need to be edited directly. For Routes and receivers are part of the configuration of the alertmanager custom resource. In the Rancher UI, Routes and Receivers are not true custom resources, but pseudo-custom resources that the Prometheus Operator uses to synchronize your configuration with the Alertmanager custom resource. When routes and receivers are updated, the monitoring application will automatically update Alertmanager to reflect those changes. -For some advanced use cases, you may want to configure alertmanager directly. For more information, refer to [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +For some advanced use cases, you may want to configure alertmanager directly. For more information, refer to [this page.](advanced-configuration/alertmanager.md) ### Receivers -Receivers are used to set up notifications. For details on how to configure receivers, see [this page.](../reference-guides/monitoring-v2-configuration/receivers.md) +Receivers are used to set up notifications. For details on how to configure receivers, see [this page.](../../../reference-guides/monitoring-v2-configuration/receivers.md) ### Routes -Routes filter notifications before they reach receivers. Each route needs to refer to a receiver that has already been configured. For details on how to configure routes, see [this page.](../reference-guides/monitoring-v2-configuration/routes.md) +Routes filter notifications before they reach receivers. Each route needs to refer to a receiver that has already been configured. For details on how to configure routes, see [this page.](../../../reference-guides/monitoring-v2-configuration/routes.md) ### Advanced -For more information about directly editing the Alertmanager custom resource, which may be helpful in advanced use cases, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) \ No newline at end of file +For more information about directly editing the Alertmanager custom resource, which may be helpful in advanced use cases, see [this page.](advanced-configuration/alertmanager.md) \ No newline at end of file diff --git a/docs/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md b/docs/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md index 90ba4bd4e8c..2369abe3948 100644 --- a/docs/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md +++ b/docs/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md @@ -35,7 +35,7 @@ You can check the default firewall rules with this command: sudo iptables --list ``` -This section describes how to use `firewalld` to apply the [firewall port rules](../../pages-for-subheaders/installation-requirements.md#port-requirements) for nodes in a high-availability Rancher server cluster. +This section describes how to use `firewalld` to apply the [firewall port rules](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) for nodes in a high-availability Rancher server cluster. ## Prerequisite diff --git a/docs/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md b/docs/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md index 7d803ff697e..59757908a7b 100644 --- a/docs/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md +++ b/docs/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md @@ -6,7 +6,7 @@ title: Tuning etcd for Large Installations -When Rancher is used to manage [a large infrastructure](../../pages-for-subheaders/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. +When Rancher is used to manage [a large infrastructure](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. The etcd data set is automatically cleaned up on a five minute interval by Kubernetes. There are situations, e.g. deployment thrashing, where enough events could be written to etcd and deleted before garbage collection occurs and cleans things up causing the keyspace to fill up. If you see `mvcc: database space exceeded` errors, in the etcd logs or Kubernetes API server logs, you should consider increasing the keyspace size. This can be accomplished by setting the [quota-backend-bytes](https://etcd.io/docs/v3.4.0/op-guide/maintenance/#space-quota) setting on the etcd servers. diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md new file mode 100644 index 00000000000..a88c1896f5a --- /dev/null +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md @@ -0,0 +1,51 @@ +--- +title: Provisioning Drivers +--- + + + + + +Drivers in Rancher allow you to manage which providers can be used to deploy [hosted Kubernetes clusters](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. + +### Rancher Drivers + +With Rancher drivers, you can enable/disable existing built-in drivers that are packaged in Rancher. Alternatively, you can add your own driver if Rancher has not yet implemented it. + +There are two types of drivers within Rancher: + +* [Cluster Drivers](#cluster-drivers) +* [Node Drivers](#node-drivers) + +### Cluster Drivers + +Cluster drivers are used to provision [hosted Kubernetes clusters](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md), such as GKE, EKS, AKS, etc.. The availability of which cluster driver to display when creating a cluster is defined based on the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters for hosted Kubernetes clusters. By default, Rancher is packaged with several existing cluster drivers, but you can also create custom cluster drivers to add to Rancher. + +By default, Rancher has activated several hosted Kubernetes cloud providers including: + +* [Amazon EKS](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) +* [Google GKE](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) +* [Azure AKS](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) + +There are several other hosted Kubernetes cloud providers that are disabled by default, but are packaged in Rancher: + +* [Alibaba ACK](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) +* [Huawei CCE](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) +* [Tencent](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) + +### Node Drivers + +Node drivers are used to provision hosts, which Rancher uses to launch and manage Kubernetes clusters. A node driver is the same as a [Docker Machine driver](https://docs.docker.com/machine/drivers/). The availability of which node driver to display when creating node templates is defined based on the node driver's status. Only `active` node drivers will be displayed as an option for creating node templates. By default, Rancher is packaged with many existing Docker Machine drivers, but you can also create custom node drivers to add to Rancher. + +If there are specific node drivers that you don't want to show to your users, you would need to de-activate these node drivers. + +Rancher supports several major cloud providers, but by default, these node drivers are active and available for deployment: + +* [Amazon EC2](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) +* [Azure](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md) +* [Digital Ocean](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md) +* [vSphere](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md) + +There are several other node drivers that are disabled by default, but are packaged in Rancher: + +* [Harvester](../../../../integrations-in-rancher/harvester/overview.md#harvester-node-driver/), available as of Rancher v2.6.1 diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md index 8d265e034f8..4e0819074a8 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md @@ -6,7 +6,7 @@ title: Cluster Drivers -Cluster drivers are used to create clusters in a [hosted Kubernetes provider](../../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md), such as Google GKE. The availability of which cluster driver to display when creating clusters is defined by the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters. By default, Rancher is packaged with several existing cloud provider cluster drivers, but you can also add custom cluster drivers to Rancher. +Cluster drivers are used to create clusters in a [hosted Kubernetes provider](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md), such as Google GKE. The availability of which cluster driver to display when creating clusters is defined by the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters. By default, Rancher is packaged with several existing cloud provider cluster drivers, but you can also add custom cluster drivers to Rancher. If there are specific cluster drivers that you do not want to show your users, you may deactivate those cluster drivers within Rancher and they will not appear as an option for cluster creation. diff --git a/docs/pages-for-subheaders/about-rke1-templates.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md similarity index 58% rename from docs/pages-for-subheaders/about-rke1-templates.md rename to docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md index 601a622a581..eab13feb274 100644 --- a/docs/pages-for-subheaders/about-rke1-templates.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md @@ -18,7 +18,7 @@ Admins control which cluster options can be changed by end users. RKE templates If a cluster was created with an RKE template, you can't change it to a different RKE template. You can only update the cluster to a new revision of the same template. -You can [save the configuration of an existing cluster as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. The new template can also be used to launch new clusters. +You can [save the configuration of an existing cluster as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. The new template can also be used to launch new clusters. The core features of RKE templates allow DevOps and security teams to: @@ -49,24 +49,24 @@ The [add-on section](#add-ons) of an RKE template is especially powerful because RKE templates are supported for Rancher-provisioned clusters. The templates can be used to provision custom clusters or clusters that are launched by an infrastructure provider. -RKE templates are for defining Kubernetes and Rancher settings. Node templates are responsible for configuring nodes. For tips on how to use RKE templates in conjunction with hardware, refer to [RKE Templates and Hardware](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md). +RKE templates are for defining Kubernetes and Rancher settings. Node templates are responsible for configuring nodes. For tips on how to use RKE templates in conjunction with hardware, refer to [RKE Templates and Hardware](infrastructure.md). RKE templates can be created from scratch to pre-define cluster configuration. They can be applied to launch new clusters, or templates can also be exported from existing running clusters. -The settings of an existing cluster can be [saved as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) This creates a new template and binds the cluster settings to the template, so that the cluster can only be upgraded if the [template is updated](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#updating-a-template), and the cluster is upgraded to [use a newer version of the template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) The new template can also be used to create new clusters. +The settings of an existing cluster can be [saved as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) This creates a new template and binds the cluster settings to the template, so that the cluster can only be upgraded if the [template is updated](manage-rke1-templates.md#updating-a-template), and the cluster is upgraded to [use a newer version of the template.](manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) The new template can also be used to create new clusters. ## Example Scenarios When an organization has both basic and advanced Rancher users, administrators might want to give the advanced users more options for cluster creation, while restricting the options for basic users. -These [example scenarios](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md) describe how an organization could use templates to standardize cluster creation. +These [example scenarios](example-use-cases.md) describe how an organization could use templates to standardize cluster creation. Some of the example scenarios include the following: -- **Enforcing templates:** Administrators might want to [enforce one or more template settings for everyone](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#enforcing-a-template-setting-for-everyone) if they want all new Rancher-provisioned clusters to have those settings. -- **Sharing different templates with different users:** Administrators might give [different templates to basic and advanced users,](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#templates-for-basic-and-advanced-users) so that basic users can have more restricted options and advanced users can use more discretion when creating clusters. -- **Updating template settings:** If an organization's security and DevOps teams decide to embed best practices into the required settings for new clusters, those best practices could change over time. If the best practices change, [a template can be updated to a new revision](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#updating-templates-and-clusters-created-with-them) and clusters created from the template can [upgrade to the new version](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) of the template. -- **Sharing ownership of a template:** When a template owner no longer wants to maintain a template, or wants to share ownership of the template, this scenario describes how [template ownership can be shared.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#allowing-other-users-to-control-and-share-a-template) +- **Enforcing templates:** Administrators might want to [enforce one or more template settings for everyone](example-use-cases.md#enforcing-a-template-setting-for-everyone) if they want all new Rancher-provisioned clusters to have those settings. +- **Sharing different templates with different users:** Administrators might give [different templates to basic and advanced users,](example-use-cases.md#templates-for-basic-and-advanced-users) so that basic users can have more restricted options and advanced users can use more discretion when creating clusters. +- **Updating template settings:** If an organization's security and DevOps teams decide to embed best practices into the required settings for new clusters, those best practices could change over time. If the best practices change, [a template can be updated to a new revision](example-use-cases.md#updating-templates-and-clusters-created-with-them) and clusters created from the template can [upgrade to the new version](manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) of the template. +- **Sharing ownership of a template:** When a template owner no longer wants to maintain a template, or wants to share ownership of the template, this scenario describes how [template ownership can be shared.](example-use-cases.md#allowing-other-users-to-control-and-share-a-template) ## Template Management @@ -82,34 +82,34 @@ For the settings that cannot be overridden, the end user will not be able to dir The documents in this section explain the details of RKE template management: -- [Getting permission to create templates](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/creator-permissions.md) -- [Creating and revising templates](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md) -- [Enforcing template settings](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/enforce-templates.md#requiring-new-clusters-to-use-an-rke-template) -- [Overriding template settings](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/override-template-settings.md) -- [Sharing templates with cluster creators](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) -- [Sharing ownership of a template](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md#sharing-ownership-of-templates) +- [Getting permission to create templates](creator-permissions.md) +- [Creating and revising templates](manage-rke1-templates.md) +- [Enforcing template settings](enforce-templates.md#requiring-new-clusters-to-use-an-rke-template) +- [Overriding template settings](override-template-settings.md) +- [Sharing templates with cluster creators](access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) +- [Sharing ownership of a template](access-or-share-templates.md#sharing-ownership-of-templates) -An [example YAML configuration file for a template](../reference-guides/rke1-template-example-yaml.md) is provided for reference. +An [example YAML configuration file for a template](../../../../reference-guides/rke1-template-example-yaml.md) is provided for reference. ## Applying Templates -You can [create a cluster from a template](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#creating-a-cluster-from-an-rke-template) that you created, or from a template that has been [shared with you.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md) +You can [create a cluster from a template](apply-templates.md#creating-a-cluster-from-an-rke-template) that you created, or from a template that has been [shared with you.](access-or-share-templates.md) -If the RKE template owner creates a new revision of the template, you can [upgrade your cluster to that revision.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#updating-a-cluster-created-with-an-rke-template) +If the RKE template owner creates a new revision of the template, you can [upgrade your cluster to that revision.](apply-templates.md#updating-a-cluster-created-with-an-rke-template) RKE templates can be created from scratch to pre-define cluster configuration. They can be applied to launch new clusters, or templates can also be exported from existing running clusters. -You can [save the configuration of an existing cluster as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. +You can [save the configuration of an existing cluster as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. ## Standardizing Hardware -RKE templates are designed to standardize Kubernetes and Rancher settings. If you want to standardize your infrastructure as well, one option is to use RKE templates [in conjunction with other tools](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md). +RKE templates are designed to standardize Kubernetes and Rancher settings. If you want to standardize your infrastructure as well, one option is to use RKE templates [in conjunction with other tools](infrastructure.md). -Another option is to use [cluster templates,](../how-to-guides/new-user-guides/manage-clusters/manage-cluster-templates.md) which include node pool configuration options, but don't provide configuration enforcement. +Another option is to use [cluster templates,](../../manage-clusters/manage-cluster-templates.md) which include node pool configuration options, but don't provide configuration enforcement. ## YAML Customization -If you define an RKE template as a YAML file, you can modify this [example RKE template YAML](../reference-guides/rke1-template-example-yaml.md). The YAML in the RKE template uses the same customization that Rancher uses when creating an RKE cluster, but since the YAML is located within the context of a Rancher provisioned cluster, you will need to nest the RKE template customization under the `rancher_kubernetes_engine_config` directive in the YAML. +If you define an RKE template as a YAML file, you can modify this [example RKE template YAML](../../../../reference-guides/rke1-template-example-yaml.md). The YAML in the RKE template uses the same customization that Rancher uses when creating an RKE cluster, but since the YAML is located within the context of a Rancher provisioned cluster, you will need to nest the RKE template customization under the `rancher_kubernetes_engine_config` directive in the YAML. The RKE documentation also has [annotated](https://rancher.com/docs/rke/latest/en/example-yamls/) `cluster.yml` files that you can use for reference. diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md index 1818e9076ff..7f95ca305be 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md @@ -17,7 +17,7 @@ You can't change a cluster to use a different RKE template. You can only update ### Creating a Cluster from an RKE Template -To add a cluster [hosted by an infrastructure provider](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) using an RKE template, use these steps: +To add a cluster [hosted by an infrastructure provider](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) using an RKE template, use these steps: 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create** and choose the infrastructure provider. @@ -31,7 +31,7 @@ To add a cluster [hosted by an infrastructure provider](../../../../pages-for-su When the template owner creates a template, each setting has a switch in the Rancher UI that indicates if users can override the setting. -- If the setting allows a user override, you can update these settings in the cluster by [editing the cluster.](../../../../pages-for-subheaders/cluster-configuration.md) +- If the setting allows a user override, you can update these settings in the cluster by [editing the cluster.](../../../../reference-guides/cluster-configuration/cluster-configuration.md) - If the switch is turned off, you cannot change these settings unless the cluster owner creates a template revision that lets you override them. If there are settings that you want to change, but don't have the option to, you will need to contact the template owner to get a new revision of the template. If a cluster was created from an RKE template, you can edit the cluster to update the cluster to a new revision of the template. diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md index 0b2b6f8b8eb..54a2897d38c 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md @@ -58,7 +58,7 @@ When you need to make changes to your infrastructure, instead of manually updati This section describes one way that you can make security and compliance-related config files standard in your clusters. -When you create a [CIS benchmark compliant cluster,](../../../../pages-for-subheaders/rancher-security.md) you have an encryption config file and an audit log config file. +When you create a [CIS benchmark compliant cluster,](../../../../reference-guides/rancher-security/rancher-security.md) you have an encryption config file and an audit log config file. Your infrastructure provisioning system can write those files to disk. Then in your RKE template, you would specify where those files will be, then add your encryption config file and audit log config file as extra mounts to the `kube-api-server`. diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md index e9eac6fe7f6..6e8c75fe8d7 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md @@ -30,7 +30,7 @@ You can revise, share, and delete a template if you are an owner of the template 1. Optional: Share the template with other users or groups by [adding them as members.](access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) You can also make the template public to share with everyone in the Rancher setup. 1. Then follow the form on screen to save the cluster configuration parameters as part of the template's revision. The revision can be marked as default for this template. -**Result:** An RKE template with one revision is configured. You can use this RKE template revision later when you [provision a Rancher-launched cluster](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). After a cluster is managed by an RKE template, it cannot be disconnected and the option to uncheck **Use an existing RKE Template and Revision** will be unavailable. +**Result:** An RKE template with one revision is configured. You can use this RKE template revision later when you [provision a Rancher-launched cluster](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). After a cluster is managed by an RKE template, it cannot be disconnected and the option to uncheck **Use an existing RKE Template and Revision** will be unavailable. ### Updating a Template diff --git a/docs/pages-for-subheaders/authentication-config.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md similarity index 78% rename from docs/pages-for-subheaders/authentication-config.md rename to docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md index 9bb89f46ee8..fa93a624d4a 100644 --- a/docs/pages-for-subheaders/authentication-config.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md @@ -17,26 +17,26 @@ The Rancher authentication proxy integrates with the following external authenti | Auth Service | | ------------------------------------------------------------------------------------------------ | -| [Microsoft Active Directory](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md) | -| [GitHub](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md) | -| [Microsoft Azure AD](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md) | -| [FreeIPA](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md) | -| [OpenLDAP](configure-openldap.md) | -| [Microsoft AD FS](configure-microsoft-ad-federation-service-saml.md) | -| [PingIdentity](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-pingidentity.md) | -| [Keycloak (OIDC)](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-oidc.md) | -| [Keycloak (SAML)](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-saml.md) | -| [Okta](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md) | -| [Google OAuth](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-google-oauth.md) | -| [Shibboleth](configure-shibboleth-saml.md) | +| [Microsoft Active Directory](configure-active-directory.md) | +| [GitHub](configure-github.md) | +| [Microsoft Azure AD](configure-azure-ad.md) | +| [FreeIPA](configure-freeipa.md) | +| [OpenLDAP](../configure-openldap/configure-openldap.md) | +| [Microsoft AD FS](../configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md) | +| [PingIdentity](configure-pingidentity.md) | +| [Keycloak (OIDC)](configure-keycloak-oidc.md) | +| [Keycloak (SAML)](configure-keycloak-saml.md) | +| [Okta](configure-okta-saml.md) | +| [Google OAuth](configure-google-oauth.md) | +| [Shibboleth](../configure-shibboleth-saml/configure-shibboleth-saml.md) | -However, Rancher also provides [local authentication](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/create-local-users.md). +However, Rancher also provides [local authentication](create-local-users.md). In most cases, you should use an external authentication service over local authentication, as external authentication allows user management from a central location. However, you may want a few local authentication users for managing Rancher under rare circumstances, such as if your external authentication provider is unavailable or undergoing maintenance. ## Users and Groups -Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When authenticating with an external provider, groups are provided from the external provider based on the user. These users and groups are given specific roles to resources like clusters, projects, multi-cluster apps, and global DNS providers and entries. When you give access to a group, all users who are a member of that group in the authentication provider will be able to access the resource with the permissions that you've specified. For more information on roles and permissions, see [Role Based Access Control](manage-role-based-access-control-rbac.md). +Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When authenticating with an external provider, groups are provided from the external provider based on the user. These users and groups are given specific roles to resources like clusters, projects, multi-cluster apps, and global DNS providers and entries. When you give access to a group, all users who are a member of that group in the authentication provider will be able to access the resource with the permissions that you've specified. For more information on roles and permissions, see [Role Based Access Control](../manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). :::note @@ -44,7 +44,7 @@ Local authentication does not support creating or managing groups. ::: -For more information, see [Users and Groups](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md) +For more information, see [Users and Groups](manage-users-and-groups.md) ## Scope of Rancher Authorization diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md index b24c4879071..b3f2f9a3a09 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md @@ -8,11 +8,11 @@ title: Configure Active Directory (AD) If your organization uses Microsoft Active Directory as central user repository, you can configure Rancher to communicate with an Active Directory server to authenticate users. This allows Rancher admins to control access to clusters and projects based on users and groups managed externally in the Active Directory, while allowing end-users to authenticate with their AD credentials when logging in to the Rancher UI. -Rancher uses LDAP to communicate with the Active Directory server. The authentication flow for Active Directory is therefore the same as for the [OpenLDAP authentication](../../../../pages-for-subheaders/configure-openldap.md) integration. +Rancher uses LDAP to communicate with the Active Directory server. The authentication flow for Active Directory is therefore the same as for the [OpenLDAP authentication](../configure-openldap/configure-openldap.md) integration. :::note -Before you start, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +Before you start, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md index d6f2884eab4..fe7485b1ce3 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md @@ -326,5 +326,5 @@ Token Endpoint | https://login.partner.microsoftonline.cn/{tenantID}/oauth2/v2 > >- If you don't wish to upgrade to v2.7.0+ after the Azure AD Graph API is retired, you'll need to either: - Use the built-in Rancher auth or - - Use another third-party auth system and set that up in Rancher. Please see the [authentication docs](../../../../pages-for-subheaders/authentication-config.md) to learn how to configure other open authentication providers. + - Use another third-party auth system and set that up in Rancher. Please see the [authentication docs](authentication-config.md) to learn how to configure other open authentication providers. diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md index 0fe6995d4ae..1b1526bca7d 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md @@ -12,7 +12,7 @@ If your organization uses FreeIPA for user authentication, you can configure Ran - You must have a [FreeIPA Server](https://www.freeipa.org/) configured. - Create a service account in FreeIPA with `read-only` access. Rancher uses this account to verify group membership when a user makes a request using an API key. -- Read [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +- Read [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md index 960d968de8d..c36d087ab5d 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md @@ -10,7 +10,7 @@ In environments using GitHub, you can configure Rancher to allow sign on using G :::note Prerequisites: -Read [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +Read [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md index cf84a9998a6..d53a871ad0b 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md @@ -100,7 +100,7 @@ The OpenLDAP service account is used for all searches. Rancher users will see us [Configure the settings](../configure-openldap/openldap-config-reference.md) for the OpenLDAP server, groups and users. Note that nested group membership isn't available. -> Before you proceed with the configuration, please familiarise yourself with [external authentication configuration and principal users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with [external authentication configuration and principal users](authentication-config.md#external-authentication-configuration-and-principal-users). 1. Sign into Rancher using a local user assigned the [administrator](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions) role (i.e., the _local principal_). 1. In the top left corner, click **☰ > Users & Authentication**. diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md index 38fc2a6403c..ec39be1f01b 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md @@ -8,7 +8,7 @@ title: Users and Groups Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When you configure an external authentication provider, users from that provider will be able to log in to your Rancher server. When a user logs in, the authentication provider will supply your Rancher server with a list of groups to which the user belongs. -Access to clusters, projects, multi-cluster apps, and global DNS providers and entries can be controlled by adding either individual users or groups to these resources. When you add a group to a resource, all users who are members of that group in the authentication provider, will be able to access the resource with the permissions that you've specified for the group. For more information on roles and permissions, see [Role Based Access Control](../../../../pages-for-subheaders/manage-role-based-access-control-rbac.md). +Access to clusters, projects, multi-cluster apps, and global DNS providers and entries can be controlled by adding either individual users or groups to these resources. When you add a group to a resource, all users who are members of that group in the authentication provider, will be able to access the resource with the permissions that you've specified for the group. For more information on roles and permissions, see [Role Based Access Control](../manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). ## Managing Members diff --git a/docs/pages-for-subheaders/authentication-permissions-and-global-configuration.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md similarity index 69% rename from docs/pages-for-subheaders/authentication-permissions-and-global-configuration.md rename to docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md index 0abc90d983c..64b34293ccd 100644 --- a/docs/pages-for-subheaders/authentication-permissions-and-global-configuration.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md @@ -6,7 +6,7 @@ title: Authentication, Permissions and Global Settings -After installation, the [system administrator](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md) should configure Rancher to configure authentication, authorization, security, default settings, security policies, drivers and global DNS entries. +After installation, the [system administrator](manage-role-based-access-control-rbac/global-permissions.md) should configure Rancher to configure authentication, authorization, security, default settings, security policies, drivers and global DNS entries. ## First Log In @@ -22,35 +22,35 @@ After you set the Rancher Server URL, we do not support updating it. Set the URL One of the key features that Rancher adds to Kubernetes is centralized user authentication. This feature allows to set up local users and/or connect to an external authentication provider. By connecting to an external authentication provider, you can leverage that provider's user and groups. -For more information how authentication works and how to configure each provider, see [Authentication](authentication-config.md). +For more information how authentication works and how to configure each provider, see [Authentication](authentication-config/authentication-config.md). ## Authorization Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. Once the user logs in to Rancher, their _authorization_, or their access rights within the system, is determined by the user's role. Rancher provides built-in roles to allow you to easily configure a user's permissions to resources, but Rancher also provides the ability to customize the roles for each Kubernetes resource. -For more information how authorization works and how to customize roles, see [Roles Based Access Control (RBAC)](manage-role-based-access-control-rbac.md). +For more information how authorization works and how to customize roles, see [Roles Based Access Control (RBAC)](manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). ## Pod Security Policies _Pod Security Policies_ (or PSPs) are objects that control security-sensitive aspects of pod specification, e.g. root privileges. If a pod does not meet the conditions specified in the PSP, Kubernetes will not allow it to start, and Rancher will display an error message. -For more information how to create and use PSPs, see [Pod Security Policies](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md). +For more information how to create and use PSPs, see [Pod Security Policies](create-pod-security-policies.md). ## Provisioning Drivers -Drivers in Rancher allow you to manage which providers can be used to provision [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. +Drivers in Rancher allow you to manage which providers can be used to provision [hosted Kubernetes clusters](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. -For more information, see [Provisioning Drivers](about-provisioning-drivers.md). +For more information, see [Provisioning Drivers](about-provisioning-drivers/about-provisioning-drivers.md). ## Adding Kubernetes Versions into Rancher With this feature, you can upgrade to the latest version of Kubernetes as soon as it is released, without upgrading Rancher. This feature allows you to easily upgrade Kubernetes patch versions (i.e. `v1.15.X`), but not intended to upgrade Kubernetes minor versions (i.e. `v1.X.0`) as Kubernetes tends to deprecate or add APIs between minor versions. -The information that Rancher uses to provision [RKE clusters](launch-kubernetes-with-rancher.md) is now located in the Rancher Kubernetes Metadata. For details on metadata configuration and how to change the Kubernetes version used for provisioning RKE clusters, see [Rancher Kubernetes Metadata.](../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md) +The information that Rancher uses to provision [RKE clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) is now located in the Rancher Kubernetes Metadata. For details on metadata configuration and how to change the Kubernetes version used for provisioning RKE clusters, see [Rancher Kubernetes Metadata.](../../../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md) -Rancher Kubernetes Metadata contains Kubernetes version information which Rancher uses to provision [RKE clusters](launch-kubernetes-with-rancher.md). +Rancher Kubernetes Metadata contains Kubernetes version information which Rancher uses to provision [RKE clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). -For more information on how metadata works and how to configure metadata config, see [Rancher Kubernetes Metadata](../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md). +For more information on how metadata works and how to configure metadata config, see [Rancher Kubernetes Metadata](../../../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md). ## Global Settings @@ -60,18 +60,18 @@ Click **☰** in the top left corner, then select **Global Settings**, to view a - **Settings**: Various Rancher defaults, such as the minimum length for a user's password (`password-min-length`). You should be cautious when modifying these settings, as invalid values may break your Rancher installation. - **Feature Flags**: Rancher features that can be toggled on or off. Some of these flags are for [experimental features](#enabling-experimental-features). -- **Banners**: Elements you can add to fixed locations on the portal. For example, you can use these options to [set a custom banner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/custom-branding.md#fixed-banners) for users when they login to Rancher. -- **Branding**: Rancher UI design elements that you can [customize](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/custom-branding.md). You can add a custom logo or favicon, and modify UI colors. +- **Banners**: Elements you can add to fixed locations on the portal. For example, you can use these options to [set a custom banner](custom-branding.md#fixed-banners) for users when they login to Rancher. +- **Branding**: Rancher UI design elements that you can [customize](custom-branding.md). You can add a custom logo or favicon, and modify UI colors. - **Performance**: Performance settings for the Rancher UI, such as incremental resource loading. - **Home Links**: Links displayed on the Rancher UI **Home** page. You can modify visibility for the default links or add your own links. ### Enabling Experimental Features -Rancher includes some features that are experimental and/or disabled by default. Feature flags allow you to enable these features. For more information, refer to the section about [feature flags.](enable-experimental-features.md) +Rancher includes some features that are experimental and/or disabled by default. Feature flags allow you to enable these features. For more information, refer to the section about [feature flags.](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md) ### Global Configuration -**Global Configuration** options aren't visible unless you activate the **legacy** [feature flag](enable-experimental-features.md). The **legacy** flag is disabled by default on fresh Rancher installs of v2.6 and later. If you upgrade from an earlier Rancher version, or activate the **legacy** feature flag on Rancher v2.6 and later, **Global Configuration** is available from the top navigation menu: +**Global Configuration** options aren't visible unless you activate the **legacy** [feature flag](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md). The **legacy** flag is disabled by default on fresh Rancher installs of v2.6 and later. If you upgrade from an earlier Rancher version, or activate the **legacy** feature flag on Rancher v2.6 and later, **Global Configuration** is available from the top navigation menu: 1. Click **☰** in the top left corner. 1. Select **Global Configuration** from the **Legacy Apps**. diff --git a/docs/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md similarity index 76% rename from docs/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md rename to docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md index 8662bf782fb..e10056cc0ae 100644 --- a/docs/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md @@ -24,8 +24,8 @@ You must have a [Microsoft AD FS Server](https://docs.microsoft.com/en-us/window Setting up Microsoft AD FS with Rancher Server requires configuring AD FS on your Active Directory server, and configuring Rancher to utilize your AD FS server. The following pages serve as guides for setting up Microsoft AD FS authentication on your Rancher installation. -- [1. Configuring Microsoft AD FS for Rancher](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) -- [2. Configuring Rancher for Microsoft AD FS](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-rancher-for-ms-adfs.md) +- [1. Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md) +- [2. Configuring Rancher for Microsoft AD FS](configure-rancher-for-ms-adfs.md) :::note SAML Provider Caveats: @@ -37,4 +37,4 @@ Setting up Microsoft AD FS with Rancher Server requires configuring AD FS on you ::: -### [Next: Configuring Microsoft AD FS for Rancher](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) +### [Next: Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md) diff --git a/docs/pages-for-subheaders/configure-openldap.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md similarity index 90% rename from docs/pages-for-subheaders/configure-openldap.md rename to docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md index 9eb5fc7db2a..9285e08ef8b 100644 --- a/docs/pages-for-subheaders/configure-openldap.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md @@ -18,9 +18,9 @@ Rancher must be configured with a LDAP bind account (aka service account) to sea ## Configure OpenLDAP in Rancher -Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md) +Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](openldap-config-reference.md) -> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). 1. In the top left corner, click **☰ > Users & Authentication**. 1. In the left navigation menu, click **Auth Provider**. @@ -53,4 +53,4 @@ You will still be able to login using the locally configured `admin` account and ## Annex: Troubleshooting -If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. +If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../../../../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md index bd6f5454ba2..54d62bb9dd1 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md @@ -8,7 +8,7 @@ title: OpenLDAP Configuration Reference For further details on configuring OpenLDAP authentication, refer to the [official documentation.](https://www.openldap.org/doc/) -> Before you proceed with the configuration, please familiarize yourself with the concepts of [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarize yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). ## Background: OpenLDAP Authentication Flow diff --git a/docs/pages-for-subheaders/configure-shibboleth-saml.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md similarity index 91% rename from docs/pages-for-subheaders/configure-shibboleth-saml.md rename to docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md index ea45e5311b6..482adb05a97 100644 --- a/docs/pages-for-subheaders/configure-shibboleth-saml.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md @@ -12,7 +12,7 @@ In this configuration, when Rancher users log in, they will be redirected to the If you also configure OpenLDAP as the back end to Shibboleth, it will return a SAML assertion to Rancher with user attributes that include groups. Then the authenticated user will be able to access resources in Rancher that their groups have permissions for. -> The instructions in this section assume that you understand how Rancher, Shibboleth, and OpenLDAP work together. For a more detailed explanation of how it works, refer to [this page.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/about-group-permissions.md) +> The instructions in this section assume that you understand how Rancher, Shibboleth, and OpenLDAP work together. For a more detailed explanation of how it works, refer to [this page.](about-group-permissions.md) ## Setting up Shibboleth in Rancher @@ -91,9 +91,9 @@ Rancher must be configured with a LDAP bind account (aka service account) to sea ### Configure OpenLDAP in Rancher -Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md) Note that nested group membership is not available for Shibboleth. +Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../configure-openldap/openldap-config-reference.md) Note that nested group membership is not available for Shibboleth. -> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). 1. Log into the Rancher UI using the initial local `admin` account. 1. In the top left corner, click **☰ > Users & Authentication**. @@ -103,4 +103,4 @@ Configure the settings for the OpenLDAP server, groups and users. For help filli ## Troubleshooting -If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. \ No newline at end of file +If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../../../../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. \ No newline at end of file diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md index b3e84e98c15..ce69a75f339 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md @@ -60,9 +60,9 @@ Using Rancher, you can create a Pod Security Policy using our GUI rather than cr ### Requirements -Rancher can only assign PSPs for clusters that are [launched using RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +Rancher can only assign PSPs for clusters that are [launched using RKE](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). -You must enable PSPs at the cluster level before you can assign them to a project. This can be configured by [editing the cluster](../../../pages-for-subheaders/cluster-configuration.md). +You must enable PSPs at the cluster level before you can assign them to a project. This can be configured by [editing the cluster](../../../reference-guides/cluster-configuration/cluster-configuration.md). It is a best practice to set PSP at the cluster level. diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md index eec64c568f2..419b6cba216 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md @@ -9,7 +9,7 @@ title: Configuring a Global Default Private Registry :::note This page describes how to configure a global default private registry from the Rancher UI, after Rancher is already installed. -For instructions on how to set up a private registry during Rancher installation, refer to the [air-gapped installation guide](../../../pages-for-subheaders/air-gapped-helm-cli-install.md). +For instructions on how to set up a private registry during Rancher installation, refer to the [air-gapped installation guide](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md). ::: diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md index de61e0f4fb7..5e9c6c7a96d 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md @@ -102,7 +102,7 @@ If a user is removed from the external authentication provider group, they would You can only assign a global role to a group if: -* You have set up an [external authentication provider](../../../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication) +* You have set up an [external authentication provider](../authentication-config/authentication-config.md#external-vs-local-authentication) * The external authentication provider supports [user groups](../../authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md) * You have already set up at least one user group with the authentication provider diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md index 64411298a62..dfae1c35f46 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md @@ -127,7 +127,7 @@ You can [assign a role to everyone in the group at the same time](#configuring-g Using custom permissions is convenient for providing users with narrow or specialized access to Rancher. -When a user from an [external authentication source](../../../../pages-for-subheaders/authentication-config.md) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in for the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters. +When a user from an [external authentication source](../authentication-config/authentication-config.md) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in for the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters. However, in some organizations, these permissions may extend too much access. Rather than assigning users the default global permissions of `Administrator` or `Standard User`, you can assign them a more restrictive set of custom global permissions. @@ -218,7 +218,7 @@ If a user is removed from the external authentication provider group, they would You can only assign a global role to a group if: -* You have set up an [external authentication provider](../../../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication) +* You have set up an [external authentication provider](../authentication-config/authentication-config.md#external-vs-local-authentication) * The external authentication provider supports [user groups](../authentication-config/manage-users-and-groups.md) * You have already set up at least one user group with the authentication provider diff --git a/docs/pages-for-subheaders/manage-role-based-access-control-rbac.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md similarity index 73% rename from docs/pages-for-subheaders/manage-role-based-access-control-rbac.md rename to docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md index c6c87eff5fc..93e95f07f8d 100644 --- a/docs/pages-for-subheaders/manage-role-based-access-control-rbac.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md @@ -6,7 +6,7 @@ title: Role-Based Access Control (RBAC) -Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. As mentioned in [Authentication](authentication-config.md), users can either be local or external. +Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. As mentioned in [Authentication](../authentication-config/authentication-config.md), users can either be local or external. After you configure external authentication, the users that display on the **Users** page changes. @@ -18,11 +18,11 @@ After you configure external authentication, the users that display on the **Use Once the user logs in to Rancher, their _authorization_, or their access rights within the system, is determined by _global permissions_, and _cluster and project roles_. -- [Global Permissions](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md): +- [Global Permissions](global-permissions.md): Define user authorization outside the scope of any particular cluster. -- [Cluster and Project Roles](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md): +- [Cluster and Project Roles](cluster-and-project-roles.md): Define user authorization inside the specific cluster or project where they are assigned the role. diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md index b85fd487935..963bebfd316 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md @@ -36,7 +36,7 @@ You can assign a PSA template at the same time that you create a downstream clus ### Hardening the Cluster -If you select the **rancher-restricted** template but don't select a **CIS Profile**, you won't meet required CIS benchmarks. See the [RKE2 hardening guide](../../../pages-for-subheaders/rke2-hardening-guide.md) for more details. +If you select the **rancher-restricted** template but don't select a **CIS Profile**, you won't meet required CIS benchmarks. See the [RKE2 hardening guide](../../../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md) for more details. diff --git a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md index a9046a1e64d..08d8e96c8bd 100644 --- a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md +++ b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md @@ -6,7 +6,7 @@ title: Backing up a Cluster -In the Rancher UI, etcd backup and recovery for [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) can be easily performed. +In the Rancher UI, etcd backup and recovery for [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) can be easily performed. Rancher recommends configuring recurrent `etcd` snapshots for all production clusters. Additionally, one-time snapshots can be taken as well. @@ -165,7 +165,7 @@ If the etcd snapshot restore fails, the phase will be set to `Failed`. Select how often you want recurring snapshots to be taken as well as how many snapshots to keep. The amount of time is measured in hours. With timestamped snapshots, the user has the ability to do a point-in-time recovery. -By default, [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk). To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. +By default, [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk). To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. During cluster provisioning or editing the cluster, the configuration for snapshots can be found in the advanced section for **Cluster Options**. Click on **Show advanced options**. @@ -183,7 +183,7 @@ In the **Advanced Cluster Options** section, there are several options available Set the schedule for how you want recurring snapshots to be taken as well as how many snapshots to keep. The schedule is conventional cron format. The retention policy dictates the number of snapshots matching a name to keep per node. -By default, [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk) every 5 hours starting at 12 AM. To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. +By default, [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk) every 5 hours starting at 12 AM. To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. During cluster provisioning or editing the cluster, the configuration for snapshots can be found under **Cluster Configuration**. Click on **etcd**. @@ -248,12 +248,12 @@ Rancher supports two different backup targets: -By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) in `/opt/rke/etcd-snapshots`. All recurring snapshots are taken at configured intervals. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. +By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) in `/opt/rke/etcd-snapshots`. All recurring snapshots are taken at configured intervals. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. -By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) in `/var/lib/rancher//server/db/snapshots` where `` is either `k3s` or `rke2`. All recurring snapshots are taken per the cron schedule. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. +By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) in `/var/lib/rancher//server/db/snapshots` where `` is either `k3s` or `rke2`. All recurring snapshots are taken per the cron schedule. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. diff --git a/docs/pages-for-subheaders/backup-restore-and-disaster-recovery.md b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md similarity index 73% rename from docs/pages-for-subheaders/backup-restore-and-disaster-recovery.md rename to docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md index ffd11fb681c..01f2ca76c51 100644 --- a/docs/pages-for-subheaders/backup-restore-and-disaster-recovery.md +++ b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md @@ -16,7 +16,7 @@ The backup-restore operator needs to be installed in the local cluster, and only ## Backup and Restore for Rancher installed with Docker -For Rancher installed with Docker, refer to [this page](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) to perform backups and [this page](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md) to perform restores. +For Rancher installed with Docker, refer to [this page](back-up-docker-installed-rancher.md) to perform backups and [this page](restore-docker-installed-rancher.md) to perform restores. ## How Backups and Restores Work @@ -38,7 +38,7 @@ The Backup and Restore custom resources can be created in the Rancher UI, or by :::note -Refer [here](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md#2-restore-from-backup-using-a-restore-custom-resource) for help on restoring an existing backup file into a v1.22 cluster in Rancher v2.6.3. +Refer [here](migrate-rancher-to-new-cluster.md#2-restore-from-backup-using-a-restore-custom-resource) for help on restoring an existing backup file into a v1.22 cluster in Rancher v2.6.3. ::: @@ -48,7 +48,7 @@ The `rancher-backup` operator can be installed from the Rancher UI, or with the :::note -There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer [Fleet Troubleshooting](../integrations-in-rancher/fleet/overview.md#troubleshooting) for a workaround. +There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer [Fleet Troubleshooting](../../../integrations-in-rancher/fleet/overview.md#troubleshooting) for a workaround. ::: @@ -59,7 +59,7 @@ There is a known issue in Fleet that occurs after performing a restoration using 1. In the left navigation bar, **Apps > Charts**. 1. Click **Rancher Backups**. 1. Click **Install**. -1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../reference-guides/backup-restore-configuration/storage-configuration.md) +1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../../../reference-guides/backup-restore-configuration/storage-configuration.md) 1. Click **Install**. **Result:** The `rancher-backup` operator is installed. @@ -79,22 +79,22 @@ Only the rancher admins and the local cluster’s cluster-owner can: ## Backing up Rancher -A backup is performed by creating a Backup custom resource. For a tutorial, refer to [this page.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher.md) +A backup is performed by creating a Backup custom resource. For a tutorial, refer to [this page.](back-up-rancher.md) ## Restoring Rancher -A restore is performed by creating a Restore custom resource. For a tutorial, refer to [this page.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher.md) +A restore is performed by creating a Restore custom resource. For a tutorial, refer to [this page.](restore-rancher.md) ## Migrating Rancher to a New Cluster -A migration is performed by following [these steps.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +A migration is performed by following [these steps.](migrate-rancher-to-new-cluster.md) ## Default Storage Location Configuration Configure a storage location where all backups are saved by default. You will have the option to override this with each backup, but will be limited to using an S3-compatible or Minio object store. -For information on configuring these options, refer to [this page.](../reference-guides/backup-restore-configuration/storage-configuration.md) +For information on configuring these options, refer to [this page.](../../../reference-guides/backup-restore-configuration/storage-configuration.md) ### Example values.yaml for the rancher-backup Helm Chart -The example [values.yaml file](../reference-guides/backup-restore-configuration/storage-configuration.md#example-valuesyaml-for-the-rancher-backup-helm-chart) can be used to configure the `rancher-backup` operator when the Helm CLI is used to install it. +The example [values.yaml file](../../../reference-guides/backup-restore-configuration/storage-configuration.md#example-valuesyaml-for-the-rancher-backup-helm-chart) can be used to configure the `rancher-backup` operator when the Helm CLI is used to install it. diff --git a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 4b58db9ead3..29f22ab6164 100644 --- a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -160,7 +160,7 @@ Kubernetes v1.22, available as an experimental feature of v2.6.3, does not suppo ### 3. Install cert-manager -Follow the steps to [install cert-manager](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager) in the documentation about installing cert-manager on Kubernetes. +Follow the steps to [install cert-manager](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager) in the documentation about installing cert-manager on Kubernetes. ### 4. Bring up Rancher with Helm diff --git a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md index 313812b6129..c4d2ae77476 100644 --- a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md +++ b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md @@ -6,7 +6,7 @@ title: Restoring a Cluster from Backup -Etcd backup and recovery for [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) can be easily performed. Snapshots of the etcd database are taken and saved either locally onto the etcd nodes or to a S3 compatible target. The advantages of configuring S3 is that if all etcd nodes are lost, your snapshot is saved remotely and can be used to restore the cluster. +Etcd backup and recovery for [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) can be easily performed. Snapshots of the etcd database are taken and saved either locally onto the etcd nodes or to a S3 compatible target. The advantages of configuring S3 is that if all etcd nodes are lost, your snapshot is saved remotely and can be used to restore the cluster. Rancher recommends enabling the [ability to set up recurring snapshots of etcd](back-up-rancher-launched-kubernetes-clusters.md#configuring-recurring-snapshots), but [one-time snapshots](back-up-rancher-launched-kubernetes-clusters.md#one-time-snapshots) can easily be taken as well. Rancher allows restore from [saved snapshots](#restoring-a-cluster-from-a-snapshot) or if you don't have any snapshots, you can still [restore etcd](#recovering-etcd-without-a-snapshot-rke). @@ -130,4 +130,4 @@ If the group of etcd nodes loses quorum, the Kubernetes cluster will report a fa 5. Run the revised command. -6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster](../../../pages-for-subheaders/use-existing-nodes.md) and you want to reuse an old node, you are required to [clean up the nodes](../manage-clusters/clean-cluster-nodes.md) before attempting to add them back into a cluster. +6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) and you want to reuse an old node, you are required to [clean up the nodes](../manage-clusters/clean-cluster-nodes.md) before attempting to add them back into a cluster. diff --git a/docs/pages-for-subheaders/deploy-apps-across-clusters.md b/docs/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md similarity index 67% rename from docs/pages-for-subheaders/deploy-apps-across-clusters.md rename to docs/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md index cb61483b1c5..45cabf3480a 100644 --- a/docs/pages-for-subheaders/deploy-apps-across-clusters.md +++ b/docs/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md @@ -8,10 +8,10 @@ title: Deploying Applications across Clusters Rancher uses Fleet to deploy applications across clusters. -Continuous Delivery with Fleet is GitOps at scale. For more information, refer to the [Fleet section](../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md). +Continuous Delivery with Fleet is GitOps at scale. For more information, refer to the [Fleet section](fleet.md). ### Multi-cluster Apps In Rancher before v2.5, the multi-cluster apps feature was used to deploy applications across clusters. The multi-cluster apps feature is deprecated, but still available in Rancher v2.5. -See the [multi-cluster app documentation](../how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md) for more details. \ No newline at end of file +See the [multi-cluster app documentation](multi-cluster-apps.md) for more details. \ No newline at end of file diff --git a/docs/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md b/docs/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md index 64c852c3629..61952f9dca3 100644 --- a/docs/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md +++ b/docs/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md @@ -62,7 +62,7 @@ In the **Upgrades** section, select the upgrade strategy to use, when you decide ### Roles -In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications](../../../pages-for-subheaders/helm-charts-in-rancher.md), that specific user's permissions are used for creation of all workloads/resources that is required by the app. +In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications](../helm-charts-in-rancher/helm-charts-in-rancher.md), that specific user's permissions are used for creation of all workloads/resources that is required by the app. For multi-cluster applications, the application is deployed by a _system user_ and is assigned as the creator of all underlying resources. A _system user_ is used instead of the actual user due to the fact that the actual user could be removed from one of the target projects. If the actual user was removed from one of the projects, then that user would no longer be able to manage the application for the other projects. diff --git a/docs/pages-for-subheaders/helm-charts-in-rancher.md b/docs/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md similarity index 97% rename from docs/pages-for-subheaders/helm-charts-in-rancher.md rename to docs/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md index ecc7993c7d9..fa99b770228 100644 --- a/docs/pages-for-subheaders/helm-charts-in-rancher.md +++ b/docs/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md @@ -147,7 +147,7 @@ The upgrade button has been removed for legacy apps from the **Apps > Installed If you have a legacy app installed and want to upgrade it: -- The legacy [feature flag](enable-experimental-features.md) must be turned on (if it's not turned on automatically because of having a legacy app before upgrading) +- The legacy [feature flag](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md) must be turned on (if it's not turned on automatically because of having a legacy app before upgrading) - You can upgrade the app from cluster explorer, from the left nav section **Legacy > Project > Apps** - For multi-cluster apps, you can go to **≡ > Multi-cluster Apps** and upgrade the app from there diff --git a/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md b/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md index 1611ca978e3..0be31c8fba7 100644 --- a/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md +++ b/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md @@ -10,7 +10,7 @@ This tutorial is intended to help you provision the underlying infrastructure fo The recommended infrastructure for the Rancher-only Kubernetes cluster differs depending on whether Rancher will be installed on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. -For more information about each installation option, refer to [this page.](../../../pages-for-subheaders/installation-and-upgrade.md) +For more information about each installation option, refer to [this page.](../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) :::note Important: @@ -27,7 +27,7 @@ To install the Rancher management server on a high-availability K3s cluster, we ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md b/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md index ad266904aed..17e1a1004cc 100644 --- a/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md +++ b/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md @@ -30,7 +30,7 @@ The etcd database requires an odd number of nodes so that it can always elect a ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md b/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md index c00f0061adb..9eddca79fd4 100644 --- a/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md +++ b/docs/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md @@ -24,7 +24,7 @@ To install the Rancher management server on a high-availability RKE2 cluster, we ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/docs/pages-for-subheaders/infrastructure-setup.md b/docs/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md similarity index 58% rename from docs/pages-for-subheaders/infrastructure-setup.md rename to docs/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md index fabdc72e975..ccdca3126b8 100644 --- a/docs/pages-for-subheaders/infrastructure-setup.md +++ b/docs/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md @@ -6,7 +6,7 @@ title: Don't have infrastructure for your Kubernetes cluster? Try one of these t -To set up infrastructure for a high-availability K3s Kubernetes cluster with an external DB, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) +To set up infrastructure for a high-availability K3s Kubernetes cluster with an external DB, refer to [this page.](ha-k3s-kubernetes-cluster.md) -To set up infrastructure for a high-availability RKE Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) +To set up infrastructure for a high-availability RKE Kubernetes cluster, refer to [this page.](ha-rke1-kubernetes-cluster.md) diff --git a/docs/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md b/docs/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md index 9c7f55b9443..bcc1337121a 100644 --- a/docs/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md +++ b/docs/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md @@ -6,7 +6,7 @@ title: Setting up Nodes in Amazon EC2 -In this tutorial, you will learn one way to set up Linux nodes for the Rancher management server. These nodes will fulfill the node requirements for [OS, Docker, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +In this tutorial, you will learn one way to set up Linux nodes for the Rancher management server. These nodes will fulfill the node requirements for [OS, Docker, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) If the Rancher server will be installed on an RKE Kubernetes cluster, you should provision three instances. @@ -16,8 +16,8 @@ If the Rancher server is installed in a single Docker container, you only need o ### 1. Optional Preparation -- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.](../../../pages-for-subheaders/set-up-cloud-providers.md) -- **Create security group:** We also recommend setting up a security group for the Rancher nodes that complies with the [port requirements for Rancher nodes.](../../../pages-for-subheaders/installation-requirements.md#port-requirements) +- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.](../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) +- **Create security group:** We also recommend setting up a security group for the Rancher nodes that complies with the [port requirements for Rancher nodes.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) ### 2. Provision Instances @@ -30,7 +30,7 @@ If the Rancher server is installed in a single Docker container, you only need o 1. In the **Number of instances** field, enter the number of instances. A high-availability K3s cluster requires only two instances, while a high-availability RKE cluster requires three instances. 1. Optional: If you created an IAM role for Rancher to manipulate AWS resources, select the new IAM role in the **IAM role** field. 1. Click **Next: Add Storage,** **Next: Add Tags,** and **Next: Configure Security Group**. -1. In **Step 6: Configure Security Group,** select a security group that complies with the [port requirements](../../../pages-for-subheaders/installation-requirements.md#port-requirements) for Rancher nodes. +1. In **Step 6: Configure Security Group,** select a security group that complies with the [port requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) for Rancher nodes. 1. Click **Review and Launch**. 1. Click **Launch**. 1. Choose a new or existing key pair that you will use to connect to your instance later. If you are using an existing key pair, make sure you already have access to the private key. diff --git a/docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md b/docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md index a5d69ed221d..a287c374fe3 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md @@ -14,7 +14,7 @@ Then Helm is used to install Rancher on top of the Kubernetes cluster. Helm uses The Rancher server data is stored on etcd. This etcd database also runs on all three nodes, and requires an odd number of nodes so that it can always elect a leader with a majority of the etcd cluster. If the etcd database cannot elect a leader, etcd can fail, requiring the cluster to be restored from backup. -For information on how Rancher works, regardless of the installation method, refer to the [architecture section.](../../../pages-for-subheaders/rancher-manager-architecture.md) +For information on how Rancher works, regardless of the installation method, refer to the [architecture section.](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) ### Recommended Architecture diff --git a/docs/pages-for-subheaders/kubernetes-cluster-setup.md b/docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup.md similarity index 100% rename from docs/pages-for-subheaders/kubernetes-cluster-setup.md rename to docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup.md diff --git a/docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md b/docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md index 1d1c0682ec1..e61bdb43e0a 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md @@ -14,7 +14,7 @@ Rancher can run on any Kubernetes cluster, included hosted Kubernetes solutions ::: -For systems without direct internet access, refer to [Air Gap: Kubernetes install.](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) +For systems without direct internet access, refer to [Air Gap: Kubernetes install.](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) :::tip Single-node Installation Tip: @@ -192,5 +192,5 @@ The "rancher-cluster" parts of the two latter file names are dependent on how yo See the [Troubleshooting](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md) page. -### [Next: Install Rancher](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) +### [Next: Install Rancher](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) diff --git a/docs/pages-for-subheaders/checklist-for-production-ready-clusters.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md similarity index 77% rename from docs/pages-for-subheaders/checklist-for-production-ready-clusters.md rename to docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md index f5816af3c48..d3609540e2a 100644 --- a/docs/pages-for-subheaders/checklist-for-production-ready-clusters.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md @@ -8,15 +8,15 @@ title: Checklist for Production-Ready Clusters In this section, we recommend best practices for creating the production-ready Kubernetes clusters that will run your apps and services. -For a list of requirements for your cluster, including the requirements for OS/Docker, hardware, and networking, refer to the section on [node requirements.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) +For a list of requirements for your cluster, including the requirements for OS/Docker, hardware, and networking, refer to the section on [node requirements.](../node-requirements-for-rancher-managed-clusters.md) This is a shortlist of best practices that we strongly recommend for all production clusters. -For a full list of all the best practices that we recommend, refer to the [best practices section.](best-practices.md) +For a full list of all the best practices that we recommend, refer to the [best practices section.](../../../../reference-guides/best-practices/best-practices.md) ### Node Requirements -* Make sure your nodes fulfill all of the [node requirements,](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) including the port requirements. +* Make sure your nodes fulfill all of the [node requirements,](../node-requirements-for-rancher-managed-clusters.md) including the port requirements. ### Back up etcd @@ -33,10 +33,10 @@ For a full list of all the best practices that we recommend, refer to the [best * Assign two or more nodes the `controlplane` role for master component high availability. * Assign two or more nodes the `worker` role for workload rescheduling upon node failure. -For more information on what each role is used for, refer to the [section on roles for nodes in Kubernetes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md) +For more information on what each role is used for, refer to the [section on roles for nodes in Kubernetes.](roles-for-nodes-in-kubernetes.md) For more information about the -number of nodes for each Kubernetes role, refer to the section on [recommended architecture.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +number of nodes for each Kubernetes role, refer to the section on [recommended architecture.](../../../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) ### Logging and Monitoring @@ -50,4 +50,4 @@ number of nodes for each Kubernetes role, refer to the section on [recommended a ### Networking * Minimize network latency. Rancher recommends minimizing latency between the etcd nodes. The default setting for `heartbeat-interval` is `500`, and the default setting for `election-timeout` is `5000`. These [settings for etcd tuning](https://coreos.com/etcd/docs/latest/tuning.html) allow etcd to run in most networks (except really high latency networks). -* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider](set-up-cloud-providers.md) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). +* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider](../set-up-cloud-providers/set-up-cloud-providers.md) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md index 7c5e21424ea..c709d847ae3 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md @@ -66,7 +66,7 @@ Adding more than one node with the `worker` role will make sure your workloads c ### Why Production Requirements are Different for the Rancher Cluster and the Clusters Running Your Applications -You may have noticed that our [Kubernetes Install](../../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) instructions do not meet our definition of a production-ready cluster, as there are no dedicated nodes for the `worker` role. However, for your Rancher installation, this three node cluster is valid, because: +You may have noticed that our [Kubernetes Install](../../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) instructions do not meet our definition of a production-ready cluster, as there are no dedicated nodes for the `worker` role. However, for your Rancher installation, this three node cluster is valid, because: * It allows one `etcd` node failure. * It maintains multiple instances of the master components by having multiple `controlplane` nodes. diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md index 04eeb4466d4..1c627844659 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md @@ -8,7 +8,7 @@ title: Roles for Nodes in Kubernetes This section describes the roles for etcd nodes, controlplane nodes, and worker nodes in Kubernetes, and how the roles work together in a cluster. -This diagram is applicable to Kubernetes clusters [launched with Rancher using RKE.](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +This diagram is applicable to Kubernetes clusters [launched with Rancher using RKE.](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ![Cluster diagram](/img/clusterdiagram.svg)
Lines show the traffic flow between components. Colors are used purely for visual aid diff --git a/docs/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md similarity index 78% rename from docs/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md rename to docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md index 899d4bb5937..bb5e556d5c2 100644 --- a/docs/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md @@ -9,9 +9,9 @@ description: Provisioning Kubernetes Clusters Rancher simplifies the creation of clusters by allowing you to create them through the Rancher UI rather than more complex alternatives. Rancher provides multiple options for launching a cluster. Use the option that best fits your use case. -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../../../reference-guides/kubernetes-concepts.md) page. -For a conceptual overview of how the Rancher server provisions clusters and what tools it uses to provision them, refer to the [architecture](rancher-manager-architecture.md) page. +For a conceptual overview of how the Rancher server provisions clusters and what tools it uses to provision them, refer to the [architecture](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) page. @@ -29,7 +29,7 @@ In this scenario, Rancher does not provision Kubernetes because it is installed If you use a Kubernetes provider such as Google GKE, Rancher integrates with its cloud APIs, allowing you to create and manage role-based access control for the hosted cluster from the Rancher UI. -For more information, refer to the section on [hosted Kubernetes clusters.](set-up-clusters-from-hosted-kubernetes-providers.md) +For more information, refer to the section on [hosted Kubernetes clusters.](set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) ## Launching Kubernetes with Rancher @@ -41,23 +41,23 @@ These nodes can be dynamically provisioned through Rancher's UI, which calls [Do If you already have a node that you want to add to an RKE cluster, you can add it to the cluster by running a Rancher agent container on it. -For more information, refer to the section on [RKE clusters.](../pages-for-subheaders/launch-kubernetes-with-rancher.md) +For more information, refer to the section on [RKE clusters.](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ### Launching Kubernetes and Provisioning Nodes in an Infrastructure Provider Rancher can dynamically provision nodes in infrastructure providers such as Amazon EC2, DigitalOcean, Azure, or vSphere, then install Kubernetes on them. -Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider.md#node-templates). This template defines the parameters used to launch nodes in your cloud providers. +Using Rancher, you can create pools of nodes based on a [node template](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). This template defines the parameters used to launch nodes in your cloud providers. One benefit of using nodes hosted by an infrastructure provider is that if a node loses connectivity with the cluster, Rancher can automatically replace it, thus maintaining the expected cluster configuration. -The cloud providers available for creating a node template are decided based on the [node drivers](use-new-nodes-in-an-infra-provider.md#node-drivers) active in the Rancher UI. +The cloud providers available for creating a node template are decided based on the [node drivers](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-drivers) active in the Rancher UI. -For more information, refer to the section on [nodes hosted by an infrastructure provider](use-new-nodes-in-an-infra-provider.md) +For more information, refer to the section on [nodes hosted by an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### Launching Kubernetes on Existing Custom Nodes -When setting up this type of cluster, Rancher installs Kubernetes on existing [custom nodes,](use-existing-nodes.md) which creates a custom cluster. +When setting up this type of cluster, Rancher installs Kubernetes on existing [custom nodes,](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) which creates a custom cluster. You can bring any nodes you want to Rancher and use them to create a cluster. @@ -71,7 +71,7 @@ Registering EKS clusters now provides additional benefits. For the most part, re When you delete an EKS cluster that was created in Rancher, the cluster is destroyed. When you delete an EKS cluster that was registered in Rancher, it is disconnected from the Rancher server, but it still exists and you can still access it in the same way you did before it was registered in Rancher. -For more information, see [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md) +For more information, see [this page.](register-existing-clusters.md) ## Programmatically Creating Clusters diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md index 3f0575a2f76..7cd0bb6f3f9 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md @@ -10,7 +10,7 @@ This page describes the requirements for the Rancher managed Kubernetes clusters :::note -If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.](../../../pages-for-subheaders/installation-requirements.md) +If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) ::: @@ -47,7 +47,7 @@ SUSE Linux may have a firewall that blocks all ports by default. In that situati ### Flatcar Container Linux Nodes -When [Launching Kubernetes with Rancher](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) using Flatcar Container Linux nodes, it is required to use the following configuration in the [Cluster Config File](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md#rke-cluster-config-file-reference) +When [Launching Kubernetes with Rancher](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) using Flatcar Container Linux nodes, it is required to use the following configuration in the [Cluster Config File](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md#rke-cluster-config-file-reference) @@ -92,13 +92,13 @@ It is also required to enable the Docker service, you can enable the Docker serv systemctl enable docker.service ``` -The Docker service is enabled automatically when using [Node Drivers](../../../pages-for-subheaders/about-provisioning-drivers.md#node-drivers). +The Docker service is enabled automatically when using [Node Drivers](../authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md#node-drivers). ### Windows Nodes Nodes with Windows Server must run Docker Enterprise Edition. -Windows nodes can be used for worker nodes only. See [Configuring Custom Clusters for Windows](../../../pages-for-subheaders/use-windows-clusters.md) +Windows nodes can be used for worker nodes only. See [Configuring Custom Clusters for Windows](use-windows-clusters/use-windows-clusters.md) ## Hardware Requirements @@ -114,7 +114,7 @@ For hardware recommendations for etcd clusters in production, refer to the offic For a production cluster, we recommend that you restrict traffic by opening only the ports defined in the port requirements below. -The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options](kubernetes-clusters-in-rancher-setup.md). For a breakdown of the port requirements for etcd nodes, controlplane nodes, and worker nodes in a Kubernetes cluster, refer to the [port requirements for the Rancher Kubernetes Engine.](https://rancher.com/docs/rke/latest/en/os/#ports) @@ -130,4 +130,4 @@ You should never register a node with the same hostname or IP address as an exis If you want to provision a Kubernetes cluster that is compliant with the CIS (Center for Internet Security) Kubernetes Benchmark, we recommend to following our hardening guide to configure your nodes before installing Kubernetes. -For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.](../../../pages-for-subheaders/rancher-security.md#rancher-hardening-guide) +For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.](../../../reference-guides/rancher-security/rancher-security.md#rancher-hardening-guide) diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 16f14da7e3f..a62ed8dc14d 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -17,7 +17,7 @@ The control that Rancher has to manage a registered cluster depends on the type Registered RKE Kubernetes clusters must have all three node roles - etcd, controlplane and worker. A cluster with only controlplane components cannot be registered in Rancher. -For more information on RKE node roles, see the [best practices.](../../../pages-for-subheaders/checklist-for-production-ready-clusters.md#cluster-architecture) +For more information on RKE node roles, see the [best practices.](checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md#cluster-architecture) ### Permissions @@ -114,9 +114,9 @@ The control that Rancher has to manage a registered cluster depends on the type After registering a cluster, the cluster owner can: - [Manage cluster access](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) through role-based access control -- Enable [monitoring, alerts and notifiers](../../../pages-for-subheaders/monitoring-and-alerting.md) -- Enable [logging](../../../pages-for-subheaders/logging.md) -- Enable [Istio](../../../pages-for-subheaders/istio.md) +- Enable [monitoring, alerts and notifiers](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) +- Enable [logging](../../../integrations-in-rancher/logging/logging.md) +- Enable [Istio](../../../integrations-in-rancher/istio/istio.md) - Manage projects and workloads ### Additional Features for Registered RKE2 and K3s Clusters @@ -141,7 +141,7 @@ Rancher handles registered EKS, AKS, or GKE clusters similarly to clusters creat When you create an EKS, AKS, or GKE cluster in Rancher, then delete it, Rancher destroys the cluster. When you delete a registered cluster through Rancher, the Rancher server _disconnects_ from the cluster. The cluster remains live, although it's no longer in Rancher. You can still access the deregistered cluster in the same way you did before you registered it. -See [Cluster Management Capabilities by Cluster Type](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for more information about what features are available for managing registered clusters. +See [Cluster Management Capabilities by Cluster Type](kubernetes-clusters-in-rancher-setup.md) for more information about what features are available for managing registered clusters. ## Configuring RKE2 and K3s Cluster Upgrades diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md index 5e552b27450..1c02032620f 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md @@ -38,7 +38,7 @@ All nodes added to the cluster must be able to interact with EC2 so that they ca While creating an [Amazon EC2 cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md), you must fill in the **IAM Instance Profile Name** (not ARN) of the created IAM role when creating the **Node Template**. -While creating a [Custom cluster](../../../../pages-for-subheaders/use-existing-nodes.md), you must manually attach the IAM role to the instance(s). +While creating a [Custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md), you must manually attach the IAM role to the instance(s). IAM Policy for nodes with the `controlplane` role: @@ -299,7 +299,7 @@ rancher_kubernetes_engine_config: useInstanceMetadataHostname: true ``` -You must not enable `useInstanceMetadataHostname` when setting custom values for `hostname-override` for custom clusters. When you create a [custom cluster](../../../../pages-for-subheaders/use-existing-nodes.md), add [`--node-name`](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) to the `docker run` node registration command to set `hostname-override` — for example, `"$(hostname -f)"`. This can be done manually or by using **Show Advanced Options** in the Rancher UI to add **Node Name**. +You must not enable `useInstanceMetadataHostname` when setting custom values for `hostname-override` for custom clusters. When you create a [custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md), add [`--node-name`](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) to the `docker run` node registration command to set `hostname-override` — for example, `"$(hostname -f)"`. This can be done manually or by using **Show Advanced Options** in the Rancher UI to add **Node Name**. 2. Select the cloud provider. diff --git a/docs/pages-for-subheaders/set-up-cloud-providers.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md similarity index 73% rename from docs/pages-for-subheaders/set-up-cloud-providers.md rename to docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md index 9a02515dba9..11c5e5590e3 100644 --- a/docs/pages-for-subheaders/set-up-cloud-providers.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md @@ -23,19 +23,19 @@ The following cloud providers can be enabled: ### Setting up the Amazon Cloud Provider -For details on enabling the Amazon cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md) +For details on enabling the Amazon cloud provider, refer to [this page.](amazon.md) ### Setting up the Azure Cloud Provider -For details on enabling the Azure cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/azure.md) +For details on enabling the Azure cloud provider, refer to [this page.](azure.md) ### Setting up the GCE Cloud Provider -For details on enabling the Google Compute Engine cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/google-compute-engine.md) +For details on enabling the Google Compute Engine cloud provider, refer to [this page.](google-compute-engine.md) ### Setting up the vSphere Cloud Provider -For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](configure-in-tree-vsphere.md) and [out-of-tree vSphere config](configure-out-of-tree-vsphere.md). ### Setting up a Custom Cloud Provider diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md index c3fac126e64..65fe5e545bb 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md @@ -268,7 +268,7 @@ For more information about connecting to an AKS private cluster, see the [AKS do The AKS provisioner can synchronize the state of an AKS cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) -For information on configuring the refresh interval, see [this section.](../../../../pages-for-subheaders/gke-cluster-configuration.md#configuring-the-refresh-interval) +For information on configuring the refresh interval, see [this section.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md#configuring-the-refresh-interval) ## Programmatically Creating AKS Clusters diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index 335267c0d66..287367362a8 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -63,7 +63,7 @@ Use Rancher to set up and configure your Kubernetes cluster. To successfully cre 1. Optional: Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Optional: Add Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to the cluster. 1. Enter your Google project ID and your Google cloud credentials. -1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](../../../../pages-for-subheaders/gke-cluster-configuration.md) +1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) 1. Click **Create**. **Result:** You have successfully deployed a GKE cluster. @@ -83,7 +83,7 @@ Private GKE clusters are supported. Note: This advanced setup can require more s ## Configuration Reference -For details on configuring GKE clusters in Rancher, see [this page.](../../../../pages-for-subheaders/gke-cluster-configuration.md) +For details on configuring GKE clusters in Rancher, see [this page.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) ## Updating Kubernetes Version The Kubernetes version of a cluster can be upgraded to any version available in the region or zone for the GKE cluster. Upgrading the master Kubernetes version does not automatically upgrade worker nodes. Nodes can be upgraded independently. @@ -98,7 +98,7 @@ GKE has removed basic authentication in 1.19+. In order to upgrade a cluster to The GKE provisioner can synchronize the state of a GKE cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) -For information on configuring the refresh interval, see [this section.](../../../../pages-for-subheaders/gke-cluster-configuration.md#configuring-the-refresh-interval) +For information on configuring the refresh interval, see [this section.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md#configuring-the-refresh-interval) ## Programmatically Creating GKE Clusters diff --git a/docs/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md similarity index 67% rename from docs/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md rename to docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md index fd4f4ed5bda..070c16dc420 100644 --- a/docs/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md @@ -25,9 +25,9 @@ Rancher supports the following Kubernetes providers: When using Rancher to create a cluster hosted by a provider, you are prompted for authentication information. This information is required to access the provider's API. For more information on how to obtain this information, see the following procedures: -- [Creating a GKE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) -- [Creating an EKS Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) -- [Creating an AKS Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) -- [Creating an ACK Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) -- [Creating a TKE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) -- [Creating a CCE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) +- [Creating a GKE Cluster](gke.md) +- [Creating an EKS Cluster](eks.md) +- [Creating an AKS Cluster](aks.md) +- [Creating an ACK Cluster](alibaba.md) +- [Creating a TKE Cluster](tencent.md) +- [Creating a CCE Cluster](huawei.md) diff --git a/docs/pages-for-subheaders/use-windows-clusters.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md similarity index 84% rename from docs/pages-for-subheaders/use-windows-clusters.md rename to docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md index 2e76e0ca874..91cee26d619 100644 --- a/docs/pages-for-subheaders/use-windows-clusters.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md @@ -6,7 +6,7 @@ title: Launching Kubernetes on Windows Clusters -When provisioning a [custom cluster](use-existing-nodes.md) using Rancher, Rancher uses RKE (the Rancher Kubernetes Engine) to install Kubernetes on your existing nodes. +When provisioning a [custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) using Rancher, Rancher uses RKE (the Rancher Kubernetes Engine) to install Kubernetes on your existing nodes. In a Windows cluster provisioned with Rancher, the cluster must contain both Linux and Windows nodes. The Kubernetes controlplane can only run on Linux nodes, and the Windows nodes can only have the worker role. Windows nodes can only be used for deploying workloads. @@ -42,7 +42,7 @@ Rancher will allow Windows workload pods to deploy on both Windows and Linux wor ## Requirements for Windows Clusters -The general node requirements for networking, operating systems, and Docker are the same as the node requirements for a [Rancher installation](installation-requirements.md). +The general node requirements for networking, operating systems, and Docker are the same as the node requirements for a [Rancher installation](../../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md). ### OS and Docker Requirements @@ -68,13 +68,13 @@ Rancher will not provision the node if the node does not meet these requirements ### Networking Requirements -Before provisioning a new cluster, be sure that you have already installed Rancher on a device that accepts inbound network traffic. This is required in order for the cluster nodes to communicate with Rancher. If you have not already installed Rancher, please refer to the [installation documentation](installation-and-upgrade.md) before proceeding with this guide. +Before provisioning a new cluster, be sure that you have already installed Rancher on a device that accepts inbound network traffic. This is required in order for the cluster nodes to communicate with Rancher. If you have not already installed Rancher, please refer to the [installation documentation](../../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) before proceeding with this guide. Rancher only supports Windows using Flannel as the network provider. There are two network options: [**Host Gateway (L2bridge)**](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#host-gw) and [**VXLAN (Overlay)**](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#vxlan). The default option is **VXLAN (Overlay)** mode. -For **Host Gateway (L2bridge)** networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. +For **Host Gateway (L2bridge)** networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. For **VXLAN (Overlay)** networking, the [KB4489899](https://support.microsoft.com/en-us/help/4489899) hotfix must be installed. Most cloud-hosted VMs already have this hotfix. @@ -134,18 +134,18 @@ Windows requires that containers must be built on the same Windows Server versio ### Cloud Provider Specific Requirements -If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page](../pages-for-subheaders/set-up-cloud-providers.md) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. +If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page](../set-up-cloud-providers/set-up-cloud-providers.md) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. If you are using the GCE (Google Compute Engine) cloud provider, you must do the following: -- Enable the GCE cloud provider in the `cluster.yml` by following [these steps.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/google-compute-engine.md) +- Enable the GCE cloud provider in the `cluster.yml` by following [these steps.](../set-up-cloud-providers/google-compute-engine.md) - When provisioning the cluster in Rancher, choose **Custom cloud provider** as the cloud provider in the Rancher UI. ## Tutorial: How to Create a Cluster with Windows Support This tutorial describes how to create a Rancher-provisioned cluster with the three nodes in the [recommended architecture.](#recommended-architecture) -When you provision a cluster with Rancher on existing nodes, you will add nodes to the cluster by installing the [Rancher agent](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) on each one. When you create or edit your cluster from the Rancher UI, you will see a **Customize Node Run Command** that you can run on each server to add it to your cluster. +When you provision a cluster with Rancher on existing nodes, you will add nodes to the cluster by installing the [Rancher agent](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) on each one. When you create or edit your cluster from the Rancher UI, you will see a **Customize Node Run Command** that you can run on each server to add it to your cluster. To set up a cluster with support for Windows nodes and containers, you will need to complete the tasks below. @@ -172,11 +172,11 @@ You will provision three nodes: | Node 2 | Linux (Ubuntu Server 18.04 recommended) | | Node 3 | Windows (Windows Server core version 1809 or above required) | -If your nodes are hosted by a **Cloud Provider** and you want automation support such as loadbalancers or persistent storage devices, your nodes have additional configuration requirements. For details, see [Selecting Cloud Providers.](../pages-for-subheaders/set-up-cloud-providers.md) +If your nodes are hosted by a **Cloud Provider** and you want automation support such as loadbalancers or persistent storage devices, your nodes have additional configuration requirements. For details, see [Selecting Cloud Providers.](../set-up-cloud-providers/set-up-cloud-providers.md) ### 2. Create the Cluster on Existing Nodes -The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster](use-existing-nodes.md) with some Windows-specific requirements. +The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) with some Windows-specific requirements. 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create**. @@ -190,7 +190,7 @@ The instructions for creating a Windows cluster on existing nodes are very simil :::note Important: -For Host Gateway (L2bridge) networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. +For Host Gateway (L2bridge) networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. ::: @@ -206,7 +206,7 @@ The first node in your cluster should be a Linux host has both the **Control Pla 1. In the **Node Operating System** section, click **Linux**. 1. In the **Node Role** section, choose at least **etcd** and **Control Plane**. We recommend selecting all three. -1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) 1. Copy the command displayed on the screen to your clipboard. 1. SSH into your Linux host and run the command that you copied to your clipboard. 1. When you are finished provisioning your Linux node(s), select **Done**. @@ -273,9 +273,9 @@ You can add Windows hosts to the cluster by editing the cluster and choosing the After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster: -- **Access your cluster with the kubectl CLI:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. -- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through the Rancher server. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. +- **Access your cluster with the kubectl CLI:** Follow [these steps](../../manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. +- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through the Rancher server. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. ## Configuration for Storage Classes in Azure -If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. For details, refer to [this section.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/azure-storageclass-configuration.md) +If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. For details, refer to [this section.](azure-storageclass-configuration.md) diff --git a/docs/pages-for-subheaders/horizontal-pod-autoscaler.md b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md similarity index 70% rename from docs/pages-for-subheaders/horizontal-pod-autoscaler.md rename to docs/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md index d18ce147d06..e0f5e51e4b4 100644 --- a/docs/pages-for-subheaders/horizontal-pod-autoscaler.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md @@ -20,11 +20,11 @@ The way that you manage HPAs is different based on your version of the Kubernete - **For Kubernetes API version autoscaling/V2beta1:** This version of the Kubernetes API lets you autoscale your pods based on the CPU and memory utilization of your application. - **For Kubernetes API Version autoscaling/V2beta2:** This version of the Kubernetes API lets you autoscale your pods based on CPU and memory utilization, in addition to custom metrics. -You can create, manage, and delete HPAs using the Rancher UI. From the Rancher UI you can configure the HPA to scale based on CPU and memory utilization. For more information, refer to [Managing HPAs with the Rancher UI](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-ui.md). To scale the HPA based on custom metrics, you still need to use `kubectl`. For more information, refer to [Configuring HPA to Scale Using Custom Metrics with Prometheus](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-kubectl.md#configuring-hpa-to-scale-using-custom-metrics-with-prometheus). +You can create, manage, and delete HPAs using the Rancher UI. From the Rancher UI you can configure the HPA to scale based on CPU and memory utilization. For more information, refer to [Managing HPAs with the Rancher UI](manage-hpas-with-ui.md). To scale the HPA based on custom metrics, you still need to use `kubectl`. For more information, refer to [Configuring HPA to Scale Using Custom Metrics with Prometheus](manage-hpas-with-kubectl.md#configuring-hpa-to-scale-using-custom-metrics-with-prometheus). Clusters created in Rancher v2.0.7 and higher automatically have all the requirements needed (metrics-server and Kubernetes cluster configuration) to use HPA. ## Testing HPAs with a Service Deployment -You can see your HPA's current number of replicas by going to your project and clicking **Resources > HPA**. For more information, refer to [Get HPA Metrics and Status](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-ui.md). +You can see your HPA's current number of replicas by going to your project and clicking **Resources > HPA**. For more information, refer to [Get HPA Metrics and Status](manage-hpas-with-ui.md). -You can also use `kubectl` to get the status of HPAs that you test with your load testing tool. For more information, refer to [Testing HPAs with kubectl](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/test-hpas-with-kubectl.md). +You can also use `kubectl` to get the status of HPAs that you test with your load testing tool. For more information, refer to [Testing HPAs with kubectl](test-hpas-with-kubectl.md). diff --git a/docs/pages-for-subheaders/kubernetes-resources-setup.md b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md similarity index 54% rename from docs/pages-for-subheaders/kubernetes-resources-setup.md rename to docs/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md index 865f5ae5c46..132e0f2627d 100644 --- a/docs/pages-for-subheaders/kubernetes-resources-setup.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md @@ -10,15 +10,15 @@ You can view and manipulate all of the custom resources and CRDs in a Kubernetes ## Workloads -Deploy applications to your cluster nodes using [workloads](workloads-and-pods.md), which are objects that contain pods that run your apps, along with metadata that set rules for the deployment's behavior. Workloads can be deployed within the scope of the entire clusters or within a namespace. +Deploy applications to your cluster nodes using [workloads](workloads-and-pods/workloads-and-pods.md), which are objects that contain pods that run your apps, along with metadata that set rules for the deployment's behavior. Workloads can be deployed within the scope of the entire clusters or within a namespace. -When deploying a workload, you can deploy from any image. There are a variety of [workload types](workloads-and-pods.md#workload-types) to choose from which determine how your application should run. +When deploying a workload, you can deploy from any image. There are a variety of [workload types](workloads-and-pods/workloads-and-pods.md#workload-types) to choose from which determine how your application should run. Following a workload deployment, you can continue working with it. You can: -- [Upgrade](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/upgrade-workloads.md) the workload to a newer version of the application it's running. -- [Roll back](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/roll-back-workloads.md) a workload to a previous version, if an issue occurs during upgrade. -- [Add a sidecar](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/add-a-sidecar.md), which is a workload that supports a primary workload. +- [Upgrade](workloads-and-pods/upgrade-workloads.md) the workload to a newer version of the application it's running. +- [Roll back](workloads-and-pods/roll-back-workloads.md) a workload to a previous version, if an issue occurs during upgrade. +- [Add a sidecar](workloads-and-pods/add-a-sidecar.md), which is a workload that supports a primary workload. ## Load Balancing and Ingress @@ -30,10 +30,10 @@ If you want your applications to be externally accessible, you must add a load b Rancher supports two types of load balancers: -- [Layer-4 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) -- [Layer-7 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) +- [Layer-4 Load Balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) +- [Layer-7 Load Balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) -For more information, see [load balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). +For more information, see [load balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). #### Ingress @@ -41,7 +41,7 @@ Load Balancers can only handle one IP address per service, which means if you ru Ingress is a set of rules that act as a load balancer. Ingress works in conjunction with one or more ingress controllers to dynamically route service requests. When the ingress receives a request, the ingress controller(s) in your cluster program the load balancer to direct the request to the correct service based on service subdomains or path rules that you've configured. -For more information, see [Ingress](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/add-ingresses.md). +For more information, see [Ingress](load-balancer-and-ingress-controller/add-ingresses.md). When using ingresses in a project, you can program the ingress hostname to an external DNS by setting up a Global DNS entry. @@ -49,7 +49,7 @@ When using ingresses in a project, you can program the ingress hostname to an ex After you expose your cluster to external requests using a load balancer and/or ingress, it's only available by IP address. To create a resolveable hostname, you must create a service record, which is a record that maps an IP address, external hostname, DNS record alias, workload(s), or labelled pods to a specific hostname. -For more information, see [Service Discovery](../how-to-guides/new-user-guides/kubernetes-resources-setup/create-services.md). +For more information, see [Service Discovery](create-services.md). ## Applications @@ -61,7 +61,7 @@ Within the context of a Rancher project or namespace, _resources_ are files and Resources include: -- [Certificates](../how-to-guides/new-user-guides/kubernetes-resources-setup/encrypt-http-communication.md): Files used to encrypt/decrypt data entering or leaving the cluster. -- [ConfigMaps](../how-to-guides/new-user-guides/kubernetes-resources-setup/configmaps.md): Files that store general configuration information, such as a group of config files. -- [Secrets](../how-to-guides/new-user-guides/kubernetes-resources-setup/secrets.md): Files that store sensitive data like passwords, tokens, or keys. -- [Registries](../how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries.md): Files that carry credentials used to authenticate with private registries. +- [Certificates](encrypt-http-communication.md): Files used to encrypt/decrypt data entering or leaving the cluster. +- [ConfigMaps](configmaps.md): Files that store general configuration information, such as a group of config files. +- [Secrets](secrets.md): Files that store sensitive data like passwords, tokens, or keys. +- [Registries](kubernetes-and-docker-registries.md): Files that carry credentials used to authenticate with private registries. diff --git a/docs/pages-for-subheaders/load-balancer-and-ingress-controller.md b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md similarity index 78% rename from docs/pages-for-subheaders/load-balancer-and-ingress-controller.md rename to docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md index 41bdf40a323..b3f3976e6e3 100644 --- a/docs/pages-for-subheaders/load-balancer-and-ingress-controller.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md @@ -17,10 +17,10 @@ If you want your applications to be externally accessible, you must add a load b Rancher supports two types of load balancers: -- [Layer-4 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) -- [Layer-7 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) +- [Layer-4 Load Balancers](layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) +- [Layer-7 Load Balancers](layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) -For more information, see [load balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). +For more information, see [load balancers](layer-4-and-layer-7-load-balancing.md). ### Load Balancer Limitations @@ -30,9 +30,9 @@ Load Balancers have a couple of limitations you should be aware of: - If you want to use a load balancer with a Hosted Kubernetes cluster (i.e., clusters hosted in GKE, EKS, or AKS), the load balancer must be running within that cloud provider's infrastructure. Please review the compatibility tables regarding support for load balancers based on how you've provisioned your clusters: -- [Support for Layer-4 Load Balancing](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#support-for-layer-4-load-balancing) +- [Support for Layer-4 Load Balancing](layer-4-and-layer-7-load-balancing.md#support-for-layer-4-load-balancing) -- [Support for Layer-7 Load Balancing](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#support-for-layer-7-load-balancing) +- [Support for Layer-7 Load Balancing](layer-4-and-layer-7-load-balancing.md#support-for-layer-7-load-balancing) ## Ingress @@ -60,6 +60,6 @@ Refrain from adding an Ingress to the `local` cluster. The Nginx Ingress Control ::: -- For more information on how to set up ingress in Rancher, see [Ingress](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/add-ingresses.md). +- For more information on how to set up ingress in Rancher, see [Ingress](add-ingresses.md). - For complete information about ingress and ingress controllers, see the [Kubernetes Ingress Documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - When using ingresses in a project, you can program the ingress hostname to an external DNS by setting up a Global DNS entry. diff --git a/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md index e63edcef74a..b3c89b90949 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md @@ -21,7 +21,7 @@ Deploy a workload to run an application in one or more containers. 1. Either select an existing namespace, or click **Add to a new namespace** and enter a new namespace. -1. Click **Add Port** to enter a port mapping, which enables access to the application inside and outside of the cluster . For more information, see [Services](../../../../pages-for-subheaders/workloads-and-pods.md#services). +1. Click **Add Port** to enter a port mapping, which enables access to the application inside and outside of the cluster . For more information, see [Services](workloads-and-pods.md#services). 1. Configure the remaining options: @@ -45,7 +45,7 @@ Deploy a workload to run an application in one or more containers. - In [Amazon AWS](https://aws.amazon.com/), the nodes must be in the same Availability Zone and possess IAM permissions to attach/unattach volumes. - - The cluster must be using the [AWS cloud provider](https://github.com/kubernetes/website/blob/release-1.18/content/en/docs/concepts/cluster-administration/cloud-providers.md#aws) option. For more information on enabling this option see [Creating an Amazon EC2 Cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) or [Creating a Custom Cluster](../../../../pages-for-subheaders/use-existing-nodes.md). + - The cluster must be using the [AWS cloud provider](https://github.com/kubernetes/website/blob/release-1.18/content/en/docs/concepts/cluster-administration/cloud-providers.md#aws) option. For more information on enabling this option see [Creating an Amazon EC2 Cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) or [Creating a Custom Cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md). ::: diff --git a/docs/pages-for-subheaders/workloads-and-pods.md b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md similarity index 92% rename from docs/pages-for-subheaders/workloads-and-pods.md rename to docs/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md index 5cfe84668af..c20787712ae 100644 --- a/docs/pages-for-subheaders/workloads-and-pods.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md @@ -71,9 +71,9 @@ There are several types of services available in Rancher. The descriptions below This section of the documentation contains instructions for deploying workloads and using workload options. -- [Deploy Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md) -- [Upgrade Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/upgrade-workloads.md) -- [Rollback Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/roll-back-workloads.md) +- [Deploy Workloads](deploy-workloads.md) +- [Upgrade Workloads](upgrade-workloads.md) +- [Rollback Workloads](roll-back-workloads.md) ## Related Links diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md index bd90885720a..2d98149dae2 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md @@ -11,15 +11,15 @@ There are two different agent resources deployed on Rancher managed clusters: - [cattle-cluster-agent](#cattle-cluster-agent) - [cattle-node-agent](#cattle-node-agent) -For a conceptual overview of how the Rancher server provisions clusters and communicates with them, refer to the [architecture](../../../pages-for-subheaders/rancher-manager-architecture.md). +For a conceptual overview of how the Rancher server provisions clusters and communicates with them, refer to the [architecture](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md). ### cattle-cluster-agent -The `cattle-cluster-agent` is used to connect to the Kubernetes API of [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. The `cattle-cluster-agent` is deployed using a Deployment resource. +The `cattle-cluster-agent` is used to connect to the Kubernetes API of [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) clusters. The `cattle-cluster-agent` is deployed using a Deployment resource. ### cattle-node-agent -The `cattle-node-agent` is used to interact with nodes in a [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) cluster when performing cluster operations. Examples of cluster operations are upgrading Kubernetes version and creating/restoring etcd snapshots. The `cattle-node-agent` is deployed using a DaemonSet resource to make sure it runs on every node. The `cattle-node-agent` is used as fallback option to connect to the Kubernetes API of [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters when `cattle-cluster-agent` is unavailable. +The `cattle-node-agent` is used to interact with nodes in a [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) cluster when performing cluster operations. Examples of cluster operations are upgrading Kubernetes version and creating/restoring etcd snapshots. The `cattle-node-agent` is deployed using a DaemonSet resource to make sure it runs on every node. The `cattle-node-agent` is used as fallback option to connect to the Kubernetes API of [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) clusters when `cattle-cluster-agent` is unavailable. ### Scheduling rules @@ -32,7 +32,7 @@ If control plane nodes are present in the cluster, the default tolerations will | `cattle-cluster-agent` | `beta.kubernetes.io/os:NotIn:windows` | none | **Note:** These are the default tolerations, and will be replaced by tolerations matching taints applied to controlplane nodes.

`effect:NoSchedule`
`key:node-role.kubernetes.io/controlplane`
`value:true`

`effect:NoSchedule`
`key:node-role.kubernetes.io/control-plane`
`operator:Exists`

`effect:NoSchedule`
`key:node-role.kubernetes.io/master`
`operator:Exists` | | `cattle-node-agent` | `beta.kubernetes.io/os:NotIn:windows` | none | `operator:Exists` | -The `cattle-cluster-agent` Deployment has preferred scheduling rules using `preferredDuringSchedulingIgnoredDuringExecution`, favoring to be scheduled on nodes with the `controlplane` node. When there are no controlplane nodes visible in the cluster (this is usually the case when using [Clusters from Hosted Kubernetes Providers](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md)), you can add the label `cattle.io/cluster-agent=true` on a node to prefer scheduling the `cattle-cluster-agent` pod to that node. +The `cattle-cluster-agent` Deployment has preferred scheduling rules using `preferredDuringSchedulingIgnoredDuringExecution`, favoring to be scheduled on nodes with the `controlplane` node. When there are no controlplane nodes visible in the cluster (this is usually the case when using [Clusters from Hosted Kubernetes Providers](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md)), you can add the label `cattle.io/cluster-agent=true` on a node to prefer scheduling the `cattle-cluster-agent` pod to that node. See [Kubernetes: Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) to find more information about scheduling rules. diff --git a/docs/pages-for-subheaders/launch-kubernetes-with-rancher.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md similarity index 85% rename from docs/pages-for-subheaders/launch-kubernetes-with-rancher.md rename to docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md index 5b7f4363bab..e62d67c8323 100644 --- a/docs/pages-for-subheaders/launch-kubernetes-with-rancher.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md @@ -20,23 +20,23 @@ Rancher can also create pools of nodes. One benefit of installing Kubernetes on ### Requirements -If you use RKE to set up a cluster, your nodes must meet the [requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) for nodes in downstream user clusters. +If you use RKE to set up a cluster, your nodes must meet the [requirements](../kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) for nodes in downstream user clusters. ### Launching Kubernetes on New Nodes in an Infrastructure Provider -Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider.md#node-templates). This node template defines the parameters you want to use to launch nodes in your cloud providers. +Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). This node template defines the parameters you want to use to launch nodes in your cloud providers. One benefit of installing Kubernetes on node pools hosted by an infrastructure provider is that if a node loses connectivity with the cluster, Rancher can automatically create another node to join the cluster to ensure that the count of the node pool is as expected. -For more information, refer to the section on [launching Kubernetes on new nodes.](use-new-nodes-in-an-infra-provider.md) +For more information, refer to the section on [launching Kubernetes on new nodes.](use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### Launching Kubernetes on Existing Custom Nodes In this scenario, you want to install Kubernetes on bare-metal servers, on-prem virtual machines, or virtual machines that already exist in a cloud provider. With this option, you will run a Rancher agent Docker container on the machine. -If you want to reuse a node from a previous custom cluster, [clean the node](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node](../manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. -For more information, refer to the section on [custom nodes.](use-existing-nodes.md) +For more information, refer to the section on [custom nodes.](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) ### Programmatically Creating RKE Clusters diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index bef31ab3f23..6f64d0abb70 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -32,7 +32,7 @@ Then you will create a DigitalOcean cluster in Rancher, and when configuring the ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for DigitalOcean will allow Rancher to provision new nodes in DigitalOcean. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for DigitalOcean will allow Rancher to provision new nodes in DigitalOcean. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -46,7 +46,7 @@ Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an- 1. On the **Clusters** page, click **Create**. 1. Click **DigitalOcean**. 1. Enter a **Cluster Name**. -1. Add one or more node pools to your cluster. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Add one or more node pools to your cluster. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. **In the Cluster Configuration** section, choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Click **Create**. @@ -75,7 +75,7 @@ Use Rancher to create a Kubernetes cluster in DigitalOcean. 1. Click **DigitalOcean**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to the [DigitalOcean machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 5bc7d109825..3a4db1d0a73 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -18,7 +18,7 @@ Then you will create an EC2 cluster in Rancher, and when configuring the new clu - **AWS EC2 Access Key and Secret Key** that will be used to create the instances. See [Amazon Documentation: Creating Access Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) how to create an Access Key and Secret Key. - **IAM Policy created** to add to the user of the Access Key And Secret Key. See [Amazon Documentation: Creating IAM Policies (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start) how to create an IAM policy. See our three example JSON policies below: - [Example IAM Policy](#example-iam-policy) - - [Example IAM Policy with PassRole](#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) + - [Example IAM Policy with PassRole](#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) - [Example IAM Policy to allow encrypted EBS volumes](#example-iam-policy-to-allow-encrypted-ebs-volumes) - **IAM Policy added as Permission** to the user. See [Amazon Documentation: Adding Permissions to a User (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) how to attach it to an user. @@ -48,7 +48,7 @@ The steps to create a cluster differ based on your Rancher version. ### 2. Create a node template with your cloud credentials and information from EC2 -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for EC2 will allow Rancher to provision new nodes in EC2. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for EC2 will allow Rancher to provision new nodes in EC2. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates** @@ -64,14 +64,14 @@ Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an- ### 3. Create a cluster with node pools using the node template -Add one or more node pools to your cluster. For more information about node pools, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +Add one or more node pools to your cluster. For more information about node pools, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. Click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create**. 1. Click **Amazon EC2**. -1. Create a node pool for each Kubernetes role. For each node pool, choose a node template that you created. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Create a node pool for each Kubernetes role. For each node pool, choose a node template that you created. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers](../../../../pages-for-subheaders/set-up-cloud-providers.md) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) +1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) :::note @@ -107,7 +107,7 @@ If you already have a set of cloud credentials to use, skip this section. 1. Click **Amazon EC2**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to [the EC2 machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 758616b057d..2b9e2e10cdd 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -69,7 +69,7 @@ The creation of this service principal returns three pieces of identification in ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for Azure will allow Rancher to provision new nodes in Azure. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for Azure will allow Rancher to provision new nodes in Azure. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -85,7 +85,7 @@ Use Rancher to create a Kubernetes cluster in Azure. 1. On the **Clusters** page, click **Create**. 1. Click **Azure**. 1. Enter a **Cluster Name**. -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. In the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Click **Create**. @@ -116,7 +116,7 @@ Use Rancher to create a Kubernetes cluster in Azure. 1. Click **Azure**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to the [Azure machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/docs/pages-for-subheaders/nutanix.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md similarity index 65% rename from docs/pages-for-subheaders/nutanix.md rename to docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md index b626cf2bd12..9c761b50475 100644 --- a/docs/pages-for-subheaders/nutanix.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md @@ -13,9 +13,9 @@ Rancher can provision nodes in AOS (AHV) and install Kubernetes on them. When cr A Nutanix cluster may consist of multiple groups of VMs with distinct properties, such as the amount of memory or the number of vCPUs. This grouping allows for fine-grained control over the sizing of nodes for each Kubernetes role. -- [Creating a Nutanix Cluster](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md#creating-a-nutanix-aos-cluster) -- [Provisioning Storage](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md) +- [Creating a Nutanix Cluster](provision-kubernetes-clusters-in-aos.md#creating-a-nutanix-aos-cluster) +- [Provisioning Storage](provision-kubernetes-clusters-in-aos.md) ## Creating a Nutanix Cluster -In [this section,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in Nutanix AOS. \ No newline at end of file +In [this section,](provision-kubernetes-clusters-in-aos.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in Nutanix AOS. \ No newline at end of file diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index ded99b0679c..df67f078ac3 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -55,7 +55,7 @@ Setting up [VM-VM Anti-Affinity Policies](https://portal.nutanix.com/page/docume ### 1. Create a node template -Creating a [node template](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for Nutanix AOS will allow Rancher to provision new nodes in Nutanix AOS. Node templates can be reused for other clusters. +Creating a [node template](../use-new-nodes-in-an-infra-provider.md#node-templates) for Nutanix AOS will allow Rancher to provision new nodes in Nutanix AOS. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -75,7 +75,7 @@ Use Rancher to create a Kubernetes cluster in Nutanix AOS. 1. Enter a **Cluster Name**, then click **Continue**. 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users who can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used, and whether you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../use-new-nodes-in-an-infra-provider.md#node-pools) 1. Review your options to confirm they're correct. Then click **Create**. **Result:** Your cluster is created and assigned a state of **Provisioning**. Rancher is standing up your cluster. diff --git a/docs/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md similarity index 92% rename from docs/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md rename to docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md index 59e2425659f..88bac5263d0 100644 --- a/docs/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md @@ -125,11 +125,11 @@ Node templates can use cloud credentials to store credentials for launching node - Multiple node templates can share the same cloud credential to create node pools. If your key is compromised or expired, the cloud credential can be updated in a single place, which allows all node templates that are using it to be updated at once. -After cloud credentials are created, the user can start [managing the cloud credentials that they created](../reference-guides/user-settings/manage-cloud-credentials.md). +After cloud credentials are created, the user can start [managing the cloud credentials that they created](../../../../reference-guides/user-settings/manage-cloud-credentials.md). ### Node Drivers -If you don't find the node driver that you want to use, you can see if it is available in Rancher's built-in [node drivers and activate it](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#activatingdeactivating-node-drivers), or you can [add your own custom node driver](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#adding-custom-node-drivers). +If you don't find the node driver that you want to use, you can see if it is available in Rancher's built-in [node drivers and activate it](../../authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#activatingdeactivating-node-drivers), or you can [add your own custom node driver](../../authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#adding-custom-node-drivers). ## RKE2 Clusters @@ -137,7 +137,7 @@ Rancher v2.6 introduces provisioning for [RKE2](https://docs.rke2.io/) clusters :::note -For RKE2 cluster templates, please refer to [this page](../how-to-guides/new-user-guides/manage-clusters/manage-cluster-templates.md#rke2-cluster-template) for additional information. +For RKE2 cluster templates, please refer to [this page](../../manage-clusters/manage-cluster-templates.md#rke2-cluster-template) for additional information. ::: @@ -149,7 +149,7 @@ The same functionality of using `etcd`, `controlplane` and `worker` nodes is pos The implementation of the three node roles in Rancher means that Rancher managed RKE2 clusters are able to easily leverage all of the same architectural best practices that are recommended for RKE clusters. -In our [recommended cluster architecture](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md), we outline how many nodes of each role clusters should have: +In our [recommended cluster architecture](../../kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md), we outline how many nodes of each role clusters should have: - At least three nodes with the role etcd to survive losing one node - At least two nodes with the role controlplane for master component high availability diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index 90f094ee5e7..9aec21efdf6 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -69,7 +69,7 @@ If you have a cluster with DRS enabled, setting up [VM-VM Affinity Rules](https: ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for vSphere will allow Rancher to provision new nodes in vSphere. Node templates can be reused for other clusters. +Creating a [node template](../use-new-nodes-in-an-infra-provider.md#node-templates) for vSphere will allow Rancher to provision new nodes in vSphere. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -90,7 +90,7 @@ Use Rancher to create a Kubernetes cluster in vSphere. 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. If you want to dynamically provision persistent storage or other infrastructure later, you will need to enable the vSphere cloud provider by modifying the cluster YAML file. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../use-new-nodes-in-an-infra-provider.md#node-pools) 1. Review your options to confirm they're correct. Then click **Create**. **Result:** @@ -111,4 +111,4 @@ After creating your cluster, you can access it through the Rancher UI. As a best - **Access your cluster with the kubectl CLI:** Follow [these steps](../../../../new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. - **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../../../new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. -- **Provision Storage:** For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../../../pages-for-subheaders/provisioning-storage-examples.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). \ No newline at end of file +- **Provision Storage:** For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). \ No newline at end of file diff --git a/docs/pages-for-subheaders/vsphere.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md similarity index 64% rename from docs/pages-for-subheaders/vsphere.md rename to docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md index 634a037c1cd..9890f087ece 100644 --- a/docs/pages-for-subheaders/vsphere.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md @@ -21,7 +21,7 @@ The vSphere node templates have been updated, allowing you to bring cloud operat ### Self-healing Node Pools -One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,](use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. +One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,](../use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. :::caution @@ -33,7 +33,7 @@ It is not recommended to enable node auto-replace on a node pool of master nodes Node templates for vSphere have been updated so that when you create a node template with your vSphere credentials, the template is automatically populated with the same options for provisioning VMs that you have access to in the vSphere console. -For the fields to be populated, your setup needs to fulfill the [prerequisites.](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md#preparation-in-vsphere) +For the fields to be populated, your setup needs to fulfill the [prerequisites.](provision-kubernetes-clusters-in-vsphere.md#preparation-in-vsphere) ### More Supported Operating Systems @@ -47,14 +47,14 @@ In this YouTube video, we demonstrate how to set up a node template with the new ## Creating a vSphere Cluster -In [this section,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in vSphere. +In [this section,](provision-kubernetes-clusters-in-vsphere.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in vSphere. ## Provisioning Storage -For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. Refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../manage-clusters/provisioning-storage-examples/vsphere-storage.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. Refer to [in-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). ## Enabling the vSphere Cloud Provider When a cloud provider is set up in Rancher, the Rancher server can automatically provision new infrastructure for the cluster, including new nodes or persistent storage devices. -For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). diff --git a/docs/pages-for-subheaders/access-clusters.md b/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md similarity index 71% rename from docs/pages-for-subheaders/access-clusters.md rename to docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md index 69d18515700..a4929ee26cf 100644 --- a/docs/pages-for-subheaders/access-clusters.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md @@ -8,11 +8,11 @@ title: Cluster Access This section is about what tools can be used to access clusters managed by Rancher. -For information on how to give users permission to access a cluster, see the section on [adding users to clusters.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) +For information on how to give users permission to access a cluster, see the section on [adding users to clusters.](add-users-to-clusters.md) -For more information on roles-based access control, see [this section.](manage-role-based-access-control-rbac.md) +For more information on roles-based access control, see [this section.](../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) -For information on how to set up an authentication system, see [this section.](authentication-config.md) +For information on how to set up an authentication system, see [this section.](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) ## Clusters in Rancher UI @@ -29,7 +29,7 @@ You can also access the **Clusters** page by clicking the **Manage** button abov On the **Clusters** page, select **⁝** at the end of each row to view a submenu with the following options: -* [Kubectl Shell](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md) +* [Kubectl Shell](use-kubectl-and-kubeconfig.md) * Download KubeConfig * Copy KubeConfig to Clipboard * Edit Config @@ -53,13 +53,13 @@ The **Cluster Dashboard** lists information about a specific cluster, such as nu You can use the Kubernetes command-line tool, [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), to manage your clusters. You have two options for using kubectl: -- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md). -- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md). +- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell](use-kubectl-and-kubeconfig.md). +- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](use-kubectl-and-kubeconfig.md). ## Rancher CLI -You can control your clusters by downloading Rancher's own command-line interface, [Rancher CLI](cli-with-rancher.md). This CLI tool can interact directly with different clusters and projects or pass them `kubectl` commands. +You can control your clusters by downloading Rancher's own command-line interface, [Rancher CLI](../../../../reference-guides/cli-with-rancher/cli-with-rancher.md). This CLI tool can interact directly with different clusters and projects or pass them `kubectl` commands. ## Rancher API -Finally, you can interact with your clusters over the Rancher API. Before you use the API, you must obtain an [API key](../reference-guides/user-settings/api-keys.md). To view the different resource fields and actions for an API object, open the API UI, which can be accessed by clicking on **View in API** for any Rancher UI object. +Finally, you can interact with your clusters over the Rancher API. Before you use the API, you must obtain an [API key](../../../../reference-guides/user-settings/api-keys.md). To view the different resource fields and actions for an API object, open the API UI, which can be accessed by clicking on **View in API** for any Rancher UI object. diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md b/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md index 148715a31de..ebb64045d5c 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md @@ -35,7 +35,7 @@ Cluster administrators can edit the membership for a cluster, controlling which If external authentication is configured: - - Rancher returns users from your [external authentication](../../../../pages-for-subheaders/authentication-config.md) source as you type. + - Rancher returns users from your [external authentication](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) source as you type. :::note Using AD but can't find your users? @@ -47,7 +47,7 @@ Cluster administrators can edit the membership for a cluster, controlling which :::note - If you are logged in as a local user, external users do not display in your search results. For more information, see [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). + If you are logged in as a local user, external users do not display in your search results. For more information, see [External Authentication Configuration and Principal Users](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md b/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md index 543ed4d10b4..8db87b8b982 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md @@ -27,7 +27,7 @@ If admins have [kubeconfig token generation turned off](../../../../reference-gu ### Two Authentication Methods for RKE Clusters -If the cluster is not an [RKE cluster,](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) the kubeconfig file allows you to access the cluster in only one way: it lets you be authenticated with the Rancher server, then Rancher allows you to run kubectl commands on the cluster. +If the cluster is not an [RKE cluster,](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) the kubeconfig file allows you to access the cluster in only one way: it lets you be authenticated with the Rancher server, then Rancher allows you to run kubectl commands on the cluster. For RKE clusters, the kubeconfig file allows you to be authenticated in two ways: diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md b/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md index 6099a7d33d3..2c32c5c3660 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md @@ -48,7 +48,7 @@ Rancher will discover and show resources created by `kubectl`. However, these re ## Authenticating Directly with a Downstream Cluster -This section intended to help you set up an alternative method to access an [RKE cluster.](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +This section intended to help you set up an alternative method to access an [RKE cluster.](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) This method is only available for RKE, RKE2, and K3s clusters that have the [authorized cluster endpoint](../../../../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled. When Rancher creates the cluster, it generates a kubeconfig file that includes additional kubectl context(s) for accessing your cluster. This additional context allows you to use kubectl to authenticate with the downstream cluster without authenticating through Rancher. For a longer explanation of how the authorized cluster endpoint works, refer to [this page](authorized-cluster-endpoint.md). diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md b/docs/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md index 9b9c30d32cb..a705b202f2f 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md @@ -8,7 +8,7 @@ title: Adding a Pod Security Policy :::note Prerequisite: -The options below are available only for clusters that are [launched using RKE.](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +The options below are available only for clusters that are [launched using RKE.](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ::: @@ -22,7 +22,7 @@ You can assign a pod security policy when you provision a cluster. However, if y :::note - This option is only available for clusters [provisioned by RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). + This option is only available for clusters [provisioned by RKE](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ::: diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md b/docs/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md index b45beab4572..736bc664d8c 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md @@ -27,9 +27,9 @@ When cleaning nodes provisioned using Rancher, the following components are dele | All resources create under the `management.cattle.io` API Group | ✓ | ✓ | ✓ | | | All CRDs created by Rancher v2.x | ✓ | ✓ | ✓ | | -[1]: ../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md -[2]: ../../../pages-for-subheaders/use-existing-nodes.md -[3]: ../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +[1]: ../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md +[2]: ../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +[3]: ../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md [4]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md ## Removing a Node from a Cluster by Rancher UI diff --git a/docs/pages-for-subheaders/create-kubernetes-persistent-storage.md b/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md similarity index 65% rename from docs/pages-for-subheaders/create-kubernetes-persistent-storage.md rename to docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md index 58fcb58c1cb..58a71adce61 100644 --- a/docs/pages-for-subheaders/create-kubernetes-persistent-storage.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md @@ -9,15 +9,15 @@ description: "Learn about the two ways with which you can create persistent stor When deploying an application that needs to retain data, you'll need to create persistent storage. Persistent storage allows you to store application data external from the pod running your application. This storage practice allows you to maintain application data, even if the application's pod fails. -The documents in this section assume that you understand the Kubernetes concepts of persistent volumes, persistent volume claims, and storage classes. For more information, refer to the section on [how storage works.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-persistent-storage.md) +The documents in this section assume that you understand the Kubernetes concepts of persistent volumes, persistent volume claims, and storage classes. For more information, refer to the section on [how storage works.](manage-persistent-storage/about-persistent-storage.md) ### Prerequisites -To set up persistent storage, the `Manage Volumes` [role](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. +To set up persistent storage, the `Manage Volumes` [role](../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../pages-for-subheaders/set-up-cloud-providers.md) +For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) For attaching existing persistent storage to a cluster, the cloud provider does not need to be enabled. @@ -30,7 +30,7 @@ The overall workflow for setting up existing storage is as follows: 3. Add a persistent volume claim (PVC) that refers to the PV. 4. Mount the PVC as a volume in your workload. -For details and prerequisites, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/set-up-existing-storage.md) +For details and prerequisites, refer to [this page.](manage-persistent-storage/set-up-existing-storage.md) ### Dynamically Provisioning New Storage in Rancher @@ -40,7 +40,7 @@ The overall workflow for provisioning new storage is as follows: 2. Add a persistent volume claim (PVC) that refers to the storage class. 3. Mount the PVC as a volume for your workload. -For details and prerequisites, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md) +For details and prerequisites, refer to [this page.](manage-persistent-storage/dynamically-provision-new-storage.md) ### Longhorn Storage @@ -50,19 +50,19 @@ Longhorn is free, open source software. Originally developed by Rancher Labs, it If you have a pool of block storage, Longhorn can help you provide persistent storage to your Kubernetes cluster without relying on cloud providers. For more information about Longhorn features, refer to the [documentation.](https://longhorn.io/docs/latest/what-is-longhorn/) -Rancher v2.5 simplified the process of installing Longhorn on a Rancher-managed cluster. For more information, see [Cloud Native Storage with Longhorn](../integrations-in-rancher/longhorn/longhorn.md). +Rancher v2.5 simplified the process of installing Longhorn on a Rancher-managed cluster. For more information, see [Cloud Native Storage with Longhorn](../../../../integrations-in-rancher/longhorn/longhorn.md). ### Provisioning Storage Examples -We provide examples of how to provision storage with [NFS,](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md) [vSphere,](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) and [Amazon's EBS.](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) +We provide examples of how to provision storage with [NFS,](../provisioning-storage-examples/nfs-storage.md) [vSphere,](../provisioning-storage-examples/vsphere-storage.md) and [Amazon's EBS.](../provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) ### GlusterFS Volumes -In clusters that store data on GlusterFS volumes, you may experience an issue where pods fail to mount volumes after restarting the `kubelet`. For details on preventing this from happening, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md) +In clusters that store data on GlusterFS volumes, you may experience an issue where pods fail to mount volumes after restarting the `kubelet`. For details on preventing this from happening, refer to [this page.](manage-persistent-storage/about-glusterfs-volumes.md) ### iSCSI Volumes -In [Rancher Launched Kubernetes clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. For details on resolving this issue, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md) +In [Rancher Launched Kubernetes clusters](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. For details on resolving this issue, refer to [this page.](manage-persistent-storage/install-iscsi-volumes.md) ### hostPath Volumes Before you create a hostPath volume, you need to set up an [extra_bind](https://rancher.com/docs/rke/latest/en/config-options/services/services-extras/#extra-binds/) in your cluster configuration. This will mount the path as a volume in your kubelets, which can then be used for hostPath volumes in your workloads. @@ -71,7 +71,7 @@ Before you create a hostPath volume, you need to set up an [extra_bind](https:// Kubernetes is moving away from maintaining cloud providers in-tree. vSphere has an out-of-tree cloud provider that can be used by installing the vSphere cloud provider and cloud storage plugins. -For instructions on how to migrate from the in-tree vSphere cloud provider to out-of-tree, and manage the existing VMs post migration, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md) +For instructions on how to migrate from the in-tree vSphere cloud provider to out-of-tree, and manage the existing VMs post migration, refer to [this page.](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md) ### Related Links diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md b/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md index aef5e622446..6c0b1c1d0d2 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md @@ -8,7 +8,7 @@ title: GlusterFS Volumes :::note -This section only applies to [RKE clusters.](../../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +This section only applies to [RKE clusters.](../../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ::: diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md b/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md index 77343a9f5c9..c40d3000816 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md @@ -23,7 +23,7 @@ To provision new storage for your workloads, follow these steps: - To set up persistent storage, the `Manage Volumes` [role](../../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. - If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../../../../pages-for-subheaders/set-up-cloud-providers.md) +- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) - Make sure your storage provisioner is available to be enabled. The following storage provisioners are enabled by default: diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md b/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md index cce04e02a24..6fe70097a2f 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md @@ -6,7 +6,7 @@ title: iSCSI Volumes -In [Rancher Launched Kubernetes clusters](../../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. This failure is likely due to an incompatibility issue involving the iSCSI initiator tool. You can resolve this issue by installing the iSCSI initiator tool on each of your cluster nodes. +In [Rancher Launched Kubernetes clusters](../../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. This failure is likely due to an incompatibility issue involving the iSCSI initiator tool. You can resolve this issue by installing the iSCSI initiator tool on each of your cluster nodes. Rancher Launched Kubernetes clusters storing data on iSCSI volumes leverage the [iSCSI initiator tool](http://www.open-iscsi.com/), which is embedded in the kubelet's `rancher/hyperkube` Docker image. From each kubelet (i.e., the _initiator_), the tool discovers and launches sessions with an iSCSI volume (i.e., the _target_). However, in some instances, the versions of the iSCSI initiator tool installed on the initiator and the target may not match, resulting in a connection failure. diff --git a/docs/pages-for-subheaders/install-cluster-autoscaler.md b/docs/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md similarity index 91% rename from docs/pages-for-subheaders/install-cluster-autoscaler.md rename to docs/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md index 8b749aae5ee..127153dd06b 100644 --- a/docs/pages-for-subheaders/install-cluster-autoscaler.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md @@ -25,4 +25,4 @@ Cluster Autoscaler provides support to distinct cloud providers. For more inform ### Setting up Cluster Autoscaler on Amazon Cloud Provider -For details on running the cluster autoscaler on Amazon cloud provider, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md) +For details on running the cluster autoscaler on Amazon cloud provider, refer to [this page.](use-aws-ec2-auto-scaling-groups.md) diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md b/docs/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md index c8debb174ad..7daaab8504b 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md @@ -238,7 +238,7 @@ More info is at [RKE clusters on AWS](../../../new-user-guides/kubernetes-cluste Once we've configured AWS, let's create VMs to bootstrap our cluster: -* master (etcd+controlplane): Depending your needs, deploy three master instances with proper size. More info is at [the recommendations for production-ready clusters.](../../../../pages-for-subheaders/checklist-for-production-ready-clusters.md) +* master (etcd+controlplane): Depending your needs, deploy three master instances with proper size. More info is at [the recommendations for production-ready clusters.](../../kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) * IAM role: `K8sMasterRole` * Security group: `K8sMasterSg` * Tags: diff --git a/docs/pages-for-subheaders/manage-clusters.md b/docs/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md similarity index 68% rename from docs/pages-for-subheaders/manage-clusters.md rename to docs/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md index e6f69885338..23fc13f7b51 100644 --- a/docs/pages-for-subheaders/manage-clusters.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md @@ -10,13 +10,13 @@ After you provision a cluster in Rancher, you can begin using powerful Kubernete :::note -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../../../reference-guides/kubernetes-concepts.md) page. ::: ## Managing Clusters in Rancher -After clusters have been [provisioned into Rancher](kubernetes-clusters-in-rancher-setup.md), [cluster owners](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. +After clusters have been [provisioned into Rancher](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md), [cluster owners](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md b/docs/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md index 2e7f151e5c2..fbbe7813b4e 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md @@ -13,11 +13,11 @@ After you launch a Kubernetes cluster in Rancher, you can manage individual node 1. Find the cluster whose nodes you want to manage, and click the **Explore** button at the end of the row. 1. Select **Nodes** from the left navigation. -Depending on the [option used](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) to provision the cluster, there are different node options available. +Depending on the [option used](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) to provision the cluster, there are different node options available. :::note -If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters](../../../pages-for-subheaders/cluster-configuration.md). +If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters](../../../reference-guides/cluster-configuration/cluster-configuration.md). ::: @@ -36,9 +36,9 @@ The following table lists which node options are available for each type of clus | [Download Keys](#ssh-into-a-node-hosted-by-an-infrastructure-provider) | ✓ | | | | | Download SSH key in order to SSH into the node. | | [Node Scaling](#scaling-nodes) | ✓ | | | ✓ | | Scale the number of nodes in the node pool up or down. | -[1]: ../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md -[2]: ../../../pages-for-subheaders/use-existing-nodes.md -[3]: ../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +[1]: ../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md +[2]: ../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +[3]: ../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md [4]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md [5]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -47,17 +47,17 @@ The following table lists which node options are available for each type of clus ### Nodes Hosted by an Infrastructure Provider -Node pools are available when you provision Rancher-launched Kubernetes clusters on nodes that are [hosted in an infrastructure provider.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +Node pools are available when you provision Rancher-launched Kubernetes clusters on nodes that are [hosted in an infrastructure provider.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) -Clusters provisioned using [one of the node pool options](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) can be scaled up or down if the node pool is edited. +Clusters provisioned using [one of the node pool options](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-pools) can be scaled up or down if the node pool is edited. -A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. +A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. -Rancher uses [node templates](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) to replace nodes in the node pool. Each node template uses cloud provider credentials to allow Rancher to set up the node in the infrastructure provider. +Rancher uses [node templates](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) to replace nodes in the node pool. Each node template uses cloud provider credentials to allow Rancher to set up the node in the infrastructure provider. ### Nodes Provisioned by Hosted Kubernetes Providers -Options for managing nodes [hosted by a Kubernetes provider](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md) are somewhat limited in Rancher. Rather than using the Rancher UI to make edits such as scaling the number of nodes up or down, edit the cluster directly. +Options for managing nodes [hosted by a Kubernetes provider](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) are somewhat limited in Rancher. Rather than using the Rancher UI to make edits such as scaling the number of nodes up or down, edit the cluster directly. ### Registered Nodes @@ -76,13 +76,13 @@ To manage individual nodes, browse to the cluster that you want to manage and th ## Viewing a Node in the Rancher API -Select this option to view the node's [API endpoints](../../../pages-for-subheaders/about-the-api.md). +Select this option to view the node's [API endpoints](../../../reference-guides/about-the-api/about-the-api.md). ## Deleting a Node Use **Delete** to remove defective nodes from the cloud provider. -When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) +When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) :::tip @@ -92,11 +92,11 @@ If your cluster is hosted by an infrastructure provider, and you want to scale y ## Scaling Nodes -For nodes hosted by an infrastructure provider, you can scale the number of nodes in each [node pool](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) by using the scale controls. This option isn't available for other cluster types. +For nodes hosted by an infrastructure provider, you can scale the number of nodes in each [node pool](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-pools) by using the scale controls. This option isn't available for other cluster types. ## SSH into a Node Hosted by an Infrastructure Provider -For [nodes hosted by an infrastructure provider](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), you have the option of downloading its SSH key so that you can connect to it remotely from your desktop. +For [nodes hosted by an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), you have the option of downloading its SSH key so that you can connect to it remotely from your desktop. 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, go to the cluster where you want to SSH into a node and click the name of the cluster. diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md b/docs/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md index d74b70822d3..09c74502119 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md @@ -38,10 +38,10 @@ You can assign resources at the project level so that each namespace in the proj You can assign the following resources directly to namespaces: -- [Workloads](../../../pages-for-subheaders/workloads-and-pods.md) -- [Load Balancers/Ingress](../../../pages-for-subheaders/load-balancer-and-ingress-controller.md) +- [Workloads](../kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) +- [Load Balancers/Ingress](../kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md) - [Service Discovery Records](../../new-user-guides/kubernetes-resources-setup/create-services.md) -- [Persistent Volume Claims](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) +- [Persistent Volume Claims](create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) - [Certificates](../../new-user-guides/kubernetes-resources-setup/encrypt-http-communication.md) - [ConfigMaps](../../new-user-guides/kubernetes-resources-setup/configmaps.md) - [Registries](../../new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries.md) @@ -180,7 +180,7 @@ To add a resource quota, 1. In the **Resource Quotas** tab, click **Add Resource**. 1. Select a **Resource Type**. For more information, see [Resource Quotas.](projects-and-namespaces.md). 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. -1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit](../../../pages-for-subheaders/manage-project-resource-quotas.md) +1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit](../../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md) 1. Click **Create**. **Result:** Your project is created. You can view it from the cluster's **Projects/Namespaces** view. diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md b/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md index 9898df21025..b5fd1fee669 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md @@ -10,7 +10,7 @@ Before you can use the NFS storage volume plug-in with Rancher deployments, you :::note -- If you already have an NFS share, you don't need to provision a new NFS server to use the NFS volume plugin within Rancher. Instead, skip the rest of this procedure and complete [adding storage](../../../../pages-for-subheaders/create-kubernetes-persistent-storage.md). +- If you already have an NFS share, you don't need to provision a new NFS server to use the NFS volume plugin within Rancher. Instead, skip the rest of this procedure and complete [adding storage](../create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md). - This procedure demonstrates how to set up an NFS server using Ubuntu, although you should be able to use these instructions for other Linux distros (e.g. Debian, RHEL, Arch Linux, etc.). For official instruction on how to create an NFS server using another Linux distro, consult the distro's documentation. diff --git a/docs/pages-for-subheaders/provisioning-storage-examples.md b/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md similarity index 64% rename from docs/pages-for-subheaders/provisioning-storage-examples.md rename to docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md index 44fd9593fba..b1d89e54c05 100644 --- a/docs/pages-for-subheaders/provisioning-storage-examples.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md @@ -10,6 +10,6 @@ Rancher supports persistent storage with a variety of volume plugins. However, b For your convenience, Rancher offers documentation on how to configure some of the popular storage methods: -- [NFS](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md) -- [vSphere](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) -- [EBS](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) +- [NFS](nfs-storage.md) +- [vSphere](vsphere-storage.md) +- [EBS](persistent-storage-in-amazon-ebs.md) diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md b/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md index b13cee6512d..0bede8b10ae 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md @@ -13,7 +13,7 @@ In order to dynamically provision storage in vSphere, the vSphere provider must ### Prerequisites -In order to provision vSphere volumes in a cluster created with the [Rancher Kubernetes Engine (RKE)](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md), the [vSphere cloud provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/vsphere) must be explicitly enabled in the [cluster options](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md). +In order to provision vSphere volumes in a cluster created with the [Rancher Kubernetes Engine (RKE)](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md), the [vSphere cloud provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/vsphere) must be explicitly enabled in the [cluster options](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md). ### Creating a StorageClass diff --git a/docs/how-to-guides/new-user-guides/manage-namespaces.md b/docs/how-to-guides/new-user-guides/manage-namespaces.md index 0419be358a6..48ae6879c01 100644 --- a/docs/how-to-guides/new-user-guides/manage-namespaces.md +++ b/docs/how-to-guides/new-user-guides/manage-namespaces.md @@ -12,10 +12,10 @@ Although you assign resources at the project level so that each namespace in the Resources that you can assign directly to namespaces include: -- [Workloads](../../pages-for-subheaders/workloads-and-pods.md) -- [Load Balancers/Ingress](../../pages-for-subheaders/load-balancer-and-ingress-controller.md) +- [Workloads](kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) +- [Load Balancers/Ingress](kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md) - [Service Discovery Records](kubernetes-resources-setup/create-services.md) -- [Persistent Volume Claims](../../pages-for-subheaders/create-kubernetes-persistent-storage.md) +- [Persistent Volume Claims](manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) - [Certificates](kubernetes-resources-setup/encrypt-http-communication.md) - [ConfigMaps](kubernetes-resources-setup/configmaps.md) - [Registries](kubernetes-resources-setup/kubernetes-and-docker-registries.md) @@ -44,7 +44,7 @@ When working with project resources that you can assign to a namespace (i.e., [w 1. Click **Cluster > Projects/Namespaces**. 1. Go to the project where you want to add a namespace and click **Create Namespace**. Alternately, go to **Not in a Project** to create a namespace not associated with a project. -1. **Optional:** If your project has [Resource Quotas](../../pages-for-subheaders/manage-project-resource-quotas.md) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). +1. **Optional:** If your project has [Resource Quotas](../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). 1. Enter a **Name** and then click **Create**. @@ -64,7 +64,7 @@ Cluster admins and members may occasionally need to move a namespace to another :::note Notes: - Don't move the namespaces in the `System` project. Moving these namespaces can adversely affect cluster networking. - - You cannot move a namespace into a project that already has a [resource quota](../../pages-for-subheaders/manage-project-resource-quotas.md)configured. + - You cannot move a namespace into a project that already has a [resource quota](../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md)configured. - If you move a namespace from a project that has a quota set to a project with no quota set, the quota is removed from the namespace. 1. Choose a new project for the new namespace and then click **Move**. Alternatively, you can remove the namespace from all projects by selecting **None**. diff --git a/docs/pages-for-subheaders/new-user-guides.md b/docs/how-to-guides/new-user-guides/new-user-guides.md similarity index 100% rename from docs/pages-for-subheaders/new-user-guides.md rename to docs/how-to-guides/new-user-guides/new-user-guides.md diff --git a/docs/pages-for-subheaders/cis-scans.md b/docs/integrations-in-rancher/cis-scans/cis-scans.md similarity index 87% rename from docs/pages-for-subheaders/cis-scans.md rename to docs/integrations-in-rancher/cis-scans/cis-scans.md index d9c5dbecabb..c6423844d0c 100644 --- a/docs/pages-for-subheaders/cis-scans.md +++ b/docs/integrations-in-rancher/cis-scans/cis-scans.md @@ -29,7 +29,7 @@ The Benchmark version is included in the generated report. The Benchmark provides recommendations of two types: Automated and Manual. Recommendations marked as Manual in the Benchmark are not included in the generated report. -Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](./rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version. +Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](../../reference-guides/rancher-security/rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version. The report contains the following information: @@ -48,7 +48,7 @@ The report contains the following information: | `actual_value` | The test's actual value, present if reported by `kube-bench`. | | `expected_result` | The test's expected result, present if reported by `kube-bench`. | -Refer to [the table in the cluster hardening guide](./rancher-security.md) for information on which versions of Kubernetes, the Benchmark, Rancher, and our cluster hardening guide correspond to each other. Also refer to the hardening guide for configuration files of CIS-compliant clusters and information on remediating failed tests. +Refer to [the table in the cluster hardening guide](../../reference-guides/rancher-security/rancher-security.md) for information on which versions of Kubernetes, the Benchmark, Rancher, and our cluster hardening guide correspond to each other. Also refer to the hardening guide for configuration files of CIS-compliant clusters and information on remediating failed tests. ## Test Profiles @@ -90,7 +90,7 @@ There are two types of RKE cluster scan profiles: The EKS and GKE cluster scan profiles are based on CIS Benchmark versions that are specific to those types of clusters. -In order to pass the "Hardened" profile, you will need to follow the steps on the [hardening guide](./rancher-security.md#rancher-hardening-guide) and use the `cluster.yml` defined in the hardening guide to provision a hardened cluster. +In order to pass the "Hardened" profile, you will need to follow the steps on the [hardening guide](../../reference-guides/rancher-security/rancher-security.md#rancher-hardening-guide) and use the `cluster.yml` defined in the hardening guide to provision a hardened cluster. The default profile and the supported CIS benchmark version depends on the type of cluster that will be scanned: @@ -103,7 +103,7 @@ The `rancher-cis-benchmark` supports the CIS 1.6 Benchmark version. ## About Skipped and Not Applicable Tests -For a list of skipped and not applicable tests, refer to [this page](../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md). +For a list of skipped and not applicable tests, refer to [this page](../../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md). For now, only user-defined skipped tests are marked as skipped in the generated report. @@ -111,12 +111,12 @@ Any skipped tests that are defined as being skipped by one of the default profil ## Roles-based Access Control -For information about permissions, refer to [this page](../integrations-in-rancher/cis-scans/rbac-for-cis-scans.md) +For information about permissions, refer to [this page](rbac-for-cis-scans.md) ## Configuration -For more information about configuring the custom resources for the scans, profiles, and benchmark versions, refer to [this page](../integrations-in-rancher/cis-scans/configuration-reference.md) +For more information about configuring the custom resources for the scans, profiles, and benchmark versions, refer to [this page](configuration-reference.md) ## How-to Guides -Please refer to the [CIS Scan Guides](../pages-for-subheaders/cis-scan-guides.md) to learn how to run CIS scans. +Please refer to the [CIS Scan Guides](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) to learn how to run CIS scans. diff --git a/docs/pages-for-subheaders/aws-cloud-marketplace.md b/docs/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md similarity index 75% rename from docs/pages-for-subheaders/aws-cloud-marketplace.md rename to docs/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md index c487e1d6f92..13b1398077e 100644 --- a/docs/pages-for-subheaders/aws-cloud-marketplace.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md @@ -16,12 +16,12 @@ Rancher offers an integration with the AWS Marketplace which allows users to pur - Rancher must be deployed with additional metrics enabled. - Rancher must be installed on an EKS cluster. - You must purchase at least one entitlement to Rancher support through AWS Marketplace. -- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md) for more information. +- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](adapter-requirements.md) for more information. ## How to Use -1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md). -2. [Install the CSP Adapter](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md). +1. Complete the [prerequisite steps](adapter-requirements.md). +2. [Install the CSP Adapter](install-adapter.md). ## FAQ diff --git a/docs/pages-for-subheaders/cloud-marketplace.md b/docs/integrations-in-rancher/cloud-marketplace/cloud-marketplace.md similarity index 100% rename from docs/pages-for-subheaders/cloud-marketplace.md rename to docs/integrations-in-rancher/cloud-marketplace/cloud-marketplace.md diff --git a/docs/integrations-in-rancher/harvester/overview.md b/docs/integrations-in-rancher/harvester/overview.md index 55a9f5b16ac..9f280c70782 100644 --- a/docs/integrations-in-rancher/harvester/overview.md +++ b/docs/integrations-in-rancher/harvester/overview.md @@ -6,7 +6,7 @@ Introduced in Rancher v2.6.1, [Harvester](https://docs.harvesterhci.io/) is an o ### Feature Flag -The Harvester feature flag is used to manage access to the Virtualization Management (VM) page in Rancher where users can navigate directly to Harvester clusters and access the Harvester UI. The Harvester feature flag is enabled by default. Click [here](../../pages-for-subheaders/enable-experimental-features.md) for more information on feature flags in Rancher. +The Harvester feature flag is used to manage access to the Virtualization Management (VM) page in Rancher where users can navigate directly to Harvester clusters and access the Harvester UI. The Harvester feature flag is enabled by default. Click [here](../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md) for more information on feature flags in Rancher. To navigate to the Harvester cluster, click **☰ > Virtualization Management**. From Harvester Clusters page, click one of the clusters listed to go to the single Harvester cluster view. @@ -24,7 +24,7 @@ The [Harvester node driver](https://docs.harvesterhci.io/v1.1/rancher/node/node- Harvester allows `.ISO` images to be uploaded and displayed through the Harvester UI, but this is not supported in the Rancher UI. This is because `.ISO` images usually require additional setup that interferes with a clean deployment (without requiring user intervention), and they are not typically used in cloud environments. -See [Provisioning Drivers](../../pages-for-subheaders/about-provisioning-drivers.md#node-drivers) for more information on node drivers in Rancher. +See [Provisioning Drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md#node-drivers) for more information on node drivers in Rancher. ### Port Requirements diff --git a/docs/pages-for-subheaders/configuration-options.md b/docs/integrations-in-rancher/istio/configuration-options/configuration-options.md similarity index 81% rename from docs/pages-for-subheaders/configuration-options.md rename to docs/integrations-in-rancher/istio/configuration-options/configuration-options.md index fdfc51d41bc..35546a12f03 100644 --- a/docs/pages-for-subheaders/configuration-options.md +++ b/docs/integrations-in-rancher/istio/configuration-options/configuration-options.md @@ -28,16 +28,16 @@ The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=fals If you would like to limit Prometheus to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true`. Once you do this, you must perform some additional configuration to continue to monitor your resources. -For details, refer to [this section.](../integrations-in-rancher/istio/configuration-options/selectors-and-scrape-configurations.md) +For details, refer to [this section.](selectors-and-scrape-configurations.md) ### Enable Istio with Pod Security Policies -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/pod-security-policies.md) +Refer to [this section.](pod-security-policies.md) ### Additional Steps for Installing Istio on an RKE2 Cluster -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/install-istio-on-rke2-cluster.md) +Refer to [this section.](install-istio-on-rke2-cluster.md) ### Additional Steps for Project Network Isolation -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/project-network-isolation.md) \ No newline at end of file +Refer to [this section.](project-network-isolation.md) \ No newline at end of file diff --git a/docs/integrations-in-rancher/istio/cpu-and-memory-allocations.md b/docs/integrations-in-rancher/istio/cpu-and-memory-allocations.md index 10fe77c9ec4..d61b13089cd 100644 --- a/docs/integrations-in-rancher/istio/cpu-and-memory-allocations.md +++ b/docs/integrations-in-rancher/istio/cpu-and-memory-allocations.md @@ -45,7 +45,7 @@ To configure the resources allocated to an Istio component, 1. In the left navigation bar, click **Apps**. 1. Click **Installed Apps**. 1. Go to the `istio-system` namespace. In one of the Istio workloads, such as `rancher-istio`, click **⋮ > Edit/Upgrade**. -1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](../../pages-for-subheaders/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) +1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](configuration-options/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) 1. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations. 1. Click **Upgrade**. to rollout changes diff --git a/docs/pages-for-subheaders/istio.md b/docs/integrations-in-rancher/istio/istio.md similarity index 86% rename from docs/pages-for-subheaders/istio.md rename to docs/integrations-in-rancher/istio/istio.md index 93f1e9b7cc5..c622d0d2180 100644 --- a/docs/pages-for-subheaders/istio.md +++ b/docs/integrations-in-rancher/istio/istio.md @@ -18,7 +18,7 @@ This core service mesh provides features that include but are not limited to the - **Security** with resources to authenticate and authorize traffic and users, mTLS included. - **Observability** of logs, metrics, and distributed traffic flows. -After [setting up istio](istio-setup-guide.md) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. +After [setting up istio](../../how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. Istio needs to be set up by a `cluster-admin` before it can be used in a project. @@ -29,7 +29,7 @@ The overall architecture of Istio has been simplified. A single component, Istio Addons that were previously installed by Istio (cert-manager, Grafana, Jaeger, Kiali, Prometheus, Zipkin) will now need to be installed separately. Istio will support installation of integrations that are from the Istio Project and will maintain compatibility with those that are not. -A Prometheus integration will still be available through an installation of [Rancher Monitoring](monitoring-and-alerting.md), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. +A Prometheus integration will still be available through an installation of [Rancher Monitoring](../monitoring-and-alerting/monitoring-and-alerting.md), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. Istio has migrated away from Helm as a way to install Istio and now provides installation through the istioctl binary or Istio Operator. To ensure the easiest interaction with Istio, Rancher's Istio will maintain a Helm chart that utilizes the istioctl binary to manage your Istio installation. @@ -55,21 +55,21 @@ Note that this is not a production-qualified deployment of Jaeger. This deployme ## Prerequisites -Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](../integrations-in-rancher/istio/cpu-and-memory-allocations.md) to run all of the components of Istio. +Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](cpu-and-memory-allocations.md) to run all of the components of Istio. If you are installing Istio on RKE2 cluster, some additional steps are required. For details, see [this section.](#additional-steps-for-installing-istio-on-an-rke2-cluster) ## Setup Guide -Refer to the [setup guide](istio-setup-guide.md) for instructions on how to set up Istio and use it in a project. +Refer to the [setup guide](../../how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md) for instructions on how to set up Istio and use it in a project. ## Remove Istio -To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.](../integrations-in-rancher/istio/disable-istio.md) +To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.](disable-istio.md) ## Accessing Visualizations -> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.](../integrations-in-rancher/istio/rbac-for-istio.md) +> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.](rbac-for-istio.md) After Istio is set up in a cluster, Grafana, Prometheus, and Kiali are available in the Rancher UI. @@ -87,7 +87,7 @@ To access the Kiali visualization, 1. In the left navigation bar, click **Istio**. 1. Click **Kiali**. From here you can access the **Traffic Graph** tab or the **Traffic Metrics** tab to see network visualizations and metrics. -By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](../integrations-in-rancher/istio/configuration-options/selectors-and-scrape-configurations.md) if you would like to use a different configuration for prometheus data scraping. +By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](configuration-options/selectors-and-scrape-configurations.md) if you would like to use a different configuration for prometheus data scraping. Your access to the visualizations depend on your role. Grafana and Prometheus are only available for `cluster-admin` roles. The Kiali UI is available only to `cluster-admin` by default, but `cluster-admin` can allow other roles to access them by editing the Istio values.yaml. @@ -107,15 +107,15 @@ By default, each Rancher-provisioned cluster has one NGINX ingress controller al ![In an Istio-enabled cluster, you can have two ingresses: the default Nginx ingress, and the default Istio controller.](/img/istio-ingress.svg) - Additional Istio Ingress gateways can be enabled via the [overlay file](configuration-options.md#overlay-file). + Additional Istio Ingress gateways can be enabled via the [overlay file](configuration-options/configuration-options.md#overlay-file). ### Egress Support -By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](configuration-options.md#overlay-file). +By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](configuration-options/configuration-options.md#overlay-file). ## Additional Steps for Installing Istio on an RKE2 Cluster -To install Istio on an RKE2 cluster, follow the steps in [this section.](../integrations-in-rancher/istio/configuration-options/install-istio-on-rke2-cluster.md) +To install Istio on an RKE2 cluster, follow the steps in [this section.](configuration-options/install-istio-on-rke2-cluster.md) ## Upgrading Istio in an Air-Gapped Environment diff --git a/docs/integrations-in-rancher/kubernetes-distributions/kubernetes-distributions.md b/docs/integrations-in-rancher/kubernetes-distributions/kubernetes-distributions.md index b8e6a48e325..689dd6423ed 100644 --- a/docs/integrations-in-rancher/kubernetes-distributions/kubernetes-distributions.md +++ b/docs/integrations-in-rancher/kubernetes-distributions/kubernetes-distributions.md @@ -9,7 +9,7 @@ K3s is a lightweight, fully compliant Kubernetes distribution designed for a ran ### K3s with Rancher - Rancher allows easy provision of K3s across a range of platforms including Amazon EC2, DigitalOcean, Azure, vSphere, or existing servers. -- Standard Rancher management of Kubernetes clusters including all outlined [cluster management capabilities](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md#cluster-management-capabilities-by-cluster-type). +- Standard Rancher management of Kubernetes clusters including all outlined [cluster management capabilities](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md#cluster-management-capabilities-by-cluster-type). ## RKE2 @@ -28,4 +28,4 @@ Primary characteristics of RKE2 include: ## RKE2 with Rancher - Rancher allows easy provision of RKE2 across a range of platforms including Amazon EC2, DigitalOcean, Azure, vSphere, or existing servers. -- Standard Rancher management of Kubernetes clusters including all outlined [cluster management capabilities](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md#cluster-management-capabilities-by-cluster-type). +- Standard Rancher management of Kubernetes clusters including all outlined [cluster management capabilities](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md#cluster-management-capabilities-by-cluster-type). diff --git a/docs/pages-for-subheaders/custom-resource-configuration.md b/docs/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md similarity index 51% rename from docs/pages-for-subheaders/custom-resource-configuration.md rename to docs/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md index 37c2f337d78..eb1020ac1a2 100644 --- a/docs/pages-for-subheaders/custom-resource-configuration.md +++ b/docs/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md @@ -8,5 +8,5 @@ title: Custom Resource Configuration The following Custom Resource Definitions are used to configure logging: -- [Flow and ClusterFlow](../integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md) -- [Output and ClusterOutput](../integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md) \ No newline at end of file +- [Flow and ClusterFlow](flows-and-clusterflows.md) +- [Output and ClusterOutput](outputs-and-clusteroutputs.md) \ No newline at end of file diff --git a/docs/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md b/docs/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md index 65707e0980a..66f1614b045 100644 --- a/docs/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md +++ b/docs/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md @@ -8,7 +8,7 @@ title: Flows and ClusterFlows See the [Logging operator documentation](https://kube-logging.github.io/docs/configuration/flow/) for the full details on how to configure `Flows` and `ClusterFlows`. -See [Rancher Integration with Logging Services: Troubleshooting](../../../pages-for-subheaders/logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. +See [Rancher Integration with Logging Services: Troubleshooting](../logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. ## Flows diff --git a/docs/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md b/docs/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md index 3ae66c9145a..e62870d33f6 100644 --- a/docs/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md +++ b/docs/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md @@ -8,7 +8,7 @@ title: Outputs and ClusterOutputs See the [Logging operator documentation](https://kube-logging.github.io/docs/configuration/flow/) for the full details on how to configure `Flows` and `ClusterFlows`. -See [Rancher Integration with Logging Services: Troubleshooting](../../../pages-for-subheaders/logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. +See [Rancher Integration with Logging Services: Troubleshooting](../logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. ## Outputs diff --git a/docs/integrations-in-rancher/logging/logging-helm-chart-options.md b/docs/integrations-in-rancher/logging/logging-helm-chart-options.md index 643114f6d7c..d68865a3afc 100644 --- a/docs/integrations-in-rancher/logging/logging-helm-chart-options.md +++ b/docs/integrations-in-rancher/logging/logging-helm-chart-options.md @@ -45,7 +45,7 @@ Logging v2 was tested with SELinux on RHEL/CentOS 7 and 8. [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8. -To use Logging v2 with SELinux, we recommend installing the `rancher-selinux` RPM according to these [instructions](../../pages-for-subheaders/selinux-rpm.md). +To use Logging v2 with SELinux, we recommend installing the `rancher-selinux` RPM according to these [instructions](../../reference-guides/rancher-security/selinux-rpm/selinux-rpm.md). Then, when installing the logging application, configure the chart to be SELinux aware by changing `global.seLinux.enabled` to `true` in the `values.yaml`. diff --git a/docs/pages-for-subheaders/logging.md b/docs/integrations-in-rancher/logging/logging.md similarity index 80% rename from docs/pages-for-subheaders/logging.md rename to docs/integrations-in-rancher/logging/logging.md index 427422627f3..a79c896ec6e 100644 --- a/docs/pages-for-subheaders/logging.md +++ b/docs/integrations-in-rancher/logging/logging.md @@ -31,13 +31,13 @@ You can enable the logging for a Rancher managed cluster by going to the Apps pa ## Architecture -For more information about how the logging application works, see [this section.](../integrations-in-rancher/logging/logging-architecture.md) +For more information about how the logging application works, see [this section.](logging-architecture.md) ## Role-based Access Control -Rancher logging has two roles, `logging-admin` and `logging-view`. For more information on how and when to use these roles, see [this page.](../integrations-in-rancher/logging/rbac-for-logging.md) +Rancher logging has two roles, `logging-admin` and `logging-view`. For more information on how and when to use these roles, see [this page.](rbac-for-logging.md) ## Configuring Logging Custom Resources @@ -49,38 +49,38 @@ To manage `Flows,` `ClusterFlows`, `Outputs`, and `ClusterOutputs`, ### Flows and ClusterFlows -For help with configuring `Flows` and `ClusterFlows`, see [this page.](../integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md) +For help with configuring `Flows` and `ClusterFlows`, see [this page.](custom-resource-configuration/flows-and-clusterflows.md) ### Outputs and ClusterOutputs -For help with configuring `Outputs` and `ClusterOutputs`, see [this page.](../integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md) +For help with configuring `Outputs` and `ClusterOutputs`, see [this page.](custom-resource-configuration/outputs-and-clusteroutputs.md) ## Configuring the Logging Helm Chart -For a list of options that can be configured when the logging application is installed or upgraded, see [this page.](../integrations-in-rancher/logging/logging-helm-chart-options.md) +For a list of options that can be configured when the logging application is installed or upgraded, see [this page.](logging-helm-chart-options.md) ### Windows Support -You can [enable logging](../integrations-in-rancher/logging/logging-helm-chart-options.md#enabledisable-windows-node-logging) from Windows nodes. +You can [enable logging](logging-helm-chart-options.md#enabledisable-windows-node-logging) from Windows nodes. ### Working with a Custom Docker Root Directory -For details on using a custom Docker root directory, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#working-with-a-custom-docker-root-directory) +For details on using a custom Docker root directory, see [this section.](logging-helm-chart-options.md#working-with-a-custom-docker-root-directory) ### Working with Taints and Tolerations -For information on how to use taints and tolerations with the logging application, see [this page.](../integrations-in-rancher/logging/taints-and-tolerations.md) +For information on how to use taints and tolerations with the logging application, see [this page.](taints-and-tolerations.md) ### Logging V2 with SELinux -For information on enabling the logging application for SELinux-enabled nodes, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#enabling-the-logging-application-to-work-with-selinux) +For information on enabling the logging application for SELinux-enabled nodes, see [this section.](logging-helm-chart-options.md#enabling-the-logging-application-to-work-with-selinux) ### Additional Logging Sources -By default, Rancher collects logs for control plane components and node components for all cluster types. In some cases additional logs can be collected. For details, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#additional-logging-sources) +By default, Rancher collects logs for control plane components and node components for all cluster types. In some cases additional logs can be collected. For details, see [this section.](logging-helm-chart-options.md#additional-logging-sources) ## Troubleshooting diff --git a/docs/pages-for-subheaders/monitoring-and-alerting.md b/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md similarity index 67% rename from docs/pages-for-subheaders/monitoring-and-alerting.md rename to docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index 5dd758fab60..48b4114d458 100644 --- a/docs/pages-for-subheaders/monitoring-and-alerting.md +++ b/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -30,7 +30,7 @@ The monitoring application: - Defines precomputed, frequently needed or computationally expensive expressions as new time series based on metrics collected via Prometheus. - Exposes collected metrics from Prometheus to the Kubernetes Custom Metrics API via Prometheus Adapter for use in HPA. -See [How Monitoring Works](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md) for an explanation of how the monitoring components work together. +See [How Monitoring Works](how-monitoring-works.md) for an explanation of how the monitoring components work together. ## Default Components and Deployments @@ -38,7 +38,7 @@ See [How Monitoring Works](../integrations-in-rancher/monitoring-and-alerting/ho By default, the monitoring application deploys Grafana dashboards (curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project) onto a cluster. -It also deploys an Alertmanager UI and a Prometheus UI. For more information about these tools, see [Built-in Dashboards.](../integrations-in-rancher/monitoring-and-alerting/built-in-dashboards.md) +It also deploys an Alertmanager UI and a Prometheus UI. For more information about these tools, see [Built-in Dashboards.](built-in-dashboards.md) ### Default Metrics Exporters By default, Rancher Monitoring deploys exporters (such as [node-exporter](https://github.com/prometheus/node_exporter) and [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics)). @@ -47,41 +47,41 @@ These default exporters automatically scrape metrics for CPU and memory from all ### Default Alerts -The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](../integrations-in-rancher/monitoring-and-alerting/built-in-dashboards.md#alertmanager-ui) and click **Expand all groups.** +The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](built-in-dashboards.md#alertmanager-ui) and click **Expand all groups.** ### Components Exposed in the Rancher UI -For a list of monitoring components exposed in the Rancher UI, along with common use cases for editing them, see [this section.](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md#components-exposed-in-the-rancher-ui) +For a list of monitoring components exposed in the Rancher UI, along with common use cases for editing them, see [this section.](how-monitoring-works.md#components-exposed-in-the-rancher-ui) ## Role-based Access Control -For information on configuring access to monitoring, see [this page.](../integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md) +For information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) ## Guides -- [Enable monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) -- [Uninstall monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) -- [Monitoring workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) -- [Customizing Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) -- [Persistent Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) -- [Debugging high memory usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) +- [Enable monitoring](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) +- [Uninstall monitoring](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) +- [Monitoring workloads](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) +- [Customizing Grafana dashboards](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) +- [Persistent Grafana dashboards](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) +- [Debugging high memory usage](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) ## Configuration ### Configuring Monitoring Resources in Rancher -The configuration reference assumes familiarity with how monitoring components work together. For more information, see [How Monitoring Works.](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md) +The configuration reference assumes familiarity with how monitoring components work together. For more information, see [How Monitoring Works.](how-monitoring-works.md) -- [ServiceMonitor and PodMonitor](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) -- [Receiver](../reference-guides/monitoring-v2-configuration/receivers.md) -- [Route](../reference-guides/monitoring-v2-configuration/routes.md) -- [PrometheusRule](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) -- [Prometheus](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) -- [Alertmanager](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +- [ServiceMonitor and PodMonitor](../../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) +- [Receiver](../../reference-guides/monitoring-v2-configuration/receivers.md) +- [Route](../../reference-guides/monitoring-v2-configuration/routes.md) +- [PrometheusRule](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) +- [Prometheus](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +- [Alertmanager](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) ### Configuring Helm Chart Options -For more information on `rancher-monitoring` chart options, including options to set resource limits and requests, see [Helm Chart Options](../reference-guides/monitoring-v2-configuration/helm-chart-options.md). +For more information on `rancher-monitoring` chart options, including options to set resource limits and requests, see [Helm Chart Options](../../reference-guides/monitoring-v2-configuration/helm-chart-options.md). ## Windows Cluster Support @@ -89,11 +89,11 @@ When deployed onto an RKE1 Windows cluster, Monitoring V2 will now automatically To be able to fully deploy Monitoring V2 for Windows, all of your Windows hosts must have a minimum [wins](https://github.com/rancher/wins) version of v0.1.0. -For more details on how to upgrade wins on existing Windows hosts, see [Windows cluster support for Monitoring V2.](../integrations-in-rancher/monitoring-and-alerting/windows-support.md). +For more details on how to upgrade wins on existing Windows hosts, see [Windows cluster support for Monitoring V2.](windows-support.md). ## Known Issues There is a [known issue](https://github.com/rancher/rancher/issues/28787#issuecomment-693611821) that K3s clusters require more than the allotted default memory. If you enable monitoring on a K3s cluster, set `prometheus.prometheusSpec.resources.memory.limit` to 2500 Mi and `prometheus.prometheusSpec.resources.memory.request` to 1750 Mi. -See [Debugging High Memory Usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) for advice and recommendations. +See [Debugging High Memory Usage](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) for advice and recommendations. diff --git a/docs/integrations-in-rancher/neuvector/overview.md b/docs/integrations-in-rancher/neuvector/overview.md index e2701265fc6..cec0d643afd 100644 --- a/docs/integrations-in-rancher/neuvector/overview.md +++ b/docs/integrations-in-rancher/neuvector/overview.md @@ -8,7 +8,7 @@ title: Overview ### NeuVector Integration in Rancher -[NeuVector 5.x](https://open-docs.neuvector.com/) is an open-source container-centric security platform that is integrated with Rancher. NeuVector offers real-time compliance, visibility, and protection for critical applications and data during runtime. NeuVector provides a firewall, container process/file system monitoring, security auditing with CIS benchmarks, and vulnerability scanning. For more information on Rancher security, please see the [security documentation](../../pages-for-subheaders/rancher-security.md). +[NeuVector 5.x](https://open-docs.neuvector.com/) is an open-source container-centric security platform that is integrated with Rancher. NeuVector offers real-time compliance, visibility, and protection for critical applications and data during runtime. NeuVector provides a firewall, container process/file system monitoring, security auditing with CIS benchmarks, and vulnerability scanning. For more information on Rancher security, please see the [security documentation](../../reference-guides/rancher-security/rancher-security.md). NeuVector can be enabled through a Helm chart that may be installed either through **Apps** or through the **Cluster Tools** button in the Rancher UI. Once the Helm chart is installed, users can easily [deploy and manage NeuVector clusters within Rancher](https://open-docs.neuvector.com/deploying/rancher#deploy-and-manage-neuvector-through-rancher-apps-marketplace). diff --git a/docs/pages-for-subheaders/about-provisioning-drivers.md b/docs/pages-for-subheaders/about-provisioning-drivers.md deleted file mode 100644 index 1e129210c4b..00000000000 --- a/docs/pages-for-subheaders/about-provisioning-drivers.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Provisioning Drivers ---- - - - - - -Drivers in Rancher allow you to manage which providers can be used to deploy [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. - -### Rancher Drivers - -With Rancher drivers, you can enable/disable existing built-in drivers that are packaged in Rancher. Alternatively, you can add your own driver if Rancher has not yet implemented it. - -There are two types of drivers within Rancher: - -* [Cluster Drivers](#cluster-drivers) -* [Node Drivers](#node-drivers) - -### Cluster Drivers - -Cluster drivers are used to provision [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md), such as GKE, EKS, AKS, etc.. The availability of which cluster driver to display when creating a cluster is defined based on the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters for hosted Kubernetes clusters. By default, Rancher is packaged with several existing cluster drivers, but you can also create custom cluster drivers to add to Rancher. - -By default, Rancher has activated several hosted Kubernetes cloud providers including: - -* [Amazon EKS](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) -* [Google GKE](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) -* [Azure AKS](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) - -There are several other hosted Kubernetes cloud providers that are disabled by default, but are packaged in Rancher: - -* [Alibaba ACK](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) -* [Huawei CCE](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) -* [Tencent](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) - -### Node Drivers - -Node drivers are used to provision hosts, which Rancher uses to launch and manage Kubernetes clusters. A node driver is the same as a [Docker Machine driver](https://docs.docker.com/machine/drivers/). The availability of which node driver to display when creating node templates is defined based on the node driver's status. Only `active` node drivers will be displayed as an option for creating node templates. By default, Rancher is packaged with many existing Docker Machine drivers, but you can also create custom node drivers to add to Rancher. - -If there are specific node drivers that you don't want to show to your users, you would need to de-activate these node drivers. - -Rancher supports several major cloud providers, but by default, these node drivers are active and available for deployment: - -* [Amazon EC2](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) -* [Azure](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md) -* [Digital Ocean](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md) -* [vSphere](vsphere.md) - -There are several other node drivers that are disabled by default, but are packaged in Rancher: - -* [Harvester](../integrations-in-rancher/harvester/overview.md#harvester-node-driver/), available as of Rancher v2.6.1 diff --git a/docs/pages-for-subheaders/backup-restore-configuration.md b/docs/pages-for-subheaders/backup-restore-configuration.md deleted file mode 100644 index 104584f741d..00000000000 --- a/docs/pages-for-subheaders/backup-restore-configuration.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Rancher Backup Configuration Reference ---- - - - - - -- [Backup configuration](../reference-guides/backup-restore-configuration/backup-configuration.md) -- [Restore configuration](../reference-guides/backup-restore-configuration/restore-configuration.md) -- [Storage location configuration](../reference-guides/backup-restore-configuration/storage-configuration.md) -- [Example Backup and Restore Custom Resources](../reference-guides/backup-restore-configuration/examples.md) \ No newline at end of file diff --git a/docs/pages-for-subheaders/cis-scan-guides.md b/docs/pages-for-subheaders/cis-scan-guides.md deleted file mode 100644 index e76d47504e6..00000000000 --- a/docs/pages-for-subheaders/cis-scan-guides.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: CIS Scan Guides ---- - - - - - -- [Install rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark.md) -- [Uninstall rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/uninstall-rancher-cis-benchmark.md) -- [Run a Scan](../how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan.md) -- [Run a Scan Periodically on a Schedule](../how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan-periodically-on-a-schedule.md) -- [Skip Tests](../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md) -- [View Reports](../how-to-guides/advanced-user-guides/cis-scan-guides/view-reports.md) -- [Enable Alerting for rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/enable-alerting-for-rancher-cis-benchmark.md) -- [Configure Alerts for Periodic Scan on a Schedule](../how-to-guides/advanced-user-guides/cis-scan-guides/configure-alerts-for-periodic-scan-on-a-schedule.md) -- [Create a Custom Benchmark Version to Run](../how-to-guides/advanced-user-guides/cis-scan-guides/create-a-custom-benchmark-version-to-run.md) \ No newline at end of file diff --git a/docs/pages-for-subheaders/deploy-rancher-manager.md b/docs/pages-for-subheaders/deploy-rancher-manager.md deleted file mode 100644 index 74e282f0832..00000000000 --- a/docs/pages-for-subheaders/deploy-rancher-manager.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Deploying Rancher Server ---- - - - - - -Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice. - -- [AWS](../getting-started/quick-start-guides/deploy-rancher-manager/aws.md) (uses Terraform) -- [AWS Marketplace](../getting-started/quick-start-guides/deploy-rancher-manager/aws-marketplace.md) (uses Amazon EKS) -- [Azure](../getting-started/quick-start-guides/deploy-rancher-manager/azure.md) (uses Terraform) -- [DigitalOcean](../getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md) (uses Terraform) -- [GCP](../getting-started/quick-start-guides/deploy-rancher-manager/gcp.md) (uses Terraform) -- [Hetzner Cloud](../getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md) (uses Terraform) -- [Vagrant](../getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md) -- [Equinix Metal](../getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md) -- [Outscale](../getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md) (uses Terraform) - -If you prefer, the following guide will take you through the same process in individual steps. Use this if you want to run Rancher in a different provider, on prem, or if you would just like to see how easy it is. - -- [Manual Install](../getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md) diff --git a/docs/pages-for-subheaders/downstream-cluster-configuration.md b/docs/pages-for-subheaders/downstream-cluster-configuration.md deleted file mode 100644 index b9fbad0b966..00000000000 --- a/docs/pages-for-subheaders/downstream-cluster-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Downstream Cluster Configuration ---- - - - - - -The following docs will discuss [node template configuration](./node-template-configuration.md) and [machine configuration](./machine-configuration.md). \ No newline at end of file diff --git a/docs/pages-for-subheaders/installation-references.md b/docs/pages-for-subheaders/installation-references.md deleted file mode 100644 index 6108728b04f..00000000000 --- a/docs/pages-for-subheaders/installation-references.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Installation References ---- - - - - - -Please see the following reference guides for other installation resources: [Rancher Helm chart options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md), [TLS settings](../getting-started/installation-and-upgrade/installation-references/tls-settings.md), and [feature flags](../getting-started/installation-and-upgrade/installation-references/feature-flags.md). \ No newline at end of file diff --git a/docs/pages-for-subheaders/istio-setup-guide.md b/docs/pages-for-subheaders/istio-setup-guide.md deleted file mode 100644 index 24475f7ffea..00000000000 --- a/docs/pages-for-subheaders/istio-setup-guide.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Setup Guide ---- - - - - - -This section describes how to enable Istio and start using it in your projects. - -If you use Istio for traffic management, you will need to allow external traffic to the cluster. In that case, you will need to follow all of the steps below. - -## Prerequisites - -This guide assumes you have already [installed Rancher,](installation-and-upgrade.md) and you have already [provisioned a separate Kubernetes cluster](kubernetes-clusters-in-rancher-setup.md) on which you will install Istio. - -The nodes in your cluster must meet the [CPU and memory requirements.](../integrations-in-rancher/istio/cpu-and-memory-allocations.md) - -The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) - -## Install - -:::tip Quick Setup Tip: - -If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md) and [setting up Istio's components for traffic management.](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md) - -::: - -1. [Enable Istio in the cluster.](../how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md) -1. [Enable Istio in all the namespaces where you want to use it.](../how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md) -1. [Add deployments and services that have the Istio sidecar injected.](../how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md) -1. [Set up the Istio gateway. ](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md) -1. [Set up Istio's components for traffic management.](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md) -1. [Generate traffic and see Istio in action.](../how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md) diff --git a/docs/pages-for-subheaders/kubernetes-components.md b/docs/pages-for-subheaders/kubernetes-components.md deleted file mode 100644 index f048b5ba19b..00000000000 --- a/docs/pages-for-subheaders/kubernetes-components.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Kubernetes Components ---- - - - - - -The commands and steps listed in this section apply to the core Kubernetes components on [Rancher Launched Kubernetes](../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. - -This section includes troubleshooting tips in the following categories: - -- [Troubleshooting etcd Nodes](../troubleshooting/kubernetes-components/troubleshooting-etcd-nodes.md) -- [Troubleshooting Controlplane Nodes](../troubleshooting/kubernetes-components/troubleshooting-controlplane-nodes.md) -- [Troubleshooting nginx-proxy Nodes](../troubleshooting/kubernetes-components/troubleshooting-nginx-proxy.md) -- [Troubleshooting Worker Nodes and Generic Components](../troubleshooting/kubernetes-components/troubleshooting-worker-nodes-and-generic-components.md) - -## Kubernetes Component Diagram - -![Cluster diagram](/img/clusterdiagram.svg)
-Lines show the traffic flow between components. Colors are used purely for visual aid \ No newline at end of file diff --git a/docs/pages-for-subheaders/machine-configuration.md b/docs/pages-for-subheaders/machine-configuration.md deleted file mode 100644 index e1b9bb72f0a..00000000000 --- a/docs/pages-for-subheaders/machine-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Machine Configuration ---- - - - - - -Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2.md), [DigitalOcean](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean.md), and [Azure](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure.md) to learn more. \ No newline at end of file diff --git a/docs/pages-for-subheaders/monitoring-alerting-guides.md b/docs/pages-for-subheaders/monitoring-alerting-guides.md deleted file mode 100644 index 97e3e801b26..00000000000 --- a/docs/pages-for-subheaders/monitoring-alerting-guides.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: Monitoring Guides ---- - - - - - -- [Enable monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) -- [Uninstall monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) -- [Monitoring workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) -- [Customizing Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) -- [Persistent Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) -- [Debugging high memory usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) diff --git a/docs/pages-for-subheaders/monitoring-v2-configuration.md b/docs/pages-for-subheaders/monitoring-v2-configuration.md deleted file mode 100644 index 79f97d9513d..00000000000 --- a/docs/pages-for-subheaders/monitoring-v2-configuration.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Monitoring V2 Configuration ---- - - - - - -The following sections will explain important options essential to configuring Monitoring V2 in Rancher: - -- [Receiver Configuration](../reference-guides/monitoring-v2-configuration/receivers.md) -- [Route Configuration](../reference-guides/monitoring-v2-configuration/routes.md) -- [ServiceMonitor and PodMonitor Configuration](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) -- [Helm Chart Options](../reference-guides/monitoring-v2-configuration/helm-chart-options.md) -- [Examples](../reference-guides/monitoring-v2-configuration/examples.md) \ No newline at end of file diff --git a/docs/pages-for-subheaders/node-template-configuration.md b/docs/pages-for-subheaders/node-template-configuration.md deleted file mode 100644 index e6c22d5e852..00000000000 --- a/docs/pages-for-subheaders/node-template-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Node Template Configuration ---- - - - - - -To learn about node template config, refer to [EC2 Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md), [DigitalOcean Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/digitalocean.md), [Azure Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/azure.md), [vSphere Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/vsphere.md), and [Nutanix Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/nutanix.md). diff --git a/docs/pages-for-subheaders/prometheus-federator-guides.md b/docs/pages-for-subheaders/prometheus-federator-guides.md deleted file mode 100644 index 2d1c0ae8224..00000000000 --- a/docs/pages-for-subheaders/prometheus-federator-guides.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Prometheus Federator Guides ---- - - - - - -- [Enable Prometheus Operator](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md) -- [Uninstall Prometheus Operator](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/uninstall-prometheus-federator.md) -- [Customize Grafana Dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/customize-grafana-dashboards.md) -- [Set Up Workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/set-up-workloads.md) \ No newline at end of file diff --git a/docs/pages-for-subheaders/rancher-managed-clusters.md b/docs/pages-for-subheaders/rancher-managed-clusters.md deleted file mode 100644 index 2cdb03fd909..00000000000 --- a/docs/pages-for-subheaders/rancher-managed-clusters.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Best Practices for Rancher Managed Clusters ---- - - - - - -### Logging - -Refer to [this guide](../reference-guides/best-practices/rancher-managed-clusters/logging-best-practices.md) for our recommendations for cluster-level logging and application logging. - -### Monitoring - -Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. Refer to this [guide](../reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md) for our recommendations. - -### Tips for Setting Up Containers - -Running well-built containers can greatly impact the overall performance and security of your environment. Refer to this [guide](../reference-guides/best-practices/rancher-managed-clusters/tips-to-set-up-containers.md) for tips. - -### Best Practices for Rancher Managed vSphere Clusters - -This [guide](../reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters-in-vsphere.md) outlines a reference architecture for provisioning downstream Rancher clusters in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. diff --git a/docs/pages-for-subheaders/rancher-server-configuration.md b/docs/pages-for-subheaders/rancher-server-configuration.md deleted file mode 100644 index 5e18f69e740..00000000000 --- a/docs/pages-for-subheaders/rancher-server-configuration.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Rancher Server Configuration ---- - - - - - -- [RKE1 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -- [RKE2 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) -- [K3s Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) -- [EKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/eks-cluster-configuration.md) -- [AKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md) -- [GKE Cluster Configuration](../pages-for-subheaders/gke-cluster-configuration.md) -- [Use Existing Nodes](../pages-for-subheaders/use-existing-nodes.md) -- [Sync Clusters](../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) \ No newline at end of file diff --git a/docs/pages-for-subheaders/rancher-server.md b/docs/pages-for-subheaders/rancher-server.md deleted file mode 100644 index 45c3917cd58..00000000000 --- a/docs/pages-for-subheaders/rancher-server.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Best Practices for the Rancher Server ---- - - - - - -This guide contains our recommendations for running the Rancher server, and is intended to be used in situations in which Rancher manages downstream Kubernetes clusters. - -### Recommended Architecture and Infrastructure - -Refer to this [guide](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for our general advice for setting up the Rancher server on a high-availability Kubernetes cluster. - -### Deployment Strategies - -This [guide](../reference-guides/best-practices/rancher-server/rancher-deployment-strategy.md) is designed to help you choose whether a regional deployment strategy or a hub-and-spoke deployment strategy is better for a Rancher server that manages downstream Kubernetes clusters. - -### Installing Rancher in a vSphere Environment - -This [guide](../reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md) outlines a reference architecture for installing Rancher in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. \ No newline at end of file diff --git a/docs/pages-for-subheaders/resources.md b/docs/pages-for-subheaders/resources.md deleted file mode 100644 index 52e61353441..00000000000 --- a/docs/pages-for-subheaders/resources.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Resources ---- - - - - - -### Docker Installations - -The [single-node Docker installation](rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. - -Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. - -### Air-Gapped Installations - -Follow [these steps](air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. - -An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. - -### Advanced Options - -When installing Rancher, there are several advanced options that can be enabled during installation. Within each install guide, these options are presented. Learn more about these options: - -- [Custom CA Certificate](../getting-started/installation-and-upgrade/resources/custom-ca-root-certificates.md) -- [API Audit Log](../how-to-guides/advanced-user-guides/enable-api-audit-log.md) -- [TLS Settings](../getting-started/installation-and-upgrade/installation-references/tls-settings.md) -- [etcd configuration](../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md) -- [Local System Charts for Air Gap Installations](../getting-started/installation-and-upgrade/resources/local-system-charts.md) | v2.3.0 | diff --git a/docs/pages-for-subheaders/single-node-rancher-in-docker.md b/docs/pages-for-subheaders/single-node-rancher-in-docker.md deleted file mode 100644 index 91072d2b3b4..00000000000 --- a/docs/pages-for-subheaders/single-node-rancher-in-docker.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Single Node Rancher in Docker ---- - - - - - -The following docs will discuss [HTTP proxy configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) and [advanced options](../reference-guides/single-node-rancher-in-docker/advanced-options.md) for Docker installs. \ No newline at end of file diff --git a/docs/pages-for-subheaders/user-settings.md b/docs/pages-for-subheaders/user-settings.md deleted file mode 100644 index a9ed1c72d92..00000000000 --- a/docs/pages-for-subheaders/user-settings.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: User Settings ---- - - - - - -Within Rancher, each user has a number of settings associated with their login: personal preferences, API keys, etc. You can configure these settings by choosing from the **User Settings** menu. You can open this menu by clicking your avatar, located within the main menu. - -![User Settings Menu](/img/user-settings.png) - -The available user settings are: - -- [API & Keys](../reference-guides/user-settings/api-keys.md): If you want to interact with Rancher programmatically, you need an API key. Follow the directions in this section to obtain a key. -- [Cloud Credentials](../reference-guides/user-settings/manage-cloud-credentials.md): Manage cloud credentials [used by node templates](use-new-nodes-in-an-infra-provider.md#node-templates) to [provision nodes for clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md). -- [Node Templates](../reference-guides/user-settings/manage-node-templates.md): Manage templates [used by Rancher to provision nodes for clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md). -- [Preferences](../reference-guides/user-settings/user-preferences.md): Sets superficial preferences for the Rancher UI. -- Log Out: Ends your user session. diff --git a/docs/pages-for-subheaders/about-the-api.md b/docs/reference-guides/about-the-api/about-the-api.md similarity index 92% rename from docs/pages-for-subheaders/about-the-api.md rename to docs/reference-guides/about-the-api/about-the-api.md index 3b39d7c2717..1dd830a0d8c 100644 --- a/docs/pages-for-subheaders/about-the-api.md +++ b/docs/reference-guides/about-the-api/about-the-api.md @@ -27,9 +27,9 @@ Go to the URL endpoint at `https:///v3`, where `` is ## Authentication -API requests must include authentication information. Authentication is done with HTTP basic authentication using [API Keys](../reference-guides/user-settings/api-keys.md). API keys can create new clusters and have access to multiple clusters via `/v3/clusters/`. [Cluster and project roles](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) apply to these keys and restrict what clusters and projects the account can see and what actions they can take. +API requests must include authentication information. Authentication is done with HTTP basic authentication using [API Keys](../user-settings/api-keys.md). API keys can create new clusters and have access to multiple clusters via `/v3/clusters/`. [Cluster and project roles](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) apply to these keys and restrict what clusters and projects the account can see and what actions they can take. -By default, some cluster-level API tokens are generated with infinite time-to-live (`ttl=0`). In other words, API tokens with `ttl=0` never expire unless you invalidate them. For details on how to invalidate them, refer to the [API tokens page](../reference-guides/about-the-api/api-tokens.md). +By default, some cluster-level API tokens are generated with infinite time-to-live (`ttl=0`). In other words, API tokens with `ttl=0` never expire unless you invalidate them. For details on how to invalidate them, refer to the [API tokens page](api-tokens.md). ## Making requests diff --git a/docs/reference-guides/about-the-api/api-tokens.md b/docs/reference-guides/about-the-api/api-tokens.md index 5fe8a0eb5a4..c6f738d1836 100644 --- a/docs/reference-guides/about-the-api/api-tokens.md +++ b/docs/reference-guides/about-the-api/api-tokens.md @@ -52,7 +52,7 @@ This setting is used by all kubeconfig tokens except those created by the CLI to Users can enable token hashing, where tokens will undergo a one-way hash using the SHA256 algorithm. This is a non-reversible process, once enabled, this feature cannot be disabled. It is advisable to take backups prior to enabling and/or evaluating in a test environment first. -To enable token hashing, refer to [this section](../../pages-for-subheaders/enable-experimental-features.md). +To enable token hashing, refer to [this section](../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md). This feature will affect all tokens which include, but are not limited to, the following: diff --git a/docs/reference-guides/backup-restore-configuration/backup-restore-configuration.md b/docs/reference-guides/backup-restore-configuration/backup-restore-configuration.md new file mode 100644 index 00000000000..1f74b2fad9b --- /dev/null +++ b/docs/reference-guides/backup-restore-configuration/backup-restore-configuration.md @@ -0,0 +1,12 @@ +--- +title: Rancher Backup Configuration Reference +--- + + + + + +- [Backup configuration](backup-configuration.md) +- [Restore configuration](restore-configuration.md) +- [Storage location configuration](storage-configuration.md) +- [Example Backup and Restore Custom Resources](examples.md) \ No newline at end of file diff --git a/docs/pages-for-subheaders/best-practices.md b/docs/reference-guides/best-practices/best-practices.md similarity index 95% rename from docs/pages-for-subheaders/best-practices.md rename to docs/reference-guides/best-practices/best-practices.md index 7009f6cce70..546ae01be94 100644 --- a/docs/pages-for-subheaders/best-practices.md +++ b/docs/reference-guides/best-practices/best-practices.md @@ -14,7 +14,7 @@ Use the navigation bar on the left to find the current best practices for managi For more guidance on best practices, you can consult these resources: -- [Security](rancher-security.md) +- [Security](../rancher-security/rancher-security.md) - [Rancher Blog](https://www.suse.com/c/rancherblog/) - [Rancher Forum](https://forums.rancher.com/) - [Rancher Users Slack](https://slack.rancher.io/) diff --git a/docs/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md b/docs/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md index 3fd02858c9a..a4db6a3e650 100644 --- a/docs/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md +++ b/docs/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md @@ -8,7 +8,7 @@ title: Monitoring Best Practices Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. This is not different when using Kubernetes and Rancher. Fortunately the integrated monitoring and alerting functionality makes this whole process a lot easier. -The [Rancher monitoring documentation](../../../pages-for-subheaders/monitoring-and-alerting.md) describes how you can set up a complete Prometheus and Grafana stack. Out of the box this will scrape monitoring data from all system and Kubernetes components in your cluster and provide sensible dashboards and alerts for them to get started. But for a reliable setup, you also need to monitor your own workloads and adapt Prometheus and Grafana to your own specific use cases and cluster sizes. This document aims to give you best practices for this. +The [Rancher monitoring documentation](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) describes how you can set up a complete Prometheus and Grafana stack. Out of the box this will scrape monitoring data from all system and Kubernetes components in your cluster and provide sensible dashboards and alerts for them to get started. But for a reliable setup, you also need to monitor your own workloads and adapt Prometheus and Grafana to your own specific use cases and cluster sizes. This document aims to give you best practices for this. ## What to Monitor @@ -90,7 +90,7 @@ Sometimes it is useful to monitor workloads from the outside. For this, you can If you have a (micro)service architecture where multiple individual workloads within your cluster are communicating with each other, it is really important to have detailed metrics and traces about this traffic to understand how all these workloads are communicating with each other and where a problem or bottleneck may be. -Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click](../../../pages-for-subheaders/istio.md) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. +Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click](../../../integrations-in-rancher/istio/istio.md) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. ## Real User Monitoring @@ -98,7 +98,7 @@ Monitoring the availability and performance of all your internal workloads is vi ## Security Monitoring -In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans](../../../pages-for-subheaders/cis-scan-guides.md) which check if the cluster is configured according to security best practices. +In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) which check if the cluster is configured according to security best practices. For the workloads, you can have a look at Kubernetes and Container security solutions like [NeuVector](https://www.suse.com/products/neuvector/), [Falco](https://falco.org/), [Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/), [SysDig](https://sysdig.com/). @@ -112,4 +112,4 @@ When setting up alerts, configure them for all the workloads that are critical t If an alert starts firing, but there is nothing you can do about it at the moment, it's also fine to silence the alert for a certain amount of time, so that you can look at it later. -You can find more information on how to set up alerts and notification channels in the [Rancher Documentation](../../../pages-for-subheaders/monitoring-and-alerting.md). +You can find more information on how to set up alerts and notification channels in the [Rancher Documentation](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md). diff --git a/docs/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md b/docs/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md new file mode 100644 index 00000000000..72c44ac9a78 --- /dev/null +++ b/docs/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md @@ -0,0 +1,23 @@ +--- +title: Best Practices for Rancher Managed Clusters +--- + + + + + +### Logging + +Refer to [this guide](logging-best-practices.md) for our recommendations for cluster-level logging and application logging. + +### Monitoring + +Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. Refer to this [guide](monitoring-best-practices.md) for our recommendations. + +### Tips for Setting Up Containers + +Running well-built containers can greatly impact the overall performance and security of your environment. Refer to this [guide](tips-to-set-up-containers.md) for tips. + +### Best Practices for Rancher Managed vSphere Clusters + +This [guide](rancher-managed-clusters-in-vsphere.md) outlines a reference architecture for provisioning downstream Rancher clusters in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. diff --git a/docs/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md b/docs/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md index 74243559753..6d35b2dc2d8 100644 --- a/docs/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md +++ b/docs/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md @@ -43,7 +43,7 @@ Configure appropriate Firewall / ACL rules to only expose access to Rancher ### Size the VM's According to Rancher Documentation -See [Installation Requirements](../../../pages-for-subheaders/installation-requirements.md). +See [Installation Requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md). ### Leverage VM Templates to Construct the Environment diff --git a/docs/reference-guides/best-practices/rancher-server/rancher-server.md b/docs/reference-guides/best-practices/rancher-server/rancher-server.md new file mode 100644 index 00000000000..a79561ced2c --- /dev/null +++ b/docs/reference-guides/best-practices/rancher-server/rancher-server.md @@ -0,0 +1,21 @@ +--- +title: Best Practices for the Rancher Server +--- + + + + + +This guide contains our recommendations for running the Rancher server, and is intended to be used in situations in which Rancher manages downstream Kubernetes clusters. + +### Recommended Architecture and Infrastructure + +Refer to this [guide](tips-for-running-rancher.md) for our general advice for setting up the Rancher server on a high-availability Kubernetes cluster. + +### Deployment Strategies + +This [guide](rancher-deployment-strategy.md) is designed to help you choose whether a regional deployment strategy or a hub-and-spoke deployment strategy is better for a Rancher server that manages downstream Kubernetes clusters. + +### Installing Rancher in a vSphere Environment + +This [guide](on-premises-rancher-in-vsphere.md) outlines a reference architecture for installing Rancher in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. \ No newline at end of file diff --git a/docs/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md b/docs/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md index 1ed05696fa2..8c71b562ae0 100644 --- a/docs/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md +++ b/docs/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md @@ -30,11 +30,11 @@ For best performance, run all three of your nodes in the same geographic datacen It's strongly recommended to have a "staging" or "pre-production" environment of the Kubernetes cluster that Rancher runs on. This environment should mirror your production environment as closely as possible in terms of software and hardware configuration. ### Monitor Your Clusters to Plan Capacity -The Rancher server's Kubernetes cluster should run within the [system and hardware requirements](../../../pages-for-subheaders/installation-requirements.md) as closely as possible. The more you deviate from the system and hardware requirements, the more risk you take. +The Rancher server's Kubernetes cluster should run within the [system and hardware requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) as closely as possible. The more you deviate from the system and hardware requirements, the more risk you take. However, metrics-driven capacity planning analysis should be the ultimate guidance for scaling Rancher, because the published requirements take into account a variety of workload types. Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with Prometheus, a leading open-source monitoring solution, and Grafana, which lets you visualize the metrics from Prometheus. -After you [enable monitoring](../../../pages-for-subheaders/monitoring-and-alerting.md) in the cluster, you can set up alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. +After you [enable monitoring](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) in the cluster, you can set up alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. diff --git a/docs/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md b/docs/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md index 16707e39feb..896a4978b12 100644 --- a/docs/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md +++ b/docs/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md @@ -29,7 +29,7 @@ This is typical in Rancher, as many operations create new `RoleBinding` objects You can reduce the number of `RoleBindings` in the upstream cluster in the following ways: * Limit the use of the [Restricted Admin](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) role. Apply other roles wherever possible. -* If you use [external authentication](../../../pages-for-subheaders/authentication-config.md), use groups to assign roles. +* If you use [external authentication](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md), use groups to assign roles. * Only add users to clusters and projects when necessary. * Remove clusters and projects when they are no longer needed. * Only use custom roles if necessary. @@ -93,7 +93,7 @@ You should keep the local Kubernetes cluster up to date. This will ensure that y Etcd is the backend database for Kubernetes and for Rancher. It plays a very important role in Rancher performance. -The two main bottlenecks to [etcd performance](https://etcd.io/docs/v3.4/op-guide/performance/) are disk and network speed. Etcd should run on dedicated nodes with a fast network setup and with SSDs that have high input/output operations per second (IOPS). For more information regarding etcd performance, see [Slow etcd performance (performance testing and optimization)](https://www.suse.com/support/kb/doc/?id=000020100) and [Tuning etcd for Large Installations](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md). Information on disks can also be found in the [Installation Requirements](../../../pages-for-subheaders/installation-requirements.md#disks). +The two main bottlenecks to [etcd performance](https://etcd.io/docs/v3.4/op-guide/performance/) are disk and network speed. Etcd should run on dedicated nodes with a fast network setup and with SSDs that have high input/output operations per second (IOPS). For more information regarding etcd performance, see [Slow etcd performance (performance testing and optimization)](https://www.suse.com/support/kb/doc/?id=000020100) and [Tuning etcd for Large Installations](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md). Information on disks can also be found in the [Installation Requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#disks). It's best to run etcd on exactly three nodes, as adding more nodes will reduce operation speed. This may be counter-intuitive to common scaling approaches, but it's due to etcd's [replication mechanisms](https://etcd.io/docs/v3.5/faq/#what-is-maximum-cluster-size). diff --git a/docs/pages-for-subheaders/cli-with-rancher.md b/docs/reference-guides/cli-with-rancher/cli-with-rancher.md similarity index 67% rename from docs/pages-for-subheaders/cli-with-rancher.md rename to docs/reference-guides/cli-with-rancher/cli-with-rancher.md index 547d4c50308..a0e50c51b71 100644 --- a/docs/pages-for-subheaders/cli-with-rancher.md +++ b/docs/reference-guides/cli-with-rancher/cli-with-rancher.md @@ -6,4 +6,4 @@ title: CLI with Rancher -Interact with Rancher using command line interface (CLI) tools from your workstation. The following docs will describe the [Rancher CLI](../reference-guides/cli-with-rancher/rancher-cli.md) and [kubectl Utility](../reference-guides/cli-with-rancher/kubectl-utility.md). \ No newline at end of file +Interact with Rancher using command line interface (CLI) tools from your workstation. The following docs will describe the [Rancher CLI](rancher-cli.md) and [kubectl Utility](kubectl-utility.md). \ No newline at end of file diff --git a/docs/reference-guides/cli-with-rancher/rancher-cli.md b/docs/reference-guides/cli-with-rancher/rancher-cli.md index 0c9a27c1694..03860d29c94 100644 --- a/docs/reference-guides/cli-with-rancher/rancher-cli.md +++ b/docs/reference-guides/cli-with-rancher/rancher-cli.md @@ -65,16 +65,16 @@ The following commands are available for use in Rancher CLI. | Command | Result | |---|---| | `apps, [app]` | Performs operations on catalog applications (i.e., individual [Helm charts](https://docs.helm.sh/developing_charts/)) or Rancher charts. | -| `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | -| `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | +| `catalog` | Performs operations on [catalogs](../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md). | +| `clusters, [cluster]` | Performs operations on your [clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | -| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | +| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md)). Specify resources by name or ID. | | `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | | `namespaces, [namespace]` |Performs operations on namespaces. | | `nodes, [node]` |Performs operations on nodes. | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | -| `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | +| `ps` | Displays [workloads](../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) in a project. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | | `help, [h]` | Shows a list of commands or help for one command. | @@ -88,4 +88,4 @@ All commands accept the `--help` flag, which documents each command's usage. ### Limitations -The Rancher CLI **cannot** be used to install [dashboard apps or Rancher feature charts](../../pages-for-subheaders/helm-charts-in-rancher.md). +The Rancher CLI **cannot** be used to install [dashboard apps or Rancher feature charts](../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md). diff --git a/docs/pages-for-subheaders/cluster-configuration.md b/docs/reference-guides/cluster-configuration/cluster-configuration.md similarity index 50% rename from docs/pages-for-subheaders/cluster-configuration.md rename to docs/reference-guides/cluster-configuration/cluster-configuration.md index 60e02a8cd40..04264ce4b2d 100644 --- a/docs/pages-for-subheaders/cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/cluster-configuration.md @@ -8,18 +8,18 @@ title: Cluster Configuration After you provision a Kubernetes cluster using Rancher, you can still edit options and settings for the cluster. -For information on editing cluster membership, go to [this page.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) +For information on editing cluster membership, go to [this page.](../../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) ### Cluster Configuration References The cluster configuration options depend on the type of Kubernetes cluster: -- [RKE Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -- [RKE2 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) -- [K3s Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) -- [EKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/eks-cluster-configuration.md) -- [GKE Cluster Configuration](gke-cluster-configuration.md) -- [AKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md) +- [RKE Cluster Configuration](rancher-server-configuration/rke1-cluster-configuration.md) +- [RKE2 Cluster Configuration](rancher-server-configuration/rke2-cluster-configuration.md) +- [K3s Cluster Configuration](rancher-server-configuration/k3s-cluster-configuration.md) +- [EKS Cluster Configuration](rancher-server-configuration/eks-cluster-configuration.md) +- [GKE Cluster Configuration](rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) +- [AKS Cluster Configuration](rancher-server-configuration/aks-cluster-configuration.md) ### Cluster Management Capabilities by Cluster Type diff --git a/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md b/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md new file mode 100644 index 00000000000..897728cd346 --- /dev/null +++ b/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md @@ -0,0 +1,9 @@ +--- +title: Downstream Cluster Configuration +--- + + + + + +The following docs will discuss [node template configuration](node-template-configuration/node-template-configuration.md) and [machine configuration](machine-configuration/machine-configuration.md). \ No newline at end of file diff --git a/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md b/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md new file mode 100644 index 00000000000..b28ccd669dd --- /dev/null +++ b/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md @@ -0,0 +1,9 @@ +--- +title: Machine Configuration +--- + + + + + +Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](amazon-ec2.md), [DigitalOcean](digitalocean.md), and [Azure](azure.md) to learn more. \ No newline at end of file diff --git a/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md b/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md index bd79dabbed5..e4b77c5174c 100644 --- a/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md +++ b/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md @@ -25,7 +25,7 @@ See [Amazon Documentation: Adding Permissions to a User (Console)](https://docs. See our three example JSON policies: - [Example IAM Policy](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy) -- [Example IAM Policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) +- [Example IAM Policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) - [Example IAM Policy to allow encrypted EBS volumes](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-to-allow-encrypted-ebs-volumes) policy to an user. ### Authenticate & Configure Nodes @@ -44,7 +44,7 @@ If you provide your own security group for an EC2 instance, please note that Ran Configure the instances that will be created. Make sure you configure the correct **SSH User** for the configured AMI. It is possible that a selected region does not support the default instance type. In this scenario you must select an instance type that does exist, otherwise an error will occur stating the requested configuration is not supported. -If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md), you will need an additional permission in your policy. See [Example IAM policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) for an example policy. +If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md), you will need an additional permission in your policy. See [Example IAM policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) for an example policy. ### Engine Options diff --git a/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md b/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md new file mode 100644 index 00000000000..bbe4d6127c3 --- /dev/null +++ b/docs/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md @@ -0,0 +1,9 @@ +--- +title: Node Template Configuration +--- + + + + + +To learn about node template config, refer to [EC2 Node Template Configuration](amazon-ec2.md), [DigitalOcean Node Template Configuration](digitalocean.md), [Azure Node Template Configuration](azure.md), [vSphere Node Template Configuration](vsphere.md), and [Nutanix Node Template Configuration](nutanix.md). diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md index 67cd280e470..dc3974e551f 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md @@ -17,7 +17,7 @@ title: AKS Cluster Configuration Reference When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. -Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../pages-for-subheaders/manage-role-based-access-control-rbac.md) +Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) ## Cloud Credentials diff --git a/docs/pages-for-subheaders/gke-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md similarity index 97% rename from docs/pages-for-subheaders/gke-cluster-configuration.md rename to docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md index de9a1638a9c..8b63d9b8490 100644 --- a/docs/pages-for-subheaders/gke-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md @@ -107,7 +107,7 @@ _Mutable: no_ :::caution -Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md). +Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](gke-private-clusters.md). ::: @@ -117,7 +117,7 @@ Assign nodes only internal IP addresses. Private cluster nodes cannot access the :::caution -Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md). +Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](gke-private-clusters.md). ::: @@ -204,7 +204,7 @@ The node operating system image. For more information for the node image options :::note -The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](/versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](logging.md) is compatible with the Container-Optimized OS image. +The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](/versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](../../../../integrations-in-rancher/logging/logging.md) is compatible with the Container-Optimized OS image. ::: diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md index 120be47a641..553ab6396cf 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md @@ -30,7 +30,7 @@ This scenario is not officially supported, but is described for cases in which u ::: -If restricting both incoming and outgoing traffic to nodes is a requirement, follow the air-gapped installation instructions to set up a private container image [registry](../../../../pages-for-subheaders/air-gapped-helm-cli-install.md) on the VPC where the cluster is going to be, allowing the cluster nodes to access and download the images they need to run the cluster agent. If the control plane endpoint is also private, Rancher will need [direct access](#direct-access) to it. +If restricting both incoming and outgoing traffic to nodes is a requirement, follow the air-gapped installation instructions to set up a private container image [registry](../../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) on the VPC where the cluster is going to be, allowing the cluster nodes to access and download the images they need to run the cluster agent. If the control plane endpoint is also private, Rancher will need [direct access](#direct-access) to it. ### Private Control Plane Endpoint diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md new file mode 100644 index 00000000000..e4da90d371a --- /dev/null +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md @@ -0,0 +1,16 @@ +--- +title: Rancher Server Configuration +--- + + + + + +- [RKE1 Cluster Configuration](rke1-cluster-configuration.md) +- [RKE2 Cluster Configuration](rke2-cluster-configuration.md) +- [K3s Cluster Configuration](k3s-cluster-configuration.md) +- [EKS Cluster Configuration](eks-cluster-configuration.md) +- [AKS Cluster Configuration](aks-cluster-configuration.md) +- [GKE Cluster Configuration](gke-cluster-configuration/gke-cluster-configuration.md) +- [Use Existing Nodes](use-existing-nodes/use-existing-nodes.md) +- [Sync Clusters](sync-clusters.md) \ No newline at end of file diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md index 6d260b3dd68..d97170934a7 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md @@ -6,7 +6,7 @@ title: RKE Cluster Configuration Reference -When Rancher installs Kubernetes, it uses [RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) or [RKE2](https://docs.rke2.io/) as the Kubernetes distribution. +When Rancher installs Kubernetes, it uses [RKE](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) or [RKE2](https://docs.rke2.io/) as the Kubernetes distribution. This section covers the configuration options that are available in Rancher for a new or existing RKE Kubernetes cluster. @@ -20,7 +20,7 @@ You can configure the Kubernetes options one of two ways: The RKE cluster config options are nested under the `rancher_kubernetes_engine_config` directive. For more information, see the section about the [cluster config file.](#rke-cluster-config-file-reference) -In [clusters launched by RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md), you can edit any of the remaining options that follow. +In [clusters launched by RKE](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md), you can edit any of the remaining options that follow. For an example of RKE config file syntax, see the [RKE documentation](https://rancher.com/docs/rke/latest/en/example-yamls/). @@ -92,7 +92,7 @@ Project network isolation is available if you are using any RKE network plugin t ### Kubernetes Cloud Providers -You can configure a [Kubernetes cloud provider](../../../pages-for-subheaders/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. :::note @@ -135,7 +135,7 @@ We recommend using a load balancer with the authorized cluster endpoint. For det ### Node Pools -For information on using the Rancher UI to set up node pools in an RKE cluster, refer to [this page.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +For information on using the Rancher UI to set up node pools in an RKE cluster, refer to [this page.](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### NGINX Ingress @@ -329,7 +329,7 @@ See [Docker Root Directory](#docker-root-directory). ### enable_cluster_monitoring -Option to enable or disable [Cluster Monitoring](../../../pages-for-subheaders/monitoring-and-alerting.md). +Option to enable or disable [Cluster Monitoring](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md). ### enable_network_policy diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index 5c48ec35e23..1985849c895 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -121,7 +121,7 @@ When using `cilium` or `multus,cilium` as your container network interface provi ##### Cloud Provider -You can configure a [Kubernetes cloud provider](../../../pages-for-subheaders/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. :::note @@ -139,7 +139,7 @@ The default [pod security admission configuration template](../../../how-to-guid ##### Worker CIS Profile -Select a [CIS benchmark](../../../pages-for-subheaders/cis-scan-guides.md) to validate the system configuration against. +Select a [CIS benchmark](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) to validate the system configuration against. ##### Project Network Isolation diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md index 3c363d053cf..183cdb4f558 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md @@ -6,7 +6,7 @@ title: Rancher Agent Options -Rancher deploys an agent on each node to communicate with the node. This pages describes the options that can be passed to the agent. To use these options, you will need to [create a cluster with custom nodes](../../../../pages-for-subheaders/use-existing-nodes.md) and add the options to the generated `docker run` command when adding a node. +Rancher deploys an agent on each node to communicate with the node. This pages describes the options that can be passed to the agent. To use these options, you will need to [create a cluster with custom nodes](use-existing-nodes.md) and add the options to the generated `docker run` command when adding a node. For an overview of how Rancher communicates with downstream clusters using node agents, refer to the [architecture section.](../../../rancher-manager-architecture/communicating-with-downstream-user-clusters.md#3-node-agents) diff --git a/docs/pages-for-subheaders/use-existing-nodes.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md similarity index 67% rename from docs/pages-for-subheaders/use-existing-nodes.md rename to docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index 56a5c7efab7..cca7752af30 100644 --- a/docs/pages-for-subheaders/use-existing-nodes.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -9,7 +9,7 @@ description: To create a cluster with custom nodes, you’ll need to access serv When you create a custom cluster, Rancher uses RKE (the Rancher Kubernetes Engine) to create a Kubernetes cluster in on-prem bare-metal servers, on-prem virtual machines, or in any node hosted by an infrastructure provider. -To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node. +To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node. This section describes how to set up a custom cluster. @@ -17,7 +17,7 @@ This section describes how to set up a custom cluster. :::note Want to use Windows hosts as Kubernetes workers? -See [Configuring Custom Clusters for Windows](use-windows-clusters.md) before you start. +See [Configuring Custom Clusters for Windows](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md) before you start. ::: @@ -29,9 +29,9 @@ Begin creation of a custom cluster by provisioning a Linux host. Your host can b - An on-prem VM - A bare-metal server -If you want to reuse a node from a previous custom cluster, [clean the node](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node](../../../../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. -Provision the host according to the [installation requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) and the [checklist for production-ready clusters.](checklist-for-production-ready-clusters.md) +Provision the host according to the [installation requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) and the [checklist for production-ready clusters.](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) If you're using Amazon EC2 as your host and want to use the [dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/) feature, there are additional [requirements](https://rancher.com/docs/rke//latest/en/config-options/dual-stack#requirements) when provisioning the host. @@ -45,7 +45,7 @@ If you're using Amazon EC2 as your host and want to use the [dual-stack](https:/ :::note Using Windows nodes as Kubernetes workers? - - See [Enable the Windows Support Option](use-windows-clusters.md). + - See [Enable the Windows Support Option](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md). - The only Network Provider available for clusters with Windows support is Flannel. ::: @@ -60,16 +60,16 @@ If you're using Amazon EC2 as your host and want to use the [dual-stack](https:/ 4. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -7. From **Node Role**, choose the roles that you want filled by a cluster node. You must provision at least one node for each role: `etcd`, `worker`, and `control plane`. All three roles are required for a custom cluster to finish provisioning. For more information on roles, see [this section.](../reference-guides/kubernetes-concepts.md#roles-for-nodes-in-kubernetes-clusters) +7. From **Node Role**, choose the roles that you want filled by a cluster node. You must provision at least one node for each role: `etcd`, `worker`, and `control plane`. All three roles are required for a custom cluster to finish provisioning. For more information on roles, see [this section.](../../../kubernetes-concepts.md#roles-for-nodes-in-kubernetes-clusters) :::note -- Using Windows nodes as Kubernetes workers? See [this section](use-windows-clusters.md). +- Using Windows nodes as Kubernetes workers? See [this section](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md). - Bare-Metal Server Reminder: If you plan on dedicating bare-metal servers to each role, you must provision a bare-metal server for each role (i.e. provision multiple bare-metal servers). ::: -8. **Optional**: Click **[Show advanced options](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. +8. **Optional**: Click **[Show advanced options](rancher-agent-options.md)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. 9. Copy the command displayed on screen to your clipboard. @@ -137,5 +137,5 @@ Key=kubernetes.io/cluster/CLUSTERID, Value=shared After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster: -- **Access your cluster with the kubectl CLI:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. -- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. +- **Access your cluster with the kubectl CLI:** Follow [these steps](../../../../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. +- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../../../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. diff --git a/docs/reference-guides/kubernetes-concepts.md b/docs/reference-guides/kubernetes-concepts.md index 707fb8e1c51..e1e880e8cd4 100644 --- a/docs/reference-guides/kubernetes-concepts.md +++ b/docs/reference-guides/kubernetes-concepts.md @@ -57,7 +57,7 @@ Each [worker node](https://kubernetes.io/docs/concepts/architecture/nodes/) runs - **Kubelets:** An agent that monitors the state of the node, ensuring your containers are healthy. - **Workloads:** The containers and pods that hold your apps, as well as other types of deployments. -Worker nodes also run storage and networking drivers, and ingress controllers when required. You create as many worker nodes as necessary to run your [workloads](../pages-for-subheaders/workloads-and-pods.md). +Worker nodes also run storage and networking drivers, and ingress controllers when required. You create as many worker nodes as necessary to run your [workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md). ## About Helm diff --git a/docs/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md b/docs/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md new file mode 100644 index 00000000000..62bade46a2a --- /dev/null +++ b/docs/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md @@ -0,0 +1,15 @@ +--- +title: Monitoring V2 Configuration +--- + + + + + +The following sections will explain important options essential to configuring Monitoring V2 in Rancher: + +- [Receiver Configuration](receivers.md) +- [Route Configuration](routes.md) +- [ServiceMonitor and PodMonitor Configuration](servicemonitors-and-podmonitors.md) +- [Helm Chart Options](helm-chart-options.md) +- [Examples](examples.md) \ No newline at end of file diff --git a/docs/pages-for-subheaders/prometheus-federator.md b/docs/reference-guides/prometheus-federator/prometheus-federator.md similarity index 97% rename from docs/pages-for-subheaders/prometheus-federator.md rename to docs/reference-guides/prometheus-federator/prometheus-federator.md index efef5f5abae..4b1e8a21143 100644 --- a/docs/pages-for-subheaders/prometheus-federator.md +++ b/docs/reference-guides/prometheus-federator/prometheus-federator.md @@ -24,7 +24,7 @@ Prometheus Federator is designed to be deployed alongside an existing Prometheus 1. On deploying this chart, users can create ProjectHelmCharts CRs with `spec.helmApiVersion` set to `monitoring.cattle.io/v1alpha1` (also known as "Project Monitors" in the Rancher UI) in a **Project Registration Namespace (`cattle-project-`)**. 2. On seeing each ProjectHelmChartCR, the operator will automatically deploy a Project Prometheus stack on the Project Owner's behalf in the **Project Release Namespace (`cattle-project--monitoring`)** based on a HelmChart CR and a HelmRelease CR automatically created by the ProjectHelmChart controller in the **Operator / System Namespace**. -3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). For more information, see the section on [configuring RBAC](../reference-guides/prometheus-federator/rbac.md). +3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). For more information, see the section on [configuring RBAC](rbac.md). ### What is a Project? @@ -43,7 +43,7 @@ As a Project Operator based on [rancher/helm-project-operator](https://github.co 1. **Operator / System Namespace**: The namespace that the operator is deployed into (e.g., `cattle-monitoring-system`). This namespace will contain all HelmCharts and HelmReleases for all ProjectHelmCharts watched by this operator. **Only Cluster Admins should have access to this namespace.** -2. **Project Registration Namespace (`cattle-project-`)**: The set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace. For details, refer to the [RBAC page](../reference-guides/prometheus-federator/rbac.md). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace.** +2. **Project Registration Namespace (`cattle-project-`)**: The set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace. For details, refer to the [RBAC page](rbac.md). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace.** :::note Notes: diff --git a/docs/reference-guides/prometheus-federator/rbac.md b/docs/reference-guides/prometheus-federator/rbac.md index 8b54ce9559f..276dd7d75f5 100644 --- a/docs/reference-guides/prometheus-federator/rbac.md +++ b/docs/reference-guides/prometheus-federator/rbac.md @@ -8,7 +8,7 @@ title: Role-Based Access Control This section describes the expectations for Role-Based Access Control (RBAC) for Prometheus Federator. -As described in the section on [namespaces](../../pages-for-subheaders/prometheus-federator.md#namespaces), Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: +As described in the section on [namespaces](prometheus-federator.md#namespaces), Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: - ClusterRoleBindings - RoleBindings in the Project Release Namespace diff --git a/docs/reference-guides/rancher-cluster-tools.md b/docs/reference-guides/rancher-cluster-tools.md index 63d8490bc41..ca037f533de 100644 --- a/docs/reference-guides/rancher-cluster-tools.md +++ b/docs/reference-guides/rancher-cluster-tools.md @@ -21,7 +21,7 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For more information, refer to the logging documentation [here.](../pages-for-subheaders/logging.md) +For more information, refer to the logging documentation [here.](../integrations-in-rancher/logging/logging.md) ## Monitoring and Alerts Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. @@ -32,7 +32,7 @@ Notifiers are services that inform you of alert events. You can configure notifi Alerts are rules that trigger those notifications. Before you can receive alerts, you must configure one or more notifier in Rancher. The scope for alerts can be set at either the cluster or project level. -For more information, refer to the monitoring documentation [here.](../pages-for-subheaders/monitoring-and-alerting.md) +For more information, refer to the monitoring documentation [here.](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) ## Istio @@ -40,7 +40,7 @@ For more information, refer to the monitoring documentation [here.](../pages-for Rancher's integration with Istio was improved in Rancher v2.5. -For more information, refer to the Istio documentation [here.](../pages-for-subheaders/istio.md) +For more information, refer to the Istio documentation [here.](../integrations-in-rancher/istio/istio.md) ## OPA Gatekeeper [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper) is an open-source project that provides integration between OPA and Kubernetes to provide policy control via admission controller webhooks. For details on how to enable Gatekeeper in Rancher, refer to the [OPA Gatekeeper section.](../integrations-in-rancher/opa-gatekeeper.md) @@ -49,4 +49,4 @@ For more information, refer to the Istio documentation [here.](../pages-for-subh Rancher can run a security scan to check whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark. -For more information, refer to the CIS scan documentation [here.](../pages-for-subheaders/cis-scan-guides.md) \ No newline at end of file +For more information, refer to the CIS scan documentation [here.](../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) \ No newline at end of file diff --git a/docs/reference-guides/rancher-manager-architecture/architecture-recommendations.md b/docs/reference-guides/rancher-manager-architecture/architecture-recommendations.md index 1ece990ff8c..b84375fbda5 100644 --- a/docs/reference-guides/rancher-manager-architecture/architecture-recommendations.md +++ b/docs/reference-guides/rancher-manager-architecture/architecture-recommendations.md @@ -57,7 +57,7 @@ We recommend the following configurations for the load balancer and Ingress cont It is strongly recommended to install Rancher on a Kubernetes cluster on hosted infrastructure such as Amazon's EC2 or Google Compute Engine. -For the best performance and greater security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and greater security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. ## Recommended Node Roles for Kubernetes Installations @@ -99,7 +99,7 @@ With that said, it is safe to use all three roles on three nodes when setting up Because no additional workloads will be deployed on the Rancher server cluster, in most cases it is not necessary to use the same architecture that we recommend for the scalability and reliability of downstream clusters. -For more best practices for downstream clusters, refer to the [production checklist](../../pages-for-subheaders/checklist-for-production-ready-clusters.md) or our [best practices guide.](../../pages-for-subheaders/best-practices.md) +For more best practices for downstream clusters, refer to the [production checklist](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) or our [best practices guide.](../best-practices/best-practices.md) ## Architecture for an Authorized Cluster Endpoint (ACE) diff --git a/docs/pages-for-subheaders/rancher-manager-architecture.md b/docs/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md similarity index 50% rename from docs/pages-for-subheaders/rancher-manager-architecture.md rename to docs/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md index d7e76f28573..97ef05d0b6b 100644 --- a/docs/pages-for-subheaders/rancher-manager-architecture.md +++ b/docs/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md @@ -6,16 +6,16 @@ title: Architecture -This section focuses on the [Rancher server and its components](../reference-guides/rancher-manager-architecture/rancher-server-and-components.md) and how [Rancher communicates with downstream Kubernetes clusters](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md). +This section focuses on the [Rancher server and its components](rancher-server-and-components.md) and how [Rancher communicates with downstream Kubernetes clusters](communicating-with-downstream-user-clusters.md). -For information on the different ways that Rancher can be installed, refer to the [overview of installation options.](installation-and-upgrade.md#overview-of-installation-options) +For information on the different ways that Rancher can be installed, refer to the [overview of installation options.](../../getting-started/installation-and-upgrade/installation-and-upgrade.md#overview-of-installation-options) -For a list of main features of the Rancher API server, refer to the [overview section.](../getting-started/overview.md#features-of-the-rancher-api-server) +For a list of main features of the Rancher API server, refer to the [overview section.](../../getting-started/overview.md#features-of-the-rancher-api-server) -For guidance about setting up the underlying infrastructure for the Rancher server, refer to the [architecture recommendations.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +For guidance about setting up the underlying infrastructure for the Rancher server, refer to the [architecture recommendations.](architecture-recommendations.md) :::note -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../kubernetes-concepts.md) page. ::: \ No newline at end of file diff --git a/docs/reference-guides/rancher-manager-architecture/rancher-server-and-components.md b/docs/reference-guides/rancher-manager-architecture/rancher-server-and-components.md index e9fec332622..d30d4900d23 100644 --- a/docs/reference-guides/rancher-manager-architecture/rancher-server-and-components.md +++ b/docs/reference-guides/rancher-manager-architecture/rancher-server-and-components.md @@ -10,9 +10,9 @@ The majority of Rancher 2.x software runs on the Rancher Server. Rancher Server The figure below illustrates the high-level architecture of Rancher 2.x. The figure depicts a Rancher Server installation that manages two downstream Kubernetes clusters: one created by RKE and another created by Amazon EKS (Elastic Kubernetes Service). -For the best performance and security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. -The diagram below shows how users can manipulate both [Rancher-launched Kubernetes](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters and [hosted Kubernetes](../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md) clusters through Rancher's authentication proxy: +The diagram below shows how users can manipulate both [Rancher-launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters and [hosted Kubernetes](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) clusters through Rancher's authentication proxy:
Managing Kubernetes Clusters through Rancher's Authentication Proxy
diff --git a/docs/reference-guides/rancher-project-tools.md b/docs/reference-guides/rancher-project-tools.md index f199d246d2c..d2b99f71fa9 100644 --- a/docs/reference-guides/rancher-project-tools.md +++ b/docs/reference-guides/rancher-project-tools.md @@ -29,8 +29,8 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For details, refer to the [logging section.](../pages-for-subheaders/logging.md) +For details, refer to the [logging section.](../integrations-in-rancher/logging/logging.md) ## Monitoring -Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.](../pages-for-subheaders/monitoring-and-alerting.md) +Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) diff --git a/docs/pages-for-subheaders/rancher-hardening-guides.md b/docs/reference-guides/rancher-security/hardening-guides/hardening-guides.md similarity index 62% rename from docs/pages-for-subheaders/rancher-hardening-guides.md rename to docs/reference-guides/rancher-security/hardening-guides/hardening-guides.md index 5db6c192945..1ab615e083e 100644 --- a/docs/pages-for-subheaders/rancher-hardening-guides.md +++ b/docs/reference-guides/rancher-security/hardening-guides/hardening-guides.md @@ -26,31 +26,31 @@ Each self-assessment guide is accompanied by a hardening guide. These guides wer | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | |--------------------|-----------------------|-----------------------|------------------| -| Kubernetes v1.23 | CIS v1.23 | [Link](../reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke1-hardening-guide.md) | -| Kubernetes v1.24 | CIS v1.24 | [Link](../reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke1-hardening-guide.md) | -| Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](../reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke1-hardening-guide.md) | +| Kubernetes v1.23 | CIS v1.23 | [Link](rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke1-hardening-guide/rke1-hardening-guide.md) | +| Kubernetes v1.24 | CIS v1.24 | [Link](rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke1-hardening-guide/rke1-hardening-guide.md) | +| Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke1-hardening-guide/rke1-hardening-guide.md) | ### RKE2 Guides | Type | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | |------|--------------------|-----------------------|-----------------------|------------------| -| Rancher provisioned RKE2 | Kubernetes v1.23 | CIS v1.23 | [Link](../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke2-hardening-guide.md) | -| Rancher provisioned RKE2 | Kubernetes v1.24 | CIS v1.24 | [Link](../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke2-hardening-guide.md) | -| Rancher provisioned RKE2 | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke2-hardening-guide.md) | +| Rancher provisioned RKE2 | Kubernetes v1.23 | CIS v1.23 | [Link](rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke2-hardening-guide/rke2-hardening-guide.md) | +| Rancher provisioned RKE2 | Kubernetes v1.24 | CIS v1.24 | [Link](rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke2-hardening-guide/rke2-hardening-guide.md) | +| Rancher provisioned RKE2 | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke2-hardening-guide/rke2-hardening-guide.md) | | Standalone RKE2 | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](https://docs.rke2.io/security/cis_self_assessment123) | [Link](https://docs.rke2.io/security/hardening_guide) | ### K3s Guides | Type | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | |------|--------------------|-----------------------|-----------------------|------------------| -| Rancher provisioned K3s cluster | Kubernetes v1.23 | CIS v1.23 | [Link](../reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](k3s-hardening-guide.md) | -| Rancher provisioned K3s cluster | Kubernetes v1.24 | CIS v1.24 | [Link](../reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](k3s-hardening-guide.md) | -| Rancher provisioned K3s cluster | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](../reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](k3s-hardening-guide.md) | +| Rancher provisioned K3s cluster | Kubernetes v1.23 | CIS v1.23 | [Link](k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](k3s-hardening-guide/k3s-hardening-guide.md) | +| Rancher provisioned K3s cluster | Kubernetes v1.24 | CIS v1.24 | [Link](k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](k3s-hardening-guide/k3s-hardening-guide.md) | +| Rancher provisioned K3s cluster | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](k3s-hardening-guide/k3s-hardening-guide.md) | | Standalone K3s | Kubernetes v1.22 up to v1.24 | CIS v1.23 | [Link](https://docs.k3s.io/security/self-assessment) | [Link](https://docs.k3s.io/security/hardening-guide) | ## Rancher with SELinux [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a kernel module that adds extra access controls and security tools to Linux. Historically used by government agencies, SELinux is now industry-standard. SELinux is enabled by default on RHEL and CentOS. -To use Rancher with SELinux, we recommend [installing](../reference-guides/rancher-security/selinux-rpm/about-rancher-selinux.md) the `rancher-selinux` RPM. +To use Rancher with SELinux, we recommend [installing](../selinux-rpm/about-rancher-selinux.md) the `rancher-selinux` RPM. diff --git a/docs/pages-for-subheaders/k3s-hardening-guide.md b/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-hardening-guide.md similarity index 100% rename from docs/pages-for-subheaders/k3s-hardening-guide.md rename to docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-hardening-guide.md diff --git a/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md b/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md index d0ddba7d1e7..c34143594e8 100644 --- a/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md +++ b/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md @@ -6,7 +6,7 @@ title: K3s Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23 -This document is a companion to the [K3s Hardening Guide](../../../../pages-for-subheaders/k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [K3s Hardening Guide](k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md b/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md index 1d348069a2a..0b199590889 100644 --- a/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md +++ b/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md @@ -6,7 +6,7 @@ title: K3s Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24 -This document is a companion to the [K3s Hardening Guide](../../../../pages-for-subheaders/k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [K3s Hardening Guide](k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md b/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md index e7373288b35..fe6b3ef299c 100644 --- a/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md +++ b/docs/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md @@ -6,7 +6,7 @@ title: K3s Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27 -This document is a companion to the [K3s Hardening Guide](../../../../pages-for-subheaders/k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [K3s Hardening Guide](k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/docs/pages-for-subheaders/rke1-hardening-guide.md b/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide.md similarity index 93% rename from docs/pages-for-subheaders/rke1-hardening-guide.md rename to docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide.md index effc11a78bf..838589b82ad 100644 --- a/docs/pages-for-subheaders/rke1-hardening-guide.md +++ b/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide.md @@ -151,13 +151,13 @@ Execute this script to apply the `default-allow-all.yaml` configuration with the ## Known Limitations - Rancher **exec shell** and **view logs** for pods are **not** functional in a hardened setup when only a public IP is provided when registering custom nodes. This functionality requires a private IP to be provided when registering the custom nodes. -- When setting `default_pod_security_policy_template_id:` to `restricted` or `restricted-noroot`, based on the pod security policies (PSP) [provided](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) by Rancher, Rancher creates `RoleBindings` and `ClusterRoleBindings` on the `default` service accounts. The CIS check 5.1.5 requires that the `default` service accounts have no roles or cluster roles bound to it apart from the defaults. In addition, the `default` service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments. +- When setting `default_pod_security_policy_template_id:` to `restricted` or `restricted-noroot`, based on the pod security policies (PSP) [provided](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) by Rancher, Rancher creates `RoleBindings` and `ClusterRoleBindings` on the `default` service accounts. The CIS check 5.1.5 requires that the `default` service accounts have no roles or cluster roles bound to it apart from the defaults. In addition, the `default` service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments. ## Reference Hardened RKE `cluster.yml` Configuration The reference `cluster.yml` is used by the RKE CLI that provides the configuration needed to achieve a hardened installation of RKE. RKE [documentation](https://rancher.com/docs/rke/latest/en/installation/) provides additional details about the configuration items. This reference `cluster.yml` does not include the required `nodes` directive which will vary depending on your environment. Documentation for node configuration in RKE can be found [here](https://rancher.com/docs/rke/latest/en/config-options/nodes/). -The example `cluster.yml` configuration file contains an Admission Configuration policy in the `services.kube-api.admission_configuration` field. This [sample](../reference-guides/rancher-security/psa-restricted-exemptions.md) policy contains the namespace exemptions necessary for an imported RKE cluster to run properly in Rancher, similar to Rancher's pre-defined [`rancher-restricted`](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) policy. +The example `cluster.yml` configuration file contains an Admission Configuration policy in the `services.kube-api.admission_configuration` field. This [sample](../../psa-restricted-exemptions.md) policy contains the namespace exemptions necessary for an imported RKE cluster to run properly in Rancher, similar to Rancher's pre-defined [`rancher-restricted`](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) policy. If you prefer to use RKE's default `restricted` policy, then leave the `services.kube-api.admission_configuration` field empty and set `services.pod_security_configuration` to `restricted`. See [the RKE docs](https://rke.docs.rancher.com/config-options/services/pod-security-admission) for more information. @@ -165,7 +165,7 @@ If you prefer to use RKE's default `restricted` policy, then leave the `services :::note -If you intend to import an RKE cluster into Rancher, please consult the [documentation](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. +If you intend to import an RKE cluster into Rancher, please consult the [documentation](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. ::: ```yaml @@ -407,7 +407,7 @@ addons: | ## Reference Hardened RKE Cluster Template Configuration -The reference RKE cluster template provides the minimum required configuration to achieve a hardened installation of Kubernetes. RKE templates are used to provision Kubernetes and define Rancher settings. Follow the Rancher [documentation](installation-and-upgrade.md) for additional information about installing RKE and its template details. +The reference RKE cluster template provides the minimum required configuration to achieve a hardened installation of Kubernetes. RKE templates are used to provision Kubernetes and define Rancher settings. Follow the Rancher [documentation](../../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) for additional information about installing RKE and its template details. diff --git a/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md b/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md index 9c6d1369a90..774f12f8be9 100644 --- a/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md +++ b/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md @@ -6,7 +6,7 @@ title: RKE Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23 -This document is a companion to the [RKE Hardening Guide](../../../../pages-for-subheaders/rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE Hardening Guide](rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md b/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md index 5f3c20fb37f..e37a56d277e 100644 --- a/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md +++ b/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md @@ -6,7 +6,7 @@ title: RKE Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24 -This document is a companion to the [RKE Hardening Guide](../../../../pages-for-subheaders/rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE Hardening Guide](rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md b/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md index 9fe9ca2045f..bfb274d96fa 100644 --- a/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md +++ b/docs/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md @@ -6,7 +6,7 @@ title: RKE Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27 -This document is a companion to the [RKE Hardening Guide](../../../../pages-for-subheaders/rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE Hardening Guide](rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/docs/pages-for-subheaders/rke2-hardening-guide.md b/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md similarity index 98% rename from docs/pages-for-subheaders/rke2-hardening-guide.md rename to docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md index 378050c8e45..0cce6028916 100644 --- a/docs/pages-for-subheaders/rke2-hardening-guide.md +++ b/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md @@ -124,7 +124,7 @@ When both the `defaultPodSecurityAdmissionConfigurationTemplateName` and `profil These namespaces are exempted to allow system pods to run without restrictions, which is required for proper operation of the cluster. :::note -If you intend to import an RKE cluster into Rancher, please consult the [documentation](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. +If you intend to import an RKE cluster into Rancher, please consult the [documentation](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. ::: diff --git a/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md b/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md index 3099612cacb..d9145e2ce85 100644 --- a/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md +++ b/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md @@ -6,7 +6,7 @@ title: RKE2 Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23 -This document is a companion to the [RKE2 Hardening Guide](../../../../pages-for-subheaders/rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE2 Hardening Guide](rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md b/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md index ba80c0a516a..0e74634d09d 100644 --- a/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md +++ b/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md @@ -6,7 +6,7 @@ title: RKE2 Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24 -This document is a companion to the [RKE2 Hardening Guide](../../../../pages-for-subheaders/rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE2 Hardening Guide](rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md b/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md index b7d4a36ea4b..c93773a62a7 100644 --- a/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md +++ b/docs/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md @@ -6,7 +6,7 @@ title: RKE2 Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27 -This document is a companion to the [RKE2 Hardening Guide](../../../../pages-for-subheaders/rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE2 Hardening Guide](rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/docs/reference-guides/rancher-security/rancher-security-best-practices.md b/docs/reference-guides/rancher-security/rancher-security-best-practices.md index 065ec7b6b7d..df921789f25 100644 --- a/docs/reference-guides/rancher-security/rancher-security-best-practices.md +++ b/docs/reference-guides/rancher-security/rancher-security-best-practices.md @@ -18,4 +18,4 @@ See [OWASP Web Application Security Testing - Enumerate Infrastructure and Appli Some environments may require additional security controls for session management. For example, you may want to limit users' concurrent active sessions or restrict which geolocations those sessions can be initiated from. Such features are not supported by Rancher out of the box. -If you require such features, combine Layer 7 firewalls with [external authentication providers](../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication). +If you require such features, combine Layer 7 firewalls with [external authentication providers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md#external-vs-local-authentication). diff --git a/docs/pages-for-subheaders/rancher-security.md b/docs/reference-guides/rancher-security/rancher-security.md similarity index 88% rename from docs/pages-for-subheaders/rancher-security.md rename to docs/reference-guides/rancher-security/rancher-security.md index 81c0c40da24..c39e0aaaed6 100644 --- a/docs/pages-for-subheaders/rancher-security.md +++ b/docs/reference-guides/rancher-security/rancher-security.md @@ -23,13 +23,13 @@ title: Security -Security is at the heart of all Rancher features. From integrating with all the popular authentication tools and services, to an enterprise grade [RBAC capability](manage-role-based-access-control-rbac.md), Rancher makes your Kubernetes clusters even more secure. +Security is at the heart of all Rancher features. From integrating with all the popular authentication tools and services, to an enterprise grade [RBAC capability](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md), Rancher makes your Kubernetes clusters even more secure. On this page, we provide security related documentation along with resources to help you secure your Rancher installation and your downstream Kubernetes clusters. ### NeuVector Integration with Rancher -NeuVector is an open-source, container-focused security application that is now integrated into Rancher. NeuVector provides production security, DevOps vulnerability protection, and a container firewall, et al. Please see the [Rancher docs](../integrations-in-rancher/neuvector/neuvector.md) and the [NeuVector docs](https://open-docs.neuvector.com/) for more information. +NeuVector is an open-source, container-focused security application that is now integrated into Rancher. NeuVector provides production security, DevOps vulnerability protection, and a container firewall, et al. Please see the [Rancher docs](../../integrations-in-rancher/neuvector/neuvector.md) and the [NeuVector docs](https://open-docs.neuvector.com/) for more information. ### Running a CIS Security Scan on a Kubernetes Cluster @@ -45,13 +45,13 @@ The Benchmark provides recommendations of two types: Automated and Manual. We ru When Rancher runs a CIS security scan on a cluster, it generates a report showing the results of each test, including a summary with the number of passed, skipped and failed tests. The report also includes remediation steps for any failed tests. -For details, refer to the section on [security scans](cis-scan-guides.md). +For details, refer to the section on [security scans](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md). ### SELinux RPM [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8. -We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: `rancher-selinux` and `rke2-selinux`. For details, see [this page](selinux-rpm.md). +We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: `rancher-selinux` and `rke2-selinux`. For details, see [this page](selinux-rpm/selinux-rpm.md). ### Rancher Hardening Guide @@ -84,12 +84,12 @@ Please note that new reports are no longer shared or made publicly available. ### Rancher Security Advisories and CVEs -Rancher is committed to informing the community of security issues in our products. For the list of CVEs (Common Vulnerabilities and Exposures) for issues we have resolved, refer to [this page.](../reference-guides/rancher-security/security-advisories-and-cves.md) +Rancher is committed to informing the community of security issues in our products. For the list of CVEs (Common Vulnerabilities and Exposures) for issues we have resolved, refer to [this page.](security-advisories-and-cves.md) ### Kubernetes Security Best Practices -For recommendations on securing your Kubernetes cluster, refer to the [Kubernetes Security Best Practices](../reference-guides/rancher-security/kubernetes-security-best-practices.md) guide. +For recommendations on securing your Kubernetes cluster, refer to the [Kubernetes Security Best Practices](kubernetes-security-best-practices.md) guide. ### Rancher Security Best Practices -For recommendations on securing your Rancher Manager deployments, refer to the [Rancher Security Best Practices](../reference-guides/rancher-security/rancher-security-best-practices.md) guide. +For recommendations on securing your Rancher Manager deployments, refer to the [Rancher Security Best Practices](rancher-security-best-practices.md) guide. diff --git a/docs/reference-guides/rancher-security/security-advisories-and-cves.md b/docs/reference-guides/rancher-security/security-advisories-and-cves.md index 8f3649e7a85..ad7fb02ad7b 100644 --- a/docs/reference-guides/rancher-security/security-advisories-and-cves.md +++ b/docs/reference-guides/rancher-security/security-advisories-and-cves.md @@ -23,8 +23,8 @@ Rancher is committed to informing the community of security issues in our produc | [CVE-2022-31247](https://github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg) | An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation in downstream clusters through cluster role template binding (CRTB) and project role template binding (PRTB). The vulnerability can be exploited by any user who has permissions to create/edit CRTB or PRTB (such as `cluster-owner`, `manage cluster members`, `project-owner`, and `manage project members`) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. | 18 August 2022 | [Rancher v2.6.7](https://github.com/rancher/rancher/releases/tag/v2.6.7) and [Rancher v2.5.16](https://github.com/rancher/rancher/releases/tag/v2.5.16) | | [CVE-2021-36783](https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8) | It was discovered that in Rancher versions up to and including 2.5.12 and 2.6.3, there is a failure to properly sanitize credentials in cluster template answers. This failure can lead to plaintext storage and exposure of credentials, passwords, and API tokens. The exposed credentials are visible in Rancher to authenticated `Cluster Owners`, `Cluster Members`, `Project Owners`, and `Project Members` on the endpoints `/v1/management.cattle.io.clusters`, `/v3/clusters`, and `/k8s/clusters/local/apis/management.cattle.io/v3/clusters`. | 18 August 2022 | [Rancher v2.6.7](https://github.com/rancher/rancher/releases/tag/v2.6.7) and [Rancher v2.5.16](https://github.com/rancher/rancher/releases/tag/v2.5.16) | | [CVE-2021-36782](https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f) | An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields like passwords, API keys, and Rancher's service account token (used to provision clusters) were stored in plaintext directly on Kubernetes objects like `Clusters` (e.g., `cluster.management.cattle.io`). Anyone with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data. The issue was partially found and reported by Florian Struck (from [Continum AG](https://www.continum.net/)) and [Marco Stuurman](https://github.com/fe-ax) (from [Shock Media B.V.](https://www.shockmedia.nl/)). | 18 August 2022 | [Rancher v2.6.7](https://github.com/rancher/rancher/releases/tag/v2.6.7) and [Rancher v2.5.16](https://github.com/rancher/rancher/releases/tag/v2.5.16) | -| [CVE-2022-21951](https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c) | This vulnerability only affects customers using [Weave](../../faq/container-network-interface-providers.md#weave) Container Network Interface (CNI) when configured through [RKE templates](../../pages-for-subheaders/about-rke1-templates.md). A vulnerability was discovered in Rancher versions 2.5.0 up to and including 2.5.13, and 2.6.0 up to and including 2.6.4, where a user interface (UI) issue with RKE templates does not include a value for the Weave password when Weave is chosen as the CNI. If a cluster is created based on the mentioned template, and Weave is configured as the CNI, no password will be created for [network encryption](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/) in Weave; therefore, network traffic in the cluster will be sent unencrypted. | 24 May 2022 | [Rancher v2.6.5](https://github.com/rancher/rancher/releases/tag/v2.6.5) and [Rancher v2.5.14](https://github.com/rancher/rancher/releases/tag/v2.5.14) | -| [CVE-2021-36784](https://github.com/rancher/rancher/security/advisories/GHSA-jwvr-vv7p-gpwq) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 which allows users who have create or update permissions on [Global Roles](../../pages-for-subheaders/manage-role-based-access-control-rbac.md) to escalate their permissions, or those of another user, to admin-level permissions. Global Roles grant users Rancher-wide permissions, such as the ability to create clusters. In the identified versions of Rancher, when users are given permission to edit or create Global Roles, they are not restricted to only granting permissions which they already posses. This vulnerability affects customers who utilize non-admin users that are able to create or edit Global Roles. The most common use case for this scenario is the `restricted-admin` role. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | +| [CVE-2022-21951](https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c) | This vulnerability only affects customers using [Weave](../../faq/container-network-interface-providers.md#weave) Container Network Interface (CNI) when configured through [RKE templates](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md). A vulnerability was discovered in Rancher versions 2.5.0 up to and including 2.5.13, and 2.6.0 up to and including 2.6.4, where a user interface (UI) issue with RKE templates does not include a value for the Weave password when Weave is chosen as the CNI. If a cluster is created based on the mentioned template, and Weave is configured as the CNI, no password will be created for [network encryption](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/) in Weave; therefore, network traffic in the cluster will be sent unencrypted. | 24 May 2022 | [Rancher v2.6.5](https://github.com/rancher/rancher/releases/tag/v2.6.5) and [Rancher v2.5.14](https://github.com/rancher/rancher/releases/tag/v2.5.14) | +| [CVE-2021-36784](https://github.com/rancher/rancher/security/advisories/GHSA-jwvr-vv7p-gpwq) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 which allows users who have create or update permissions on [Global Roles](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) to escalate their permissions, or those of another user, to admin-level permissions. Global Roles grant users Rancher-wide permissions, such as the ability to create clusters. In the identified versions of Rancher, when users are given permission to edit or create Global Roles, they are not restricted to only granting permissions which they already posses. This vulnerability affects customers who utilize non-admin users that are able to create or edit Global Roles. The most common use case for this scenario is the `restricted-admin` role. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | | [CVE-2021-4200](https://github.com/rancher/rancher/security/advisories/GHSA-hx8w-ghh8-r4xf) | This vulnerability only affects customers using the `restricted-admin` role in Rancher. A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 where the `global-data` role in `cattle-global-data` namespace grants write access to the Catalogs. Since each user with any level of catalog access was bound to the `global-data` role, this grants write access to templates (`CatalogTemplates`) and template versions (`CatalogTemplateVersions`) for any user with any level of catalog access. New users created in Rancher are by default assigned to the `user` role (standard user), which is not designed to grant write catalog access. This vulnerability effectively elevates the privilege of any user to write access for the catalog template and catalog template version resources. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | | [GHSA-wm2r-rp98-8pmh](https://github.com/rancher/rancher/security/advisories/GHSA-wm2r-rp98-8pmh) | This vulnerability only affects customers using [Fleet](../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md) for continuous delivery with authenticated Git and/or Helm repositories. An issue was discovered in `go-getter` library in versions prior to [`v1.5.11`](https://github.com/hashicorp/go-getter/releases/tag/v1.5.11) that exposes SSH private keys in base64 format due to a failure in redacting such information from error messages. The vulnerable version of this library is used in Rancher through Fleet in versions of Fleet prior to [`v0.3.9`](https://github.com/rancher/fleet/releases/tag/v0.3.9). This issue affects Rancher versions 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3. The issue was found and reported by Dagan Henderson from Raft Engineering. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | | [CVE-2021-36778](https://github.com/rancher/rancher/security/advisories/GHSA-4fc7-hc63-7fjg) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.11 and from 2.6.0 up to and including 2.6.2, where an insufficient check of the same-origin policy when downloading Helm charts from a configured private repository can lead to exposure of the repository credentials to a third-party provider. This issue only happens when the user configures access credentials to a private repository in Rancher inside `Apps & Marketplace > Repositories`. The issue was found and reported by Martin Andreas Ullrich. | 14 Apr 2022 | [Rancher v2.6.3](https://github.com/rancher/rancher/releases/tag/v2.6.3) and [Rancher v2.5.12](https://github.com/rancher/rancher/releases/tag/v2.5.12) | diff --git a/docs/pages-for-subheaders/selinux-rpm.md b/docs/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md similarity index 85% rename from docs/pages-for-subheaders/selinux-rpm.md rename to docs/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md index c72c72ff56a..f2d93d01bb1 100644 --- a/docs/pages-for-subheaders/selinux-rpm.md +++ b/docs/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md @@ -17,4 +17,4 @@ After being historically used by government agencies, SELinux is now industry st Enforcing ``` -We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: [`rancher-selinux`](../reference-guides/rancher-security/selinux-rpm/about-rancher-selinux.md) and [`rke2-selinux`](../reference-guides/rancher-security/selinux-rpm/about-rke2-selinux.md). \ No newline at end of file +We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: [`rancher-selinux`](about-rancher-selinux.md) and [`rke2-selinux`](about-rke2-selinux.md). \ No newline at end of file diff --git a/docs/reference-guides/single-node-rancher-in-docker/advanced-options.md b/docs/reference-guides/single-node-rancher-in-docker/advanced-options.md index 081d79e4b04..4d410831bf9 100644 --- a/docs/reference-guides/single-node-rancher-in-docker/advanced-options.md +++ b/docs/reference-guides/single-node-rancher-in-docker/advanced-options.md @@ -19,7 +19,7 @@ Use the command example to start a Rancher container with your private CA certif The example below is based on having the CA root certificates in the `/host/certs` directory on the host and mounting this directory on `/container/certs` inside the Rancher container. -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ``` docker run -d --restart=unless-stopped \ @@ -38,7 +38,7 @@ The API Audit Log writes to `/var/log/auditlog` inside the rancher container by See [API Audit Log](../../how-to-guides/advanced-user-guides/enable-api-audit-log.md) for more information and options. -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ``` docker run -d --restart=unless-stopped \ @@ -61,7 +61,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) See [TLS settings](../../getting-started/installation-and-upgrade/installation-references/tls-settings.md) for more information and options. @@ -87,7 +87,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ### Running `rancher/rancher` and `rancher/rancher-agent` on the Same Node @@ -106,4 +106,4 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) diff --git a/docs/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md b/docs/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md index bc81ed966c2..4936d839dd2 100644 --- a/docs/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md +++ b/docs/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md @@ -24,7 +24,7 @@ NO_PROXY must be in uppercase to use network range (CIDR) notation. ## Docker Installation -Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md) are: +Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) are: - `localhost` - `127.0.0.1` @@ -46,7 +46,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ### Air-gapped proxy configuration diff --git a/docs/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md b/docs/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md new file mode 100644 index 00000000000..e605bd0c77a --- /dev/null +++ b/docs/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md @@ -0,0 +1,9 @@ +--- +title: Single Node Rancher in Docker +--- + + + + + +The following docs will discuss [HTTP proxy configuration](http-proxy-configuration.md) and [advanced options](advanced-options.md) for Docker installs. \ No newline at end of file diff --git a/docs/reference-guides/user-settings/api-keys.md b/docs/reference-guides/user-settings/api-keys.md index 95a26a81a45..d5ff1d1fb24 100644 --- a/docs/reference-guides/user-settings/api-keys.md +++ b/docs/reference-guides/user-settings/api-keys.md @@ -51,7 +51,7 @@ Users may opt to enable [token hashing](../about-the-api/api-tokens.md). - Enter your API key information into the application that will send requests to the Rancher API. - Learn more about the Rancher endpoints and parameters by selecting **View in API** for an object in the Rancher UI. -- API keys are used for API calls and [Rancher CLI](../../pages-for-subheaders/cli-with-rancher.md). +- API keys are used for API calls and [Rancher CLI](../cli-with-rancher/cli-with-rancher.md). ## Deleting API Keys diff --git a/docs/reference-guides/user-settings/manage-cloud-credentials.md b/docs/reference-guides/user-settings/manage-cloud-credentials.md index 1b8eb2e54b0..07162542d91 100644 --- a/docs/reference-guides/user-settings/manage-cloud-credentials.md +++ b/docs/reference-guides/user-settings/manage-cloud-credentials.md @@ -6,7 +6,7 @@ title: Managing Cloud Credentials -When you create a cluster [hosted by an infrastructure provider](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), [node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. +When you create a cluster [hosted by an infrastructure provider](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), [node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. Node templates can use cloud credentials to access the credential information required to provision nodes in the infrastructure providers. The same cloud credential can be used by multiple node templates. By using a cloud credential, you do not have to re-enter access keys for the same cloud provider. Cloud credentials are stored as Kubernetes secrets. @@ -14,7 +14,7 @@ Cloud credentials are only used by node templates if there are fields marked as You can create cloud credentials in two contexts: -- [During creation of a node template](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for a cluster. +- [During creation of a node template](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) for a cluster. - In the **User Settings** Cloud credentials are bound to their creator's user profile. They **cannot** be shared between non-admin users. However, admins can view and manage the cloud credentials of other users. @@ -29,7 +29,7 @@ Cloud credentials are bound to their creator's user profile. They **cannot** be 1. Based on the selected cloud credential type, enter the required values to authenticate with the infrastructure provider. 1. Click **Create**. -**Result:** The cloud credential is created and can immediately be used to [create node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates). +**Result:** The cloud credential is created and can immediately be used to [create node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). ## Updating a Cloud Credential @@ -40,7 +40,7 @@ When access credentials are changed or compromised, updating a cloud credential 1. Choose the cloud credential you want to edit and click the **⋮ > Edit Config**. 1. Update the credential information and click **Save**. -**Result:** The cloud credential is updated with the new access credentials. All existing node templates using this cloud credential will automatically use the updated information whenever [new nodes are added](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The cloud credential is updated with the new access credentials. All existing node templates using this cloud credential will automatically use the updated information whenever [new nodes are added](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Deleting a Cloud Credential diff --git a/docs/reference-guides/user-settings/manage-node-templates.md b/docs/reference-guides/user-settings/manage-node-templates.md index fab13f80ffc..2d83b899104 100644 --- a/docs/reference-guides/user-settings/manage-node-templates.md +++ b/docs/reference-guides/user-settings/manage-node-templates.md @@ -6,10 +6,10 @@ title: Managing Node Templates -When you provision a cluster [hosted by an infrastructure provider](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), [node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. You can create node templates in two contexts: +When you provision a cluster [hosted by an infrastructure provider](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), [node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. You can create node templates in two contexts: -- While [provisioning a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). -- At any time, from your [user settings](../../pages-for-subheaders/user-settings.md). +- While [provisioning a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). +- At any time, from your [user settings](user-settings.md). When you create a node template, it is bound to your user profile. Node templates cannot be shared among users. You can delete stale node templates that you no longer user from your user settings. @@ -20,7 +20,7 @@ When you create a node template, it is bound to your user profile. Node template 1. Click **Add Template**. 1. Select one of the cloud providers available. Then follow the instructions on screen to configure the template. -**Result:** The template is configured. You can use the template later when you [provision a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The template is configured. You can use the template later when you [provision a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Updating a Node Template @@ -30,7 +30,7 @@ When you create a node template, it is bound to your user profile. Node template :::note - The default `active` [node drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md) and any node driver, that has fields marked as `password`, are required to use [cloud credentials](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#cloud-credentials). + The default `active` [node drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md) and any node driver, that has fields marked as `password`, are required to use [cloud credentials](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#cloud-credentials). ::: @@ -47,7 +47,7 @@ When creating new node templates from your user settings, you can clone an exist 1. Find the template you want to clone. Then select **⋮ > Clone**. 1. Complete the rest of the form. -**Result:** The template is cloned and configured. You can use the template later when you [provision a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The template is cloned and configured. You can use the template later when you [provision a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Deleting a Node Template diff --git a/docs/reference-guides/user-settings/user-settings.md b/docs/reference-guides/user-settings/user-settings.md new file mode 100644 index 00000000000..496fde5638c --- /dev/null +++ b/docs/reference-guides/user-settings/user-settings.md @@ -0,0 +1,19 @@ +--- +title: User Settings +--- + + + + + +Within Rancher, each user has a number of settings associated with their login: personal preferences, API keys, etc. You can configure these settings by choosing from the **User Settings** menu. You can open this menu by clicking your avatar, located within the main menu. + +![User Settings Menu](/img/user-settings.png) + +The available user settings are: + +- [API & Keys](api-keys.md): If you want to interact with Rancher programmatically, you need an API key. Follow the directions in this section to obtain a key. +- [Cloud Credentials](manage-cloud-credentials.md): Manage cloud credentials [used by node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) to [provision nodes for clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). +- [Node Templates](manage-node-templates.md): Manage templates [used by Rancher to provision nodes for clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). +- [Preferences](user-preferences.md): Sets superficial preferences for the Rancher UI. +- Log Out: Ends your user session. diff --git a/docs/security/security-scan/security-scan.md b/docs/security/security-scan/security-scan.md index 061d0af8edd..cacabb6266d 100644 --- a/docs/security/security-scan/security-scan.md +++ b/docs/security/security-scan/security-scan.md @@ -6,4 +6,4 @@ title: Security Scans -The documentation about CIS security scans has moved [here.](../../pages-for-subheaders/cis-scan-guides.md) +The documentation about CIS security scans has moved [here.](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) diff --git a/docs/shared-files/_cluster-capabilities-table.md b/docs/shared-files/_cluster-capabilities-table.md index b74973f5a67..6cffdba23c4 100644 --- a/docs/shared-files/_cluster-capabilities-table.md +++ b/docs/shared-files/_cluster-capabilities-table.md @@ -2,13 +2,13 @@ | --- | --- | ---| ---|----| | [Using kubectl and a kubeconfig file to Access a Cluster](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md) | ✓ | ✓ | ✓ | ✓ | | [Managing Cluster Members](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) | ✓ | ✓ | ✓ | ✓ | -| [Editing and Upgrading Clusters](../pages-for-subheaders/cluster-configuration.md) | ✓ | ✓ | ✓ | ✓2 | +| [Editing and Upgrading Clusters](../reference-guides/cluster-configuration/cluster-configuration.md) | ✓ | ✓ | ✓ | ✓2 | | [Managing Nodes](../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md) | ✓ | ✓ | ✓ | ✓3 | -| [Managing Persistent Volumes and Storage Classes](../pages-for-subheaders/create-kubernetes-persistent-storage.md) | ✓ | ✓ | ✓ | ✓ | +| [Managing Persistent Volumes and Storage Classes](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) | ✓ | ✓ | ✓ | ✓ | | [Managing Projects, Namespaces and Workloads](../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) | ✓ | ✓ | ✓ | ✓ | -| [Using App Catalogs](../pages-for-subheaders/helm-charts-in-rancher.md) | ✓ | ✓ | ✓ | ✓ | -| Configuring Tools ([Alerts, Notifiers, Monitoring](../pages-for-subheaders/monitoring-and-alerting.md), [Logging](../pages-for-subheaders/logging.md), [Istio](../pages-for-subheaders/istio.md)) | ✓ | ✓ | ✓ | ✓ | -| [Running Security Scans](../pages-for-subheaders/cis-scan-guides.md) | ✓ | ✓ | ✓ | ✓ | +| [Using App Catalogs](../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md) | ✓ | ✓ | ✓ | ✓ | +| Configuring Tools ([Alerts, Notifiers, Monitoring](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md), [Logging](../integrations-in-rancher/logging/logging.md), [Istio](../integrations-in-rancher/istio/istio.md)) | ✓ | ✓ | ✓ | ✓ | +| [Running Security Scans](../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) | ✓ | ✓ | ✓ | ✓ | | [Ability to rotate certificates](../how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md) | ✓ | ✓ | | | | Ability to [backup](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md) and [restore](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md) Rancher-launched clusters | ✓ | ✓ | | ✓4 | | [Cleaning Kubernetes components when clusters are no longer reachable from Rancher](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) | ✓ | | | | diff --git a/docs/troubleshooting/general-troubleshooting.md b/docs/troubleshooting/general-troubleshooting.md index 77ab7e24806..d162d499805 100644 --- a/docs/troubleshooting/general-troubleshooting.md +++ b/docs/troubleshooting/general-troubleshooting.md @@ -8,7 +8,7 @@ title: General Troubleshooting This section contains information to help you troubleshoot issues when using Rancher. -- [Kubernetes components](../pages-for-subheaders/kubernetes-components.md) +- [Kubernetes components](kubernetes-components/kubernetes-components.md) If you need help troubleshooting core Kubernetes cluster components like: * `etcd` @@ -33,7 +33,7 @@ This section contains information to help you troubleshoot issues when using Ran - [Troubleshooting Rancher installed on Kubernetes](other-troubleshooting-tips/rancher-ha.md) - If you experience issues with your [Rancher server installed on Kubernetes](../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) + If you experience issues with your [Rancher server installed on Kubernetes](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) - [Logging](other-troubleshooting-tips/logging.md) diff --git a/docs/troubleshooting/kubernetes-components/kubernetes-components.md b/docs/troubleshooting/kubernetes-components/kubernetes-components.md new file mode 100644 index 00000000000..53863435277 --- /dev/null +++ b/docs/troubleshooting/kubernetes-components/kubernetes-components.md @@ -0,0 +1,21 @@ +--- +title: Kubernetes Components +--- + + + + + +The commands and steps listed in this section apply to the core Kubernetes components on [Rancher Launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters. + +This section includes troubleshooting tips in the following categories: + +- [Troubleshooting etcd Nodes](troubleshooting-etcd-nodes.md) +- [Troubleshooting Controlplane Nodes](troubleshooting-controlplane-nodes.md) +- [Troubleshooting nginx-proxy Nodes](troubleshooting-nginx-proxy.md) +- [Troubleshooting Worker Nodes and Generic Components](troubleshooting-worker-nodes-and-generic-components.md) + +## Kubernetes Component Diagram + +![Cluster diagram](/img/clusterdiagram.svg)
+Lines show the traffic flow between components. Colors are used purely for visual aid \ No newline at end of file diff --git a/docs/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md b/docs/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md index f1e6b8f8594..635e4d07371 100644 --- a/docs/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md +++ b/docs/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md @@ -6,7 +6,7 @@ title: Kubernetes Resources -The commands/steps listed on this page can be used to check the most important Kubernetes resources and apply to [Rancher Launched Kubernetes](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. +The commands/steps listed on this page can be used to check the most important Kubernetes resources and apply to [Rancher Launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters. Make sure you configured the correct kubeconfig (for example, `export KUBECONFIG=$PWD/kube_config_cluster.yml` for Rancher HA) or are using the embedded kubectl via the UI. diff --git a/sidebars.js b/sidebars.js index e3e344f7ff3..f48645120e0 100644 --- a/sidebars.js +++ b/sidebars.js @@ -30,7 +30,7 @@ const sidebars = { label: 'Quick Start Guides', link: { type: 'doc', - id: "pages-for-subheaders/quick-start-guides", + id: "getting-started/quick-start-guides/quick-start-guides", }, items: [ { @@ -38,7 +38,7 @@ const sidebars = { label: 'Deploy Rancher', link: { type: 'doc', - id: "pages-for-subheaders/deploy-rancher-manager", + id: "getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager", }, items: [ "getting-started/quick-start-guides/deploy-rancher-manager/aws", @@ -60,7 +60,7 @@ const sidebars = { label: 'Deploy Workloads', link: { type: 'doc', - id: "pages-for-subheaders/deploy-rancher-workloads", + id: "getting-started/quick-start-guides/deploy-workloads/deploy-workloads", }, items: [ "getting-started/quick-start-guides/deploy-workloads/workload-ingress", @@ -74,7 +74,7 @@ const sidebars = { label: 'Installation and Upgrade', link: { type: 'doc', - id: "pages-for-subheaders/installation-and-upgrade", + id: "getting-started/installation-and-upgrade/installation-and-upgrade", }, items: [ { @@ -82,7 +82,7 @@ const sidebars = { label: 'Installation Requirements', link: { type: 'doc', - id: "pages-for-subheaders/installation-requirements", + id: "getting-started/installation-and-upgrade/installation-requirements/installation-requirements", }, items: [ "getting-started/installation-and-upgrade/installation-requirements/install-docker", @@ -95,7 +95,7 @@ const sidebars = { label: 'Installation References', link: { type: 'doc', - id: "pages-for-subheaders/installation-references", + id: "getting-started/installation-and-upgrade/installation-references/installation-references", }, items: [ "getting-started/installation-and-upgrade/installation-references/helm-chart-options", @@ -108,7 +108,7 @@ const sidebars = { label: 'Install/Upgrade on a Kubernetes Cluster', link: { type: 'doc', - id: "pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster", + id: "getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster", }, items: [ "getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks", @@ -126,7 +126,7 @@ const sidebars = { label: 'Other Installation Methods', link: { type: 'doc', - id: "pages-for-subheaders/other-installation-methods", + id: "getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods", }, items: [ { @@ -134,7 +134,7 @@ const sidebars = { label: 'Air-Gapped Helm CLI Install', link: { type: 'doc', - id: "pages-for-subheaders/air-gapped-helm-cli-install", + id: "getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install", }, items: [ "getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry", @@ -149,7 +149,7 @@ const sidebars = { label: 'Rancher on a Single Node with Docker', link: { type: 'doc', - id: "pages-for-subheaders/rancher-on-a-single-node-with-docker", + id: "getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker", }, items: [ "getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher", @@ -162,7 +162,7 @@ const sidebars = { label: 'Rancher Behind an HTTP Proxy', link: { type: 'doc', - id: "pages-for-subheaders/rancher-behind-an-http-proxy", + id: "getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy", }, items: [ "getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure", @@ -177,7 +177,7 @@ const sidebars = { label: 'Resources', link: { type: 'doc', - id: "pages-for-subheaders/resources", + id: "getting-started/installation-and-upgrade/resources/resources", }, items: [ "getting-started/installation-and-upgrade/resources/choose-a-rancher-version", @@ -206,7 +206,7 @@ const sidebars = { label: 'New User Guides', link: { type: 'doc', - id: "pages-for-subheaders/new-user-guides", + id: "how-to-guides/new-user-guides/new-user-guides", }, items: [ { @@ -214,7 +214,7 @@ const sidebars = { label: 'Authentication, Permissions, and Global Configuration', link: { type: 'doc', - id: "pages-for-subheaders/authentication-permissions-and-global-configuration", + id: "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration", }, items: [ { @@ -222,7 +222,7 @@ const sidebars = { label: 'Authentication Config', link: { type: 'doc', - id: "pages-for-subheaders/authentication-config", + id: "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config", }, items: [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups", @@ -243,7 +243,7 @@ const sidebars = { label: 'Configure OpenLDAP', link: { type: 'doc', - id: "pages-for-subheaders/configure-openldap", + id: "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap", }, items: [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference", @@ -254,7 +254,7 @@ const sidebars = { label: 'Configure Microsoft AD Federation Service (SAML)', link: { type: 'doc', - id: "pages-for-subheaders/configure-microsoft-ad-federation-service-saml", + id: "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml", }, items: [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher", @@ -266,7 +266,7 @@ const sidebars = { label: 'Configure Shibboleth (SAML)', link: { type: 'doc', - id: "pages-for-subheaders/configure-shibboleth-saml", + id: "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml", }, items: [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/about-group-permissions", @@ -277,7 +277,7 @@ const sidebars = { label: 'Manage Role-Based Access Control (RBAC)', link: { type: 'doc', - id: "pages-for-subheaders/manage-role-based-access-control-rbac", + id: "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac", }, items: [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions", @@ -291,7 +291,7 @@ const sidebars = { label: 'About Provisioning Drivers', link: { type: 'doc', - id: "pages-for-subheaders/about-provisioning-drivers", + id: "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers", }, items: [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers", @@ -303,7 +303,7 @@ const sidebars = { label: 'About RKE1 Templates', link: { type: 'doc', - id: "pages-for-subheaders/about-rke1-templates", + id: "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates", }, items: [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/creator-permissions", @@ -329,7 +329,7 @@ const sidebars = { label: 'Manage Clusters', link: { type: 'doc', - id: "pages-for-subheaders/manage-clusters", + id: "how-to-guides/new-user-guides/manage-clusters/manage-clusters", }, items: [ { @@ -337,7 +337,7 @@ const sidebars = { label: 'Access Clusters', link: { type: 'doc', - id: "pages-for-subheaders/access-clusters", + id: "how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters", }, items: [ "how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig", @@ -350,7 +350,7 @@ const sidebars = { label: 'Install Cluster Autoscaler', link: { type: 'doc', - id: "pages-for-subheaders/install-cluster-autoscaler", + id: "how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler", }, items: [ "how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups", @@ -361,7 +361,7 @@ const sidebars = { label: 'Create Kubernetes Persistent Storage', link: { type: 'doc', - id: "pages-for-subheaders/create-kubernetes-persistent-storage", + id: "how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage", }, items: [ "how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-persistent-storage", @@ -377,7 +377,7 @@ const sidebars = { label: 'Provisioning Storage Examples', link: { type: 'doc', - id: "pages-for-subheaders/provisioning-storage-examples", + id: "how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples", }, items: [ "how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs", @@ -407,7 +407,7 @@ const sidebars = { label: 'Kubernetes Cluster Setup', link: { type: 'doc', - id: "pages-for-subheaders/kubernetes-cluster-setup", + id: "how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup", }, items: [ "how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs", @@ -421,7 +421,7 @@ const sidebars = { label: 'Infrastructure Setup', link: { type: 'doc', - id: "pages-for-subheaders/infrastructure-setup", + id: "how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup", }, items: [ "how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster", @@ -438,7 +438,7 @@ const sidebars = { label: 'Kubernetes Clusters in Rancher Setup', link: { type: 'doc', - id: "pages-for-subheaders/kubernetes-clusters-in-rancher-setup", + id: "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup", }, items: [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters", @@ -447,7 +447,7 @@ const sidebars = { label: 'Checklist for Production-Ready Clusters', link: { type: 'doc', - id: "pages-for-subheaders/checklist-for-production-ready-clusters", + id: "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters", }, items: [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture", @@ -459,7 +459,7 @@ const sidebars = { label: 'Set Up Clusters from Hosted Kubernetes Providers', link: { type: 'doc', - id: "pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers", + id: "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers", }, items: [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks", @@ -475,7 +475,7 @@ const sidebars = { label: 'Use Windows Clusters', link: { type: 'doc', - id: "pages-for-subheaders/use-windows-clusters", + id: "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters", }, items: [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/azure-storageclass-configuration", @@ -489,7 +489,7 @@ const sidebars = { label: 'Set Up Cloud Providers', link: { type: 'doc', - id: "pages-for-subheaders/set-up-cloud-providers", + id: "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers", }, items: [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon", @@ -509,7 +509,7 @@ const sidebars = { label: 'Launch Kubernetes with Rancher', link: { type: 'doc', - id: "pages-for-subheaders/launch-kubernetes-with-rancher", + id: "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher", }, items: [ { @@ -517,7 +517,7 @@ const sidebars = { label: 'Use New Nodes in an Infra Provider', link: { type: 'doc', - id: "pages-for-subheaders/use-new-nodes-in-an-infra-provider", + id: "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider", }, items: [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster", @@ -530,7 +530,7 @@ const sidebars = { label: 'vSphere', link: { type: 'doc', - id: "pages-for-subheaders/vsphere", + id: "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere", }, items: [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere", @@ -543,7 +543,7 @@ const sidebars = { label: 'Nutanix', link: { type: 'doc', - id: "pages-for-subheaders/nutanix", + id: "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix", }, items: [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos", @@ -561,7 +561,7 @@ const sidebars = { label: 'Kubernetes Resources Setup', link: { type: 'doc', - id: "pages-for-subheaders/kubernetes-resources-setup", + id: "how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup", }, items: [ { @@ -569,7 +569,7 @@ const sidebars = { label: 'Workloads and Pods', link: { type: 'doc', - id: "pages-for-subheaders/workloads-and-pods", + id: "how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods", }, items: [ "how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads", @@ -583,7 +583,7 @@ const sidebars = { label: 'Horizontal Pod Autoscaler', link: { type: 'doc', - id: "pages-for-subheaders/horizontal-pod-autoscaler", + id: "how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler", }, items: [ "how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/about-hpas", @@ -597,7 +597,7 @@ const sidebars = { label: 'Load Balancer and Ingress Controller', link: { type: 'doc', - id: "pages-for-subheaders/load-balancer-and-ingress-controller", + id: "how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller", }, items: [ "how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing", @@ -621,7 +621,7 @@ const sidebars = { label: 'Helm Charts in Rancher', link: { type: 'doc', - id: "pages-for-subheaders/helm-charts-in-rancher", + id: "how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher", }, items: [ "how-to-guides/new-user-guides/helm-charts-in-rancher/create-apps", @@ -632,7 +632,7 @@ const sidebars = { label: 'Deploy Apps Across Clusters', link: { type: 'doc', - id: "pages-for-subheaders/deploy-apps-across-clusters", + id: "how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters", }, items: [ "how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet", @@ -644,7 +644,7 @@ const sidebars = { label: 'Backup, Restore, and Disaster Recovery', link: { type: 'doc', - id: "pages-for-subheaders/backup-restore-and-disaster-recovery", + id: "how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery", }, items: [ "how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-restore-usage-guide", @@ -667,7 +667,7 @@ const sidebars = { label: 'Advanced User Guides', link: { type: 'doc', - id: "pages-for-subheaders/advanced-user-guides", + id: "how-to-guides/advanced-user-guides/advanced-user-guides", }, items: [ { @@ -675,7 +675,7 @@ const sidebars = { label: 'Manage Projects', link: { type: 'doc', - id: "pages-for-subheaders/manage-projects", + id: "how-to-guides/advanced-user-guides/manage-projects/manage-projects", }, items: [ "how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies", @@ -684,7 +684,7 @@ const sidebars = { label: 'Manage Project Resource Quotas', link: { type: 'doc', - id: "pages-for-subheaders/manage-project-resource-quotas", + id: "how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas", }, items: [ "how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas", @@ -700,7 +700,7 @@ const sidebars = { label: 'Monitoring/Alerting Guides', link: { type: 'doc', - id: "pages-for-subheaders/monitoring-alerting-guides", + id: "how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides", }, items: [ "how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring", @@ -714,7 +714,7 @@ const sidebars = { label: 'Prometheus Federator Guides', link: { type: 'doc', - id: "pages-for-subheaders/prometheus-federator-guides", + id: "how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides", }, items: [ "how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator", @@ -731,7 +731,7 @@ const sidebars = { label: 'Monitoring V2 Configuration Guides', link: { type: 'doc', - id: "pages-for-subheaders/monitoring-v2-configuration-guides", + id: "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides", }, items: [ { @@ -739,7 +739,7 @@ const sidebars = { label: 'Advanced Configuration', link: { type: 'doc', - id: "pages-for-subheaders/advanced-configuration", + id: "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration", }, items: [ "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager", @@ -754,7 +754,7 @@ const sidebars = { label: 'Istio Setup Guide', link: { type: 'doc', - id: "pages-for-subheaders/istio-setup-guide", + id: "how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide", }, items: [ "how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster", @@ -770,7 +770,7 @@ const sidebars = { label: 'CIS Scan Guides', link: { type: 'doc', - id: "pages-for-subheaders/cis-scan-guides", + id: "how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides", }, items: [ "how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark", @@ -789,7 +789,7 @@ const sidebars = { label: 'Enable Experimental Features', link: { type: 'doc', - id: "pages-for-subheaders/enable-experimental-features", + id: "how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features", }, items: [ "how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64", @@ -816,7 +816,7 @@ const sidebars = { label: 'Best Practices', link: { type: 'doc', - id: "pages-for-subheaders/best-practices", + id: "reference-guides/best-practices/best-practices", }, items: [ { @@ -824,7 +824,7 @@ const sidebars = { label: 'Rancher Server', link: { type: 'doc', - id: "pages-for-subheaders/rancher-server", + id: "reference-guides/best-practices/rancher-server/rancher-server", }, items: [ "reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere", @@ -838,7 +838,7 @@ const sidebars = { label: 'Rancher-Managed Clusters', link: { type: 'doc', - id: "pages-for-subheaders/rancher-managed-clusters", + id: "reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters", }, items: [ "reference-guides/best-practices/rancher-managed-clusters/logging-best-practices", @@ -854,7 +854,7 @@ const sidebars = { label: 'Rancher Architecture', link: { type: 'doc', - id: "pages-for-subheaders/rancher-manager-architecture", + id: "reference-guides/rancher-manager-architecture/rancher-manager-architecture", }, items: [ "reference-guides/rancher-manager-architecture/rancher-server-and-components", @@ -867,7 +867,7 @@ const sidebars = { label: 'Cluster Configuration', link: { type: 'doc', - id: "pages-for-subheaders/cluster-configuration", + id: "reference-guides/cluster-configuration/cluster-configuration", }, items: [ { @@ -875,7 +875,7 @@ const sidebars = { label: 'Rancher Server Configuration', link: { type: 'doc', - id: "pages-for-subheaders/rancher-server-configuration", + id: "reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration", }, items: [ "reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration", @@ -888,7 +888,7 @@ const sidebars = { label: 'GKE Cluster Configuration', link: { type: 'doc', - id: "pages-for-subheaders/gke-cluster-configuration", + id: "reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration", }, items: [ "reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters", @@ -899,7 +899,7 @@ const sidebars = { label: 'Use Existing Nodes', link: { type: 'doc', - id: "pages-for-subheaders/use-existing-nodes", + id: "reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes", }, items: [ "reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options", @@ -913,7 +913,7 @@ const sidebars = { label: 'Downstream Cluster Configuration', link: { type: 'doc', - id: "pages-for-subheaders/downstream-cluster-configuration", + id: "reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration", }, items: [ { @@ -921,7 +921,7 @@ const sidebars = { label: 'Node Template Configuration', link: { type: 'doc', - id: "pages-for-subheaders/node-template-configuration", + id: "reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration", }, items: [ "reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2", @@ -936,7 +936,7 @@ const sidebars = { label: 'Machine Configuration', link: { type: 'doc', - id: "pages-for-subheaders/machine-configuration", + id: "reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration", }, items: [ "reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2", @@ -953,7 +953,7 @@ const sidebars = { label: 'Single-Node Rancher in Docker', link: { type: 'doc', - id: "pages-for-subheaders/single-node-rancher-in-docker", + id: "reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker", }, items: [ "reference-guides/single-node-rancher-in-docker/http-proxy-configuration", @@ -965,7 +965,7 @@ const sidebars = { label: 'Backup & Restore Configuration', link: { type: 'doc', - id: "pages-for-subheaders/backup-restore-configuration", + id: "reference-guides/backup-restore-configuration/backup-restore-configuration", }, items: [ "reference-guides/backup-restore-configuration/backup-configuration", @@ -980,7 +980,7 @@ const sidebars = { label: 'Monitoring V2 Configuration', link: { type: 'doc', - id: "pages-for-subheaders/monitoring-v2-configuration", + id: "reference-guides/monitoring-v2-configuration/monitoring-v2-configuration", }, items: [ "reference-guides/monitoring-v2-configuration/receivers", @@ -995,7 +995,7 @@ const sidebars = { label: 'Prometheus Federator', link: { type: 'doc', - id: "pages-for-subheaders/prometheus-federator", + id: "reference-guides/prometheus-federator/prometheus-federator", }, items: [ "reference-guides/prometheus-federator/rbac", @@ -1006,7 +1006,7 @@ const sidebars = { label: 'User Settings', link: { type: 'doc', - id: "pages-for-subheaders/user-settings", + id: "reference-guides/user-settings/user-settings", }, items: [ "reference-guides/user-settings/api-keys", @@ -1020,7 +1020,7 @@ const sidebars = { label: 'CLI with Rancher', link: { type: 'doc', - id: "pages-for-subheaders/cli-with-rancher", + id: "reference-guides/cli-with-rancher/cli-with-rancher", }, items: [ "reference-guides/cli-with-rancher/rancher-cli", @@ -1032,7 +1032,7 @@ const sidebars = { label: 'About the API', link: { type: 'doc', - id: "pages-for-subheaders/about-the-api", + id: "reference-guides/about-the-api/about-the-api", }, items: [ "reference-guides/about-the-api/api-tokens", @@ -1051,7 +1051,7 @@ const sidebars = { label: 'Rancher Security', link: { type: 'doc', - id: "pages-for-subheaders/rancher-security", + id: "reference-guides/rancher-security/rancher-security", }, items: [ { @@ -1059,7 +1059,7 @@ const sidebars = { label: 'Hardening Guides', link: { type: 'doc', - id: "pages-for-subheaders/rancher-hardening-guides", + id: "reference-guides/rancher-security/hardening-guides/hardening-guides", }, items: [ { @@ -1067,7 +1067,7 @@ const sidebars = { label: 'RKE Hardening Guides', link: { type: 'doc', - id: "pages-for-subheaders/rke1-hardening-guide", + id: "reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide", }, items: [ "reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23", @@ -1080,7 +1080,7 @@ const sidebars = { label: 'RKE2 Hardening Guides', link: { type: 'doc', - id: "pages-for-subheaders/rke2-hardening-guide", + id: "reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide", }, items: [ "reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23", @@ -1093,7 +1093,7 @@ const sidebars = { label: 'K3s Hardening Guides', link: { type: 'doc', - id: "pages-for-subheaders/k3s-hardening-guide", + id: "reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-hardening-guide", }, items: [ "reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23", @@ -1108,7 +1108,7 @@ const sidebars = { label: 'SELinux RPM', link: { type: 'doc', - id: "pages-for-subheaders/selinux-rpm", + id: "reference-guides/rancher-security/selinux-rpm/selinux-rpm", }, items: [ "reference-guides/rancher-security/selinux-rpm/about-rancher-selinux", @@ -1190,7 +1190,7 @@ const sidebars = { label: 'Cloud Marketplace Integration', link: { type: 'doc', - id: "pages-for-subheaders/cloud-marketplace" + id: "integrations-in-rancher/cloud-marketplace/cloud-marketplace" }, items: [ { @@ -1198,7 +1198,7 @@ const sidebars = { label: 'AWS Marketplace Integration', link: { type: 'doc', - id: "pages-for-subheaders/aws-cloud-marketplace" + id: "integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace" }, items: [ 'integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements', @@ -1215,7 +1215,7 @@ const sidebars = { label: 'CIS Scans', link: { type: 'doc', - id: "pages-for-subheaders/cis-scans", + id: "integrations-in-rancher/cis-scans/cis-scans", }, items: [ "integrations-in-rancher/cis-scans/configuration-reference", @@ -1229,7 +1229,7 @@ const sidebars = { label: 'Istio', link: { type: 'doc', - id: "pages-for-subheaders/istio", + id: "integrations-in-rancher/istio/istio", }, items: [ "integrations-in-rancher/istio/cpu-and-memory-allocations", @@ -1240,7 +1240,7 @@ const sidebars = { label: 'Configuration Options', link: { type: 'doc', - id: "pages-for-subheaders/configuration-options", + id: "integrations-in-rancher/istio/configuration-options/configuration-options", }, items: [ "integrations-in-rancher/istio/configuration-options/pod-security-policies", @@ -1256,7 +1256,7 @@ const sidebars = { label: 'Logging', link: { type: 'doc', - id: "pages-for-subheaders/logging", + id: "integrations-in-rancher/logging/logging", }, items: [ "integrations-in-rancher/logging/logging-architecture", @@ -1268,7 +1268,7 @@ const sidebars = { label: 'Custom Resource Configuration', link: { type: 'doc', - id: "pages-for-subheaders/custom-resource-configuration", + id: "integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration", }, items: [ "integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows", @@ -1282,7 +1282,7 @@ const sidebars = { label: 'Monitoring and Alerting', link: { type: "doc", - id: "pages-for-subheaders/monitoring-and-alerting", + id: "integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting", }, items: [ "integrations-in-rancher/monitoring-and-alerting/how-monitoring-works", @@ -1321,7 +1321,7 @@ const sidebars = { label: 'Kubernetes Components', link: { type: 'doc', - id: "pages-for-subheaders/kubernetes-components", + id: "troubleshooting/kubernetes-components/kubernetes-components", }, items: [ "troubleshooting/kubernetes-components/troubleshooting-etcd-nodes", From f7066594fe8d4ef14103d7061e08297ee4d774a6 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Fri, 22 Dec 2023 13:34:39 -0800 Subject: [PATCH 26/77] [latest] Fix links to 'shared-files' module import --- .../kubernetes-clusters-in-rancher-setup.md | 2 +- .../new-user-guides/manage-clusters/manage-clusters.md | 2 +- .../cluster-configuration/cluster-configuration.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md index bb5e556d5c2..f088c16e1c4 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md @@ -19,7 +19,7 @@ For a conceptual overview of how the Rancher server provisions clusters and what The following table summarizes the options and settings available for each cluster type: -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../../shared-files/_cluster-capabilities-table.md'; diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md b/docs/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md index 23fc13f7b51..fc05cfd581b 100644 --- a/docs/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md +++ b/docs/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md @@ -18,7 +18,7 @@ This section assumes a basic familiarity with Docker and Kubernetes. For a brief After clusters have been [provisioned into Rancher](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md), [cluster owners](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../../shared-files/_cluster-capabilities-table.md'; diff --git a/docs/reference-guides/cluster-configuration/cluster-configuration.md b/docs/reference-guides/cluster-configuration/cluster-configuration.md index 04264ce4b2d..b9f319f98e1 100644 --- a/docs/reference-guides/cluster-configuration/cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/cluster-configuration.md @@ -27,7 +27,7 @@ The options and settings available for an existing cluster change based on the m The following table summarizes the options and settings available for each cluster type: -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../shared-files/_cluster-capabilities-table.md'; From 0498de8eb379db467ac143ee06bde5ae07d048a6 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Fri, 22 Dec 2023 14:08:33 -0800 Subject: [PATCH 27/77] [latest] Add redirects for pages-for-subheaders removal --- docusaurus.config.js | 348 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 348 insertions(+) diff --git a/docusaurus.config.js b/docusaurus.config.js index c8bfef2d794..dc058fb7fc6 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -245,6 +245,354 @@ module.exports = { { fromExtensions: ['html', 'htm'], redirects: [ + { // Redirects for pages-for-subheaders removal [latest] + to: '/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers', + from: '/pages-for-subheaders/about-provisioning-drivers' + }, + { + to: '/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates', + from: '/pages-for-subheaders/about-rke1-templates' + }, + { + to: '/reference-guides/about-the-api', + from: '/pages-for-subheaders/about-the-api' + }, + { + to: '/how-to-guides/new-user-guides/manage-clusters/access-clusters', + from: '/pages-for-subheaders/access-clusters' + }, + { + to: '/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration', + from: '/pages-for-subheaders/advanced-configuration' + }, + { + to: '/how-to-guides/advanced-user-guides', + from: '/pages-for-subheaders/advanced-user-guides' + }, + { + to: '/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install', + from: '/pages-for-subheaders/air-gapped-helm-cli-install' + }, + { + to: '/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config', + from: '/pages-for-subheaders/authentication-config' + }, + { + to: '/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration', + from: '/pages-for-subheaders/authentication-permissions-and-global-configuration' + }, + { + to: '/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace', + from: '/pages-for-subheaders/aws-cloud-marketplace' + }, + { + to: '/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery', + from: '/pages-for-subheaders/backup-restore-and-disaster-recovery' + }, + { + to: '/reference-guides/backup-restore-configuration', + from: '/pages-for-subheaders/backup-restore-configuration' + }, + { + to: '/reference-guides/best-practices', + from: '/pages-for-subheaders/best-practices' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters', + from: '/pages-for-subheaders/checklist-for-production-ready-clusters' + }, + { + to: '/how-to-guides/advanced-user-guides/cis-scan-guides', + from: '/pages-for-subheaders/cis-scan-guides' + }, + { + to: '/integrations-in-rancher/cis-scans', + from: '/pages-for-subheaders/cis-scans' + }, + { + to: '/reference-guides/cli-with-rancher', + from: '/pages-for-subheaders/cli-with-rancher' + }, + { + to: '/integrations-in-rancher/cloud-marketplace', + from: '/pages-for-subheaders/cloud-marketplace' + }, + { + to: '/reference-guides/cluster-configuration', + from: '/pages-for-subheaders/cluster-configuration' + }, + { + to: '/integrations-in-rancher/istio/configuration-options', + from: '/pages-for-subheaders/configuration-options' + }, + { + to: '/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml', + from: '/pages-for-subheaders/configure-microsoft-ad-federation-service-saml' + }, + { + to: '/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap', + from: '/pages-for-subheaders/configure-openldap' + }, + { + to: '/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml', + from: '/pages-for-subheaders/configure-shibboleth-saml' + }, + { + to: '/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage', + from: '/pages-for-subheaders/create-kubernetes-persistent-storage' + }, + { + to: '/integrations-in-rancher/logging/custom-resource-configuration', + from: '/pages-for-subheaders/custom-resource-configuration' + }, + { + to: '/how-to-guides/new-user-guides/deploy-apps-across-clusters', + from: '/pages-for-subheaders/deploy-apps-across-clusters' + }, + { + to: '/getting-started/quick-start-guides/deploy-rancher-manager', + from: '/pages-for-subheaders/deploy-rancher-manager' + }, + { + to: '/getting-started/quick-start-guides/deploy-workloads', + from: '/pages-for-subheaders/deploy-rancher-workloads' + }, + { + to: '/reference-guides/cluster-configuration/downstream-cluster-configuration', + from: '/pages-for-subheaders/downstream-cluster-configuration' + }, + { + to: '/how-to-guides/advanced-user-guides/enable-experimental-features', + from: '/pages-for-subheaders/enable-experimental-features' + }, + { + to: '/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration', + from: '/pages-for-subheaders/gke-cluster-configuration' + }, + { + to: '/how-to-guides/new-user-guides/helm-charts-in-rancher', + from: '/pages-for-subheaders/helm-charts-in-rancher' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler', + from: '/pages-for-subheaders/horizontal-pod-autoscaler' + }, + { + to: '/how-to-guides/new-user-guides/infrastructure-setup', + from: '/pages-for-subheaders/infrastructure-setup' + }, + { + to: '/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler', + from: '/pages-for-subheaders/install-cluster-autoscaler' + }, + { + to: '/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster', + from: '/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster' + }, + { + to: '/getting-started/installation-and-upgrade', + from: '/pages-for-subheaders/installation-and-upgrade' + }, + { + to: '/getting-started/installation-and-upgrade/installation-references', + from: '/pages-for-subheaders/installation-references' + }, + { + to: '/getting-started/installation-and-upgrade/installation-requirements', + from: '/pages-for-subheaders/installation-requirements' + }, + { + to: '/how-to-guides/advanced-user-guides/istio-setup-guide', + from: '/pages-for-subheaders/istio-setup-guide' + }, + { + to: '/integrations-in-rancher/istio', + from: '/pages-for-subheaders/istio' + }, + { + to: '/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide', + from: '/pages-for-subheaders/k3s-hardening-guide' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-cluster-setup', + from: '/pages-for-subheaders/kubernetes-cluster-setup' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup', + from: '/pages-for-subheaders/kubernetes-clusters-in-rancher-setup' + }, + { + to: '/troubleshooting/kubernetes-components', + from: '/pages-for-subheaders/kubernetes-components' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-resources-setup', + from: '/pages-for-subheaders/kubernetes-resources-setup' + }, + { + to: '/how-to-guides/new-user-guides/launch-kubernetes-with-rancher', + from: '/pages-for-subheaders/launch-kubernetes-with-rancher' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller', + from: '/pages-for-subheaders/load-balancer-and-ingress-controller' + }, + { + to: '/integrations-in-rancher/logging', + from: '/pages-for-subheaders/logging' + }, + { + to: '/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration', + from: '/pages-for-subheaders/machine-configuration' + }, + { + to: '/how-to-guides/new-user-guides/manage-clusters', + from: '/pages-for-subheaders/manage-clusters' + }, + { + to: '/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas', + from: '/pages-for-subheaders/manage-project-resource-quotas' + }, + { + to: '/how-to-guides/advanced-user-guides/manage-projects', + from: '/pages-for-subheaders/manage-projects' + }, + { + to: '/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac', + from: '/pages-for-subheaders/manage-role-based-access-control-rbac' + }, + { + to: '/how-to-guides/advanced-user-guides/monitoring-alerting-guides', + from: '/pages-for-subheaders/monitoring-alerting-guides' + }, + { + to: '/integrations-in-rancher/monitoring-and-alerting', + from: '/pages-for-subheaders/monitoring-and-alerting' + }, + { + to: '/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides', + from: '/pages-for-subheaders/monitoring-v2-configuration-guides' + }, + { + to: '/reference-guides/monitoring-v2-configuration', + from: '/pages-for-subheaders/monitoring-v2-configuration' + }, + { + to: '/how-to-guides/new-user-guides', + from: '/pages-for-subheaders/new-user-guides' + }, + { + to: '/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration', + from: '/pages-for-subheaders/node-template-configuration' + }, + { + to: '/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix', + from: '/pages-for-subheaders/nutanix' + }, + { + to: '/getting-started/installation-and-upgrade/other-installation-methods', + from: '/pages-for-subheaders/other-installation-methods' + }, + { + to: '/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides', + from: '/pages-for-subheaders/prometheus-federator-guides' + }, + { + to: '/reference-guides/prometheus-federator', + from: '/pages-for-subheaders/prometheus-federator' + }, + { + to: '/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples', + from: '/pages-for-subheaders/provisioning-storage-examples' + }, + { + to: '/getting-started/quick-start-guides', + from: '/pages-for-subheaders/quick-start-guides' + }, + { + to: '/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy', + from: '/pages-for-subheaders/rancher-behind-an-http-proxy' + }, + { + to: '/reference-guides/rancher-security/hardening-guides', + from: '/pages-for-subheaders/rancher-hardening-guides' + }, + { + to: '/reference-guides/best-practices/rancher-managed-clusters', + from: '/pages-for-subheaders/rancher-managed-clusters' + }, + { + to: '/reference-guides/rancher-manager-architecture', + from: '/pages-for-subheaders/rancher-manager-architecture' + }, + { + to: '/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker', + from: '/pages-for-subheaders/rancher-on-a-single-node-with-docker' + }, + { + to: '/reference-guides/rancher-security', + from: '/pages-for-subheaders/rancher-security' + }, + { + to: '/reference-guides/cluster-configuration/rancher-server-configuration', + from: '/pages-for-subheaders/rancher-server-configuration' + }, + { + to: '/reference-guides/best-practices/rancher-server', + from: '/pages-for-subheaders/rancher-server' + }, + { + to: '/getting-started/installation-and-upgrade/resources', + from: '/pages-for-subheaders/resources' + }, + { + to: '/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide', + from: '/pages-for-subheaders/rke1-hardening-guide' + }, + { + to: '/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide', + from: '/pages-for-subheaders/rke2-hardening-guide' + }, + { + to: '/reference-guides/rancher-security/selinux-rpm', + from: '/pages-for-subheaders/selinux-rpm' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers', + from: '/pages-for-subheaders/set-up-cloud-providers' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers', + from: '/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers' + }, + { + to: '/reference-guides/single-node-rancher-in-docker', + from: '/pages-for-subheaders/single-node-rancher-in-docker' + }, + { + to: '/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes', + from: '/pages-for-subheaders/use-existing-nodes' + }, + { + to: '/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider', + from: '/pages-for-subheaders/use-new-nodes-in-an-infra-provider' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters', + from: '/pages-for-subheaders/use-windows-clusters' + }, + { + to: '/reference-guides/user-settings', + from: '/pages-for-subheaders/user-settings' + }, + { + to: '/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere', + from: '/pages-for-subheaders/vsphere' + }, + { + to: '/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods', + from: '/pages-for-subheaders/workloads-and-pods' + }, // Redirects for pages-for-subheaders removal [latest] (end) { // Redirects for dashboard#9970 to: '/v2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/rke1-vs-rke2-differences', from: '/v2.8/cluster-provisioning/rke-clusters/behavior-differences-between-rke1-and-rke2/' From d460c9377c7acf3caa376173c7a15ed45ff9dc08 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Fri, 22 Dec 2023 15:14:28 -0800 Subject: [PATCH 28/77] [2.8] Move files out of pages-for-subheaders --- versioned_docs/version-2.8/faq/general-faq.md | 6 +- .../faq/rancher-is-no-longer-needed.md | 4 +- versioned_docs/version-2.8/faq/security.md | 4 +- .../version-2.8/faq/technical-items.md | 2 +- ...install-upgrade-on-a-kubernetes-cluster.md | 42 ++--- .../rancher-on-aks.md | 8 +- .../rancher-on-amazon-eks.md | 6 +- .../rancher-on-gke.md | 8 +- .../rollbacks.md | 2 +- .../upgrades.md | 2 +- .../installation-and-upgrade.md | 40 ++-- .../installation-references/feature-flags.md | 2 +- .../helm-chart-options.md | 8 +- .../installation-references.md | 9 + .../installation-requirements.md | 36 ++-- .../port-requirements.md | 10 +- .../air-gapped-helm-cli-install.md | 14 +- .../infrastructure-private-registry.md | 8 +- .../publish-images.md | 4 +- .../other-installation-methods.md | 6 +- .../rancher-behind-an-http-proxy.md | 8 +- .../set-up-infrastructure.md | 2 +- .../rancher-on-a-single-node-with-docker.md | 28 +-- .../roll-back-docker-installed-rancher.md | 2 +- .../upgrade-docker-installed-rancher.md | 16 +- .../resources/add-tls-secrets.md | 2 +- .../resources/choose-a-rancher-version.md | 4 +- .../resources/local-system-charts.md | 2 +- .../resources/resources.md | 29 +++ .../resources/update-rancher-certificate.md | 2 +- .../resources/upgrade-cert-manager.md | 2 +- .../upgrade-and-roll-back-kubernetes.md | 4 +- ...de-kubernetes-without-upgrading-rancher.md | 2 +- .../version-2.8/getting-started/overview.md | 18 +- .../deploy-rancher-manager/aws.md | 4 +- .../deploy-rancher-manager/azure.md | 4 +- .../deploy-rancher-manager.md | 23 +++ .../deploy-rancher-manager/digitalocean.md | 4 +- .../deploy-rancher-manager/equinix-metal.md | 6 +- .../deploy-rancher-manager/gcp.md | 4 +- .../deploy-rancher-manager/helm-cli.md | 6 +- .../deploy-rancher-manager/hetzner-cloud.md | 4 +- .../deploy-rancher-manager/outscale-qs.md | 4 +- .../deploy-rancher-manager/vagrant.md | 4 +- .../deploy-workloads/deploy-workloads.md} | 4 +- .../deploy-workloads/workload-ingress.md | 2 +- .../quick-start-guides}/quick-start-guides.md | 6 +- .../advanced-user-guides.md | 0 .../cis-scan-guides/cis-scan-guides.md | 17 ++ .../configure-layer-7-nginx-load-balancer.md | 10 +- .../enable-api-audit-log.md | 2 +- .../continuous-delivery.md | 2 +- .../enable-experimental-features.md | 6 +- .../istio-traffic-management-features.md | 4 +- .../rancher-on-arm64.md | 2 +- .../unsupported-storage-drivers.md | 2 +- .../enable-istio-in-cluster.md | 4 +- .../istio-setup-guide/istio-setup-guide.md | 34 ++++ .../manage-pod-security-policies.md | 2 +- .../manage-project-resource-quotas.md | 6 +- .../manage-projects}/manage-projects.md | 16 +- .../monitoring-alerting-guides.md | 14 ++ .../enable-prometheus-federator.md | 2 +- .../prometheus-federator-guides.md | 12 ++ .../advanced-configuration.md | 6 +- .../monitoring-v2-configuration-guides.md | 14 +- .../open-ports-with-firewalld.md | 2 +- .../tune-etcd-for-large-installs.md | 2 +- .../about-provisioning-drivers.md | 51 +++++ .../manage-cluster-drivers.md | 2 +- .../about-rke1-templates.md | 42 ++--- .../about-rke1-templates/apply-templates.md | 4 +- .../about-rke1-templates/infrastructure.md | 2 +- .../manage-rke1-templates.md | 2 +- .../authentication-config.md | 30 +-- .../configure-active-directory.md | 4 +- .../configure-azure-ad.md | 2 +- .../configure-freeipa.md | 2 +- .../authentication-config/configure-github.md | 2 +- .../configure-okta-saml.md | 2 +- .../manage-users-and-groups.md | 2 +- ...on-permissions-and-global-configuration.md | 26 +-- ...re-microsoft-ad-federation-service-saml.md | 6 +- .../configure-openldap}/configure-openldap.md | 6 +- .../openldap-config-reference.md | 2 +- .../configure-shibboleth-saml.md | 8 +- .../create-pod-security-policies.md | 4 +- .../global-default-private-registry.md | 2 +- .../custom-roles.md | 2 +- .../global-permissions.md | 5 +- .../manage-role-based-access-control-rbac.md | 6 +- .../psa-config-templates.md | 2 +- ...up-rancher-launched-kubernetes-clusters.md | 10 +- .../backup-restore-and-disaster-recovery.md | 18 +- .../migrate-rancher-to-new-cluster.md | 2 +- ...aunched-kubernetes-clusters-from-backup.md | 4 +- .../deploy-apps-across-clusters.md | 4 +- .../multi-cluster-apps.md | 2 +- .../helm-charts-in-rancher.md | 2 +- .../ha-k3s-kubernetes-cluster.md | 4 +- .../ha-rke1-kubernetes-cluster.md | 2 +- .../ha-rke2-kubernetes-cluster.md | 2 +- .../infrastructure-setup.md | 4 +- .../nodes-in-amazon-ec2.md | 8 +- .../high-availability-installs.md | 2 +- .../kubernetes-cluster-setup.md | 0 .../rke1-for-rancher.md | 4 +- ...checklist-for-production-ready-clusters.md | 12 +- .../recommended-cluster-architecture.md | 2 +- .../roles-for-nodes-in-kubernetes.md | 2 +- .../kubernetes-clusters-in-rancher-setup.md | 18 +- ...quirements-for-rancher-managed-clusters.md | 12 +- .../register-existing-clusters.md | 10 +- .../set-up-cloud-providers/amazon.md | 4 +- .../set-up-cloud-providers.md | 8 +- .../aks.md | 2 +- .../gke.md | 6 +- ...usters-from-hosted-kubernetes-providers.md | 12 +- .../use-windows-clusters.md | 28 +-- .../horizontal-pod-autoscaler.md | 6 +- .../kubernetes-resources-setup.md | 28 +-- .../load-balancer-and-ingress-controller.md | 12 +- .../workloads-and-pods/deploy-workloads.md | 4 +- .../workloads-and-pods}/workloads-and-pods.md | 6 +- .../about-rancher-agents.md | 8 +- .../launch-kubernetes-with-rancher.md | 10 +- .../create-a-digitalocean-cluster.md | 6 +- .../create-an-amazon-ec2-cluster.md | 12 +- .../create-an-azure-cluster.md | 6 +- .../nutanix}/nutanix.md | 6 +- .../provision-kubernetes-clusters-in-aos.md | 4 +- .../use-new-nodes-in-an-infra-provider.md | 8 +- ...rovision-kubernetes-clusters-in-vsphere.md | 6 +- .../vsphere}/vsphere.md | 10 +- .../access-clusters}/access-clusters.md | 16 +- .../access-clusters/add-users-to-clusters.md | 4 +- .../authorized-cluster-endpoint.md | 2 +- .../use-kubectl-and-kubeconfig.md | 2 +- .../add-a-pod-security-policy.md | 4 +- .../manage-clusters/clean-cluster-nodes.md | 6 +- .../create-kubernetes-persistent-storage.md | 20 +- .../about-glusterfs-volumes.md | 2 +- .../dynamically-provision-new-storage.md | 2 +- .../install-iscsi-volumes.md | 2 +- .../install-cluster-autoscaler.md | 2 +- .../use-aws-ec2-auto-scaling-groups.md | 2 +- .../manage-clusters}/manage-clusters.md | 4 +- .../manage-clusters/nodes-and-node-pools.md | 28 +-- .../projects-and-namespaces.md | 8 +- .../nfs-storage.md | 2 +- .../provisioning-storage-examples.md | 6 +- .../vsphere-storage.md | 2 +- .../new-user-guides/manage-namespaces.md | 10 +- .../new-user-guides}/new-user-guides.md | 0 .../cis-scans}/cis-scans.md | 14 +- .../aws-cloud-marketplace.md | 6 +- .../cloud-marketplace}/cloud-marketplace.md | 0 .../harvester/overview.md | 4 +- .../configuration-options.md | 8 +- .../istio/cpu-and-memory-allocations.md | 2 +- .../istio}/istio.md | 20 +- .../kubernetes-distributions.md | 4 +- .../custom-resource-configuration.md | 4 +- .../flows-and-clusterflows.md | 2 +- .../outputs-and-clusteroutputs.md | 2 +- .../logging/logging-helm-chart-options.md | 2 +- .../logging}/logging.md | 20 +- .../monitoring-and-alerting.md | 42 ++--- .../neuvector/overview.md | 2 +- .../about-provisioning-drivers.md | 51 ----- .../backup-restore-configuration.md | 12 -- .../pages-for-subheaders/cis-scan-guides.md | 17 -- .../deploy-rancher-manager.md | 23 --- .../downstream-cluster-configuration.md | 9 - .../installation-references.md | 9 - .../pages-for-subheaders/istio-setup-guide.md | 34 ---- .../kubernetes-components.md | 21 --- .../machine-configuration.md | 9 - .../monitoring-alerting-guides.md | 14 -- .../monitoring-v2-configuration.md | 15 -- .../node-template-configuration.md | 9 - .../prometheus-federator-guides.md | 12 -- .../rancher-managed-clusters.md | 23 --- .../rancher-server-configuration.md | 16 -- .../pages-for-subheaders/rancher-server.md | 21 --- .../pages-for-subheaders/resources.md | 29 --- .../single-node-rancher-in-docker.md | 9 - .../pages-for-subheaders/user-settings.md | 19 -- .../about-the-api}/about-the-api.md | 4 +- .../about-the-api/api-tokens.md | 2 +- .../backup-restore-configuration.md | 12 ++ .../best-practices}/best-practices.md | 2 +- .../monitoring-best-practices.md | 8 +- .../rancher-managed-clusters.md | 23 +++ .../on-premises-rancher-in-vsphere.md | 2 +- .../rancher-server/rancher-server.md | 21 +++ .../tips-for-running-rancher.md | 4 +- ...and-best-practices-for-rancher-at-scale.md | 4 +- .../cli-with-rancher}/cli-with-rancher.md | 2 +- .../cli-with-rancher/rancher-cli.md | 10 +- .../cluster-configuration.md | 14 +- .../downstream-cluster-configuration.md | 9 + .../machine-configuration.md | 9 + .../node-template-configuration/amazon-ec2.md | 4 +- .../node-template-configuration.md | 9 + .../aks-cluster-configuration.md | 2 +- .../gke-cluster-configuration.md | 6 +- .../gke-private-clusters.md | 2 +- .../rancher-server-configuration.md | 16 ++ .../rke1-cluster-configuration.md | 10 +- .../rke2-cluster-configuration.md | 4 +- .../rancher-agent-options.md | 2 +- .../use-existing-nodes}/use-existing-nodes.md | 20 +- .../reference-guides/kubernetes-concepts.md | 2 +- .../monitoring-v2-configuration.md | 15 ++ .../prometheus-federator.md | 4 +- .../prometheus-federator/rbac.md | 2 +- .../reference-guides/rancher-cluster-tools.md | 8 +- .../architecture-recommendations.md | 4 +- .../rancher-manager-architecture.md | 10 +- .../rancher-server-and-components.md | 4 +- .../reference-guides/rancher-project-tools.md | 4 +- .../hardening-guides/hardening-guides.md} | 20 +- .../k3s-hardening-guide.md | 0 ...sessment-guide-with-cis-v1.23-k8s-v1.23.md | 2 +- ...sessment-guide-with-cis-v1.24-k8s-v1.24.md | 2 +- ...ide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md | 2 +- .../rke1-hardening-guide.md | 8 +- ...sessment-guide-with-cis-v1.23-k8s-v1.23.md | 2 +- ...sessment-guide-with-cis-v1.24-k8s-v1.24.md | 2 +- ...ide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md | 2 +- .../rke2-hardening-guide.md | 2 +- ...sessment-guide-with-cis-v1.23-k8s-v1.23.md | 2 +- ...sessment-guide-with-cis-v1.24-k8s-v1.24.md | 2 +- ...ide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md | 2 +- .../rancher-security-best-practices.md | 2 +- .../rancher-security}/rancher-security.md | 16 +- .../security-advisories-and-cves.md | 4 +- .../selinux-rpm}/selinux-rpm.md | 2 +- .../advanced-options.md | 10 +- .../http-proxy-configuration.md | 4 +- .../single-node-rancher-in-docker.md | 9 + .../user-settings/api-keys.md | 2 +- .../user-settings/manage-cloud-credentials.md | 8 +- .../user-settings/manage-node-templates.md | 12 +- .../user-settings/user-settings.md | 19 ++ .../security/security-scan/security-scan.md | 2 +- .../_cluster-capabilities-table.md | 10 +- .../general-troubleshooting.md | 4 +- .../kubernetes-components.md | 21 +++ .../kubernetes-resources.md | 2 +- versioned_sidebars/version-2.8-sidebars.json | 174 +++++++++--------- 252 files changed, 1159 insertions(+), 1160 deletions(-) rename versioned_docs/version-2.8/{pages-for-subheaders => getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster}/install-upgrade-on-a-kubernetes-cluster.md (80%) rename versioned_docs/version-2.8/{pages-for-subheaders => getting-started/installation-and-upgrade}/installation-and-upgrade.md (59%) create mode 100644 versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/installation-references.md rename versioned_docs/version-2.8/{pages-for-subheaders => getting-started/installation-and-upgrade/installation-requirements}/installation-requirements.md (85%) rename versioned_docs/version-2.8/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install}/air-gapped-helm-cli-install.md (53%) rename versioned_docs/version-2.8/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods}/other-installation-methods.md (61%) rename versioned_docs/version-2.8/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy}/rancher-behind-an-http-proxy.md (55%) rename versioned_docs/version-2.8/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker}/rancher-on-a-single-node-with-docker.md (82%) create mode 100644 versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/resources.md create mode 100644 versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md rename versioned_docs/version-2.8/{pages-for-subheaders/deploy-rancher-workloads.md => getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md} (60%) rename versioned_docs/version-2.8/{pages-for-subheaders => getting-started/quick-start-guides}/quick-start-guides.md (60%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/advanced-user-guides}/advanced-user-guides.md (100%) create mode 100644 versioned_docs/version-2.8/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/advanced-user-guides/enable-experimental-features}/enable-experimental-features.md (89%) create mode 100644 versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas}/manage-project-resource-quotas.md (90%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/advanced-user-guides/manage-projects}/manage-projects.md (56%) create mode 100644 versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md create mode 100644 versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration}/advanced-configuration.md (51%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides}/monitoring-v2-configuration-guides.md (74%) create mode 100644 versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates}/about-rke1-templates.md (58%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config}/authentication-config.md (78%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration}/authentication-permissions-and-global-configuration.md (69%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml}/configure-microsoft-ad-federation-service-saml.md (76%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap}/configure-openldap.md (90%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml}/configure-shibboleth-saml.md (91%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac}/manage-role-based-access-control-rbac.md (73%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/backup-restore-and-disaster-recovery}/backup-restore-and-disaster-recovery.md (73%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/deploy-apps-across-clusters}/deploy-apps-across-clusters.md (67%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/helm-charts-in-rancher}/helm-charts-in-rancher.md (97%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/infrastructure-setup}/infrastructure-setup.md (58%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-cluster-setup}/kubernetes-cluster-setup.md (100%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters}/checklist-for-production-ready-clusters.md (77%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup}/kubernetes-clusters-in-rancher-setup.md (78%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers}/set-up-cloud-providers.md (73%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers}/set-up-clusters-from-hosted-kubernetes-providers.md (67%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters}/use-windows-clusters.md (84%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler}/horizontal-pod-autoscaler.md (70%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup}/kubernetes-resources-setup.md (54%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller}/load-balancer-and-ingress-controller.md (78%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods}/workloads-and-pods.md (92%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher}/launch-kubernetes-with-rancher.md (85%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix}/nutanix.md (65%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider}/use-new-nodes-in-an-infra-provider.md (92%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere}/vsphere.md (64%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/access-clusters}/access-clusters.md (71%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage}/create-kubernetes-persistent-storage.md (65%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler}/install-cluster-autoscaler.md (91%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters}/manage-clusters.md (68%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples}/provisioning-storage-examples.md (64%) rename versioned_docs/version-2.8/{pages-for-subheaders => how-to-guides/new-user-guides}/new-user-guides.md (100%) rename versioned_docs/version-2.8/{pages-for-subheaders => integrations-in-rancher/cis-scans}/cis-scans.md (87%) rename versioned_docs/version-2.8/{pages-for-subheaders => integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace}/aws-cloud-marketplace.md (75%) rename versioned_docs/version-2.8/{pages-for-subheaders => integrations-in-rancher/cloud-marketplace}/cloud-marketplace.md (100%) rename versioned_docs/version-2.8/{pages-for-subheaders => integrations-in-rancher/istio/configuration-options}/configuration-options.md (81%) rename versioned_docs/version-2.8/{pages-for-subheaders => integrations-in-rancher/istio}/istio.md (86%) rename versioned_docs/version-2.8/{pages-for-subheaders => integrations-in-rancher/logging/custom-resource-configuration}/custom-resource-configuration.md (51%) rename versioned_docs/version-2.8/{pages-for-subheaders => integrations-in-rancher/logging}/logging.md (80%) rename versioned_docs/version-2.8/{pages-for-subheaders => integrations-in-rancher/monitoring-and-alerting}/monitoring-and-alerting.md (67%) delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/about-provisioning-drivers.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/backup-restore-configuration.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/cis-scan-guides.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/deploy-rancher-manager.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/downstream-cluster-configuration.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/installation-references.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/istio-setup-guide.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/kubernetes-components.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/machine-configuration.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/monitoring-alerting-guides.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/monitoring-v2-configuration.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/node-template-configuration.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/prometheus-federator-guides.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/rancher-managed-clusters.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/rancher-server-configuration.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/rancher-server.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/resources.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/single-node-rancher-in-docker.md delete mode 100644 versioned_docs/version-2.8/pages-for-subheaders/user-settings.md rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/about-the-api}/about-the-api.md (92%) create mode 100644 versioned_docs/version-2.8/reference-guides/backup-restore-configuration/backup-restore-configuration.md rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/best-practices}/best-practices.md (95%) create mode 100644 versioned_docs/version-2.8/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md create mode 100644 versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/rancher-server.md rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/cli-with-rancher}/cli-with-rancher.md (67%) rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/cluster-configuration}/cluster-configuration.md (50%) create mode 100644 versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md create mode 100644 versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md create mode 100644 versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration}/gke-cluster-configuration.md (97%) create mode 100644 versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes}/use-existing-nodes.md (67%) create mode 100644 versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/prometheus-federator}/prometheus-federator.md (97%) rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/rancher-manager-architecture}/rancher-manager-architecture.md (50%) rename versioned_docs/version-2.8/{pages-for-subheaders/rancher-hardening-guides.md => reference-guides/rancher-security/hardening-guides/hardening-guides.md} (62%) rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/rancher-security/hardening-guides/k3s-hardening-guide}/k3s-hardening-guide.md (100%) rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/rancher-security/hardening-guides/rke1-hardening-guide}/rke1-hardening-guide.md (93%) rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/rancher-security/hardening-guides/rke2-hardening-guide}/rke2-hardening-guide.md (98%) rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/rancher-security}/rancher-security.md (87%) rename versioned_docs/version-2.8/{pages-for-subheaders => reference-guides/rancher-security/selinux-rpm}/selinux-rpm.md (85%) create mode 100644 versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md create mode 100644 versioned_docs/version-2.8/reference-guides/user-settings/user-settings.md create mode 100644 versioned_docs/version-2.8/troubleshooting/kubernetes-components/kubernetes-components.md diff --git a/versioned_docs/version-2.8/faq/general-faq.md b/versioned_docs/version-2.8/faq/general-faq.md index 93c58e2ab93..146761ac85f 100644 --- a/versioned_docs/version-2.8/faq/general-faq.md +++ b/versioned_docs/version-2.8/faq/general-faq.md @@ -16,15 +16,15 @@ Swarm and Mesos are no longer selectable options when you create a new environme ## Is it possible to manage Azure Kubernetes Services with Rancher v2.x? -Yes. See our [Cluster Administration](../pages-for-subheaders/manage-clusters.md) guide for what Rancher features are available on AKS, as well as our [documentation on AKS](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md). +Yes. See our [Cluster Administration](../how-to-guides/new-user-guides/manage-clusters/manage-clusters.md) guide for what Rancher features are available on AKS, as well as our [documentation on AKS](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md). ## Does Rancher support Windows? -Yes. Rancher supports Windows Server 1809 containers. For details on how to set up a cluster with Windows worker nodes, refer to the section on [configuring custom clusters for Windows.](../pages-for-subheaders/use-windows-clusters.md) +Yes. Rancher supports Windows Server 1809 containers. For details on how to set up a cluster with Windows worker nodes, refer to the section on [configuring custom clusters for Windows.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md) ## Does Rancher support Istio? -Yes. Rancher supports [Istio](../pages-for-subheaders/istio.md). +Yes. Rancher supports [Istio](../integrations-in-rancher/istio/istio.md). ## Will Rancher v2.x support Hashicorp's Vault for storing secrets? diff --git a/versioned_docs/version-2.8/faq/rancher-is-no-longer-needed.md b/versioned_docs/version-2.8/faq/rancher-is-no-longer-needed.md index ce33edd6aec..3f825b0f048 100644 --- a/versioned_docs/version-2.8/faq/rancher-is-no-longer-needed.md +++ b/versioned_docs/version-2.8/faq/rancher-is-no-longer-needed.md @@ -19,7 +19,7 @@ The capability to access a downstream cluster without Rancher depends on the typ - **Registered clusters:** The cluster will be unaffected and you can access the cluster using the same methods that you did before the cluster was registered into Rancher. - **Hosted Kubernetes clusters:** If you created the cluster in a cloud-hosted Kubernetes provider such as EKS, GKE, or AKS, you can continue to manage the cluster using your provider's cloud credentials. -- **RKE clusters:** To access an [RKE cluster,](../pages-for-subheaders/launch-kubernetes-with-rancher.md) the cluster must have the [authorized cluster endpoint](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled, and you must have already downloaded the cluster's kubeconfig file from the Rancher UI. (The authorized cluster endpoint is enabled by default for RKE clusters.) With this endpoint, you can access your cluster with kubectl directly instead of communicating through the Rancher server's [authentication proxy.](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#1-the-authentication-proxy) For instructions on how to configure kubectl to use the authorized cluster endpoint, refer to the section about directly accessing clusters with [kubectl and the kubeconfig file.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) These clusters will use a snapshot of the authentication as it was configured when Rancher was removed. +- **RKE clusters:** To access an [RKE cluster,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) the cluster must have the [authorized cluster endpoint](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled, and you must have already downloaded the cluster's kubeconfig file from the Rancher UI. (The authorized cluster endpoint is enabled by default for RKE clusters.) With this endpoint, you can access your cluster with kubectl directly instead of communicating through the Rancher server's [authentication proxy.](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#1-the-authentication-proxy) For instructions on how to configure kubectl to use the authorized cluster endpoint, refer to the section about directly accessing clusters with [kubectl and the kubeconfig file.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) These clusters will use a snapshot of the authentication as it was configured when Rancher was removed. ### What if I don't want Rancher anymore? @@ -29,7 +29,7 @@ The previously recommended [System Tools](../reference-guides/system-tools.md) h ::: -If you [installed Rancher on a Kubernetes cluster,](../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) remove Rancher by using the [Rancher Cleanup](https://github.com/rancher/rancher-cleanup) tool. +If you [installed Rancher on a Kubernetes cluster,](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) remove Rancher by using the [Rancher Cleanup](https://github.com/rancher/rancher-cleanup) tool. Uninstalling Rancher in high-availability (HA) mode will also remove all `helm-operation-*` pods and the following apps: diff --git a/versioned_docs/version-2.8/faq/security.md b/versioned_docs/version-2.8/faq/security.md index 447fb53d7de..684444e7303 100644 --- a/versioned_docs/version-2.8/faq/security.md +++ b/versioned_docs/version-2.8/faq/security.md @@ -9,10 +9,10 @@ title: Security **Is there a Hardening Guide?** -The Hardening Guide is now located in the main [Security](../pages-for-subheaders/rancher-security.md) section. +The Hardening Guide is now located in the main [Security](../reference-guides/rancher-security/rancher-security.md) section.
**What are the results of Rancher's Kubernetes cluster when it is CIS benchmarked?** -We have run the CIS Kubernetes benchmark against a hardened Rancher Kubernetes cluster. The results of that assessment can be found in the main [Security](../pages-for-subheaders/rancher-security.md) section. +We have run the CIS Kubernetes benchmark against a hardened Rancher Kubernetes cluster. The results of that assessment can be found in the main [Security](../reference-guides/rancher-security/rancher-security.md) section. diff --git a/versioned_docs/version-2.8/faq/technical-items.md b/versioned_docs/version-2.8/faq/technical-items.md index 8437ee3995c..db2500b7fbf 100644 --- a/versioned_docs/version-2.8/faq/technical-items.md +++ b/versioned_docs/version-2.8/faq/technical-items.md @@ -55,7 +55,7 @@ Node Templates can be accessed by opening your account menu (top right) and sele ### Why is my Layer-4 Load Balancer in `Pending` state? -The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers](../pages-for-subheaders/set-up-cloud-providers.md) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) +The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) ### Where is the state of Rancher stored? diff --git a/versioned_docs/version-2.8/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md similarity index 80% rename from versioned_docs/version-2.8/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md rename to versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md index cc8c3754f48..a9ff741e47a 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md @@ -24,12 +24,12 @@ Rancher can be installed on any Kubernetes cluster. This cluster can use upstrea For help setting up a Kubernetes cluster, we provide these tutorials: -- **RKE:** For the tutorial to install an RKE Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md) For help setting up the infrastructure for a high-availability RKE cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) -- **K3s:** For the tutorial to install a K3s Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/k3s-for-rancher.md) For help setting up the infrastructure for a high-availability K3s cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) -- **RKE2:** For the tutorial to install an RKE2 Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke2-for-rancher.md) For help setting up the infrastructure for a high-availability RKE2 cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md) -- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) -- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) -- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) GKE has two modes of operation when creating a Kubernetes cluster, Autopilot and Standard mode. The cluster configuration for Autopilot mode has restrictions on editing the kube-system namespace. However, Rancher needs to create resources in the kube-system namespace during installation. As a result, you will not be able to install Rancher on a GKE cluster created in Autopilot mode. +- **RKE:** For the tutorial to install an RKE Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md) For help setting up the infrastructure for a high-availability RKE cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) +- **K3s:** For the tutorial to install a K3s Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/k3s-for-rancher.md) For help setting up the infrastructure for a high-availability K3s cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) +- **RKE2:** For the tutorial to install an RKE2 Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke2-for-rancher.md) For help setting up the infrastructure for a high-availability RKE2 cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md) +- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-amazon-eks.md) +- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-aks.md) +- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-gke.md) GKE has two modes of operation when creating a Kubernetes cluster, Autopilot and Standard mode. The cluster configuration for Autopilot mode has restrictions on editing the kube-system namespace. However, Rancher needs to create resources in the kube-system namespace during installation. As a result, you will not be able to install Rancher on a GKE cluster created in Autopilot mode. ### Ingress Controller @@ -47,17 +47,17 @@ Examples are included in the **Amazon EKS**, **AKS**, and **GKE** tutorials abov The following CLI tools are required for setting up the Kubernetes cluster. Please make sure these tools are installed and available in your `$PATH`. - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) - Kubernetes command-line tool. -- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements](../getting-started/installation-and-upgrade/resources/helm-version-requirements.md) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. +- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements](../resources/helm-version-requirements.md) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. ## Install the Rancher Helm Chart Rancher is installed using the [Helm](https://helm.sh/) package manager for Kubernetes. Helm charts provide templating syntax for Kubernetes YAML manifest documents. With Helm, we can create configurable deployments instead of just using static files. -For systems without direct internet access, see [Air Gap: Kubernetes install](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md). +For systems without direct internet access, see [Air Gap: Kubernetes install](../other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md). -To choose a Rancher version to install, refer to [Choosing a Rancher Version.](../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md) +To choose a Rancher version to install, refer to [Choosing a Rancher Version.](../resources/choose-a-rancher-version.md) -To choose a version of Helm to install Rancher with, refer to the [Helm version requirements](../getting-started/installation-and-upgrade/resources/helm-version-requirements.md) +To choose a version of Helm to install Rancher with, refer to the [Helm version requirements](../resources/helm-version-requirements.md) :::note @@ -77,7 +77,7 @@ To set up Rancher, ### 1. Add the Helm Chart Repository -Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Rancher Version](../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md). +Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Rancher Version](../resources/choose-a-rancher-version.md). - Latest: Recommended for trying out the newest features ``` @@ -107,7 +107,7 @@ The Rancher management server is designed to be secure by default and requires S :::note -If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination). +If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer](../installation-references/helm-chart-options.md#external-tls-termination). ::: @@ -126,7 +126,7 @@ There are three recommended options for the source of the certificate used for T ### 4. Install cert-manager -> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination). +> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer](../installation-references/helm-chart-options.md#external-tls-termination). This step is only required to use certificates issued by Rancher's generated CA (`ingress.tls.source=rancher`) or to request Let's Encrypt issued certificates (`ingress.tls.source=letsEncrypt`). @@ -135,7 +135,7 @@ This step is only required to use certificates issued by Rancher's generated CA :::note Important: -Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation](../getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md). +Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation](../resources/upgrade-cert-manager.md). ::: @@ -275,7 +275,7 @@ Although an entry in the `Subject Alternative Names` is technically required, ha :::note -If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?](../faq/technical-items.md#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate) +If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?](../../../faq/technical-items.md#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate) ::: @@ -308,18 +308,18 @@ helm install rancher rancher-/rancher \ --set privateCA=true ``` -Now that Rancher is deployed, see [Adding TLS Secrets](../getting-started/installation-and-upgrade/resources/add-tls-secrets.md) to publish the certificate files so Rancher and the Ingress controller can use them. +Now that Rancher is deployed, see [Adding TLS Secrets](../resources/add-tls-secrets.md) to publish the certificate files so Rancher and the Ingress controller can use them. The Rancher chart configuration has many options for customizing the installation to suit your specific environment. Here are some common advanced scenarios. -- [HTTP Proxy](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#http-proxy) -- [Private Container Image Registry](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#private-registry-and-air-gap-installs) -- [TLS Termination on an External Load Balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination) +- [HTTP Proxy](../installation-references/helm-chart-options.md#http-proxy) +- [Private Container Image Registry](../installation-references/helm-chart-options.md#private-registry-and-air-gap-installs) +- [TLS Termination on an External Load Balancer](../installation-references/helm-chart-options.md#external-tls-termination) -See the [Chart Options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md) for the full list of options. +See the [Chart Options](../installation-references/helm-chart-options.md) for the full list of options. ### 6. Verify that the Rancher Server is Successfully Deployed @@ -352,4 +352,4 @@ That's it. You should have a functional Rancher server. In a web browser, go to the DNS name that forwards traffic to your load balancer. Then you should be greeted by the colorful login page. -Doesn't work? Take a look at the [Troubleshooting](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md) Page +Doesn't work? Take a look at the [Troubleshooting](troubleshooting.md) Page diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md index ac86ad0ef25..6aa9bfda5ac 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md @@ -10,7 +10,7 @@ This page covers how to install Rancher on Microsoft's Azure Kubernetes Service The guide uses command line tools to provision an AKS cluster with an ingress. If you prefer to provision your cluster using the Azure portal, refer to the [official documentation](https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal). -If you already have an AKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have an AKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Prerequisites @@ -23,7 +23,7 @@ Deploying to Microsoft Azure will incur charges. - [Microsoft Azure Account](https://azure.microsoft.com/en-us/free/): A Microsoft Azure Account is required to create resources for deploying Rancher and Kubernetes. - [Microsoft Azure Subscription](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal): Use this link to follow a tutorial to create a Microsoft Azure subscription if you don't have one yet. - [Micsoroft Azure Tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant): Use this link and follow instructions to create a Microsoft Azure tenant. -- Your subscription has sufficient quota for at least 2 vCPUs. For details on Rancher server resource requirements, refer to [this section](../../../pages-for-subheaders/installation-requirements.md) +- Your subscription has sufficient quota for at least 2 vCPUs. For details on Rancher server resource requirements, refer to [this section](../installation-requirements/installation-requirements.md) - When installing Rancher with Helm in Azure, use the L7 load balancer to avoid networking issues. For more information, refer to the documentation on [Azure load balancer limitations](https://docs.microsoft.com/en-us/azure/load-balancer/components#limitations). ## 1. Prepare your Workstation @@ -138,7 +138,7 @@ There are many valid ways to set up the DNS. For help, refer to the [Azure DNS d ## 8. Install the Rancher Helm Chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use that DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -148,4 +148,4 @@ When installing Rancher on top of this setup, you will also need to pass the val --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md index 6563d4b14eb..85c83a2d503 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md @@ -8,7 +8,7 @@ title: Installing Rancher on Amazon EKS This page covers installing Rancher on an Amazon EKS cluster. You can also [install Rancher through the AWS Marketplace](../../quick-start-guides/deploy-rancher-manager/aws-marketplace.md). -If you already have an EKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have an EKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Creating an EKS Cluster for the Rancher Server @@ -142,7 +142,7 @@ There are many valid ways to set up the DNS. For help, refer to the AWS document ### 8. Install the Rancher Helm Chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use that DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -152,4 +152,4 @@ When installing Rancher on top of this setup, you will also need to pass the val --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md index 9b4e1bbb40a..99ecda968b3 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md @@ -8,13 +8,13 @@ title: Installing Rancher on a Google Kubernetes Engine Cluster In this section, you'll learn how to install Rancher using Google Kubernetes Engine. -If you already have a GKE Kubernetes cluster, skip to the step about [installing an ingress.](#7-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have a GKE Kubernetes cluster, skip to the step about [installing an ingress.](#7-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Prerequisites - You will need a Google account. - You will need a Google Cloud billing account. You can manage your Cloud Billing accounts using the Google Cloud Console. For more information about the Cloud Console, visit [General guide to the console.](https://support.google.com/cloud/answer/3465889?hl=en&ref_topic=3340599) -- You will need a cloud quota for at least one in-use IP address and at least 2 CPUs. For more details about hardware requirements for the Rancher server, refer to [this section.](../../../pages-for-subheaders/installation-requirements.md) +- You will need a cloud quota for at least one in-use IP address and at least 2 CPUs. For more details about hardware requirements for the Rancher server, refer to [this section.](../installation-requirements/installation-requirements.md) ## 1. Enable the Kubernetes Engine API @@ -184,7 +184,7 @@ There are many valid ways to set up the DNS. For help, refer to the Google Cloud ## 10. Install the Rancher Helm chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use the DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -194,7 +194,7 @@ When installing Rancher on top of this setup, you will also need to set the name --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. In Rancher v2.7.5, if you intend to use the default GKE ingress on your cluster without enabling VPC-native cluster mode, you need to set the following flag: diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md index bb7fed4fe0a..8e1dc74b215 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md @@ -53,7 +53,7 @@ A restore is performed by creating a Restore custom resource. 1. In the left navigation bar, click **Rancher Backups > Restore**. :::note - If the Rancher Backups app is not visible, you will need to install it from the Charts page in **Apps**. Refer [here](../../../pages-for-subheaders/helm-charts-in-rancher.md#charts) for more information. + If the Rancher Backups app is not visible, you will need to install it from the Charts page in **Apps**. Refer [here](../../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md#charts) for more information. ::: diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index 2685ba56f18..157151bdc04 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -36,7 +36,7 @@ For migration of installs started with Helm 2, refer to the official [Helm 2 to ### For air-gapped installs: Populate private registry -For [air-gapped installs only,](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version. Follow the guide to [populate your private registry](../other-installation-methods/air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. +For [air-gapped installs only,](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version. Follow the guide to [populate your private registry](../other-installation-methods/air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. ### For upgrades with cert-manager older than 0.8.0 diff --git a/versioned_docs/version-2.8/pages-for-subheaders/installation-and-upgrade.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-and-upgrade.md similarity index 59% rename from versioned_docs/version-2.8/pages-for-subheaders/installation-and-upgrade.md rename to versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-and-upgrade.md index 3077b14edc2..f9067e831b7 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/installation-and-upgrade.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-and-upgrade.md @@ -18,7 +18,7 @@ In this section, - **K3s (Lightweight Kubernetes)** is also a fully compliant Kubernetes distribution. It is newer than RKE, easier to use, and more lightweight, with a binary size of less than 100 MB. - **RKE2** is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector. -Note the `restrictedAdmin` Helm chart option available for **the Rancher Server**. When this option is set to true, the initial Rancher user has restricted access to the local Kubernetes cluster to prevent privilege escalation. For more information, see the section about the [restricted-admin role.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) +Note the `restrictedAdmin` Helm chart option available for **the Rancher Server**. When this option is set to true, the initial Rancher user has restricted access to the local Kubernetes cluster to prevent privilege escalation. For more information, see the section about the [restricted-admin role.](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) ## Overview of Installation Options @@ -30,7 +30,7 @@ We recommend using Helm, a Kubernetes package manager, to install Rancher on mul ### Rancher on EKS Install with the AWS Marketplace -Rancher can be installed on to Amazon Elastic Kubernetes Service (EKS) [through the AWS Marketplace](../getting-started/quick-start-guides/deploy-rancher-manager/aws-marketplace.md). The EKS cluster deployed is production-ready and follows AWS best practices. +Rancher can be installed on to Amazon Elastic Kubernetes Service (EKS) [through the AWS Marketplace](../quick-start-guides/deploy-rancher-manager/aws-marketplace.md). The EKS cluster deployed is production-ready and follows AWS best practices. ### Single-node Kubernetes Install @@ -42,7 +42,7 @@ However, this option is useful if you want to save resources by using a single n For test and demonstration purposes, Rancher can be installed with Docker on a single node. A local Kubernetes cluster is installed in the single Docker container, and Rancher is installed on the local cluster. -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) ### Other Options @@ -50,9 +50,9 @@ There are also separate instructions for installing Rancher in an air gap enviro | Level of Internet Access | Kubernetes Installation - Strongly Recommended | Docker Installation | | ---------------------------------- | ------------------------------ | ---------- | -| With direct access to the Internet | [Docs](install-upgrade-on-a-kubernetes-cluster.md) | [Docs](rancher-on-a-single-node-with-docker.md) | -| Behind an HTTP proxy | [Docs](rancher-behind-an-http-proxy.md) | These [docs,](rancher-on-a-single-node-with-docker.md) plus this [configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) | -| In an air gap environment | [Docs](air-gapped-helm-cli-install.md) | [Docs](air-gapped-helm-cli-install.md) | +| With direct access to the Internet | [Docs](install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) | [Docs](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) | +| Behind an HTTP proxy | [Docs](other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md) | These [docs,](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) plus this [configuration](../../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) | +| In an air gap environment | [Docs](other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) | [Docs](other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) | We recommend installing Rancher on a Kubernetes cluster, because in a multi-node cluster, the Rancher management server becomes highly available. This high-availability configuration helps maintain consistent access to the downstream Kubernetes clusters that Rancher will manage. @@ -60,29 +60,29 @@ For that reason, we recommend that for a production-grade architecture, you shou For testing or demonstration purposes, you can install Rancher in single Docker container. In this Docker install, you can use Rancher to set up Kubernetes clusters out-of-the-box. The Docker install allows you to explore the Rancher server functionality, but it is intended to be used for development and testing purposes only. -Our [instructions for installing Rancher on Kubernetes](install-upgrade-on-a-kubernetes-cluster.md) describe how to first use K3s or RKE to create and manage a Kubernetes cluster, then install Rancher onto that cluster. +Our [instructions for installing Rancher on Kubernetes](install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) describe how to first use K3s or RKE to create and manage a Kubernetes cluster, then install Rancher onto that cluster. -When the nodes in your Kubernetes cluster are running and fulfill the [node requirements,](installation-requirements.md) you will use Helm to deploy Rancher onto Kubernetes. Helm uses Rancher's Helm chart to install a replica of Rancher on each node in the Kubernetes cluster. We recommend using a load balancer to direct traffic to each replica of Rancher in the cluster. +When the nodes in your Kubernetes cluster are running and fulfill the [node requirements,](installation-requirements/installation-requirements.md) you will use Helm to deploy Rancher onto Kubernetes. Helm uses Rancher's Helm chart to install a replica of Rancher on each node in the Kubernetes cluster. We recommend using a load balancer to direct traffic to each replica of Rancher in the cluster. -For a longer discussion of Rancher architecture, refer to the [architecture overview,](rancher-manager-architecture.md) [recommendations for production-grade architecture,](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) or our [best practices guide.](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) +For a longer discussion of Rancher architecture, refer to the [architecture overview,](../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) [recommendations for production-grade architecture,](../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) or our [best practices guide.](../../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) ## Prerequisites -Before installing Rancher, make sure that your nodes fulfill all of the [installation requirements.](installation-requirements.md) +Before installing Rancher, make sure that your nodes fulfill all of the [installation requirements.](installation-requirements/installation-requirements.md) ## Architecture Tip -For the best performance and greater security, we recommend a separate, dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and greater security, we recommend a separate, dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. -For more architecture recommendations, refer to [this page.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +For more architecture recommendations, refer to [this page.](../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) ### More Options for Installations on a Kubernetes Cluster -Refer to the [Helm chart options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md) for details on installing Rancher on a Kubernetes cluster with other configurations, including: +Refer to the [Helm chart options](installation-references/helm-chart-options.md) for details on installing Rancher on a Kubernetes cluster with other configurations, including: -- With [API auditing to record all transactions](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#api-audit-log) -- With [TLS termination on a load balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination) -- With a [custom Ingress](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#customizing-your-ingress) +- With [API auditing to record all transactions](installation-references/helm-chart-options.md#api-audit-log) +- With [TLS termination on a load balancer](installation-references/helm-chart-options.md#external-tls-termination) +- With a [custom Ingress](installation-references/helm-chart-options.md#customizing-your-ingress) In the Rancher installation instructions, we recommend using K3s or RKE to set up a Kubernetes cluster before installing Rancher on the cluster. Both K3s and RKE have many configuration options for customizing the Kubernetes cluster to suit your specific environment. For the full list of their capabilities, refer to their documentation: @@ -91,8 +91,8 @@ In the Rancher installation instructions, we recommend using K3s or RKE to set u ### More Options for Installations with Docker -Refer to the [docs about options for Docker installs](rancher-on-a-single-node-with-docker.md) for details about other configurations including: +Refer to the [docs about options for Docker installs](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) for details about other configurations including: -- With [API auditing to record all transactions](../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) -- With an [external load balancer](../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) -- With a [persistent data store](../reference-guides/single-node-rancher-in-docker/advanced-options.md#persistent-data) +- With [API auditing to record all transactions](../../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) +- With an [external load balancer](../../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) +- With a [persistent data store](../../reference-guides/single-node-rancher-in-docker/advanced-options.md#persistent-data) diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/feature-flags.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/feature-flags.md index 176fc240314..f10a4fd7ec1 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/feature-flags.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/feature-flags.md @@ -8,7 +8,7 @@ title: Feature Flags With feature flags, you can try out optional or experimental features, and enable legacy features that are being phased out. -To learn more about feature values and how to enable them, see [Enabling Experimental Features](../../../pages-for-subheaders/enable-experimental-features.md). +To learn more about feature values and how to enable them, see [Enabling Experimental Features](../../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md). :::note diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 4cd024e4578..8b614f2da70 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -11,7 +11,7 @@ This page is a configuration reference for the Rancher Helm chart. For help choosing a Helm chart version, refer to [this page.](../../../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md) -For information on enabling experimental features, refer to [this page.](../../../pages-for-subheaders/enable-experimental-features.md) +For information on enabling experimental features, refer to [this page.](../../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md) ## Common Options @@ -85,13 +85,13 @@ kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{ Enabling the [API Audit Log](../../../how-to-guides/advanced-user-guides/enable-api-audit-log.md). -You can collect this log as you would any container log. Enable [logging](../../../pages-for-subheaders/logging.md) for the `System` Project on the Rancher server cluster. +You can collect this log as you would any container log. Enable [logging](../../../integrations-in-rancher/logging/logging.md) for the `System` Project on the Rancher server cluster. ```plain --set auditLog.level=1 ``` -By default enabling Audit Logging will create a sidecar container in the Rancher pod. This container (`rancher-audit-log`) will stream the log to `stdout`. You can collect this log as you would any container log. When using the sidecar as the audit log destination, the `hostPath`, `maxAge`, `maxBackups`, and `maxSize` options do not apply. It's advised to use your OS or Docker daemon's log rotation features to control disk space use. Enable [logging](../../../pages-for-subheaders/logging.md) for the Rancher server cluster or System Project. +By default enabling Audit Logging will create a sidecar container in the Rancher pod. This container (`rancher-audit-log`) will stream the log to `stdout`. You can collect this log as you would any container log. When using the sidecar as the audit log destination, the `hostPath`, `maxAge`, `maxBackups`, and `maxSize` options do not apply. It's advised to use your OS or Docker daemon's log rotation features to control disk space use. Enable [logging](../../../integrations-in-rancher/logging/logging.md) for the Rancher server cluster or System Project. Set the `auditLog.destination` to `hostPath` to forward logs to volume shared with the host system instead of streaming to a sidecar container. When setting the destination to `hostPath` you may want to adjust the other auditLog parameters for log rotation. @@ -206,7 +206,7 @@ kubectl -n cattle-system create secret generic tls-ca-additional --from-file=ca- ### Private Registry and Air Gap Installs -For details on installing Rancher with a private registry, see the [air gap installation docs.](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) +For details on installing Rancher with a private registry, see the [air gap installation docs.](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) ## External TLS Termination diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/installation-references.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/installation-references.md new file mode 100644 index 00000000000..67a379702cd --- /dev/null +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-references/installation-references.md @@ -0,0 +1,9 @@ +--- +title: Installation References +--- + + + + + +Please see the following reference guides for other installation resources: [Rancher Helm chart options](helm-chart-options.md), [TLS settings](tls-settings.md), and [feature flags](feature-flags.md). \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/installation-requirements.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md similarity index 85% rename from versioned_docs/version-2.8/pages-for-subheaders/installation-requirements.md rename to versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md index e90c3bbd087..614ed36e51a 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/installation-requirements.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md @@ -11,13 +11,13 @@ This page describes the software, hardware, and networking requirements for the :::note Important: -If you install Rancher on a Kubernetes cluster, requirements are different from the [node requirements for downstream user clusters,](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) which will run your apps and services. +If you install Rancher on a Kubernetes cluster, requirements are different from the [node requirements for downstream user clusters,](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) which will run your apps and services. ::: The Rancher UI works best in Firefox or Chromium based browsers (Chrome, Edge, Opera, Brave, etc). -See our page on [best practices](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for a list of recommendations for running a Rancher server in production. +See our page on [best practices](../../../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for a list of recommendations for running a Rancher server in production. ## Kubernetes Compatibility with Rancher @@ -37,7 +37,7 @@ Some distributions of Linux may have default firewall rules that block communica If you don't feel comfortable doing so, you might check suggestions in the [respective issue](https://github.com/rancher/rancher/issues/28840). Some users were successful [creating a separate firewalld zone with a policy of ACCEPT for the Pod CIDR](https://github.com/rancher/rancher/issues/28840#issuecomment-787404822). -If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).](../how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md) +If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).](../../../how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md) ### RKE2 Specific Requirements @@ -59,7 +59,7 @@ If you are installing Rancher on a K3s cluster with Alpine Linux, follow [these RKE requires a Docker container runtime. Supported Docker versions are specified in the [Support Matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) page. -For more information, see [Installing Docker](../getting-started/installation-and-upgrade/installation-requirements/install-docker.md). +For more information, see [Installing Docker](install-docker.md). ## Hardware Requirements @@ -98,7 +98,7 @@ If you find that your Rancher deployment no longer complies with the listed reco ### RKE2 Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -109,7 +109,7 @@ Please note that a highly available setup with at least three nodes is required | Large (*) | 500 | 5000 | 16 | 64 GB | | Larger (†) | (†) | (†) | (†) | (†) | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. (†): Larger deployment sizes are generally possible with ad-hoc hardware recommendations and tuning. You can [contact Rancher](https://rancher.com/contact/) for a custom evaluation. @@ -117,7 +117,7 @@ Refer to RKE2 documentation for more detailed information on [RKE2 general requi ### K3s Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -129,13 +129,13 @@ Please note that a highly available setup with at least three nodes is required (*): External Database Host refers to hosting the K3s cluster data store on an [dedicated external host](https://docs.k3s.io/datastore). This is optional. Exact requirements depend on the external data store. -(†): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(†): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. Refer to the K3s documentation for more detailed information on [general requirements](https://docs.k3s.io/installation/requirements). ### Hosted Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -147,11 +147,11 @@ These requirements apply to hosted Kubernetes clusters such as Amazon Elastic Ku | Medium | 300 | 3000 | 8 | 32 GB | | Large (*) | 500 | 5000 | 16 | 64 GB | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. ### RKE -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -161,13 +161,13 @@ Please note that a highly available setup with at least three nodes is required | Medium | 300 | 3000 | 8 | 32 GB | | Large (*) | 500 | 5000 | 16 | 64 GB | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. Refer to the RKE documentation for more detailed information on [general requirements](https://rke.docs.rancher.com/os). ### Docker -The following table lists minimum CPU and memory requirements for a [single Docker node installation of Rancher](rancher-on-a-single-node-with-docker.md). +The following table lists minimum CPU and memory requirements for a [single Docker node installation of Rancher](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md). Please note that a Docker installation is only suitable for development or testing purposes and is not meant to be used in production environments. @@ -186,9 +186,9 @@ For RKE, RKE2 and K3s installations, you don't have to install the Ingress manua For hosted Kubernetes clusters (EKS, GKE, AKS), you will need to set up the ingress. -- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) -- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) -- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) +- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) +- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) +- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) ## Disks @@ -210,8 +210,8 @@ Each node used should have a static IP configured, regardless of whether you are ### Port Requirements -To operate properly, Rancher requires a number of ports to be open on Rancher nodes and on downstream Kubernetes cluster nodes. [Port Requirements](../getting-started/installation-and-upgrade/installation-requirements/port-requirements.md) lists all the necessary ports for Rancher and Downstream Clusters for the different cluster types. +To operate properly, Rancher requires a number of ports to be open on Rancher nodes and on downstream Kubernetes cluster nodes. [Port Requirements](port-requirements.md) lists all the necessary ports for Rancher and Downstream Clusters for the different cluster types. ## Dockershim Support -For more information on Dockershim support, refer to [this page](../getting-started/installation-and-upgrade/installation-requirements/dockershim.md). +For more information on Dockershim support, refer to [this page](dockershim.md). diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md index eecd8dd258b..f7a15e9de27 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md @@ -180,9 +180,9 @@ The following tables break down the port requirements for Rancher nodes, for inb Downstream Kubernetes clusters run your apps and services. This section describes what ports need to be opened on the nodes in downstream clusters so that Rancher can communicate with them. -The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). -The following diagram depicts the ports that are opened for each [cluster type](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The following diagram depicts the ports that are opened for each [cluster type](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md).
Port Requirements for the Rancher Management Plane
@@ -204,7 +204,7 @@ Refer to the [Harvester Integration Overview](../../../integrations-in-rancher/h
Click to expand -The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) with nodes created in an [Infrastructure Provider](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) with nodes created in an [Infrastructure Provider](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). :::note @@ -221,7 +221,7 @@ The required ports are automatically opened by Rancher during creation of cluste
Click to expand -The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) with [Custom Nodes](../../../pages-for-subheaders/use-existing-nodes.md). +The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) with [Custom Nodes](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md). @@ -232,7 +232,7 @@ The following table depicts the port requirements for [Rancher Launched Kubernet
Click to expand -The following table depicts the port requirements for [hosted clusters](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md). +The following table depicts the port requirements for [hosted clusters](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md). diff --git a/versioned_docs/version-2.8/pages-for-subheaders/air-gapped-helm-cli-install.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md similarity index 53% rename from versioned_docs/version-2.8/pages-for-subheaders/air-gapped-helm-cli-install.md rename to versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md index d6fbc09698f..792a49a26a4 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/air-gapped-helm-cli-install.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md @@ -10,7 +10,7 @@ This section is about using the Helm CLI to install the Rancher server in an air The installation steps differ depending on whether Rancher is installed on an RKE Kubernetes cluster, a K3s Kubernetes cluster, or a single Docker container. -For more information on each installation option, refer to [this page.](installation-and-upgrade.md) +For more information on each installation option, refer to [this page.](../../installation-and-upgrade.md) Throughout the installation instructions, there will be _tabs_ for each installation option. @@ -22,13 +22,13 @@ If you install Rancher following the Docker installation guide, there is no upgr ## Installation Outline -1. [Set up infrastructure and private registry](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md) -2. [Collect and publish images to your private registry](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md) -3. [Set up a Kubernetes cluster (Skip this step for Docker installations)](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-kubernetes.md) -4. [Install Rancher](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md) +1. [Set up infrastructure and private registry](infrastructure-private-registry.md) +2. [Collect and publish images to your private registry](publish-images.md) +3. [Set up a Kubernetes cluster (Skip this step for Docker installations)](install-kubernetes.md) +4. [Install Rancher](install-rancher-ha.md) ## Upgrades -To upgrade Rancher with Helm CLI in an air gap environment, follow [this procedure.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md) +To upgrade Rancher with Helm CLI in an air gap environment, follow [this procedure.](../../install-upgrade-on-a-kubernetes-cluster/upgrades.md) -### [Next: Prepare your Node(s)](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md) +### [Next: Prepare your Node(s)](infrastructure-private-registry.md) diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md index 981223575fe..07b6b01097f 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md @@ -10,7 +10,7 @@ In this section, you will provision the underlying infrastructure for your Ranch An air gapped environment is an environment where the Rancher server is installed offline or behind a firewall. -The infrastructure depends on whether you are installing Rancher on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. For more information on each installation option, refer to [this page.](../../../../pages-for-subheaders/installation-and-upgrade.md) +The infrastructure depends on whether you are installing Rancher on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. For more information on each installation option, refer to [this page.](../../installation-and-upgrade.md) Rancher can be installed on any Kubernetes cluster. The RKE and K3s Kubernetes infrastructure tutorials below are still included for convenience. @@ -29,7 +29,7 @@ We recommend setting up the following infrastructure for a high-availability ins These hosts will be disconnected from the internet, but require being able to connect with your private registry. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. @@ -116,7 +116,7 @@ The etcd database requires an odd number of nodes so that it can always elect a These hosts will be disconnected from the internet, but require being able to connect with your private registry. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. @@ -180,7 +180,7 @@ If you need to create a private registry, refer to the documentation pages for y This host will be disconnected from the Internet, but needs to be able to connect to your private registry. -Make sure that your node fulfills the general installation requirements for [OS, containers, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your node fulfills the general installation requirements for [OS, containers, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md index 1bd1d3314f0..992129fc684 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md @@ -8,11 +8,11 @@ title: '2. Collect and Publish Images to your Private Registry' This section describes how to set up your private registry so that when you install Rancher, Rancher will pull all the required images from this registry. -By default, all images used to [provision Kubernetes clusters](../../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) or launch any tools in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. +By default, all images used to [provision Kubernetes clusters](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) or launch any tools in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. Populating the private registry with images is the same process for installing Rancher with Docker and for installing Rancher on a Kubernetes cluster. -The steps in this section differ depending on whether or not you are planning to use Rancher to provision a downstream cluster with Windows nodes or not. By default, we provide the steps of how to populate your private registry assuming that Rancher will provision downstream Kubernetes clusters with only Linux nodes. But if you plan on provisioning any [downstream Kubernetes clusters using Windows nodes](../../../../pages-for-subheaders/use-windows-clusters.md), there are separate instructions to support the images needed. +The steps in this section differ depending on whether or not you are planning to use Rancher to provision a downstream cluster with Windows nodes or not. By default, we provide the steps of how to populate your private registry assuming that Rancher will provision downstream Kubernetes clusters with only Linux nodes. But if you plan on provisioning any [downstream Kubernetes clusters using Windows nodes](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md), there are separate instructions to support the images needed. :::note Prerequisites: diff --git a/versioned_docs/version-2.8/pages-for-subheaders/other-installation-methods.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md similarity index 61% rename from versioned_docs/version-2.8/pages-for-subheaders/other-installation-methods.md rename to versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md index 7cd497a8d48..c5bd443da43 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/other-installation-methods.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md @@ -8,16 +8,16 @@ title: Other Installation Methods ### Air Gapped Installations -Follow [these steps](air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. +Follow [these steps](air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. ### Docker Installations -The [single-node Docker installation](rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. +The [single-node Docker installation](rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. The Docker installation is for development and testing environments only. Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rancher-behind-an-http-proxy.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md similarity index 55% rename from versioned_docs/version-2.8/pages-for-subheaders/rancher-behind-an-http-proxy.md rename to versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md index fd8a41b8e08..39b75558e22 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/rancher-behind-an-http-proxy.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md @@ -8,10 +8,10 @@ title: Installing Rancher behind an HTTP Proxy In a lot of enterprise environments, servers or VMs running on premise do not have direct Internet access, but must connect to external services through a HTTP(S) proxy for security reasons. This tutorial shows step by step how to set up a highly available Rancher installation in such an environment. -Alternatively, it is also possible to set up Rancher completely air-gapped without any Internet access. This process is described in detail in the [Rancher docs](air-gapped-helm-cli-install.md). +Alternatively, it is also possible to set up Rancher completely air-gapped without any Internet access. This process is described in detail in the [Rancher docs](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md). ## Installation Outline -1. [Set up infrastructure](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md) -2. [Set up a Kubernetes cluster](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-kubernetes.md) -3. [Install Rancher](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md) +1. [Set up infrastructure](set-up-infrastructure.md) +2. [Set up a Kubernetes cluster](install-kubernetes.md) +3. [Install Rancher](install-rancher.md) diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md index 7822fa065cd..1cb41c54fbf 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md @@ -26,7 +26,7 @@ The etcd database requires an odd number of nodes so that it can always elect a These hosts will connect to the internet through an HTTP proxy. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rancher-on-a-single-node-with-docker.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md similarity index 82% rename from versioned_docs/version-2.8/pages-for-subheaders/rancher-on-a-single-node-with-docker.md rename to versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md index da5b39209cf..049bf762a2a 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/rancher-on-a-single-node-with-docker.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md @@ -13,13 +13,13 @@ In this installation scenario, you'll install Docker on a single Linux host, and :::note Want to use an external load balancer? -See [Docker Install with an External Load Balancer](../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) instead. +See [Docker Install with an External Load Balancer](../../../../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) instead. ::: A Docker installation of Rancher is recommended only for development and testing purposes. The ability to migrate Rancher to a high-availability cluster depends on the Rancher version: -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) ## Privileged Access for Rancher @@ -27,11 +27,11 @@ When the Rancher server is deployed in the Docker container, a local Kubernetes ## Requirements for OS, Docker, Hardware, and Networking -Make sure that your node fulfills the general [installation requirements.](installation-requirements.md) +Make sure that your node fulfills the general [installation requirements.](../../installation-requirements/installation-requirements.md) ## 1. Provision Linux Host -Provision a single Linux host according to our [Requirements](installation-requirements.md) to launch your Rancher server. +Provision a single Linux host according to our [Requirements](../../installation-requirements/installation-requirements.md) to launch your Rancher server. ## 2. Choose an SSL Option and Install Rancher @@ -39,10 +39,10 @@ For security purposes, SSL (Secure Sockets Layer) is required when using Rancher :::tip Do you want to.. -- Use a proxy? See [HTTP Proxy Configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) -- Configure custom CA root certificate to access your services? See [Custom CA root certificate](../reference-guides/single-node-rancher-in-docker/advanced-options.md#custom-ca-certificate/) -- Complete an Air Gap Installation? See [Air Gap: Docker Install](air-gapped-helm-cli-install.md) -- Record all transactions with the Rancher API? See [API Auditing](../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) +- Use a proxy? See [HTTP Proxy Configuration](../../../../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) +- Configure custom CA root certificate to access your services? See [Custom CA root certificate](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md#custom-ca-certificate/) +- Complete an Air Gap Installation? See [Air Gap: Docker Install](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) +- Record all transactions with the Rancher API? See [API Auditing](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) ::: @@ -75,7 +75,7 @@ In development or testing environments where your team will access your Rancher Create a self-signed certificate using [OpenSSL](https://www.openssl.org/) or another method of your choice. - The certificate files must be in PEM format. -- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) +- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](certificate-troubleshooting.md) ::: @@ -109,7 +109,7 @@ The Docker install is not recommended for production. These instructions are pro :::note Prerequisites: - The certificate files must be in PEM format. -- In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) +- In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](certificate-troubleshooting.md) ::: @@ -199,13 +199,13 @@ When installing Rancher on a single node with Docker, there are several advanced - Persistent Data - Running `rancher/rancher` and `rancher/rancher-agent` on the Same Node -Refer to [this page](../reference-guides/single-node-rancher-in-docker/advanced-options.md) for details. +Refer to [this page](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md) for details. ## Troubleshooting -Refer to [this page](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) for frequently asked questions and troubleshooting tips. +Refer to [this page](certificate-troubleshooting.md) for frequently asked questions and troubleshooting tips. ## What's Next? -- **Recommended:** Review Single Node [Backup](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. -- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](kubernetes-clusters-in-rancher-setup.md). +- **Recommended:** Review Single Node [Backup](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. +- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md index 1ec111444b9..1a4519e1bfe 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md @@ -82,7 +82,7 @@ Rolling back to a previous version of Rancher destroys any changes made to Ranch --privileged \ rancher/rancher: ``` - Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) + Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) :::danger diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md index 2a3bdaa29df..b458a86bc73 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md @@ -17,7 +17,7 @@ The following instructions will guide you through upgrading a Rancher server tha ## Prerequisites - **Review the [known upgrade issues](../../install-upgrade-on-a-kubernetes-cluster/upgrades.md#known-upgrade-issues)** section in the Rancher documentation for the most noteworthy issues to consider when upgrading Rancher. A more complete list of known issues for each Rancher version can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums](https://forums.rancher.com/c/announcements/12). Note that upgrades to or from any chart in the [rancher-alpha repository](../../resources/choose-a-rancher-version.md#helm-chart-repositories) aren’t supported. -- **For [air gap installs only,](../../../../pages-for-subheaders/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version**. Follow the guide to [populate your private registry](../air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. +- **For [air gap installs only,](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version**. Follow the guide to [populate your private registry](../air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. ## Placeholder Review @@ -151,7 +151,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
@@ -187,7 +187,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
@@ -222,7 +222,7 @@ docker run -d --volumes-from rancher-data \ --no-cacerts ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
#### Option D: Let's Encrypt Certificate @@ -259,7 +259,7 @@ docker run -d --volumes-from rancher-data \ --acme-domain ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) @@ -292,7 +292,7 @@ Placeholder | Description /rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) #### Option B: Bring Your Own Certificate: Self-Signed @@ -328,7 +328,7 @@ docker run -d --restart=unless-stopped \ --privileged \ /rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) #### Option C: Bring Your Own Certificate: Signed by Recognized CA @@ -370,7 +370,7 @@ docker run -d --volumes-from rancher-data \ --privileged /rancher/rancher: ``` -privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/add-tls-secrets.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/add-tls-secrets.md index 290f180adfd..3bd6babc719 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/add-tls-secrets.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/add-tls-secrets.md @@ -46,4 +46,4 @@ The configured `tls-ca` secret is retrieved when Rancher starts. On a running Ra ## Updating a Private CA Certificate -Follow the steps on [this page](update-rancher-certificate.md) to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. \ No newline at end of file +Follow the steps on [this page](update-rancher-certificate.md) to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. \ No newline at end of file diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md index d7051def448..b38afda6a62 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md @@ -15,7 +15,7 @@ For Docker installations of Rancher, which is used for development and testing, -When installing, upgrading, or rolling back Rancher Server when it is [installed on a Kubernetes cluster](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md), Rancher server is installed using a Helm chart on a Kubernetes cluster. Therefore, as you prepare to install or upgrade a high availability Rancher configuration, you must add a Helm chart repository that contains the charts for installing Rancher. +When installing, upgrading, or rolling back Rancher Server when it is [installed on a Kubernetes cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md), Rancher server is installed using a Helm chart on a Kubernetes cluster. Therefore, as you prepare to install or upgrade a high availability Rancher configuration, you must add a Helm chart repository that contains the charts for installing Rancher. Refer to the [Helm version requirements](helm-version-requirements.md) to choose a version of Helm to install Rancher. @@ -99,7 +99,7 @@ Because the rancher-alpha repository contains only alpha charts, switching betwe -When performing [Docker installs](../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. +When performing [Docker installs](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. ### Server Tags diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/local-system-charts.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/local-system-charts.md index e48012d6af4..4e07236b0fe 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/local-system-charts.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/local-system-charts.md @@ -14,4 +14,4 @@ In an air gapped installation of Rancher, you will need to configure Rancher to A local copy of `system-charts` has been packaged into the `rancher/rancher` container. To be able to use these features in an air gap install, you will need to run the Rancher install command with an extra environment variable, `CATTLE_SYSTEM_CATALOG=bundled`, which tells Rancher to use the local copy of the charts instead of attempting to fetch them from GitHub. -Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap installation](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) instructions for Docker and Helm installs. +Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap installation](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) instructions for Docker and Helm installs. diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/resources.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/resources.md new file mode 100644 index 00000000000..5d4fbf24fc1 --- /dev/null +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/resources.md @@ -0,0 +1,29 @@ +--- +title: Resources +--- + + + + + +### Docker Installations + +The [single-node Docker installation](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. + +Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. + +### Air-Gapped Installations + +Follow [these steps](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. + +An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. + +### Advanced Options + +When installing Rancher, there are several advanced options that can be enabled during installation. Within each install guide, these options are presented. Learn more about these options: + +- [Custom CA Certificate](custom-ca-root-certificates.md) +- [API Audit Log](../../../how-to-guides/advanced-user-guides/enable-api-audit-log.md) +- [TLS Settings](../installation-references/tls-settings.md) +- [etcd configuration](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md) +- [Local System Charts for Air Gap Installations](local-system-charts.md) | v2.3.0 | diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md index 513b46ac4d2..5b2e379c06b 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md @@ -8,7 +8,7 @@ title: Updating the Rancher Certificate ## Updating a Private CA Certificate -Follow these steps to rotate an SSL certificate and private CA used by Rancher [installed on a Kubernetes cluster](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md), or migrate to an SSL certificate signed by a private CA. +Follow these steps to rotate an SSL certificate and private CA used by Rancher [installed on a Kubernetes cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md), or migrate to an SSL certificate signed by a private CA. A summary of the steps is as follows: diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md index fa870013b2b..dd00964ef02 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md @@ -266,7 +266,7 @@ cert-manager-webhook-787858fcdb-nlzsq 1/1 Running 0 2m --- -Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the [cert-manager docs](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager). For instructions on upgrading cert-manager from version 1.5 to 1.6, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.5-1.6/). For instructions on upgrading cert-manager from version 1.6 to 1.7, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.6-1.7/). +Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the [cert-manager docs](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager). For instructions on upgrading cert-manager from version 1.5 to 1.6, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.5-1.6/). For instructions on upgrading cert-manager from version 1.6 to 1.7, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.6-1.7/). --- diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md index 3e89d8584ca..8881cf7aae2 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md @@ -36,9 +36,9 @@ The restore operation will work on a cluster that is not in a healthy or active :::note Prerequisites: -- The options below are available for [Rancher-launched Kubernetes clusters](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) and [Registered K3s Kubernetes clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md#additional-features-for-registered-rke2-and-k3s-clusters). +- The options below are available for [Rancher-launched Kubernetes clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) and [Registered K3s Kubernetes clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md#additional-features-for-registered-rke2-and-k3s-clusters). - The following options also apply to imported RKE2 clusters that you have registered. If you import a cluster from an external cloud platform but don't register it, you won't be able to upgrade the Kubernetes version from Rancher. -- Before upgrading Kubernetes, [back up your cluster.](../../pages-for-subheaders/backup-restore-and-disaster-recovery.md) +- Before upgrading Kubernetes, [back up your cluster.](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md) ::: diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md index 42c0b6348a2..a474f770b1b 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md @@ -14,7 +14,7 @@ The Kubernetes API can change between minor versions. Therefore, we don't suppor ::: -Rancher's Kubernetes metadata contains information specific to the Kubernetes version that Rancher uses to provision [RKE clusters](../../pages-for-subheaders/launch-kubernetes-with-rancher.md). Rancher syncs the data periodically and creates custom resource definitions (CRDs) for **system images,** **service options** and **addon templates**. Consequently, when a new Kubernetes version is compatible with the Rancher server version, the Kubernetes metadata makes the new version available to Rancher for provisioning clusters. The metadata gives you an overview of the information that the [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/) (RKE) uses for deploying various Kubernetes versions. +Rancher's Kubernetes metadata contains information specific to the Kubernetes version that Rancher uses to provision [RKE clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). Rancher syncs the data periodically and creates custom resource definitions (CRDs) for **system images,** **service options** and **addon templates**. Consequently, when a new Kubernetes version is compatible with the Rancher server version, the Kubernetes metadata makes the new version available to Rancher for provisioning clusters. The metadata gives you an overview of the information that the [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/) (RKE) uses for deploying various Kubernetes versions. This table below describes the CRDs that are affected by the periodic data sync. diff --git a/versioned_docs/version-2.8/getting-started/overview.md b/versioned_docs/version-2.8/getting-started/overview.md index cafca0a14af..472c2f14fbb 100644 --- a/versioned_docs/version-2.8/getting-started/overview.md +++ b/versioned_docs/version-2.8/getting-started/overview.md @@ -34,21 +34,21 @@ The Rancher API server is built on top of an embedded Kubernetes API server and ### Authorization and Role-Based Access Control -- **User management:** The Rancher API server [manages user identities](../pages-for-subheaders/authentication-config.md) that correspond to external authentication providers like Active Directory or GitHub, in addition to local users. -- **Authorization:** The Rancher API server manages [access control](../pages-for-subheaders/manage-role-based-access-control-rbac.md) and [security](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) policies. +- **User management:** The Rancher API server [manages user identities](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) that correspond to external authentication providers like Active Directory or GitHub, in addition to local users. +- **Authorization:** The Rancher API server manages [access control](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) and [security](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) policies. ### Working with Kubernetes -- **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes](../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) on existing nodes, or perform [Kubernetes upgrades.](installation-and-upgrade/upgrade-and-roll-back-kubernetes.md) -- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts](../pages-for-subheaders/helm-charts-in-rancher.md) that make it easy to repeatedly deploy applications. -- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration](../pages-for-subheaders/manage-projects.md) and for [managing applications within projects.](../pages-for-subheaders/kubernetes-resources-setup.md) +- **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) on existing nodes, or perform [Kubernetes upgrades.](installation-and-upgrade/upgrade-and-roll-back-kubernetes.md) +- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts](../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md) that make it easy to repeatedly deploy applications. +- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration](../how-to-guides/advanced-user-guides/manage-projects/manage-projects.md) and for [managing applications within projects.](../how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md) - **Fleet Continuous Delivery:** Within Rancher, you can leverage [Fleet Continuous Delivery](../integrations-in-rancher/fleet/fleet.md) to deploy applications from git repositories, without any manual operation, to targeted downstream Kubernetes clusters. -- **Istio:** Our [integration with Istio](../pages-for-subheaders/istio.md) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. +- **Istio:** Our [integration with Istio](../integrations-in-rancher/istio/istio.md) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. ### Working with Cloud Infrastructure - **Tracking nodes:** The Rancher API server tracks identities of all the [nodes](../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md) in all clusters. -- **Setting up infrastructure:** When configured to use a cloud provider, Rancher can dynamically provision [new nodes](../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) and [persistent storage](../pages-for-subheaders/create-kubernetes-persistent-storage.md) in the cloud. +- **Setting up infrastructure:** When configured to use a cloud provider, Rancher can dynamically provision [new nodes](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) and [persistent storage](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in the cloud. ### Cluster Visibility @@ -58,9 +58,9 @@ The Rancher API server is built on top of an embedded Kubernetes API server and ## Editing Downstream Clusters with Rancher -The options and settings available for an existing cluster change based on the method that you used to provision it. For example, only clusters [provisioned by RKE](../pages-for-subheaders/launch-kubernetes-with-rancher.md) have **Cluster Options** available for editing. +The options and settings available for an existing cluster change based on the method that you used to provision it. For example, only clusters [provisioned by RKE](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) have **Cluster Options** available for editing. -After a cluster is created with Rancher, a cluster administrator can manage cluster membership or manage node pools, among [other options.](../pages-for-subheaders/cluster-configuration.md) +After a cluster is created with Rancher, a cluster administrator can manage cluster membership or manage node pools, among [other options.](../reference-guides/cluster-configuration/cluster-configuration.md) The following table summarizes the options and settings available for each cluster type: diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/aws.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/aws.md index a3fd249d35e..91b82597680 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/aws.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/aws.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on AWS in a single-node :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -90,7 +90,7 @@ Two Kubernetes clusters are deployed into your AWS account, one running Rancher ## What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/azure.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/azure.md index c9b968077ab..82917ee7857 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/azure.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/azure.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Azure in a single-no :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -76,7 +76,7 @@ Two Kubernetes clusters are deployed into your Azure account, one running Ranche ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md new file mode 100644 index 00000000000..7027172fede --- /dev/null +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md @@ -0,0 +1,23 @@ +--- +title: Deploying Rancher Server +--- + + + + + +Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice. + +- [AWS](aws.md) (uses Terraform) +- [AWS Marketplace](aws-marketplace.md) (uses Amazon EKS) +- [Azure](azure.md) (uses Terraform) +- [DigitalOcean](digitalocean.md) (uses Terraform) +- [GCP](gcp.md) (uses Terraform) +- [Hetzner Cloud](hetzner-cloud.md) (uses Terraform) +- [Vagrant](vagrant.md) +- [Equinix Metal](equinix-metal.md) +- [Outscale](outscale-qs.md) (uses Terraform) + +If you prefer, the following guide will take you through the same process in individual steps. Use this if you want to run Rancher in a different provider, on prem, or if you would just like to see how easy it is. + +- [Manual Install](helm-cli.md) diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md index 81442f401b9..5d3be8eeda1 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on DigitalOcean in a si :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -69,7 +69,7 @@ Two Kubernetes clusters are deployed into your DigitalOcean account, one running ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 8a8d483492f..f063118acc9 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -15,7 +15,7 @@ title: Rancher Equinix Metal Quick Start :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. The Docker install is not recommended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. The Docker install is not recommended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -42,7 +42,7 @@ Begin deploying an Equinix Metal Host. Equinix Metal Servers can be provisioned - When provisioning a new Equinix Metal Server via the CLI or API you will need to provide the following information: project-id, plan, metro, and operating-system. - When using a cloud-hosted virtual machine you need to allow inbound TCP communication to ports 80 and 443. Please see your cloud host's documentation for information regarding port configuration. - For a full list of port requirements, refer to [Docker Installation](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md). -- Provision the host according to our [Requirements](../../../pages-for-subheaders/installation-requirements.md). +- Provision the host according to our [Requirements](../../installation-and-upgrade/installation-requirements/installation-requirements.md). ::: ### 2. Install Rancher @@ -107,4 +107,4 @@ Congratulations! You have created your first cluster. #### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md index 22ef8bb7ec9..ef465375c60 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on GCP in a single-node :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -72,7 +72,7 @@ Two Kubernetes clusters are deployed into your GCP account, one running Rancher ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md index d262b7e2fff..07afc518a5a 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md @@ -14,7 +14,7 @@ We don't recommend installing Rancher locally because it creates a networking pr Your Linux machine can be anywhere. It could be an Amazon EC2 instance, a Digital Ocean droplet, or an Azure virtual machine, to name a few examples. Other Rancher docs often use 'node' as a generic term for all of these. One possible way to deploy a Linux machine is by setting up an Amazon EC2 instance as shown in [this tutorial](../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md). -The full installation requirements are [here](../../../pages-for-subheaders/installation-requirements.md). +The full installation requirements are [here](../../installation-and-upgrade/installation-requirements/installation-requirements.md). ## Install K3s on Linux @@ -151,6 +151,6 @@ Now if you navigate to `.sslip.io` in a web browser, you shoul To make these instructions simple, we used a fake domain name and self-signed certificates to do this installation. Therefore, you will probably need to add a security exception to your web browser to see the Rancher UI. Note that for production installs, you would need a high-availability setup with a load balancer, a real domain name and real certificates. -These instructions also left out the full installation requirements and other installation options. If you have any issues with these steps, refer to the full [Helm CLI installation docs.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) +These instructions also left out the full installation requirements and other installation options. If you have any issues with these steps, refer to the full [Helm CLI installation docs.](../../installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) -To launch new Kubernetes clusters with your new Rancher server, you may need to set up cloud credentials in Rancher. For more information, see [Launching Kubernetes clusters with Rancher.](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +To launch new Kubernetes clusters with your new Rancher server, you may need to set up cloud credentials in Rancher. For more information, see [Launching Kubernetes clusters with Rancher.](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md index 73774d54f0b..eb56bfbe452 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Hetzner Cloud in a s :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -71,7 +71,7 @@ Two Kubernetes clusters are deployed into your Hetzner account, one running Ranc ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md index 587da5e2011..5d4e03fc6b9 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Outscale in a single :::note -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -71,7 +71,7 @@ Two Kubernetes clusters are deployed into your Outscale account, one running Ran ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index efd3465ce22..484d86b20f0 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -10,7 +10,7 @@ The following steps quickly deploy a Rancher Server with a single node cluster a :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -46,7 +46,7 @@ The intent of these guides is to quickly launch a sandbox that you can use to ev ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.8/pages-for-subheaders/deploy-rancher-workloads.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md similarity index 60% rename from versioned_docs/version-2.8/pages-for-subheaders/deploy-rancher-workloads.md rename to versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md index b2898cd513b..e6042decd34 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/deploy-rancher-workloads.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md @@ -8,5 +8,5 @@ title: Deploying Workloads These guides walk you through the deployment of an application, including how to expose the application for use outside of the cluster. -- [Workload with Ingress](../getting-started/quick-start-guides/deploy-workloads/workload-ingress.md) -- [Workload with NodePort](../getting-started/quick-start-guides/deploy-workloads/nodeports.md) +- [Workload with Ingress](workload-ingress.md) +- [Workload with NodePort](nodeports.md) diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md index 92e71d701c5..a1624912313 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md @@ -23,7 +23,7 @@ For this workload, you'll be deploying the application Rancher Hello-World. 1. Click **Deployment**. 1. Enter a **Name** for your workload. 1. From the **Container Image** field, enter `rancher/hello-world`. This field is case-sensitive. -1. Click **Add Port** and `Cluster IP` for the `Service Type` and enter `80` in the **Private Container Port** field. You may leave the `Name` blank or specify any name that you wish. Adding a port enables access to the application inside and outside of the cluster. For more information, see [Services](../../../pages-for-subheaders/workloads-and-pods.md#services). +1. Click **Add Port** and `Cluster IP` for the `Service Type` and enter `80` in the **Private Container Port** field. You may leave the `Name` blank or specify any name that you wish. Adding a port enables access to the application inside and outside of the cluster. For more information, see [Services](../../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md#services). 1. Click **Create**. **Result:** diff --git a/versioned_docs/version-2.8/pages-for-subheaders/quick-start-guides.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/quick-start-guides.md similarity index 60% rename from versioned_docs/version-2.8/pages-for-subheaders/quick-start-guides.md rename to versioned_docs/version-2.8/getting-started/quick-start-guides/quick-start-guides.md index d4f0f9e26b9..955135a1d48 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/quick-start-guides.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/quick-start-guides.md @@ -8,7 +8,7 @@ title: Rancher Deployment Quick Start Guides :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -16,6 +16,6 @@ Use this section of the docs to jump start your deployment and testing of Ranche We have Quick Start Guides for: -- [Deploying Rancher Server](deploy-rancher-manager.md): Get started running Rancher using the method most convenient for you. +- [Deploying Rancher Server](deploy-rancher-manager/deploy-rancher-manager.md): Get started running Rancher using the method most convenient for you. -- [Deploying Workloads](deploy-rancher-workloads.md): Deploy a simple [workload](https://kubernetes.io/docs/concepts/workloads/) and expose it, letting you access it from outside the cluster. +- [Deploying Workloads](deploy-workloads/deploy-workloads.md): Deploy a simple [workload](https://kubernetes.io/docs/concepts/workloads/) and expose it, letting you access it from outside the cluster. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/advanced-user-guides.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/advanced-user-guides.md similarity index 100% rename from versioned_docs/version-2.8/pages-for-subheaders/advanced-user-guides.md rename to versioned_docs/version-2.8/how-to-guides/advanced-user-guides/advanced-user-guides.md diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md new file mode 100644 index 00000000000..790b7e1b6c1 --- /dev/null +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md @@ -0,0 +1,17 @@ +--- +title: CIS Scan Guides +--- + + + + + +- [Install rancher-cis-benchmark](install-rancher-cis-benchmark.md) +- [Uninstall rancher-cis-benchmark](uninstall-rancher-cis-benchmark.md) +- [Run a Scan](run-a-scan.md) +- [Run a Scan Periodically on a Schedule](run-a-scan-periodically-on-a-schedule.md) +- [Skip Tests](skip-tests.md) +- [View Reports](view-reports.md) +- [Enable Alerting for rancher-cis-benchmark](enable-alerting-for-rancher-cis-benchmark.md) +- [Configure Alerts for Periodic Scan on a Schedule](configure-alerts-for-periodic-scan-on-a-schedule.md) +- [Create a Custom Benchmark Version to Run](create-a-custom-benchmark-version-to-run.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md index 98ea1abfb3e..dc19b0a28ea 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md @@ -14,14 +14,14 @@ This install procedure walks you through deployment of Rancher using a single co ## Requirements for OS, Docker, Hardware, and Networking -Make sure that your node fulfills the general [installation requirements.](../../pages-for-subheaders/installation-requirements.md) +Make sure that your node fulfills the general [installation requirements.](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) ## Installation Outline ## 1. Provision Linux Host -Provision a single Linux host according to our [Requirements](../../pages-for-subheaders/installation-requirements.md) to launch your Rancher Server. +Provision a single Linux host according to our [Requirements](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) to launch your Rancher Server. ## 2. Choose an SSL Option and Install Rancher @@ -170,7 +170,7 @@ http { ## What's Next? - **Recommended:** Review Single Node [Backup](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. -- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md).
@@ -192,7 +192,7 @@ If you want to record all transactions with the Rancher API, enable the [API Aud ### Air Gap -If you are visiting this page to complete an [Air Gap Installation](../../pages-for-subheaders/air-gapped-helm-cli-install.md), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. +If you are visiting this page to complete an [Air Gap Installation](../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. **Example:** @@ -212,7 +212,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -This operation requires [privileged access](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher). +This operation requires [privileged access](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher). This layer 7 NGINX configuration is tested on NGINX version 1.13 (mainline) and 1.14 (stable). diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-api-audit-log.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-api-audit-log.md index 0697f327280..403ef259a25 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-api-audit-log.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-api-audit-log.md @@ -63,7 +63,7 @@ kubectl -n cattle-system logs -f rancher-84d886bdbb-s4s69 rancher-audit-log #### Shipping the Audit Log -You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging](../../pages-for-subheaders/logging.md) for details. +You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging](../../integrations-in-rancher/logging/logging.md) for details. ## Audit Log Samples diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md index ccc1c4f4bff..41c3aa82aea 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md @@ -8,7 +8,7 @@ title: Continuous Delivery [Fleet](../../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md) comes preinstalled in Rancher can't be fully disabled. However, the Fleet feature for GitOps continuous delivery may be disabled using the `continuous-delivery` feature flag. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/versioned_docs/version-2.8/pages-for-subheaders/enable-experimental-features.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md similarity index 89% rename from versioned_docs/version-2.8/pages-for-subheaders/enable-experimental-features.md rename to versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md index 0e5ad863608..778f2b05451 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/enable-experimental-features.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md @@ -6,7 +6,7 @@ title: Enabling Experimental Features -Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type](../how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. +Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type](unsupported-storage-drivers.md) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. The features can be enabled in three ways: @@ -23,7 +23,7 @@ If no value has been set, Rancher uses the default value. Because the API sets the actual value and the command line sets the default value, that means that if you enable or disable a feature with the API or UI, it will override any value set with the command line. -For example, if you install Rancher, then set a feature flag to true with the Rancher API, then upgrade Rancher with a command that sets the feature flag to false, the default value will still be false, but the feature will still be enabled because it was set with the Rancher API. If you then deleted the set value (true) with the Rancher API, setting it to NULL, the default value (false) would take effect. See the [feature flags page](../getting-started/installation-and-upgrade/installation-references/feature-flags.md) for more information. +For example, if you install Rancher, then set a feature flag to true with the Rancher API, then upgrade Rancher with a command that sets the feature flag to false, the default value will still be false, but the feature will still be enabled because it was set with the Rancher API. If you then deleted the set value (true) with the Rancher API, setting it to NULL, the default value (false) would take effect. See the [feature flags page](../../../getting-started/installation-and-upgrade/installation-references/feature-flags.md) for more information. ## Enabling Features when Starting Rancher @@ -57,7 +57,7 @@ If you are installing an alpha version, Helm requires adding the `--devel` optio ### Enabling Features for Air Gap Installs -To perform an [air gap installation of Rancher](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md), add a Helm chart repository and download a Helm chart, then install Rancher with Helm. +To perform an [air gap installation of Rancher](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md), add a Helm chart repository and download a Helm chart, then install Rancher with Helm. When you install the Helm chart, you should pass in feature flag names in a comma separated list, as in the following example: diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md index d34b03f676d..ac7861a0d83 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md @@ -8,9 +8,9 @@ title: UI for Istio Virtual Services and Destination Rules This feature enables a UI that lets you create, read, update and delete virtual services and destination rules, which are traffic management features of Istio. -> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster](../../../pages-for-subheaders/istio-setup-guide.md) in order to use the feature. +> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster](../istio-setup-guide/istio-setup-guide.md) in order to use the feature. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Status | Available as of ---|---|---|--- diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md index 5c86ee60a66..4811efbae33 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md @@ -15,7 +15,7 @@ Running on an ARM64 platform is currently an experimental feature and is not yet The following options are available when using an ARM64 platform: - Running Rancher on ARM64 based node(s) - - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install link](../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md): + - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install link](../../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md): ``` # In the last line `rancher/rancher:vX.Y.Z`, be certain to replace "X.Y.Z" with a released version in which ARM64 builds exist. For example, if your matching version is v2.5.8, you would fill in this line with `rancher/rancher:v2.5.8`. diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md index 284c3f23bd9..aa0c6df0a43 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md @@ -8,7 +8,7 @@ title: Allow Unsupported Storage Drivers This feature allows you to use types for storage providers and provisioners that are not enabled by default. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index 3ca93936f1f..ccc2009b0bc 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -23,11 +23,11 @@ title: 1. Enable Istio in the Cluster 1. If you have not already installed your own monitoring app, you will be prompted to install the rancher-monitoring app. Optional: Set your Selector or Scrape config options on rancher-monitoring app install. 1. Optional: Configure member access and [resource limits](../../../integrations-in-rancher/istio/cpu-and-memory-allocations.md) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. 1. Optional: Make additional configuration changes to values.yaml if needed. -1. Optional: Add further resources or configuration via the [overlay file](../../../pages-for-subheaders/configuration-options.md#overlay-file). +1. Optional: Add further resources or configuration via the [overlay file](../../../integrations-in-rancher/istio/configuration-options/configuration-options.md#overlay-file). 1. Click **Install**. **Result:** Istio is installed at the cluster level. ## Additional Config Options -For more information on configuring Istio, refer to the [configuration reference.](../../../pages-for-subheaders/configuration-options.md) +For more information on configuring Istio, refer to the [configuration reference.](../../../integrations-in-rancher/istio/configuration-options/configuration-options.md) diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md new file mode 100644 index 00000000000..4682e638ed0 --- /dev/null +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md @@ -0,0 +1,34 @@ +--- +title: Setup Guide +--- + + + + + +This section describes how to enable Istio and start using it in your projects. + +If you use Istio for traffic management, you will need to allow external traffic to the cluster. In that case, you will need to follow all of the steps below. + +## Prerequisites + +This guide assumes you have already [installed Rancher,](../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) and you have already [provisioned a separate Kubernetes cluster](../../new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) on which you will install Istio. + +The nodes in your cluster must meet the [CPU and memory requirements.](../../../integrations-in-rancher/istio/cpu-and-memory-allocations.md) + +The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) + +## Install + +:::tip Quick Setup Tip: + +If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway](set-up-istio-gateway.md) and [setting up Istio's components for traffic management.](set-up-traffic-management.md) + +::: + +1. [Enable Istio in the cluster.](enable-istio-in-cluster.md) +1. [Enable Istio in all the namespaces where you want to use it.](enable-istio-in-namespace.md) +1. [Add deployments and services that have the Istio sidecar injected.](use-istio-sidecar.md) +1. [Set up the Istio gateway. ](set-up-istio-gateway.md) +1. [Set up Istio's components for traffic management.](set-up-traffic-management.md) +1. [Generate traffic and see Istio in action.](generate-and-view-traffic.md) diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md index 664ee75b85e..779edde32e1 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md @@ -8,7 +8,7 @@ title: Pod Security Policies :::note -These cluster options are only available for [clusters in which Rancher has launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +These cluster options are only available for [clusters in which Rancher has launched Kubernetes](../../new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ::: diff --git a/versioned_docs/version-2.8/pages-for-subheaders/manage-project-resource-quotas.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md similarity index 90% rename from versioned_docs/version-2.8/pages-for-subheaders/manage-project-resource-quotas.md rename to versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md index a3bc8183b57..ca734c02b26 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/manage-project-resource-quotas.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md @@ -10,9 +10,9 @@ In situations where several teams share a cluster, one team may overconsume the This page is a how-to guide for creating resource quotas in existing projects. -Resource quotas can also be set when a new project is created. For details, refer to the section on [creating new projects.](../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md#creating-projects) +Resource quotas can also be set when a new project is created. For details, refer to the section on [creating new projects.](../../../new-user-guides/manage-clusters/projects-and-namespaces.md#creating-projects) -Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to projects. For details on how resource quotas work with projects in Rancher, refer to [this page.](../how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas.md) +Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to projects. For details on how resource quotas work with projects in Rancher, refer to [this page.](about-project-resource-quotas.md) ### Applying Resource Quotas to Existing Projects @@ -34,7 +34,7 @@ Edit resource quotas when: 1. Expand **Resource Quotas** and click **Add Resource**. Alternatively, you can edit existing quotas. -1. Select a Resource Type. For more information on types, see the [quota type reference.](../how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/resource-quota-types.md) +1. Select a Resource Type. For more information on types, see the [quota type reference.](resource-quota-types.md) 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/manage-projects.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md similarity index 56% rename from versioned_docs/version-2.8/pages-for-subheaders/manage-projects.md rename to versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md index be308c7e342..0b16e16d3bc 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/manage-projects.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md @@ -19,18 +19,18 @@ Rancher projects resolve this issue by allowing you to apply resources and acces You can use projects to perform actions like: -- [Assign users access to a group of namespaces](../how-to-guides/new-user-guides/add-users-to-projects.md) -- Assign users [specific roles in a project](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). A role can be owner, member, read-only, or [custom](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md) -- [Set resource quotas](manage-project-resource-quotas.md) -- [Manage namespaces](../how-to-guides/new-user-guides/manage-namespaces.md) -- [Configure tools](../reference-guides/rancher-project-tools.md) -- [Configure pod security policies](../how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md) +- [Assign users access to a group of namespaces](../../new-user-guides/add-users-to-projects.md) +- Assign users [specific roles in a project](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). A role can be owner, member, read-only, or [custom](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md) +- [Set resource quotas](manage-project-resource-quotas/manage-project-resource-quotas.md) +- [Manage namespaces](../../new-user-guides/manage-namespaces.md) +- [Configure tools](../../../reference-guides/rancher-project-tools.md) +- [Configure pod security policies](manage-pod-security-policies.md) ### Authorization -Non-administrative users are only authorized for project access after an [administrator](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owner or member](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) adds them to the project's **Members** tab. +Non-administrative users are only authorized for project access after an [administrator](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owner or member](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owner](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) adds them to the project's **Members** tab. -Whoever creates the project automatically becomes a [project owner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). +Whoever creates the project automatically becomes a [project owner](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). ## Switching between Projects diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md new file mode 100644 index 00000000000..bb8f63019e7 --- /dev/null +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md @@ -0,0 +1,14 @@ +--- +title: Monitoring Guides +--- + + + + + +- [Enable monitoring](enable-monitoring.md) +- [Uninstall monitoring](uninstall-monitoring.md) +- [Monitoring workloads](set-up-monitoring-for-workloads.md) +- [Customizing Grafana dashboards](customize-grafana-dashboard.md) +- [Persistent Grafana dashboards](create-persistent-grafana-dashboard.md) +- [Debugging high memory usage](debug-high-memory-usage.md) diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md index b4f9fcc166f..589875199e8 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md @@ -8,7 +8,7 @@ title: Enable Prometheus Federator ## Requirements -By default, Prometheus Federator is configured and intended to be deployed alongside [rancher-monitoring](../../../../pages-for-subheaders/monitoring-and-alerting.md), which deploys Prometheus Operator alongside a Cluster Prometheus that each Project Monitoring Stack is configured to federate namespace-scoped metrics from by default. +By default, Prometheus Federator is configured and intended to be deployed alongside [rancher-monitoring](../../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md), which deploys Prometheus Operator alongside a Cluster Prometheus that each Project Monitoring Stack is configured to federate namespace-scoped metrics from by default. For instructions on installing rancher-monitoring, refer to [this page](../enable-monitoring.md). diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md new file mode 100644 index 00000000000..4651e682528 --- /dev/null +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md @@ -0,0 +1,12 @@ +--- +title: Prometheus Federator Guides +--- + + + + + +- [Enable Prometheus Operator](enable-prometheus-federator.md) +- [Uninstall Prometheus Operator](uninstall-prometheus-federator.md) +- [Customize Grafana Dashboards](customize-grafana-dashboards.md) +- [Set Up Workloads](set-up-workloads.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/advanced-configuration.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md similarity index 51% rename from versioned_docs/version-2.8/pages-for-subheaders/advanced-configuration.md rename to versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md index 87efa2a0f9e..35de246d3de 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/advanced-configuration.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md @@ -8,12 +8,12 @@ title: Advanced Configuration ### Alertmanager -For information on configuring the Alertmanager custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +For information on configuring the Alertmanager custom resource, see [this page.](alertmanager.md) ### Prometheus -For information on configuring the Prometheus custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +For information on configuring the Prometheus custom resource, see [this page.](prometheus.md) ### PrometheusRules -For information on configuring the Prometheus custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) \ No newline at end of file +For information on configuring the Prometheus custom resource, see [this page.](prometheusrules.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/monitoring-v2-configuration-guides.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md similarity index 74% rename from versioned_docs/version-2.8/pages-for-subheaders/monitoring-v2-configuration-guides.md rename to versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md index bd0de341f46..46e41afd605 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/monitoring-v2-configuration-guides.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md @@ -12,7 +12,7 @@ For information on configuring custom scrape targets and rules for Prometheus, p ## Setting Resource Limits and Requests -The resource requests and limits for the monitoring application can be configured when installing `rancher-monitoring`. For more information about the default limits, see [this page.](../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) +The resource requests and limits for the monitoring application can be configured when installing `rancher-monitoring`. For more information about the default limits, see [this page.](../../../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) :::tip @@ -29,11 +29,11 @@ Instead, to configure Prometheus to scrape custom metrics, you will only need to ### ServiceMonitor and PodMonitor Configuration -For details, see [this page.](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) +For details, see [this page.](../../../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) ### Advanced Prometheus Configuration -For more information about directly editing the Prometheus custom resource, which may be helpful in advanced use cases, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +For more information about directly editing the Prometheus custom resource, which may be helpful in advanced use cases, see [this page.](advanced-configuration/prometheus.md) ## Alertmanager Configuration @@ -41,15 +41,15 @@ The Alertmanager custom resource usually doesn't need to be edited directly. For Routes and receivers are part of the configuration of the alertmanager custom resource. In the Rancher UI, Routes and Receivers are not true custom resources, but pseudo-custom resources that the Prometheus Operator uses to synchronize your configuration with the Alertmanager custom resource. When routes and receivers are updated, the monitoring application will automatically update Alertmanager to reflect those changes. -For some advanced use cases, you may want to configure alertmanager directly. For more information, refer to [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +For some advanced use cases, you may want to configure alertmanager directly. For more information, refer to [this page.](advanced-configuration/alertmanager.md) ### Receivers -Receivers are used to set up notifications. For details on how to configure receivers, see [this page.](../reference-guides/monitoring-v2-configuration/receivers.md) +Receivers are used to set up notifications. For details on how to configure receivers, see [this page.](../../../reference-guides/monitoring-v2-configuration/receivers.md) ### Routes -Routes filter notifications before they reach receivers. Each route needs to refer to a receiver that has already been configured. For details on how to configure routes, see [this page.](../reference-guides/monitoring-v2-configuration/routes.md) +Routes filter notifications before they reach receivers. Each route needs to refer to a receiver that has already been configured. For details on how to configure routes, see [this page.](../../../reference-guides/monitoring-v2-configuration/routes.md) ### Advanced -For more information about directly editing the Alertmanager custom resource, which may be helpful in advanced use cases, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) \ No newline at end of file +For more information about directly editing the Alertmanager custom resource, which may be helpful in advanced use cases, see [this page.](advanced-configuration/alertmanager.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md index 90ba4bd4e8c..2369abe3948 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md @@ -35,7 +35,7 @@ You can check the default firewall rules with this command: sudo iptables --list ``` -This section describes how to use `firewalld` to apply the [firewall port rules](../../pages-for-subheaders/installation-requirements.md#port-requirements) for nodes in a high-availability Rancher server cluster. +This section describes how to use `firewalld` to apply the [firewall port rules](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) for nodes in a high-availability Rancher server cluster. ## Prerequisite diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md index 7d803ff697e..59757908a7b 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md @@ -6,7 +6,7 @@ title: Tuning etcd for Large Installations -When Rancher is used to manage [a large infrastructure](../../pages-for-subheaders/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. +When Rancher is used to manage [a large infrastructure](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. The etcd data set is automatically cleaned up on a five minute interval by Kubernetes. There are situations, e.g. deployment thrashing, where enough events could be written to etcd and deleted before garbage collection occurs and cleans things up causing the keyspace to fill up. If you see `mvcc: database space exceeded` errors, in the etcd logs or Kubernetes API server logs, you should consider increasing the keyspace size. This can be accomplished by setting the [quota-backend-bytes](https://etcd.io/docs/v3.4.0/op-guide/maintenance/#space-quota) setting on the etcd servers. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md new file mode 100644 index 00000000000..a88c1896f5a --- /dev/null +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md @@ -0,0 +1,51 @@ +--- +title: Provisioning Drivers +--- + + + + + +Drivers in Rancher allow you to manage which providers can be used to deploy [hosted Kubernetes clusters](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. + +### Rancher Drivers + +With Rancher drivers, you can enable/disable existing built-in drivers that are packaged in Rancher. Alternatively, you can add your own driver if Rancher has not yet implemented it. + +There are two types of drivers within Rancher: + +* [Cluster Drivers](#cluster-drivers) +* [Node Drivers](#node-drivers) + +### Cluster Drivers + +Cluster drivers are used to provision [hosted Kubernetes clusters](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md), such as GKE, EKS, AKS, etc.. The availability of which cluster driver to display when creating a cluster is defined based on the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters for hosted Kubernetes clusters. By default, Rancher is packaged with several existing cluster drivers, but you can also create custom cluster drivers to add to Rancher. + +By default, Rancher has activated several hosted Kubernetes cloud providers including: + +* [Amazon EKS](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) +* [Google GKE](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) +* [Azure AKS](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) + +There are several other hosted Kubernetes cloud providers that are disabled by default, but are packaged in Rancher: + +* [Alibaba ACK](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) +* [Huawei CCE](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) +* [Tencent](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) + +### Node Drivers + +Node drivers are used to provision hosts, which Rancher uses to launch and manage Kubernetes clusters. A node driver is the same as a [Docker Machine driver](https://docs.docker.com/machine/drivers/). The availability of which node driver to display when creating node templates is defined based on the node driver's status. Only `active` node drivers will be displayed as an option for creating node templates. By default, Rancher is packaged with many existing Docker Machine drivers, but you can also create custom node drivers to add to Rancher. + +If there are specific node drivers that you don't want to show to your users, you would need to de-activate these node drivers. + +Rancher supports several major cloud providers, but by default, these node drivers are active and available for deployment: + +* [Amazon EC2](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) +* [Azure](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md) +* [Digital Ocean](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md) +* [vSphere](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md) + +There are several other node drivers that are disabled by default, but are packaged in Rancher: + +* [Harvester](../../../../integrations-in-rancher/harvester/overview.md#harvester-node-driver/), available as of Rancher v2.6.1 diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md index 8d265e034f8..4e0819074a8 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md @@ -6,7 +6,7 @@ title: Cluster Drivers -Cluster drivers are used to create clusters in a [hosted Kubernetes provider](../../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md), such as Google GKE. The availability of which cluster driver to display when creating clusters is defined by the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters. By default, Rancher is packaged with several existing cloud provider cluster drivers, but you can also add custom cluster drivers to Rancher. +Cluster drivers are used to create clusters in a [hosted Kubernetes provider](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md), such as Google GKE. The availability of which cluster driver to display when creating clusters is defined by the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters. By default, Rancher is packaged with several existing cloud provider cluster drivers, but you can also add custom cluster drivers to Rancher. If there are specific cluster drivers that you do not want to show your users, you may deactivate those cluster drivers within Rancher and they will not appear as an option for cluster creation. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/about-rke1-templates.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md similarity index 58% rename from versioned_docs/version-2.8/pages-for-subheaders/about-rke1-templates.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md index 601a622a581..eab13feb274 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/about-rke1-templates.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md @@ -18,7 +18,7 @@ Admins control which cluster options can be changed by end users. RKE templates If a cluster was created with an RKE template, you can't change it to a different RKE template. You can only update the cluster to a new revision of the same template. -You can [save the configuration of an existing cluster as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. The new template can also be used to launch new clusters. +You can [save the configuration of an existing cluster as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. The new template can also be used to launch new clusters. The core features of RKE templates allow DevOps and security teams to: @@ -49,24 +49,24 @@ The [add-on section](#add-ons) of an RKE template is especially powerful because RKE templates are supported for Rancher-provisioned clusters. The templates can be used to provision custom clusters or clusters that are launched by an infrastructure provider. -RKE templates are for defining Kubernetes and Rancher settings. Node templates are responsible for configuring nodes. For tips on how to use RKE templates in conjunction with hardware, refer to [RKE Templates and Hardware](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md). +RKE templates are for defining Kubernetes and Rancher settings. Node templates are responsible for configuring nodes. For tips on how to use RKE templates in conjunction with hardware, refer to [RKE Templates and Hardware](infrastructure.md). RKE templates can be created from scratch to pre-define cluster configuration. They can be applied to launch new clusters, or templates can also be exported from existing running clusters. -The settings of an existing cluster can be [saved as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) This creates a new template and binds the cluster settings to the template, so that the cluster can only be upgraded if the [template is updated](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#updating-a-template), and the cluster is upgraded to [use a newer version of the template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) The new template can also be used to create new clusters. +The settings of an existing cluster can be [saved as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) This creates a new template and binds the cluster settings to the template, so that the cluster can only be upgraded if the [template is updated](manage-rke1-templates.md#updating-a-template), and the cluster is upgraded to [use a newer version of the template.](manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) The new template can also be used to create new clusters. ## Example Scenarios When an organization has both basic and advanced Rancher users, administrators might want to give the advanced users more options for cluster creation, while restricting the options for basic users. -These [example scenarios](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md) describe how an organization could use templates to standardize cluster creation. +These [example scenarios](example-use-cases.md) describe how an organization could use templates to standardize cluster creation. Some of the example scenarios include the following: -- **Enforcing templates:** Administrators might want to [enforce one or more template settings for everyone](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#enforcing-a-template-setting-for-everyone) if they want all new Rancher-provisioned clusters to have those settings. -- **Sharing different templates with different users:** Administrators might give [different templates to basic and advanced users,](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#templates-for-basic-and-advanced-users) so that basic users can have more restricted options and advanced users can use more discretion when creating clusters. -- **Updating template settings:** If an organization's security and DevOps teams decide to embed best practices into the required settings for new clusters, those best practices could change over time. If the best practices change, [a template can be updated to a new revision](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#updating-templates-and-clusters-created-with-them) and clusters created from the template can [upgrade to the new version](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) of the template. -- **Sharing ownership of a template:** When a template owner no longer wants to maintain a template, or wants to share ownership of the template, this scenario describes how [template ownership can be shared.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#allowing-other-users-to-control-and-share-a-template) +- **Enforcing templates:** Administrators might want to [enforce one or more template settings for everyone](example-use-cases.md#enforcing-a-template-setting-for-everyone) if they want all new Rancher-provisioned clusters to have those settings. +- **Sharing different templates with different users:** Administrators might give [different templates to basic and advanced users,](example-use-cases.md#templates-for-basic-and-advanced-users) so that basic users can have more restricted options and advanced users can use more discretion when creating clusters. +- **Updating template settings:** If an organization's security and DevOps teams decide to embed best practices into the required settings for new clusters, those best practices could change over time. If the best practices change, [a template can be updated to a new revision](example-use-cases.md#updating-templates-and-clusters-created-with-them) and clusters created from the template can [upgrade to the new version](manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) of the template. +- **Sharing ownership of a template:** When a template owner no longer wants to maintain a template, or wants to share ownership of the template, this scenario describes how [template ownership can be shared.](example-use-cases.md#allowing-other-users-to-control-and-share-a-template) ## Template Management @@ -82,34 +82,34 @@ For the settings that cannot be overridden, the end user will not be able to dir The documents in this section explain the details of RKE template management: -- [Getting permission to create templates](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/creator-permissions.md) -- [Creating and revising templates](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md) -- [Enforcing template settings](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/enforce-templates.md#requiring-new-clusters-to-use-an-rke-template) -- [Overriding template settings](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/override-template-settings.md) -- [Sharing templates with cluster creators](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) -- [Sharing ownership of a template](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md#sharing-ownership-of-templates) +- [Getting permission to create templates](creator-permissions.md) +- [Creating and revising templates](manage-rke1-templates.md) +- [Enforcing template settings](enforce-templates.md#requiring-new-clusters-to-use-an-rke-template) +- [Overriding template settings](override-template-settings.md) +- [Sharing templates with cluster creators](access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) +- [Sharing ownership of a template](access-or-share-templates.md#sharing-ownership-of-templates) -An [example YAML configuration file for a template](../reference-guides/rke1-template-example-yaml.md) is provided for reference. +An [example YAML configuration file for a template](../../../../reference-guides/rke1-template-example-yaml.md) is provided for reference. ## Applying Templates -You can [create a cluster from a template](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#creating-a-cluster-from-an-rke-template) that you created, or from a template that has been [shared with you.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md) +You can [create a cluster from a template](apply-templates.md#creating-a-cluster-from-an-rke-template) that you created, or from a template that has been [shared with you.](access-or-share-templates.md) -If the RKE template owner creates a new revision of the template, you can [upgrade your cluster to that revision.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#updating-a-cluster-created-with-an-rke-template) +If the RKE template owner creates a new revision of the template, you can [upgrade your cluster to that revision.](apply-templates.md#updating-a-cluster-created-with-an-rke-template) RKE templates can be created from scratch to pre-define cluster configuration. They can be applied to launch new clusters, or templates can also be exported from existing running clusters. -You can [save the configuration of an existing cluster as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. +You can [save the configuration of an existing cluster as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. ## Standardizing Hardware -RKE templates are designed to standardize Kubernetes and Rancher settings. If you want to standardize your infrastructure as well, one option is to use RKE templates [in conjunction with other tools](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md). +RKE templates are designed to standardize Kubernetes and Rancher settings. If you want to standardize your infrastructure as well, one option is to use RKE templates [in conjunction with other tools](infrastructure.md). -Another option is to use [cluster templates,](../how-to-guides/new-user-guides/manage-clusters/manage-cluster-templates.md) which include node pool configuration options, but don't provide configuration enforcement. +Another option is to use [cluster templates,](../../manage-clusters/manage-cluster-templates.md) which include node pool configuration options, but don't provide configuration enforcement. ## YAML Customization -If you define an RKE template as a YAML file, you can modify this [example RKE template YAML](../reference-guides/rke1-template-example-yaml.md). The YAML in the RKE template uses the same customization that Rancher uses when creating an RKE cluster, but since the YAML is located within the context of a Rancher provisioned cluster, you will need to nest the RKE template customization under the `rancher_kubernetes_engine_config` directive in the YAML. +If you define an RKE template as a YAML file, you can modify this [example RKE template YAML](../../../../reference-guides/rke1-template-example-yaml.md). The YAML in the RKE template uses the same customization that Rancher uses when creating an RKE cluster, but since the YAML is located within the context of a Rancher provisioned cluster, you will need to nest the RKE template customization under the `rancher_kubernetes_engine_config` directive in the YAML. The RKE documentation also has [annotated](https://rancher.com/docs/rke/latest/en/example-yamls/) `cluster.yml` files that you can use for reference. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md index 1818e9076ff..7f95ca305be 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md @@ -17,7 +17,7 @@ You can't change a cluster to use a different RKE template. You can only update ### Creating a Cluster from an RKE Template -To add a cluster [hosted by an infrastructure provider](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) using an RKE template, use these steps: +To add a cluster [hosted by an infrastructure provider](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) using an RKE template, use these steps: 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create** and choose the infrastructure provider. @@ -31,7 +31,7 @@ To add a cluster [hosted by an infrastructure provider](../../../../pages-for-su When the template owner creates a template, each setting has a switch in the Rancher UI that indicates if users can override the setting. -- If the setting allows a user override, you can update these settings in the cluster by [editing the cluster.](../../../../pages-for-subheaders/cluster-configuration.md) +- If the setting allows a user override, you can update these settings in the cluster by [editing the cluster.](../../../../reference-guides/cluster-configuration/cluster-configuration.md) - If the switch is turned off, you cannot change these settings unless the cluster owner creates a template revision that lets you override them. If there are settings that you want to change, but don't have the option to, you will need to contact the template owner to get a new revision of the template. If a cluster was created from an RKE template, you can edit the cluster to update the cluster to a new revision of the template. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md index 0b2b6f8b8eb..54a2897d38c 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md @@ -58,7 +58,7 @@ When you need to make changes to your infrastructure, instead of manually updati This section describes one way that you can make security and compliance-related config files standard in your clusters. -When you create a [CIS benchmark compliant cluster,](../../../../pages-for-subheaders/rancher-security.md) you have an encryption config file and an audit log config file. +When you create a [CIS benchmark compliant cluster,](../../../../reference-guides/rancher-security/rancher-security.md) you have an encryption config file and an audit log config file. Your infrastructure provisioning system can write those files to disk. Then in your RKE template, you would specify where those files will be, then add your encryption config file and audit log config file as extra mounts to the `kube-api-server`. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md index e9eac6fe7f6..6e8c75fe8d7 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md @@ -30,7 +30,7 @@ You can revise, share, and delete a template if you are an owner of the template 1. Optional: Share the template with other users or groups by [adding them as members.](access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) You can also make the template public to share with everyone in the Rancher setup. 1. Then follow the form on screen to save the cluster configuration parameters as part of the template's revision. The revision can be marked as default for this template. -**Result:** An RKE template with one revision is configured. You can use this RKE template revision later when you [provision a Rancher-launched cluster](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). After a cluster is managed by an RKE template, it cannot be disconnected and the option to uncheck **Use an existing RKE Template and Revision** will be unavailable. +**Result:** An RKE template with one revision is configured. You can use this RKE template revision later when you [provision a Rancher-launched cluster](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). After a cluster is managed by an RKE template, it cannot be disconnected and the option to uncheck **Use an existing RKE Template and Revision** will be unavailable. ### Updating a Template diff --git a/versioned_docs/version-2.8/pages-for-subheaders/authentication-config.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md similarity index 78% rename from versioned_docs/version-2.8/pages-for-subheaders/authentication-config.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md index 9bb89f46ee8..fa93a624d4a 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/authentication-config.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md @@ -17,26 +17,26 @@ The Rancher authentication proxy integrates with the following external authenti | Auth Service | | ------------------------------------------------------------------------------------------------ | -| [Microsoft Active Directory](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md) | -| [GitHub](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md) | -| [Microsoft Azure AD](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md) | -| [FreeIPA](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md) | -| [OpenLDAP](configure-openldap.md) | -| [Microsoft AD FS](configure-microsoft-ad-federation-service-saml.md) | -| [PingIdentity](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-pingidentity.md) | -| [Keycloak (OIDC)](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-oidc.md) | -| [Keycloak (SAML)](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-saml.md) | -| [Okta](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md) | -| [Google OAuth](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-google-oauth.md) | -| [Shibboleth](configure-shibboleth-saml.md) | +| [Microsoft Active Directory](configure-active-directory.md) | +| [GitHub](configure-github.md) | +| [Microsoft Azure AD](configure-azure-ad.md) | +| [FreeIPA](configure-freeipa.md) | +| [OpenLDAP](../configure-openldap/configure-openldap.md) | +| [Microsoft AD FS](../configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md) | +| [PingIdentity](configure-pingidentity.md) | +| [Keycloak (OIDC)](configure-keycloak-oidc.md) | +| [Keycloak (SAML)](configure-keycloak-saml.md) | +| [Okta](configure-okta-saml.md) | +| [Google OAuth](configure-google-oauth.md) | +| [Shibboleth](../configure-shibboleth-saml/configure-shibboleth-saml.md) | -However, Rancher also provides [local authentication](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/create-local-users.md). +However, Rancher also provides [local authentication](create-local-users.md). In most cases, you should use an external authentication service over local authentication, as external authentication allows user management from a central location. However, you may want a few local authentication users for managing Rancher under rare circumstances, such as if your external authentication provider is unavailable or undergoing maintenance. ## Users and Groups -Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When authenticating with an external provider, groups are provided from the external provider based on the user. These users and groups are given specific roles to resources like clusters, projects, multi-cluster apps, and global DNS providers and entries. When you give access to a group, all users who are a member of that group in the authentication provider will be able to access the resource with the permissions that you've specified. For more information on roles and permissions, see [Role Based Access Control](manage-role-based-access-control-rbac.md). +Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When authenticating with an external provider, groups are provided from the external provider based on the user. These users and groups are given specific roles to resources like clusters, projects, multi-cluster apps, and global DNS providers and entries. When you give access to a group, all users who are a member of that group in the authentication provider will be able to access the resource with the permissions that you've specified. For more information on roles and permissions, see [Role Based Access Control](../manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). :::note @@ -44,7 +44,7 @@ Local authentication does not support creating or managing groups. ::: -For more information, see [Users and Groups](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md) +For more information, see [Users and Groups](manage-users-and-groups.md) ## Scope of Rancher Authorization diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md index b24c4879071..b3f2f9a3a09 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md @@ -8,11 +8,11 @@ title: Configure Active Directory (AD) If your organization uses Microsoft Active Directory as central user repository, you can configure Rancher to communicate with an Active Directory server to authenticate users. This allows Rancher admins to control access to clusters and projects based on users and groups managed externally in the Active Directory, while allowing end-users to authenticate with their AD credentials when logging in to the Rancher UI. -Rancher uses LDAP to communicate with the Active Directory server. The authentication flow for Active Directory is therefore the same as for the [OpenLDAP authentication](../../../../pages-for-subheaders/configure-openldap.md) integration. +Rancher uses LDAP to communicate with the Active Directory server. The authentication flow for Active Directory is therefore the same as for the [OpenLDAP authentication](../configure-openldap/configure-openldap.md) integration. :::note -Before you start, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +Before you start, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md index d6f2884eab4..fe7485b1ce3 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md @@ -326,5 +326,5 @@ Token Endpoint | https://login.partner.microsoftonline.cn/{tenantID}/oauth2/v2 > >- If you don't wish to upgrade to v2.7.0+ after the Azure AD Graph API is retired, you'll need to either: - Use the built-in Rancher auth or - - Use another third-party auth system and set that up in Rancher. Please see the [authentication docs](../../../../pages-for-subheaders/authentication-config.md) to learn how to configure other open authentication providers. + - Use another third-party auth system and set that up in Rancher. Please see the [authentication docs](authentication-config.md) to learn how to configure other open authentication providers. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md index 0fe6995d4ae..1b1526bca7d 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md @@ -12,7 +12,7 @@ If your organization uses FreeIPA for user authentication, you can configure Ran - You must have a [FreeIPA Server](https://www.freeipa.org/) configured. - Create a service account in FreeIPA with `read-only` access. Rancher uses this account to verify group membership when a user makes a request using an API key. -- Read [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +- Read [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md index 960d968de8d..c36d087ab5d 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md @@ -10,7 +10,7 @@ In environments using GitHub, you can configure Rancher to allow sign on using G :::note Prerequisites: -Read [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +Read [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md index 0b572698dc8..eea78732674 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md @@ -100,7 +100,7 @@ The OpenLDAP service account is used for all searches. Rancher users will see us [Configure the settings](../configure-openldap/openldap-config-reference.md) for the OpenLDAP server, groups and users. Note that nested group membership isn't available. -> Before you proceed with the configuration, please familiarise yourself with [external authentication configuration and principal users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with [external authentication configuration and principal users](authentication-config.md#external-authentication-configuration-and-principal-users). 1. Sign into Rancher using a local user assigned the [administrator](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions) role (i.e., the _local principal_). 1. In the top left corner, click **☰ > Users & Authentication**. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md index 38fc2a6403c..ec39be1f01b 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md @@ -8,7 +8,7 @@ title: Users and Groups Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When you configure an external authentication provider, users from that provider will be able to log in to your Rancher server. When a user logs in, the authentication provider will supply your Rancher server with a list of groups to which the user belongs. -Access to clusters, projects, multi-cluster apps, and global DNS providers and entries can be controlled by adding either individual users or groups to these resources. When you add a group to a resource, all users who are members of that group in the authentication provider, will be able to access the resource with the permissions that you've specified for the group. For more information on roles and permissions, see [Role Based Access Control](../../../../pages-for-subheaders/manage-role-based-access-control-rbac.md). +Access to clusters, projects, multi-cluster apps, and global DNS providers and entries can be controlled by adding either individual users or groups to these resources. When you add a group to a resource, all users who are members of that group in the authentication provider, will be able to access the resource with the permissions that you've specified for the group. For more information on roles and permissions, see [Role Based Access Control](../manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). ## Managing Members diff --git a/versioned_docs/version-2.8/pages-for-subheaders/authentication-permissions-and-global-configuration.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md similarity index 69% rename from versioned_docs/version-2.8/pages-for-subheaders/authentication-permissions-and-global-configuration.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md index 42dc72fdefe..074ca71248c 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/authentication-permissions-and-global-configuration.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md @@ -6,7 +6,7 @@ title: Authentication, Permissions and Global Settings -After installation, the [system administrator](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md) should configure Rancher to configure authentication, authorization, security, default settings, security policies, drivers and global DNS entries. +After installation, the [system administrator](manage-role-based-access-control-rbac/global-permissions.md) should configure Rancher to configure authentication, authorization, security, default settings, security policies, drivers and global DNS entries. ## First Log In @@ -22,35 +22,35 @@ After you set the Rancher Server URL, we do not support updating it. Set the URL One of the key features that Rancher adds to Kubernetes is centralized user authentication. This feature allows to set up local users and/or connect to an external authentication provider. By connecting to an external authentication provider, you can leverage that provider's user and groups. -For more information how authentication works and how to configure each provider, see [Authentication](authentication-config.md). +For more information how authentication works and how to configure each provider, see [Authentication](authentication-config/authentication-config.md). ## Authorization Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. Once the user logs in to Rancher, their _authorization_, or their access rights within the system, is determined by the user's role. Rancher provides built-in roles to allow you to easily configure a user's permissions to resources, but Rancher also provides the ability to customize the roles for each Kubernetes resource. -For more information how authorization works and how to customize roles, see [Roles Based Access Control (RBAC)](manage-role-based-access-control-rbac.md). +For more information how authorization works and how to customize roles, see [Roles Based Access Control (RBAC)](manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). ## Pod Security Policies _Pod Security Policies_ (or PSPs) are objects that control security-sensitive aspects of pod specification, e.g. root privileges. If a pod does not meet the conditions specified in the PSP, Kubernetes will not allow it to start, and Rancher will display an error message. -For more information how to create and use PSPs, see [Pod Security Policies](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md). +For more information how to create and use PSPs, see [Pod Security Policies](create-pod-security-policies.md). ## Provisioning Drivers -Drivers in Rancher allow you to manage which providers can be used to provision [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. +Drivers in Rancher allow you to manage which providers can be used to provision [hosted Kubernetes clusters](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. -For more information, see [Provisioning Drivers](about-provisioning-drivers.md). +For more information, see [Provisioning Drivers](about-provisioning-drivers/about-provisioning-drivers.md). ## Adding Kubernetes Versions into Rancher With this feature, you can upgrade to the latest version of Kubernetes as soon as it is released, without upgrading Rancher. This feature allows you to easily upgrade Kubernetes patch versions (i.e. `v1.15.X`), but not intended to upgrade Kubernetes minor versions (i.e. `v1.X.0`) as Kubernetes tends to deprecate or add APIs between minor versions. -The information that Rancher uses to provision [RKE clusters](launch-kubernetes-with-rancher.md) is now located in the Rancher Kubernetes Metadata. For details on metadata configuration and how to change the Kubernetes version used for provisioning RKE clusters, see [Rancher Kubernetes Metadata.](../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md) +The information that Rancher uses to provision [RKE clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) is now located in the Rancher Kubernetes Metadata. For details on metadata configuration and how to change the Kubernetes version used for provisioning RKE clusters, see [Rancher Kubernetes Metadata.](../../../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md) -Rancher Kubernetes Metadata contains Kubernetes version information which Rancher uses to provision [RKE clusters](launch-kubernetes-with-rancher.md). +Rancher Kubernetes Metadata contains Kubernetes version information which Rancher uses to provision [RKE clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). -For more information on how metadata works and how to configure metadata config, see [Rancher Kubernetes Metadata](../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md). +For more information on how metadata works and how to configure metadata config, see [Rancher Kubernetes Metadata](../../../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md). ## Global Settings @@ -60,18 +60,18 @@ Click **☰** in the top left corner, then select **Global Settings**, to view a - **Settings**: Various Rancher defaults, such as the minimum length for a user's password (`password-min-length`). You should be cautious when modifying these settings, as invalid values may break your Rancher installation. - **Feature Flags**: Rancher features that can be toggled on or off. Some of these flags are for [experimental features](#enabling-experimental-features). -- **Banners**: Elements you can add to fixed locations on the portal. For example, you can use these options to [set a custom banner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/custom-branding.md#fixed-banners) for users when they login to Rancher. -- **Branding**: Rancher UI design elements that you can [customize](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/custom-branding.md). You can add a custom logo or favicon, and modify UI colors. +- **Banners**: Elements you can add to fixed locations on the portal. For example, you can use these options to [set a custom banner](custom-branding.md#fixed-banners) for users when they login to Rancher. +- **Branding**: Rancher UI design elements that you can [customize](custom-branding.md). You can add a custom logo or favicon, and modify UI colors. - **Performance**: Performance settings for the Rancher UI, such as incremental resource loading. - **Home Links**: Links displayed on the Rancher UI **Home** page. You can modify visibility for the default links or add your own links. ### Enabling Experimental Features -Rancher includes some features that are experimental and/or disabled by default. Feature flags allow you to enable these features. For more information, refer to the section about [feature flags.](enable-experimental-features.md) +Rancher includes some features that are experimental and/or disabled by default. Feature flags allow you to enable these features. For more information, refer to the section about [feature flags.](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md) ### Global Configuration -**Global Configuration** options aren't visible unless you activate the **legacy** [feature flag](enable-experimental-features.md). The **legacy** flag is disabled by default on fresh Rancher installs of v2.6 and later. If you upgrade from an earlier Rancher version, or activate the **legacy** feature flag on Rancher v2.6 and later, **Global Configuration** is available from the top navigation menu: +**Global Configuration** options aren't visible unless you activate the **legacy** [feature flag](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md). The **legacy** flag is disabled by default on fresh Rancher installs of v2.6 and later. If you upgrade from an earlier Rancher version, or activate the **legacy** feature flag on Rancher v2.6 and later, **Global Configuration** is available from the top navigation menu: 1. Click **☰** in the top left corner. 1. Select **Global Configuration** from the **Legacy Apps**. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md similarity index 76% rename from versioned_docs/version-2.8/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md index 8662bf782fb..e10056cc0ae 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md @@ -24,8 +24,8 @@ You must have a [Microsoft AD FS Server](https://docs.microsoft.com/en-us/window Setting up Microsoft AD FS with Rancher Server requires configuring AD FS on your Active Directory server, and configuring Rancher to utilize your AD FS server. The following pages serve as guides for setting up Microsoft AD FS authentication on your Rancher installation. -- [1. Configuring Microsoft AD FS for Rancher](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) -- [2. Configuring Rancher for Microsoft AD FS](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-rancher-for-ms-adfs.md) +- [1. Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md) +- [2. Configuring Rancher for Microsoft AD FS](configure-rancher-for-ms-adfs.md) :::note SAML Provider Caveats: @@ -37,4 +37,4 @@ Setting up Microsoft AD FS with Rancher Server requires configuring AD FS on you ::: -### [Next: Configuring Microsoft AD FS for Rancher](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) +### [Next: Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/configure-openldap.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md similarity index 90% rename from versioned_docs/version-2.8/pages-for-subheaders/configure-openldap.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md index 9eb5fc7db2a..9285e08ef8b 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/configure-openldap.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md @@ -18,9 +18,9 @@ Rancher must be configured with a LDAP bind account (aka service account) to sea ## Configure OpenLDAP in Rancher -Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md) +Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](openldap-config-reference.md) -> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). 1. In the top left corner, click **☰ > Users & Authentication**. 1. In the left navigation menu, click **Auth Provider**. @@ -53,4 +53,4 @@ You will still be able to login using the locally configured `admin` account and ## Annex: Troubleshooting -If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. +If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../../../../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md index bd6f5454ba2..54d62bb9dd1 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md @@ -8,7 +8,7 @@ title: OpenLDAP Configuration Reference For further details on configuring OpenLDAP authentication, refer to the [official documentation.](https://www.openldap.org/doc/) -> Before you proceed with the configuration, please familiarize yourself with the concepts of [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarize yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). ## Background: OpenLDAP Authentication Flow diff --git a/versioned_docs/version-2.8/pages-for-subheaders/configure-shibboleth-saml.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md similarity index 91% rename from versioned_docs/version-2.8/pages-for-subheaders/configure-shibboleth-saml.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md index f8c3480dd08..21d81b924b8 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/configure-shibboleth-saml.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md @@ -12,7 +12,7 @@ In this configuration, when Rancher users log in, they will be redirected to the If you also configure OpenLDAP as the back end to Shibboleth, it will return a SAML assertion to Rancher with user attributes that include groups. Then the authenticated user will be able to access resources in Rancher that their groups have permissions for. -> The instructions in this section assume that you understand how Rancher, Shibboleth, and OpenLDAP work together. For a more detailed explanation of how it works, refer to [this page.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/about-group-permissions.md) +> The instructions in this section assume that you understand how Rancher, Shibboleth, and OpenLDAP work together. For a more detailed explanation of how it works, refer to [this page.](about-group-permissions.md) ## Setting up Shibboleth in Rancher @@ -91,9 +91,9 @@ Rancher must be configured with a LDAP bind account (aka service account) to sea ### Configure OpenLDAP in Rancher -Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md) Note that nested group membership is not available for Shibboleth. +Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../configure-openldap/openldap-config-reference.md) Note that nested group membership is not available for Shibboleth. -> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). 1. Log into the Rancher UI using the initial local `admin` account. 1. In the top left corner, click **☰ > Users & Authentication**. @@ -103,4 +103,4 @@ Configure the settings for the OpenLDAP server, groups and users. For help filli ## Troubleshooting -If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. +If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../../../../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md index b3e84e98c15..ce69a75f339 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md @@ -60,9 +60,9 @@ Using Rancher, you can create a Pod Security Policy using our GUI rather than cr ### Requirements -Rancher can only assign PSPs for clusters that are [launched using RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +Rancher can only assign PSPs for clusters that are [launched using RKE](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). -You must enable PSPs at the cluster level before you can assign them to a project. This can be configured by [editing the cluster](../../../pages-for-subheaders/cluster-configuration.md). +You must enable PSPs at the cluster level before you can assign them to a project. This can be configured by [editing the cluster](../../../reference-guides/cluster-configuration/cluster-configuration.md). It is a best practice to set PSP at the cluster level. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md index eec64c568f2..419b6cba216 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md @@ -9,7 +9,7 @@ title: Configuring a Global Default Private Registry :::note This page describes how to configure a global default private registry from the Rancher UI, after Rancher is already installed. -For instructions on how to set up a private registry during Rancher installation, refer to the [air-gapped installation guide](../../../pages-for-subheaders/air-gapped-helm-cli-install.md). +For instructions on how to set up a private registry during Rancher installation, refer to the [air-gapped installation guide](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md). ::: diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md index de61e0f4fb7..5e9c6c7a96d 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md @@ -102,7 +102,7 @@ If a user is removed from the external authentication provider group, they would You can only assign a global role to a group if: -* You have set up an [external authentication provider](../../../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication) +* You have set up an [external authentication provider](../authentication-config/authentication-config.md#external-vs-local-authentication) * The external authentication provider supports [user groups](../../authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md) * You have already set up at least one user group with the authentication provider diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md index 9e18ce4b88c..bccfdc59a4e 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md @@ -56,7 +56,7 @@ You can [assign a role to everyone in the group at the same time](#configuring-g Using custom permissions is convenient for providing users with narrow or specialized access to Rancher. -When a user from an [external authentication source](../../../../pages-for-subheaders/authentication-config.md) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in for the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters. +When a user from an [external authentication source](../authentication-config/authentication-config.md) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in for the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters. However, in some organizations, these permissions may extend too much access. Rather than assigning users the default global permissions of `Administrator` or `Standard User`, you can assign them a more restrictive set of custom global permissions. @@ -64,7 +64,6 @@ The default roles, Administrator and Standard User, each come with multiple glob Administrators can enforce custom global permissions in multiple ways: -- [Creating custom global roles](#creating-custom-global-roles). - [Changing the default permissions for new users](#configuring-default-global-permissions). - [Configuring global permissions for individual users](#configuring-global-permissions-for-individual-users). - [Configuring global permissions for groups](#configuring-global-permissions-for-groups). @@ -256,7 +255,7 @@ If a user is removed from the external authentication provider group, they would You can only assign a global role to a group if: -* You have set up an [external authentication provider](../../../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication) +* You have set up an [external authentication provider](../authentication-config/authentication-config.md#external-vs-local-authentication) * The external authentication provider supports [user groups](../authentication-config/manage-users-and-groups.md) * You have already set up at least one user group with the authentication provider diff --git a/versioned_docs/version-2.8/pages-for-subheaders/manage-role-based-access-control-rbac.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md similarity index 73% rename from versioned_docs/version-2.8/pages-for-subheaders/manage-role-based-access-control-rbac.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md index c6c87eff5fc..93e95f07f8d 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/manage-role-based-access-control-rbac.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md @@ -6,7 +6,7 @@ title: Role-Based Access Control (RBAC) -Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. As mentioned in [Authentication](authentication-config.md), users can either be local or external. +Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. As mentioned in [Authentication](../authentication-config/authentication-config.md), users can either be local or external. After you configure external authentication, the users that display on the **Users** page changes. @@ -18,11 +18,11 @@ After you configure external authentication, the users that display on the **Use Once the user logs in to Rancher, their _authorization_, or their access rights within the system, is determined by _global permissions_, and _cluster and project roles_. -- [Global Permissions](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md): +- [Global Permissions](global-permissions.md): Define user authorization outside the scope of any particular cluster. -- [Cluster and Project Roles](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md): +- [Cluster and Project Roles](cluster-and-project-roles.md): Define user authorization inside the specific cluster or project where they are assigned the role. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md index dac4d66ee52..18b869c600b 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md @@ -36,7 +36,7 @@ You can assign a PSA template at the same time that you create a downstream clus ### Hardening the Cluster -If you select the **rancher-restricted** template but don't select a **CIS Profile**, you won't meet required CIS benchmarks. See the [RKE2 hardening guide](../../../pages-for-subheaders/rke2-hardening-guide.md) for more details. +If you select the **rancher-restricted** template but don't select a **CIS Profile**, you won't meet required CIS benchmarks. See the [RKE2 hardening guide](../../../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md) for more details. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md index a9046a1e64d..08d8e96c8bd 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md @@ -6,7 +6,7 @@ title: Backing up a Cluster -In the Rancher UI, etcd backup and recovery for [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) can be easily performed. +In the Rancher UI, etcd backup and recovery for [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) can be easily performed. Rancher recommends configuring recurrent `etcd` snapshots for all production clusters. Additionally, one-time snapshots can be taken as well. @@ -165,7 +165,7 @@ If the etcd snapshot restore fails, the phase will be set to `Failed`. Select how often you want recurring snapshots to be taken as well as how many snapshots to keep. The amount of time is measured in hours. With timestamped snapshots, the user has the ability to do a point-in-time recovery. -By default, [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk). To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. +By default, [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk). To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. During cluster provisioning or editing the cluster, the configuration for snapshots can be found in the advanced section for **Cluster Options**. Click on **Show advanced options**. @@ -183,7 +183,7 @@ In the **Advanced Cluster Options** section, there are several options available Set the schedule for how you want recurring snapshots to be taken as well as how many snapshots to keep. The schedule is conventional cron format. The retention policy dictates the number of snapshots matching a name to keep per node. -By default, [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk) every 5 hours starting at 12 AM. To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. +By default, [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk) every 5 hours starting at 12 AM. To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. During cluster provisioning or editing the cluster, the configuration for snapshots can be found under **Cluster Configuration**. Click on **etcd**. @@ -248,12 +248,12 @@ Rancher supports two different backup targets: -By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) in `/opt/rke/etcd-snapshots`. All recurring snapshots are taken at configured intervals. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. +By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) in `/opt/rke/etcd-snapshots`. All recurring snapshots are taken at configured intervals. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. -By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) in `/var/lib/rancher//server/db/snapshots` where `` is either `k3s` or `rke2`. All recurring snapshots are taken per the cron schedule. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. +By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) in `/var/lib/rancher//server/db/snapshots` where `` is either `k3s` or `rke2`. All recurring snapshots are taken per the cron schedule. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/backup-restore-and-disaster-recovery.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md similarity index 73% rename from versioned_docs/version-2.8/pages-for-subheaders/backup-restore-and-disaster-recovery.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md index 912bd19264e..83b725e468e 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/backup-restore-and-disaster-recovery.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md @@ -16,7 +16,7 @@ The backup-restore operator needs to be installed in the local cluster, and only ## Backup and Restore for Rancher installed with Docker -For Rancher installed with Docker, refer to [this page](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) to perform backups and [this page](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md) to perform restores. +For Rancher installed with Docker, refer to [this page](back-up-docker-installed-rancher.md) to perform backups and [this page](restore-docker-installed-rancher.md) to perform restores. ## How Backups and Restores Work @@ -38,7 +38,7 @@ The Backup and Restore custom resources can be created in the Rancher UI, or by :::note -Refer [here](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md#2-restore-from-backup-using-a-restore-custom-resource) for help on restoring an existing backup file into a v1.22 cluster in Rancher v2.6.3. +Refer [here](migrate-rancher-to-new-cluster.md#2-restore-from-backup-using-a-restore-custom-resource) for help on restoring an existing backup file into a v1.22 cluster in Rancher v2.6.3. ::: @@ -48,7 +48,7 @@ The `rancher-backup` operator can be installed from the Rancher UI, or with the :::note -There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer to the [Fleet Troubleshooting](../integrations-in-rancher/fleet/overview.md#troubleshooting) section for a workaround. +There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer to the [Fleet Troubleshooting](../../../integrations-in-rancher/fleet/overview.md#troubleshooting) section for a workaround. ::: @@ -59,7 +59,7 @@ There is a known issue in Fleet that occurs after performing a restoration using 1. In the left navigation bar, **Apps > Charts**. 1. Click **Rancher Backups**. 1. Click **Install**. -1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../reference-guides/backup-restore-configuration/storage-configuration.md) +1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../../../reference-guides/backup-restore-configuration/storage-configuration.md) 1. Click **Install**. **Result:** The `rancher-backup` operator is installed. @@ -79,22 +79,22 @@ Only the rancher admins and the local cluster’s cluster-owner can: ## Backing up Rancher -A backup is performed by creating a Backup custom resource. For a tutorial, refer to [this page.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher.md) +A backup is performed by creating a Backup custom resource. For a tutorial, refer to [this page.](back-up-rancher.md) ## Restoring Rancher -A restore is performed by creating a Restore custom resource. For a tutorial, refer to [this page.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher.md) +A restore is performed by creating a Restore custom resource. For a tutorial, refer to [this page.](restore-rancher.md) ## Migrating Rancher to a New Cluster -A migration is performed by following [these steps.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +A migration is performed by following [these steps.](migrate-rancher-to-new-cluster.md) ## Default Storage Location Configuration Configure a storage location where all backups are saved by default. You will have the option to override this with each backup, but will be limited to using an S3-compatible or Minio object store. -For information on configuring these options, refer to [this page.](../reference-guides/backup-restore-configuration/storage-configuration.md) +For information on configuring these options, refer to [this page.](../../../reference-guides/backup-restore-configuration/storage-configuration.md) ### Example values.yaml for the rancher-backup Helm Chart -The example [values.yaml file](../reference-guides/backup-restore-configuration/storage-configuration.md#example-valuesyaml-for-the-rancher-backup-helm-chart) can be used to configure the `rancher-backup` operator when the Helm CLI is used to install it. +The example [values.yaml file](../../../reference-guides/backup-restore-configuration/storage-configuration.md#example-valuesyaml-for-the-rancher-backup-helm-chart) can be used to configure the `rancher-backup` operator when the Helm CLI is used to install it. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 4b58db9ead3..29f22ab6164 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -160,7 +160,7 @@ Kubernetes v1.22, available as an experimental feature of v2.6.3, does not suppo ### 3. Install cert-manager -Follow the steps to [install cert-manager](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager) in the documentation about installing cert-manager on Kubernetes. +Follow the steps to [install cert-manager](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager) in the documentation about installing cert-manager on Kubernetes. ### 4. Bring up Rancher with Helm diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md index 313812b6129..c4d2ae77476 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md @@ -6,7 +6,7 @@ title: Restoring a Cluster from Backup -Etcd backup and recovery for [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) can be easily performed. Snapshots of the etcd database are taken and saved either locally onto the etcd nodes or to a S3 compatible target. The advantages of configuring S3 is that if all etcd nodes are lost, your snapshot is saved remotely and can be used to restore the cluster. +Etcd backup and recovery for [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) can be easily performed. Snapshots of the etcd database are taken and saved either locally onto the etcd nodes or to a S3 compatible target. The advantages of configuring S3 is that if all etcd nodes are lost, your snapshot is saved remotely and can be used to restore the cluster. Rancher recommends enabling the [ability to set up recurring snapshots of etcd](back-up-rancher-launched-kubernetes-clusters.md#configuring-recurring-snapshots), but [one-time snapshots](back-up-rancher-launched-kubernetes-clusters.md#one-time-snapshots) can easily be taken as well. Rancher allows restore from [saved snapshots](#restoring-a-cluster-from-a-snapshot) or if you don't have any snapshots, you can still [restore etcd](#recovering-etcd-without-a-snapshot-rke). @@ -130,4 +130,4 @@ If the group of etcd nodes loses quorum, the Kubernetes cluster will report a fa 5. Run the revised command. -6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster](../../../pages-for-subheaders/use-existing-nodes.md) and you want to reuse an old node, you are required to [clean up the nodes](../manage-clusters/clean-cluster-nodes.md) before attempting to add them back into a cluster. +6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) and you want to reuse an old node, you are required to [clean up the nodes](../manage-clusters/clean-cluster-nodes.md) before attempting to add them back into a cluster. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/deploy-apps-across-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md similarity index 67% rename from versioned_docs/version-2.8/pages-for-subheaders/deploy-apps-across-clusters.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md index cb61483b1c5..45cabf3480a 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/deploy-apps-across-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md @@ -8,10 +8,10 @@ title: Deploying Applications across Clusters Rancher uses Fleet to deploy applications across clusters. -Continuous Delivery with Fleet is GitOps at scale. For more information, refer to the [Fleet section](../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md). +Continuous Delivery with Fleet is GitOps at scale. For more information, refer to the [Fleet section](fleet.md). ### Multi-cluster Apps In Rancher before v2.5, the multi-cluster apps feature was used to deploy applications across clusters. The multi-cluster apps feature is deprecated, but still available in Rancher v2.5. -See the [multi-cluster app documentation](../how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md) for more details. \ No newline at end of file +See the [multi-cluster app documentation](multi-cluster-apps.md) for more details. \ No newline at end of file diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md index 64c852c3629..61952f9dca3 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md @@ -62,7 +62,7 @@ In the **Upgrades** section, select the upgrade strategy to use, when you decide ### Roles -In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications](../../../pages-for-subheaders/helm-charts-in-rancher.md), that specific user's permissions are used for creation of all workloads/resources that is required by the app. +In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications](../helm-charts-in-rancher/helm-charts-in-rancher.md), that specific user's permissions are used for creation of all workloads/resources that is required by the app. For multi-cluster applications, the application is deployed by a _system user_ and is assigned as the creator of all underlying resources. A _system user_ is used instead of the actual user due to the fact that the actual user could be removed from one of the target projects. If the actual user was removed from one of the projects, then that user would no longer be able to manage the application for the other projects. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/helm-charts-in-rancher.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md similarity index 97% rename from versioned_docs/version-2.8/pages-for-subheaders/helm-charts-in-rancher.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md index ecc7993c7d9..fa99b770228 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/helm-charts-in-rancher.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md @@ -147,7 +147,7 @@ The upgrade button has been removed for legacy apps from the **Apps > Installed If you have a legacy app installed and want to upgrade it: -- The legacy [feature flag](enable-experimental-features.md) must be turned on (if it's not turned on automatically because of having a legacy app before upgrading) +- The legacy [feature flag](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md) must be turned on (if it's not turned on automatically because of having a legacy app before upgrading) - You can upgrade the app from cluster explorer, from the left nav section **Legacy > Project > Apps** - For multi-cluster apps, you can go to **≡ > Multi-cluster Apps** and upgrade the app from there diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md index 1611ca978e3..0be31c8fba7 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md @@ -10,7 +10,7 @@ This tutorial is intended to help you provision the underlying infrastructure fo The recommended infrastructure for the Rancher-only Kubernetes cluster differs depending on whether Rancher will be installed on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. -For more information about each installation option, refer to [this page.](../../../pages-for-subheaders/installation-and-upgrade.md) +For more information about each installation option, refer to [this page.](../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) :::note Important: @@ -27,7 +27,7 @@ To install the Rancher management server on a high-availability K3s cluster, we ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md index ad266904aed..17e1a1004cc 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md @@ -30,7 +30,7 @@ The etcd database requires an odd number of nodes so that it can always elect a ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md index c00f0061adb..9eddca79fd4 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md @@ -24,7 +24,7 @@ To install the Rancher management server on a high-availability RKE2 cluster, we ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/infrastructure-setup.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md similarity index 58% rename from versioned_docs/version-2.8/pages-for-subheaders/infrastructure-setup.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md index fabdc72e975..ccdca3126b8 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/infrastructure-setup.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md @@ -6,7 +6,7 @@ title: Don't have infrastructure for your Kubernetes cluster? Try one of these t -To set up infrastructure for a high-availability K3s Kubernetes cluster with an external DB, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) +To set up infrastructure for a high-availability K3s Kubernetes cluster with an external DB, refer to [this page.](ha-k3s-kubernetes-cluster.md) -To set up infrastructure for a high-availability RKE Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) +To set up infrastructure for a high-availability RKE Kubernetes cluster, refer to [this page.](ha-rke1-kubernetes-cluster.md) diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md index 9c7f55b9443..bcc1337121a 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md @@ -6,7 +6,7 @@ title: Setting up Nodes in Amazon EC2 -In this tutorial, you will learn one way to set up Linux nodes for the Rancher management server. These nodes will fulfill the node requirements for [OS, Docker, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +In this tutorial, you will learn one way to set up Linux nodes for the Rancher management server. These nodes will fulfill the node requirements for [OS, Docker, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) If the Rancher server will be installed on an RKE Kubernetes cluster, you should provision three instances. @@ -16,8 +16,8 @@ If the Rancher server is installed in a single Docker container, you only need o ### 1. Optional Preparation -- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.](../../../pages-for-subheaders/set-up-cloud-providers.md) -- **Create security group:** We also recommend setting up a security group for the Rancher nodes that complies with the [port requirements for Rancher nodes.](../../../pages-for-subheaders/installation-requirements.md#port-requirements) +- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.](../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) +- **Create security group:** We also recommend setting up a security group for the Rancher nodes that complies with the [port requirements for Rancher nodes.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) ### 2. Provision Instances @@ -30,7 +30,7 @@ If the Rancher server is installed in a single Docker container, you only need o 1. In the **Number of instances** field, enter the number of instances. A high-availability K3s cluster requires only two instances, while a high-availability RKE cluster requires three instances. 1. Optional: If you created an IAM role for Rancher to manipulate AWS resources, select the new IAM role in the **IAM role** field. 1. Click **Next: Add Storage,** **Next: Add Tags,** and **Next: Configure Security Group**. -1. In **Step 6: Configure Security Group,** select a security group that complies with the [port requirements](../../../pages-for-subheaders/installation-requirements.md#port-requirements) for Rancher nodes. +1. In **Step 6: Configure Security Group,** select a security group that complies with the [port requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) for Rancher nodes. 1. Click **Review and Launch**. 1. Click **Launch**. 1. Choose a new or existing key pair that you will use to connect to your instance later. If you are using an existing key pair, make sure you already have access to the private key. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md index a5d69ed221d..a287c374fe3 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md @@ -14,7 +14,7 @@ Then Helm is used to install Rancher on top of the Kubernetes cluster. Helm uses The Rancher server data is stored on etcd. This etcd database also runs on all three nodes, and requires an odd number of nodes so that it can always elect a leader with a majority of the etcd cluster. If the etcd database cannot elect a leader, etcd can fail, requiring the cluster to be restored from backup. -For information on how Rancher works, regardless of the installation method, refer to the [architecture section.](../../../pages-for-subheaders/rancher-manager-architecture.md) +For information on how Rancher works, regardless of the installation method, refer to the [architecture section.](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) ### Recommended Architecture diff --git a/versioned_docs/version-2.8/pages-for-subheaders/kubernetes-cluster-setup.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup.md similarity index 100% rename from versioned_docs/version-2.8/pages-for-subheaders/kubernetes-cluster-setup.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup.md diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md index 1d1c0682ec1..e61bdb43e0a 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md @@ -14,7 +14,7 @@ Rancher can run on any Kubernetes cluster, included hosted Kubernetes solutions ::: -For systems without direct internet access, refer to [Air Gap: Kubernetes install.](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) +For systems without direct internet access, refer to [Air Gap: Kubernetes install.](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) :::tip Single-node Installation Tip: @@ -192,5 +192,5 @@ The "rancher-cluster" parts of the two latter file names are dependent on how yo See the [Troubleshooting](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md) page. -### [Next: Install Rancher](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) +### [Next: Install Rancher](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/checklist-for-production-ready-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md similarity index 77% rename from versioned_docs/version-2.8/pages-for-subheaders/checklist-for-production-ready-clusters.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md index f5816af3c48..d3609540e2a 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/checklist-for-production-ready-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md @@ -8,15 +8,15 @@ title: Checklist for Production-Ready Clusters In this section, we recommend best practices for creating the production-ready Kubernetes clusters that will run your apps and services. -For a list of requirements for your cluster, including the requirements for OS/Docker, hardware, and networking, refer to the section on [node requirements.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) +For a list of requirements for your cluster, including the requirements for OS/Docker, hardware, and networking, refer to the section on [node requirements.](../node-requirements-for-rancher-managed-clusters.md) This is a shortlist of best practices that we strongly recommend for all production clusters. -For a full list of all the best practices that we recommend, refer to the [best practices section.](best-practices.md) +For a full list of all the best practices that we recommend, refer to the [best practices section.](../../../../reference-guides/best-practices/best-practices.md) ### Node Requirements -* Make sure your nodes fulfill all of the [node requirements,](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) including the port requirements. +* Make sure your nodes fulfill all of the [node requirements,](../node-requirements-for-rancher-managed-clusters.md) including the port requirements. ### Back up etcd @@ -33,10 +33,10 @@ For a full list of all the best practices that we recommend, refer to the [best * Assign two or more nodes the `controlplane` role for master component high availability. * Assign two or more nodes the `worker` role for workload rescheduling upon node failure. -For more information on what each role is used for, refer to the [section on roles for nodes in Kubernetes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md) +For more information on what each role is used for, refer to the [section on roles for nodes in Kubernetes.](roles-for-nodes-in-kubernetes.md) For more information about the -number of nodes for each Kubernetes role, refer to the section on [recommended architecture.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +number of nodes for each Kubernetes role, refer to the section on [recommended architecture.](../../../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) ### Logging and Monitoring @@ -50,4 +50,4 @@ number of nodes for each Kubernetes role, refer to the section on [recommended a ### Networking * Minimize network latency. Rancher recommends minimizing latency between the etcd nodes. The default setting for `heartbeat-interval` is `500`, and the default setting for `election-timeout` is `5000`. These [settings for etcd tuning](https://coreos.com/etcd/docs/latest/tuning.html) allow etcd to run in most networks (except really high latency networks). -* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider](set-up-cloud-providers.md) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). +* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider](../set-up-cloud-providers/set-up-cloud-providers.md) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md index 7c5e21424ea..c709d847ae3 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md @@ -66,7 +66,7 @@ Adding more than one node with the `worker` role will make sure your workloads c ### Why Production Requirements are Different for the Rancher Cluster and the Clusters Running Your Applications -You may have noticed that our [Kubernetes Install](../../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) instructions do not meet our definition of a production-ready cluster, as there are no dedicated nodes for the `worker` role. However, for your Rancher installation, this three node cluster is valid, because: +You may have noticed that our [Kubernetes Install](../../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) instructions do not meet our definition of a production-ready cluster, as there are no dedicated nodes for the `worker` role. However, for your Rancher installation, this three node cluster is valid, because: * It allows one `etcd` node failure. * It maintains multiple instances of the master components by having multiple `controlplane` nodes. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md index 04eeb4466d4..1c627844659 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md @@ -8,7 +8,7 @@ title: Roles for Nodes in Kubernetes This section describes the roles for etcd nodes, controlplane nodes, and worker nodes in Kubernetes, and how the roles work together in a cluster. -This diagram is applicable to Kubernetes clusters [launched with Rancher using RKE.](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +This diagram is applicable to Kubernetes clusters [launched with Rancher using RKE.](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ![Cluster diagram](/img/clusterdiagram.svg)
Lines show the traffic flow between components. Colors are used purely for visual aid diff --git a/versioned_docs/version-2.8/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md similarity index 78% rename from versioned_docs/version-2.8/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md index 899d4bb5937..bb5e556d5c2 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md @@ -9,9 +9,9 @@ description: Provisioning Kubernetes Clusters Rancher simplifies the creation of clusters by allowing you to create them through the Rancher UI rather than more complex alternatives. Rancher provides multiple options for launching a cluster. Use the option that best fits your use case. -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../../../reference-guides/kubernetes-concepts.md) page. -For a conceptual overview of how the Rancher server provisions clusters and what tools it uses to provision them, refer to the [architecture](rancher-manager-architecture.md) page. +For a conceptual overview of how the Rancher server provisions clusters and what tools it uses to provision them, refer to the [architecture](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) page. @@ -29,7 +29,7 @@ In this scenario, Rancher does not provision Kubernetes because it is installed If you use a Kubernetes provider such as Google GKE, Rancher integrates with its cloud APIs, allowing you to create and manage role-based access control for the hosted cluster from the Rancher UI. -For more information, refer to the section on [hosted Kubernetes clusters.](set-up-clusters-from-hosted-kubernetes-providers.md) +For more information, refer to the section on [hosted Kubernetes clusters.](set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) ## Launching Kubernetes with Rancher @@ -41,23 +41,23 @@ These nodes can be dynamically provisioned through Rancher's UI, which calls [Do If you already have a node that you want to add to an RKE cluster, you can add it to the cluster by running a Rancher agent container on it. -For more information, refer to the section on [RKE clusters.](../pages-for-subheaders/launch-kubernetes-with-rancher.md) +For more information, refer to the section on [RKE clusters.](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ### Launching Kubernetes and Provisioning Nodes in an Infrastructure Provider Rancher can dynamically provision nodes in infrastructure providers such as Amazon EC2, DigitalOcean, Azure, or vSphere, then install Kubernetes on them. -Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider.md#node-templates). This template defines the parameters used to launch nodes in your cloud providers. +Using Rancher, you can create pools of nodes based on a [node template](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). This template defines the parameters used to launch nodes in your cloud providers. One benefit of using nodes hosted by an infrastructure provider is that if a node loses connectivity with the cluster, Rancher can automatically replace it, thus maintaining the expected cluster configuration. -The cloud providers available for creating a node template are decided based on the [node drivers](use-new-nodes-in-an-infra-provider.md#node-drivers) active in the Rancher UI. +The cloud providers available for creating a node template are decided based on the [node drivers](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-drivers) active in the Rancher UI. -For more information, refer to the section on [nodes hosted by an infrastructure provider](use-new-nodes-in-an-infra-provider.md) +For more information, refer to the section on [nodes hosted by an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### Launching Kubernetes on Existing Custom Nodes -When setting up this type of cluster, Rancher installs Kubernetes on existing [custom nodes,](use-existing-nodes.md) which creates a custom cluster. +When setting up this type of cluster, Rancher installs Kubernetes on existing [custom nodes,](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) which creates a custom cluster. You can bring any nodes you want to Rancher and use them to create a cluster. @@ -71,7 +71,7 @@ Registering EKS clusters now provides additional benefits. For the most part, re When you delete an EKS cluster that was created in Rancher, the cluster is destroyed. When you delete an EKS cluster that was registered in Rancher, it is disconnected from the Rancher server, but it still exists and you can still access it in the same way you did before it was registered in Rancher. -For more information, see [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md) +For more information, see [this page.](register-existing-clusters.md) ## Programmatically Creating Clusters diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md index 3f0575a2f76..7cd0bb6f3f9 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md @@ -10,7 +10,7 @@ This page describes the requirements for the Rancher managed Kubernetes clusters :::note -If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.](../../../pages-for-subheaders/installation-requirements.md) +If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) ::: @@ -47,7 +47,7 @@ SUSE Linux may have a firewall that blocks all ports by default. In that situati ### Flatcar Container Linux Nodes -When [Launching Kubernetes with Rancher](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) using Flatcar Container Linux nodes, it is required to use the following configuration in the [Cluster Config File](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md#rke-cluster-config-file-reference) +When [Launching Kubernetes with Rancher](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) using Flatcar Container Linux nodes, it is required to use the following configuration in the [Cluster Config File](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md#rke-cluster-config-file-reference) @@ -92,13 +92,13 @@ It is also required to enable the Docker service, you can enable the Docker serv systemctl enable docker.service ``` -The Docker service is enabled automatically when using [Node Drivers](../../../pages-for-subheaders/about-provisioning-drivers.md#node-drivers). +The Docker service is enabled automatically when using [Node Drivers](../authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md#node-drivers). ### Windows Nodes Nodes with Windows Server must run Docker Enterprise Edition. -Windows nodes can be used for worker nodes only. See [Configuring Custom Clusters for Windows](../../../pages-for-subheaders/use-windows-clusters.md) +Windows nodes can be used for worker nodes only. See [Configuring Custom Clusters for Windows](use-windows-clusters/use-windows-clusters.md) ## Hardware Requirements @@ -114,7 +114,7 @@ For hardware recommendations for etcd clusters in production, refer to the offic For a production cluster, we recommend that you restrict traffic by opening only the ports defined in the port requirements below. -The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options](kubernetes-clusters-in-rancher-setup.md). For a breakdown of the port requirements for etcd nodes, controlplane nodes, and worker nodes in a Kubernetes cluster, refer to the [port requirements for the Rancher Kubernetes Engine.](https://rancher.com/docs/rke/latest/en/os/#ports) @@ -130,4 +130,4 @@ You should never register a node with the same hostname or IP address as an exis If you want to provision a Kubernetes cluster that is compliant with the CIS (Center for Internet Security) Kubernetes Benchmark, we recommend to following our hardening guide to configure your nodes before installing Kubernetes. -For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.](../../../pages-for-subheaders/rancher-security.md#rancher-hardening-guide) +For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.](../../../reference-guides/rancher-security/rancher-security.md#rancher-hardening-guide) diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 16f14da7e3f..a62ed8dc14d 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -17,7 +17,7 @@ The control that Rancher has to manage a registered cluster depends on the type Registered RKE Kubernetes clusters must have all three node roles - etcd, controlplane and worker. A cluster with only controlplane components cannot be registered in Rancher. -For more information on RKE node roles, see the [best practices.](../../../pages-for-subheaders/checklist-for-production-ready-clusters.md#cluster-architecture) +For more information on RKE node roles, see the [best practices.](checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md#cluster-architecture) ### Permissions @@ -114,9 +114,9 @@ The control that Rancher has to manage a registered cluster depends on the type After registering a cluster, the cluster owner can: - [Manage cluster access](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) through role-based access control -- Enable [monitoring, alerts and notifiers](../../../pages-for-subheaders/monitoring-and-alerting.md) -- Enable [logging](../../../pages-for-subheaders/logging.md) -- Enable [Istio](../../../pages-for-subheaders/istio.md) +- Enable [monitoring, alerts and notifiers](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) +- Enable [logging](../../../integrations-in-rancher/logging/logging.md) +- Enable [Istio](../../../integrations-in-rancher/istio/istio.md) - Manage projects and workloads ### Additional Features for Registered RKE2 and K3s Clusters @@ -141,7 +141,7 @@ Rancher handles registered EKS, AKS, or GKE clusters similarly to clusters creat When you create an EKS, AKS, or GKE cluster in Rancher, then delete it, Rancher destroys the cluster. When you delete a registered cluster through Rancher, the Rancher server _disconnects_ from the cluster. The cluster remains live, although it's no longer in Rancher. You can still access the deregistered cluster in the same way you did before you registered it. -See [Cluster Management Capabilities by Cluster Type](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for more information about what features are available for managing registered clusters. +See [Cluster Management Capabilities by Cluster Type](kubernetes-clusters-in-rancher-setup.md) for more information about what features are available for managing registered clusters. ## Configuring RKE2 and K3s Cluster Upgrades diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md index 5e552b27450..1c02032620f 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md @@ -38,7 +38,7 @@ All nodes added to the cluster must be able to interact with EC2 so that they ca While creating an [Amazon EC2 cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md), you must fill in the **IAM Instance Profile Name** (not ARN) of the created IAM role when creating the **Node Template**. -While creating a [Custom cluster](../../../../pages-for-subheaders/use-existing-nodes.md), you must manually attach the IAM role to the instance(s). +While creating a [Custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md), you must manually attach the IAM role to the instance(s). IAM Policy for nodes with the `controlplane` role: @@ -299,7 +299,7 @@ rancher_kubernetes_engine_config: useInstanceMetadataHostname: true ``` -You must not enable `useInstanceMetadataHostname` when setting custom values for `hostname-override` for custom clusters. When you create a [custom cluster](../../../../pages-for-subheaders/use-existing-nodes.md), add [`--node-name`](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) to the `docker run` node registration command to set `hostname-override` — for example, `"$(hostname -f)"`. This can be done manually or by using **Show Advanced Options** in the Rancher UI to add **Node Name**. +You must not enable `useInstanceMetadataHostname` when setting custom values for `hostname-override` for custom clusters. When you create a [custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md), add [`--node-name`](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) to the `docker run` node registration command to set `hostname-override` — for example, `"$(hostname -f)"`. This can be done manually or by using **Show Advanced Options** in the Rancher UI to add **Node Name**. 2. Select the cloud provider. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/set-up-cloud-providers.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md similarity index 73% rename from versioned_docs/version-2.8/pages-for-subheaders/set-up-cloud-providers.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md index 9a02515dba9..11c5e5590e3 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/set-up-cloud-providers.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md @@ -23,19 +23,19 @@ The following cloud providers can be enabled: ### Setting up the Amazon Cloud Provider -For details on enabling the Amazon cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md) +For details on enabling the Amazon cloud provider, refer to [this page.](amazon.md) ### Setting up the Azure Cloud Provider -For details on enabling the Azure cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/azure.md) +For details on enabling the Azure cloud provider, refer to [this page.](azure.md) ### Setting up the GCE Cloud Provider -For details on enabling the Google Compute Engine cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/google-compute-engine.md) +For details on enabling the Google Compute Engine cloud provider, refer to [this page.](google-compute-engine.md) ### Setting up the vSphere Cloud Provider -For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](configure-in-tree-vsphere.md) and [out-of-tree vSphere config](configure-out-of-tree-vsphere.md). ### Setting up a Custom Cloud Provider diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md index c3fac126e64..65fe5e545bb 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md @@ -268,7 +268,7 @@ For more information about connecting to an AKS private cluster, see the [AKS do The AKS provisioner can synchronize the state of an AKS cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) -For information on configuring the refresh interval, see [this section.](../../../../pages-for-subheaders/gke-cluster-configuration.md#configuring-the-refresh-interval) +For information on configuring the refresh interval, see [this section.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md#configuring-the-refresh-interval) ## Programmatically Creating AKS Clusters diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index 335267c0d66..287367362a8 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -63,7 +63,7 @@ Use Rancher to set up and configure your Kubernetes cluster. To successfully cre 1. Optional: Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Optional: Add Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to the cluster. 1. Enter your Google project ID and your Google cloud credentials. -1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](../../../../pages-for-subheaders/gke-cluster-configuration.md) +1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) 1. Click **Create**. **Result:** You have successfully deployed a GKE cluster. @@ -83,7 +83,7 @@ Private GKE clusters are supported. Note: This advanced setup can require more s ## Configuration Reference -For details on configuring GKE clusters in Rancher, see [this page.](../../../../pages-for-subheaders/gke-cluster-configuration.md) +For details on configuring GKE clusters in Rancher, see [this page.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) ## Updating Kubernetes Version The Kubernetes version of a cluster can be upgraded to any version available in the region or zone for the GKE cluster. Upgrading the master Kubernetes version does not automatically upgrade worker nodes. Nodes can be upgraded independently. @@ -98,7 +98,7 @@ GKE has removed basic authentication in 1.19+. In order to upgrade a cluster to The GKE provisioner can synchronize the state of a GKE cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) -For information on configuring the refresh interval, see [this section.](../../../../pages-for-subheaders/gke-cluster-configuration.md#configuring-the-refresh-interval) +For information on configuring the refresh interval, see [this section.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md#configuring-the-refresh-interval) ## Programmatically Creating GKE Clusters diff --git a/versioned_docs/version-2.8/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md similarity index 67% rename from versioned_docs/version-2.8/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md index fd4f4ed5bda..070c16dc420 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md @@ -25,9 +25,9 @@ Rancher supports the following Kubernetes providers: When using Rancher to create a cluster hosted by a provider, you are prompted for authentication information. This information is required to access the provider's API. For more information on how to obtain this information, see the following procedures: -- [Creating a GKE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) -- [Creating an EKS Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) -- [Creating an AKS Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) -- [Creating an ACK Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) -- [Creating a TKE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) -- [Creating a CCE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) +- [Creating a GKE Cluster](gke.md) +- [Creating an EKS Cluster](eks.md) +- [Creating an AKS Cluster](aks.md) +- [Creating an ACK Cluster](alibaba.md) +- [Creating a TKE Cluster](tencent.md) +- [Creating a CCE Cluster](huawei.md) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/use-windows-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md similarity index 84% rename from versioned_docs/version-2.8/pages-for-subheaders/use-windows-clusters.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md index 2e76e0ca874..91cee26d619 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/use-windows-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md @@ -6,7 +6,7 @@ title: Launching Kubernetes on Windows Clusters -When provisioning a [custom cluster](use-existing-nodes.md) using Rancher, Rancher uses RKE (the Rancher Kubernetes Engine) to install Kubernetes on your existing nodes. +When provisioning a [custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) using Rancher, Rancher uses RKE (the Rancher Kubernetes Engine) to install Kubernetes on your existing nodes. In a Windows cluster provisioned with Rancher, the cluster must contain both Linux and Windows nodes. The Kubernetes controlplane can only run on Linux nodes, and the Windows nodes can only have the worker role. Windows nodes can only be used for deploying workloads. @@ -42,7 +42,7 @@ Rancher will allow Windows workload pods to deploy on both Windows and Linux wor ## Requirements for Windows Clusters -The general node requirements for networking, operating systems, and Docker are the same as the node requirements for a [Rancher installation](installation-requirements.md). +The general node requirements for networking, operating systems, and Docker are the same as the node requirements for a [Rancher installation](../../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md). ### OS and Docker Requirements @@ -68,13 +68,13 @@ Rancher will not provision the node if the node does not meet these requirements ### Networking Requirements -Before provisioning a new cluster, be sure that you have already installed Rancher on a device that accepts inbound network traffic. This is required in order for the cluster nodes to communicate with Rancher. If you have not already installed Rancher, please refer to the [installation documentation](installation-and-upgrade.md) before proceeding with this guide. +Before provisioning a new cluster, be sure that you have already installed Rancher on a device that accepts inbound network traffic. This is required in order for the cluster nodes to communicate with Rancher. If you have not already installed Rancher, please refer to the [installation documentation](../../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) before proceeding with this guide. Rancher only supports Windows using Flannel as the network provider. There are two network options: [**Host Gateway (L2bridge)**](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#host-gw) and [**VXLAN (Overlay)**](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#vxlan). The default option is **VXLAN (Overlay)** mode. -For **Host Gateway (L2bridge)** networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. +For **Host Gateway (L2bridge)** networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. For **VXLAN (Overlay)** networking, the [KB4489899](https://support.microsoft.com/en-us/help/4489899) hotfix must be installed. Most cloud-hosted VMs already have this hotfix. @@ -134,18 +134,18 @@ Windows requires that containers must be built on the same Windows Server versio ### Cloud Provider Specific Requirements -If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page](../pages-for-subheaders/set-up-cloud-providers.md) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. +If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page](../set-up-cloud-providers/set-up-cloud-providers.md) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. If you are using the GCE (Google Compute Engine) cloud provider, you must do the following: -- Enable the GCE cloud provider in the `cluster.yml` by following [these steps.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/google-compute-engine.md) +- Enable the GCE cloud provider in the `cluster.yml` by following [these steps.](../set-up-cloud-providers/google-compute-engine.md) - When provisioning the cluster in Rancher, choose **Custom cloud provider** as the cloud provider in the Rancher UI. ## Tutorial: How to Create a Cluster with Windows Support This tutorial describes how to create a Rancher-provisioned cluster with the three nodes in the [recommended architecture.](#recommended-architecture) -When you provision a cluster with Rancher on existing nodes, you will add nodes to the cluster by installing the [Rancher agent](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) on each one. When you create or edit your cluster from the Rancher UI, you will see a **Customize Node Run Command** that you can run on each server to add it to your cluster. +When you provision a cluster with Rancher on existing nodes, you will add nodes to the cluster by installing the [Rancher agent](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) on each one. When you create or edit your cluster from the Rancher UI, you will see a **Customize Node Run Command** that you can run on each server to add it to your cluster. To set up a cluster with support for Windows nodes and containers, you will need to complete the tasks below. @@ -172,11 +172,11 @@ You will provision three nodes: | Node 2 | Linux (Ubuntu Server 18.04 recommended) | | Node 3 | Windows (Windows Server core version 1809 or above required) | -If your nodes are hosted by a **Cloud Provider** and you want automation support such as loadbalancers or persistent storage devices, your nodes have additional configuration requirements. For details, see [Selecting Cloud Providers.](../pages-for-subheaders/set-up-cloud-providers.md) +If your nodes are hosted by a **Cloud Provider** and you want automation support such as loadbalancers or persistent storage devices, your nodes have additional configuration requirements. For details, see [Selecting Cloud Providers.](../set-up-cloud-providers/set-up-cloud-providers.md) ### 2. Create the Cluster on Existing Nodes -The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster](use-existing-nodes.md) with some Windows-specific requirements. +The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) with some Windows-specific requirements. 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create**. @@ -190,7 +190,7 @@ The instructions for creating a Windows cluster on existing nodes are very simil :::note Important: -For Host Gateway (L2bridge) networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. +For Host Gateway (L2bridge) networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. ::: @@ -206,7 +206,7 @@ The first node in your cluster should be a Linux host has both the **Control Pla 1. In the **Node Operating System** section, click **Linux**. 1. In the **Node Role** section, choose at least **etcd** and **Control Plane**. We recommend selecting all three. -1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) 1. Copy the command displayed on the screen to your clipboard. 1. SSH into your Linux host and run the command that you copied to your clipboard. 1. When you are finished provisioning your Linux node(s), select **Done**. @@ -273,9 +273,9 @@ You can add Windows hosts to the cluster by editing the cluster and choosing the After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster: -- **Access your cluster with the kubectl CLI:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. -- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through the Rancher server. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. +- **Access your cluster with the kubectl CLI:** Follow [these steps](../../manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. +- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through the Rancher server. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. ## Configuration for Storage Classes in Azure -If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. For details, refer to [this section.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/azure-storageclass-configuration.md) +If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. For details, refer to [this section.](azure-storageclass-configuration.md) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/horizontal-pod-autoscaler.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md similarity index 70% rename from versioned_docs/version-2.8/pages-for-subheaders/horizontal-pod-autoscaler.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md index d18ce147d06..e0f5e51e4b4 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/horizontal-pod-autoscaler.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md @@ -20,11 +20,11 @@ The way that you manage HPAs is different based on your version of the Kubernete - **For Kubernetes API version autoscaling/V2beta1:** This version of the Kubernetes API lets you autoscale your pods based on the CPU and memory utilization of your application. - **For Kubernetes API Version autoscaling/V2beta2:** This version of the Kubernetes API lets you autoscale your pods based on CPU and memory utilization, in addition to custom metrics. -You can create, manage, and delete HPAs using the Rancher UI. From the Rancher UI you can configure the HPA to scale based on CPU and memory utilization. For more information, refer to [Managing HPAs with the Rancher UI](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-ui.md). To scale the HPA based on custom metrics, you still need to use `kubectl`. For more information, refer to [Configuring HPA to Scale Using Custom Metrics with Prometheus](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-kubectl.md#configuring-hpa-to-scale-using-custom-metrics-with-prometheus). +You can create, manage, and delete HPAs using the Rancher UI. From the Rancher UI you can configure the HPA to scale based on CPU and memory utilization. For more information, refer to [Managing HPAs with the Rancher UI](manage-hpas-with-ui.md). To scale the HPA based on custom metrics, you still need to use `kubectl`. For more information, refer to [Configuring HPA to Scale Using Custom Metrics with Prometheus](manage-hpas-with-kubectl.md#configuring-hpa-to-scale-using-custom-metrics-with-prometheus). Clusters created in Rancher v2.0.7 and higher automatically have all the requirements needed (metrics-server and Kubernetes cluster configuration) to use HPA. ## Testing HPAs with a Service Deployment -You can see your HPA's current number of replicas by going to your project and clicking **Resources > HPA**. For more information, refer to [Get HPA Metrics and Status](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-ui.md). +You can see your HPA's current number of replicas by going to your project and clicking **Resources > HPA**. For more information, refer to [Get HPA Metrics and Status](manage-hpas-with-ui.md). -You can also use `kubectl` to get the status of HPAs that you test with your load testing tool. For more information, refer to [Testing HPAs with kubectl](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/test-hpas-with-kubectl.md). +You can also use `kubectl` to get the status of HPAs that you test with your load testing tool. For more information, refer to [Testing HPAs with kubectl](test-hpas-with-kubectl.md). diff --git a/versioned_docs/version-2.8/pages-for-subheaders/kubernetes-resources-setup.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md similarity index 54% rename from versioned_docs/version-2.8/pages-for-subheaders/kubernetes-resources-setup.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md index 865f5ae5c46..132e0f2627d 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/kubernetes-resources-setup.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md @@ -10,15 +10,15 @@ You can view and manipulate all of the custom resources and CRDs in a Kubernetes ## Workloads -Deploy applications to your cluster nodes using [workloads](workloads-and-pods.md), which are objects that contain pods that run your apps, along with metadata that set rules for the deployment's behavior. Workloads can be deployed within the scope of the entire clusters or within a namespace. +Deploy applications to your cluster nodes using [workloads](workloads-and-pods/workloads-and-pods.md), which are objects that contain pods that run your apps, along with metadata that set rules for the deployment's behavior. Workloads can be deployed within the scope of the entire clusters or within a namespace. -When deploying a workload, you can deploy from any image. There are a variety of [workload types](workloads-and-pods.md#workload-types) to choose from which determine how your application should run. +When deploying a workload, you can deploy from any image. There are a variety of [workload types](workloads-and-pods/workloads-and-pods.md#workload-types) to choose from which determine how your application should run. Following a workload deployment, you can continue working with it. You can: -- [Upgrade](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/upgrade-workloads.md) the workload to a newer version of the application it's running. -- [Roll back](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/roll-back-workloads.md) a workload to a previous version, if an issue occurs during upgrade. -- [Add a sidecar](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/add-a-sidecar.md), which is a workload that supports a primary workload. +- [Upgrade](workloads-and-pods/upgrade-workloads.md) the workload to a newer version of the application it's running. +- [Roll back](workloads-and-pods/roll-back-workloads.md) a workload to a previous version, if an issue occurs during upgrade. +- [Add a sidecar](workloads-and-pods/add-a-sidecar.md), which is a workload that supports a primary workload. ## Load Balancing and Ingress @@ -30,10 +30,10 @@ If you want your applications to be externally accessible, you must add a load b Rancher supports two types of load balancers: -- [Layer-4 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) -- [Layer-7 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) +- [Layer-4 Load Balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) +- [Layer-7 Load Balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) -For more information, see [load balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). +For more information, see [load balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). #### Ingress @@ -41,7 +41,7 @@ Load Balancers can only handle one IP address per service, which means if you ru Ingress is a set of rules that act as a load balancer. Ingress works in conjunction with one or more ingress controllers to dynamically route service requests. When the ingress receives a request, the ingress controller(s) in your cluster program the load balancer to direct the request to the correct service based on service subdomains or path rules that you've configured. -For more information, see [Ingress](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/add-ingresses.md). +For more information, see [Ingress](load-balancer-and-ingress-controller/add-ingresses.md). When using ingresses in a project, you can program the ingress hostname to an external DNS by setting up a Global DNS entry. @@ -49,7 +49,7 @@ When using ingresses in a project, you can program the ingress hostname to an ex After you expose your cluster to external requests using a load balancer and/or ingress, it's only available by IP address. To create a resolveable hostname, you must create a service record, which is a record that maps an IP address, external hostname, DNS record alias, workload(s), or labelled pods to a specific hostname. -For more information, see [Service Discovery](../how-to-guides/new-user-guides/kubernetes-resources-setup/create-services.md). +For more information, see [Service Discovery](create-services.md). ## Applications @@ -61,7 +61,7 @@ Within the context of a Rancher project or namespace, _resources_ are files and Resources include: -- [Certificates](../how-to-guides/new-user-guides/kubernetes-resources-setup/encrypt-http-communication.md): Files used to encrypt/decrypt data entering or leaving the cluster. -- [ConfigMaps](../how-to-guides/new-user-guides/kubernetes-resources-setup/configmaps.md): Files that store general configuration information, such as a group of config files. -- [Secrets](../how-to-guides/new-user-guides/kubernetes-resources-setup/secrets.md): Files that store sensitive data like passwords, tokens, or keys. -- [Registries](../how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries.md): Files that carry credentials used to authenticate with private registries. +- [Certificates](encrypt-http-communication.md): Files used to encrypt/decrypt data entering or leaving the cluster. +- [ConfigMaps](configmaps.md): Files that store general configuration information, such as a group of config files. +- [Secrets](secrets.md): Files that store sensitive data like passwords, tokens, or keys. +- [Registries](kubernetes-and-docker-registries.md): Files that carry credentials used to authenticate with private registries. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/load-balancer-and-ingress-controller.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md similarity index 78% rename from versioned_docs/version-2.8/pages-for-subheaders/load-balancer-and-ingress-controller.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md index 41bdf40a323..b3f3976e6e3 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/load-balancer-and-ingress-controller.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md @@ -17,10 +17,10 @@ If you want your applications to be externally accessible, you must add a load b Rancher supports two types of load balancers: -- [Layer-4 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) -- [Layer-7 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) +- [Layer-4 Load Balancers](layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) +- [Layer-7 Load Balancers](layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) -For more information, see [load balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). +For more information, see [load balancers](layer-4-and-layer-7-load-balancing.md). ### Load Balancer Limitations @@ -30,9 +30,9 @@ Load Balancers have a couple of limitations you should be aware of: - If you want to use a load balancer with a Hosted Kubernetes cluster (i.e., clusters hosted in GKE, EKS, or AKS), the load balancer must be running within that cloud provider's infrastructure. Please review the compatibility tables regarding support for load balancers based on how you've provisioned your clusters: -- [Support for Layer-4 Load Balancing](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#support-for-layer-4-load-balancing) +- [Support for Layer-4 Load Balancing](layer-4-and-layer-7-load-balancing.md#support-for-layer-4-load-balancing) -- [Support for Layer-7 Load Balancing](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#support-for-layer-7-load-balancing) +- [Support for Layer-7 Load Balancing](layer-4-and-layer-7-load-balancing.md#support-for-layer-7-load-balancing) ## Ingress @@ -60,6 +60,6 @@ Refrain from adding an Ingress to the `local` cluster. The Nginx Ingress Control ::: -- For more information on how to set up ingress in Rancher, see [Ingress](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/add-ingresses.md). +- For more information on how to set up ingress in Rancher, see [Ingress](add-ingresses.md). - For complete information about ingress and ingress controllers, see the [Kubernetes Ingress Documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - When using ingresses in a project, you can program the ingress hostname to an external DNS by setting up a Global DNS entry. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md index 64d8e46af46..d60e582fc3b 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md @@ -21,7 +21,7 @@ Deploy a workload to run an application in one or more containers. 1. Either select an existing namespace, or click **Add to a new namespace** and enter a new namespace. -1. Click **Add Port** to enter a port mapping, which enables access to the application inside and outside of the cluster . For more information, see [Services](../../../../pages-for-subheaders/workloads-and-pods.md#services). +1. Click **Add Port** to enter a port mapping, which enables access to the application inside and outside of the cluster . For more information, see [Services](workloads-and-pods.md#services). 1. Configure the remaining options: @@ -45,7 +45,7 @@ Deploy a workload to run an application in one or more containers. - In [Amazon AWS](https://aws.amazon.com/), the nodes must be in the same Availability Zone and possess IAM permissions to attach/unattach volumes. - - The cluster must be using the [AWS cloud provider](https://github.com/kubernetes/website/blob/release-1.18/content/en/docs/concepts/cluster-administration/cloud-providers.md#aws) option. For more information on enabling this option see [Creating an Amazon EC2 Cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) or [Creating a Custom Cluster](../../../../pages-for-subheaders/use-existing-nodes.md). + - The cluster must be using the [AWS cloud provider](https://github.com/kubernetes/website/blob/release-1.18/content/en/docs/concepts/cluster-administration/cloud-providers.md#aws) option. For more information on enabling this option see [Creating an Amazon EC2 Cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) or [Creating a Custom Cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md). ::: diff --git a/versioned_docs/version-2.8/pages-for-subheaders/workloads-and-pods.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md similarity index 92% rename from versioned_docs/version-2.8/pages-for-subheaders/workloads-and-pods.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md index 5cfe84668af..c20787712ae 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/workloads-and-pods.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md @@ -71,9 +71,9 @@ There are several types of services available in Rancher. The descriptions below This section of the documentation contains instructions for deploying workloads and using workload options. -- [Deploy Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md) -- [Upgrade Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/upgrade-workloads.md) -- [Rollback Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/roll-back-workloads.md) +- [Deploy Workloads](deploy-workloads.md) +- [Upgrade Workloads](upgrade-workloads.md) +- [Rollback Workloads](roll-back-workloads.md) ## Related Links diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md index bd90885720a..2d98149dae2 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md @@ -11,15 +11,15 @@ There are two different agent resources deployed on Rancher managed clusters: - [cattle-cluster-agent](#cattle-cluster-agent) - [cattle-node-agent](#cattle-node-agent) -For a conceptual overview of how the Rancher server provisions clusters and communicates with them, refer to the [architecture](../../../pages-for-subheaders/rancher-manager-architecture.md). +For a conceptual overview of how the Rancher server provisions clusters and communicates with them, refer to the [architecture](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md). ### cattle-cluster-agent -The `cattle-cluster-agent` is used to connect to the Kubernetes API of [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. The `cattle-cluster-agent` is deployed using a Deployment resource. +The `cattle-cluster-agent` is used to connect to the Kubernetes API of [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) clusters. The `cattle-cluster-agent` is deployed using a Deployment resource. ### cattle-node-agent -The `cattle-node-agent` is used to interact with nodes in a [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) cluster when performing cluster operations. Examples of cluster operations are upgrading Kubernetes version and creating/restoring etcd snapshots. The `cattle-node-agent` is deployed using a DaemonSet resource to make sure it runs on every node. The `cattle-node-agent` is used as fallback option to connect to the Kubernetes API of [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters when `cattle-cluster-agent` is unavailable. +The `cattle-node-agent` is used to interact with nodes in a [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) cluster when performing cluster operations. Examples of cluster operations are upgrading Kubernetes version and creating/restoring etcd snapshots. The `cattle-node-agent` is deployed using a DaemonSet resource to make sure it runs on every node. The `cattle-node-agent` is used as fallback option to connect to the Kubernetes API of [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) clusters when `cattle-cluster-agent` is unavailable. ### Scheduling rules @@ -32,7 +32,7 @@ If control plane nodes are present in the cluster, the default tolerations will | `cattle-cluster-agent` | `beta.kubernetes.io/os:NotIn:windows` | none | **Note:** These are the default tolerations, and will be replaced by tolerations matching taints applied to controlplane nodes.

`effect:NoSchedule`
`key:node-role.kubernetes.io/controlplane`
`value:true`

`effect:NoSchedule`
`key:node-role.kubernetes.io/control-plane`
`operator:Exists`

`effect:NoSchedule`
`key:node-role.kubernetes.io/master`
`operator:Exists` | | `cattle-node-agent` | `beta.kubernetes.io/os:NotIn:windows` | none | `operator:Exists` | -The `cattle-cluster-agent` Deployment has preferred scheduling rules using `preferredDuringSchedulingIgnoredDuringExecution`, favoring to be scheduled on nodes with the `controlplane` node. When there are no controlplane nodes visible in the cluster (this is usually the case when using [Clusters from Hosted Kubernetes Providers](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md)), you can add the label `cattle.io/cluster-agent=true` on a node to prefer scheduling the `cattle-cluster-agent` pod to that node. +The `cattle-cluster-agent` Deployment has preferred scheduling rules using `preferredDuringSchedulingIgnoredDuringExecution`, favoring to be scheduled on nodes with the `controlplane` node. When there are no controlplane nodes visible in the cluster (this is usually the case when using [Clusters from Hosted Kubernetes Providers](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md)), you can add the label `cattle.io/cluster-agent=true` on a node to prefer scheduling the `cattle-cluster-agent` pod to that node. See [Kubernetes: Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) to find more information about scheduling rules. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/launch-kubernetes-with-rancher.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md similarity index 85% rename from versioned_docs/version-2.8/pages-for-subheaders/launch-kubernetes-with-rancher.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md index 5b7f4363bab..e62d67c8323 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/launch-kubernetes-with-rancher.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md @@ -20,23 +20,23 @@ Rancher can also create pools of nodes. One benefit of installing Kubernetes on ### Requirements -If you use RKE to set up a cluster, your nodes must meet the [requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) for nodes in downstream user clusters. +If you use RKE to set up a cluster, your nodes must meet the [requirements](../kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) for nodes in downstream user clusters. ### Launching Kubernetes on New Nodes in an Infrastructure Provider -Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider.md#node-templates). This node template defines the parameters you want to use to launch nodes in your cloud providers. +Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). This node template defines the parameters you want to use to launch nodes in your cloud providers. One benefit of installing Kubernetes on node pools hosted by an infrastructure provider is that if a node loses connectivity with the cluster, Rancher can automatically create another node to join the cluster to ensure that the count of the node pool is as expected. -For more information, refer to the section on [launching Kubernetes on new nodes.](use-new-nodes-in-an-infra-provider.md) +For more information, refer to the section on [launching Kubernetes on new nodes.](use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### Launching Kubernetes on Existing Custom Nodes In this scenario, you want to install Kubernetes on bare-metal servers, on-prem virtual machines, or virtual machines that already exist in a cloud provider. With this option, you will run a Rancher agent Docker container on the machine. -If you want to reuse a node from a previous custom cluster, [clean the node](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node](../manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. -For more information, refer to the section on [custom nodes.](use-existing-nodes.md) +For more information, refer to the section on [custom nodes.](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) ### Programmatically Creating RKE Clusters diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index bef31ab3f23..6f64d0abb70 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -32,7 +32,7 @@ Then you will create a DigitalOcean cluster in Rancher, and when configuring the ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for DigitalOcean will allow Rancher to provision new nodes in DigitalOcean. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for DigitalOcean will allow Rancher to provision new nodes in DigitalOcean. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -46,7 +46,7 @@ Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an- 1. On the **Clusters** page, click **Create**. 1. Click **DigitalOcean**. 1. Enter a **Cluster Name**. -1. Add one or more node pools to your cluster. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Add one or more node pools to your cluster. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. **In the Cluster Configuration** section, choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Click **Create**. @@ -75,7 +75,7 @@ Use Rancher to create a Kubernetes cluster in DigitalOcean. 1. Click **DigitalOcean**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to the [DigitalOcean machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 5bc7d109825..3a4db1d0a73 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -18,7 +18,7 @@ Then you will create an EC2 cluster in Rancher, and when configuring the new clu - **AWS EC2 Access Key and Secret Key** that will be used to create the instances. See [Amazon Documentation: Creating Access Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) how to create an Access Key and Secret Key. - **IAM Policy created** to add to the user of the Access Key And Secret Key. See [Amazon Documentation: Creating IAM Policies (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start) how to create an IAM policy. See our three example JSON policies below: - [Example IAM Policy](#example-iam-policy) - - [Example IAM Policy with PassRole](#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) + - [Example IAM Policy with PassRole](#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) - [Example IAM Policy to allow encrypted EBS volumes](#example-iam-policy-to-allow-encrypted-ebs-volumes) - **IAM Policy added as Permission** to the user. See [Amazon Documentation: Adding Permissions to a User (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) how to attach it to an user. @@ -48,7 +48,7 @@ The steps to create a cluster differ based on your Rancher version. ### 2. Create a node template with your cloud credentials and information from EC2 -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for EC2 will allow Rancher to provision new nodes in EC2. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for EC2 will allow Rancher to provision new nodes in EC2. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates** @@ -64,14 +64,14 @@ Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an- ### 3. Create a cluster with node pools using the node template -Add one or more node pools to your cluster. For more information about node pools, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +Add one or more node pools to your cluster. For more information about node pools, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. Click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create**. 1. Click **Amazon EC2**. -1. Create a node pool for each Kubernetes role. For each node pool, choose a node template that you created. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Create a node pool for each Kubernetes role. For each node pool, choose a node template that you created. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers](../../../../pages-for-subheaders/set-up-cloud-providers.md) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) +1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) :::note @@ -107,7 +107,7 @@ If you already have a set of cloud credentials to use, skip this section. 1. Click **Amazon EC2**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to [the EC2 machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 758616b057d..2b9e2e10cdd 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -69,7 +69,7 @@ The creation of this service principal returns three pieces of identification in ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for Azure will allow Rancher to provision new nodes in Azure. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for Azure will allow Rancher to provision new nodes in Azure. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -85,7 +85,7 @@ Use Rancher to create a Kubernetes cluster in Azure. 1. On the **Clusters** page, click **Create**. 1. Click **Azure**. 1. Enter a **Cluster Name**. -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. In the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Click **Create**. @@ -116,7 +116,7 @@ Use Rancher to create a Kubernetes cluster in Azure. 1. Click **Azure**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to the [Azure machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/nutanix.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md similarity index 65% rename from versioned_docs/version-2.8/pages-for-subheaders/nutanix.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md index b626cf2bd12..9c761b50475 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/nutanix.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md @@ -13,9 +13,9 @@ Rancher can provision nodes in AOS (AHV) and install Kubernetes on them. When cr A Nutanix cluster may consist of multiple groups of VMs with distinct properties, such as the amount of memory or the number of vCPUs. This grouping allows for fine-grained control over the sizing of nodes for each Kubernetes role. -- [Creating a Nutanix Cluster](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md#creating-a-nutanix-aos-cluster) -- [Provisioning Storage](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md) +- [Creating a Nutanix Cluster](provision-kubernetes-clusters-in-aos.md#creating-a-nutanix-aos-cluster) +- [Provisioning Storage](provision-kubernetes-clusters-in-aos.md) ## Creating a Nutanix Cluster -In [this section,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in Nutanix AOS. \ No newline at end of file +In [this section,](provision-kubernetes-clusters-in-aos.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in Nutanix AOS. \ No newline at end of file diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index ded99b0679c..df67f078ac3 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -55,7 +55,7 @@ Setting up [VM-VM Anti-Affinity Policies](https://portal.nutanix.com/page/docume ### 1. Create a node template -Creating a [node template](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for Nutanix AOS will allow Rancher to provision new nodes in Nutanix AOS. Node templates can be reused for other clusters. +Creating a [node template](../use-new-nodes-in-an-infra-provider.md#node-templates) for Nutanix AOS will allow Rancher to provision new nodes in Nutanix AOS. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -75,7 +75,7 @@ Use Rancher to create a Kubernetes cluster in Nutanix AOS. 1. Enter a **Cluster Name**, then click **Continue**. 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users who can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used, and whether you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../use-new-nodes-in-an-infra-provider.md#node-pools) 1. Review your options to confirm they're correct. Then click **Create**. **Result:** Your cluster is created and assigned a state of **Provisioning**. Rancher is standing up your cluster. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md similarity index 92% rename from versioned_docs/version-2.8/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md index 59e2425659f..88bac5263d0 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md @@ -125,11 +125,11 @@ Node templates can use cloud credentials to store credentials for launching node - Multiple node templates can share the same cloud credential to create node pools. If your key is compromised or expired, the cloud credential can be updated in a single place, which allows all node templates that are using it to be updated at once. -After cloud credentials are created, the user can start [managing the cloud credentials that they created](../reference-guides/user-settings/manage-cloud-credentials.md). +After cloud credentials are created, the user can start [managing the cloud credentials that they created](../../../../reference-guides/user-settings/manage-cloud-credentials.md). ### Node Drivers -If you don't find the node driver that you want to use, you can see if it is available in Rancher's built-in [node drivers and activate it](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#activatingdeactivating-node-drivers), or you can [add your own custom node driver](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#adding-custom-node-drivers). +If you don't find the node driver that you want to use, you can see if it is available in Rancher's built-in [node drivers and activate it](../../authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#activatingdeactivating-node-drivers), or you can [add your own custom node driver](../../authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#adding-custom-node-drivers). ## RKE2 Clusters @@ -137,7 +137,7 @@ Rancher v2.6 introduces provisioning for [RKE2](https://docs.rke2.io/) clusters :::note -For RKE2 cluster templates, please refer to [this page](../how-to-guides/new-user-guides/manage-clusters/manage-cluster-templates.md#rke2-cluster-template) for additional information. +For RKE2 cluster templates, please refer to [this page](../../manage-clusters/manage-cluster-templates.md#rke2-cluster-template) for additional information. ::: @@ -149,7 +149,7 @@ The same functionality of using `etcd`, `controlplane` and `worker` nodes is pos The implementation of the three node roles in Rancher means that Rancher managed RKE2 clusters are able to easily leverage all of the same architectural best practices that are recommended for RKE clusters. -In our [recommended cluster architecture](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md), we outline how many nodes of each role clusters should have: +In our [recommended cluster architecture](../../kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md), we outline how many nodes of each role clusters should have: - At least three nodes with the role etcd to survive losing one node - At least two nodes with the role controlplane for master component high availability diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index a28520b24dd..92eb0a4f6f9 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -69,7 +69,7 @@ If you have a cluster with DRS enabled, setting up [VM-VM Affinity Rules](https: ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for vSphere will allow Rancher to provision new nodes in vSphere. Node templates can be reused for other clusters. +Creating a [node template](../use-new-nodes-in-an-infra-provider.md#node-templates) for vSphere will allow Rancher to provision new nodes in vSphere. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -90,7 +90,7 @@ Use Rancher to create a Kubernetes cluster in vSphere. 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. If you want to dynamically provision persistent storage or other infrastructure later, you will need to enable the vSphere cloud provider by modifying the cluster YAML file. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../use-new-nodes-in-an-infra-provider.md#node-pools) 1. Review your options to confirm they're correct. Then click **Create**. **Result:** @@ -111,4 +111,4 @@ After creating your cluster, you can access it through the Rancher UI. As a best - **Access your cluster with the kubectl CLI:** Follow [these steps](../../../../new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. - **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../../../new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. -- **Provision Storage:** For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../../../pages-for-subheaders/provisioning-storage-examples.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +- **Provision Storage:** For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). diff --git a/versioned_docs/version-2.8/pages-for-subheaders/vsphere.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md similarity index 64% rename from versioned_docs/version-2.8/pages-for-subheaders/vsphere.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md index 634a037c1cd..9890f087ece 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/vsphere.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md @@ -21,7 +21,7 @@ The vSphere node templates have been updated, allowing you to bring cloud operat ### Self-healing Node Pools -One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,](use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. +One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,](../use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. :::caution @@ -33,7 +33,7 @@ It is not recommended to enable node auto-replace on a node pool of master nodes Node templates for vSphere have been updated so that when you create a node template with your vSphere credentials, the template is automatically populated with the same options for provisioning VMs that you have access to in the vSphere console. -For the fields to be populated, your setup needs to fulfill the [prerequisites.](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md#preparation-in-vsphere) +For the fields to be populated, your setup needs to fulfill the [prerequisites.](provision-kubernetes-clusters-in-vsphere.md#preparation-in-vsphere) ### More Supported Operating Systems @@ -47,14 +47,14 @@ In this YouTube video, we demonstrate how to set up a node template with the new ## Creating a vSphere Cluster -In [this section,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in vSphere. +In [this section,](provision-kubernetes-clusters-in-vsphere.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in vSphere. ## Provisioning Storage -For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. Refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../manage-clusters/provisioning-storage-examples/vsphere-storage.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. Refer to [in-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). ## Enabling the vSphere Cloud Provider When a cloud provider is set up in Rancher, the Rancher server can automatically provision new infrastructure for the cluster, including new nodes or persistent storage devices. -For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). diff --git a/versioned_docs/version-2.8/pages-for-subheaders/access-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md similarity index 71% rename from versioned_docs/version-2.8/pages-for-subheaders/access-clusters.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md index 69d18515700..a4929ee26cf 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/access-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md @@ -8,11 +8,11 @@ title: Cluster Access This section is about what tools can be used to access clusters managed by Rancher. -For information on how to give users permission to access a cluster, see the section on [adding users to clusters.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) +For information on how to give users permission to access a cluster, see the section on [adding users to clusters.](add-users-to-clusters.md) -For more information on roles-based access control, see [this section.](manage-role-based-access-control-rbac.md) +For more information on roles-based access control, see [this section.](../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) -For information on how to set up an authentication system, see [this section.](authentication-config.md) +For information on how to set up an authentication system, see [this section.](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) ## Clusters in Rancher UI @@ -29,7 +29,7 @@ You can also access the **Clusters** page by clicking the **Manage** button abov On the **Clusters** page, select **⁝** at the end of each row to view a submenu with the following options: -* [Kubectl Shell](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md) +* [Kubectl Shell](use-kubectl-and-kubeconfig.md) * Download KubeConfig * Copy KubeConfig to Clipboard * Edit Config @@ -53,13 +53,13 @@ The **Cluster Dashboard** lists information about a specific cluster, such as nu You can use the Kubernetes command-line tool, [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), to manage your clusters. You have two options for using kubectl: -- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md). -- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md). +- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell](use-kubectl-and-kubeconfig.md). +- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](use-kubectl-and-kubeconfig.md). ## Rancher CLI -You can control your clusters by downloading Rancher's own command-line interface, [Rancher CLI](cli-with-rancher.md). This CLI tool can interact directly with different clusters and projects or pass them `kubectl` commands. +You can control your clusters by downloading Rancher's own command-line interface, [Rancher CLI](../../../../reference-guides/cli-with-rancher/cli-with-rancher.md). This CLI tool can interact directly with different clusters and projects or pass them `kubectl` commands. ## Rancher API -Finally, you can interact with your clusters over the Rancher API. Before you use the API, you must obtain an [API key](../reference-guides/user-settings/api-keys.md). To view the different resource fields and actions for an API object, open the API UI, which can be accessed by clicking on **View in API** for any Rancher UI object. +Finally, you can interact with your clusters over the Rancher API. Before you use the API, you must obtain an [API key](../../../../reference-guides/user-settings/api-keys.md). To view the different resource fields and actions for an API object, open the API UI, which can be accessed by clicking on **View in API** for any Rancher UI object. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md index 148715a31de..ebb64045d5c 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md @@ -35,7 +35,7 @@ Cluster administrators can edit the membership for a cluster, controlling which If external authentication is configured: - - Rancher returns users from your [external authentication](../../../../pages-for-subheaders/authentication-config.md) source as you type. + - Rancher returns users from your [external authentication](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) source as you type. :::note Using AD but can't find your users? @@ -47,7 +47,7 @@ Cluster administrators can edit the membership for a cluster, controlling which :::note - If you are logged in as a local user, external users do not display in your search results. For more information, see [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). + If you are logged in as a local user, external users do not display in your search results. For more information, see [External Authentication Configuration and Principal Users](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md index 543ed4d10b4..8db87b8b982 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md @@ -27,7 +27,7 @@ If admins have [kubeconfig token generation turned off](../../../../reference-gu ### Two Authentication Methods for RKE Clusters -If the cluster is not an [RKE cluster,](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) the kubeconfig file allows you to access the cluster in only one way: it lets you be authenticated with the Rancher server, then Rancher allows you to run kubectl commands on the cluster. +If the cluster is not an [RKE cluster,](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) the kubeconfig file allows you to access the cluster in only one way: it lets you be authenticated with the Rancher server, then Rancher allows you to run kubectl commands on the cluster. For RKE clusters, the kubeconfig file allows you to be authenticated in two ways: diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md index 6099a7d33d3..2c32c5c3660 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md @@ -48,7 +48,7 @@ Rancher will discover and show resources created by `kubectl`. However, these re ## Authenticating Directly with a Downstream Cluster -This section intended to help you set up an alternative method to access an [RKE cluster.](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +This section intended to help you set up an alternative method to access an [RKE cluster.](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) This method is only available for RKE, RKE2, and K3s clusters that have the [authorized cluster endpoint](../../../../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled. When Rancher creates the cluster, it generates a kubeconfig file that includes additional kubectl context(s) for accessing your cluster. This additional context allows you to use kubectl to authenticate with the downstream cluster without authenticating through Rancher. For a longer explanation of how the authorized cluster endpoint works, refer to [this page](authorized-cluster-endpoint.md). diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md index 9b9c30d32cb..a705b202f2f 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md @@ -8,7 +8,7 @@ title: Adding a Pod Security Policy :::note Prerequisite: -The options below are available only for clusters that are [launched using RKE.](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +The options below are available only for clusters that are [launched using RKE.](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ::: @@ -22,7 +22,7 @@ You can assign a pod security policy when you provision a cluster. However, if y :::note - This option is only available for clusters [provisioned by RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). + This option is only available for clusters [provisioned by RKE](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ::: diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md index b45beab4572..736bc664d8c 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md @@ -27,9 +27,9 @@ When cleaning nodes provisioned using Rancher, the following components are dele | All resources create under the `management.cattle.io` API Group | ✓ | ✓ | ✓ | | | All CRDs created by Rancher v2.x | ✓ | ✓ | ✓ | | -[1]: ../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md -[2]: ../../../pages-for-subheaders/use-existing-nodes.md -[3]: ../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +[1]: ../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md +[2]: ../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +[3]: ../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md [4]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md ## Removing a Node from a Cluster by Rancher UI diff --git a/versioned_docs/version-2.8/pages-for-subheaders/create-kubernetes-persistent-storage.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md similarity index 65% rename from versioned_docs/version-2.8/pages-for-subheaders/create-kubernetes-persistent-storage.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md index 58fcb58c1cb..58a71adce61 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/create-kubernetes-persistent-storage.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md @@ -9,15 +9,15 @@ description: "Learn about the two ways with which you can create persistent stor When deploying an application that needs to retain data, you'll need to create persistent storage. Persistent storage allows you to store application data external from the pod running your application. This storage practice allows you to maintain application data, even if the application's pod fails. -The documents in this section assume that you understand the Kubernetes concepts of persistent volumes, persistent volume claims, and storage classes. For more information, refer to the section on [how storage works.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-persistent-storage.md) +The documents in this section assume that you understand the Kubernetes concepts of persistent volumes, persistent volume claims, and storage classes. For more information, refer to the section on [how storage works.](manage-persistent-storage/about-persistent-storage.md) ### Prerequisites -To set up persistent storage, the `Manage Volumes` [role](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. +To set up persistent storage, the `Manage Volumes` [role](../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../pages-for-subheaders/set-up-cloud-providers.md) +For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) For attaching existing persistent storage to a cluster, the cloud provider does not need to be enabled. @@ -30,7 +30,7 @@ The overall workflow for setting up existing storage is as follows: 3. Add a persistent volume claim (PVC) that refers to the PV. 4. Mount the PVC as a volume in your workload. -For details and prerequisites, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/set-up-existing-storage.md) +For details and prerequisites, refer to [this page.](manage-persistent-storage/set-up-existing-storage.md) ### Dynamically Provisioning New Storage in Rancher @@ -40,7 +40,7 @@ The overall workflow for provisioning new storage is as follows: 2. Add a persistent volume claim (PVC) that refers to the storage class. 3. Mount the PVC as a volume for your workload. -For details and prerequisites, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md) +For details and prerequisites, refer to [this page.](manage-persistent-storage/dynamically-provision-new-storage.md) ### Longhorn Storage @@ -50,19 +50,19 @@ Longhorn is free, open source software. Originally developed by Rancher Labs, it If you have a pool of block storage, Longhorn can help you provide persistent storage to your Kubernetes cluster without relying on cloud providers. For more information about Longhorn features, refer to the [documentation.](https://longhorn.io/docs/latest/what-is-longhorn/) -Rancher v2.5 simplified the process of installing Longhorn on a Rancher-managed cluster. For more information, see [Cloud Native Storage with Longhorn](../integrations-in-rancher/longhorn/longhorn.md). +Rancher v2.5 simplified the process of installing Longhorn on a Rancher-managed cluster. For more information, see [Cloud Native Storage with Longhorn](../../../../integrations-in-rancher/longhorn/longhorn.md). ### Provisioning Storage Examples -We provide examples of how to provision storage with [NFS,](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md) [vSphere,](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) and [Amazon's EBS.](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) +We provide examples of how to provision storage with [NFS,](../provisioning-storage-examples/nfs-storage.md) [vSphere,](../provisioning-storage-examples/vsphere-storage.md) and [Amazon's EBS.](../provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) ### GlusterFS Volumes -In clusters that store data on GlusterFS volumes, you may experience an issue where pods fail to mount volumes after restarting the `kubelet`. For details on preventing this from happening, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md) +In clusters that store data on GlusterFS volumes, you may experience an issue where pods fail to mount volumes after restarting the `kubelet`. For details on preventing this from happening, refer to [this page.](manage-persistent-storage/about-glusterfs-volumes.md) ### iSCSI Volumes -In [Rancher Launched Kubernetes clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. For details on resolving this issue, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md) +In [Rancher Launched Kubernetes clusters](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. For details on resolving this issue, refer to [this page.](manage-persistent-storage/install-iscsi-volumes.md) ### hostPath Volumes Before you create a hostPath volume, you need to set up an [extra_bind](https://rancher.com/docs/rke/latest/en/config-options/services/services-extras/#extra-binds/) in your cluster configuration. This will mount the path as a volume in your kubelets, which can then be used for hostPath volumes in your workloads. @@ -71,7 +71,7 @@ Before you create a hostPath volume, you need to set up an [extra_bind](https:// Kubernetes is moving away from maintaining cloud providers in-tree. vSphere has an out-of-tree cloud provider that can be used by installing the vSphere cloud provider and cloud storage plugins. -For instructions on how to migrate from the in-tree vSphere cloud provider to out-of-tree, and manage the existing VMs post migration, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md) +For instructions on how to migrate from the in-tree vSphere cloud provider to out-of-tree, and manage the existing VMs post migration, refer to [this page.](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md) ### Related Links diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md index aef5e622446..6c0b1c1d0d2 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md @@ -8,7 +8,7 @@ title: GlusterFS Volumes :::note -This section only applies to [RKE clusters.](../../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +This section only applies to [RKE clusters.](../../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ::: diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md index 77343a9f5c9..c40d3000816 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md @@ -23,7 +23,7 @@ To provision new storage for your workloads, follow these steps: - To set up persistent storage, the `Manage Volumes` [role](../../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. - If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../../../../pages-for-subheaders/set-up-cloud-providers.md) +- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) - Make sure your storage provisioner is available to be enabled. The following storage provisioners are enabled by default: diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md index cce04e02a24..6fe70097a2f 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md @@ -6,7 +6,7 @@ title: iSCSI Volumes -In [Rancher Launched Kubernetes clusters](../../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. This failure is likely due to an incompatibility issue involving the iSCSI initiator tool. You can resolve this issue by installing the iSCSI initiator tool on each of your cluster nodes. +In [Rancher Launched Kubernetes clusters](../../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. This failure is likely due to an incompatibility issue involving the iSCSI initiator tool. You can resolve this issue by installing the iSCSI initiator tool on each of your cluster nodes. Rancher Launched Kubernetes clusters storing data on iSCSI volumes leverage the [iSCSI initiator tool](http://www.open-iscsi.com/), which is embedded in the kubelet's `rancher/hyperkube` Docker image. From each kubelet (i.e., the _initiator_), the tool discovers and launches sessions with an iSCSI volume (i.e., the _target_). However, in some instances, the versions of the iSCSI initiator tool installed on the initiator and the target may not match, resulting in a connection failure. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/install-cluster-autoscaler.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md similarity index 91% rename from versioned_docs/version-2.8/pages-for-subheaders/install-cluster-autoscaler.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md index 8b749aae5ee..127153dd06b 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/install-cluster-autoscaler.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md @@ -25,4 +25,4 @@ Cluster Autoscaler provides support to distinct cloud providers. For more inform ### Setting up Cluster Autoscaler on Amazon Cloud Provider -For details on running the cluster autoscaler on Amazon cloud provider, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md) +For details on running the cluster autoscaler on Amazon cloud provider, refer to [this page.](use-aws-ec2-auto-scaling-groups.md) diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md index c8debb174ad..7daaab8504b 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md @@ -238,7 +238,7 @@ More info is at [RKE clusters on AWS](../../../new-user-guides/kubernetes-cluste Once we've configured AWS, let's create VMs to bootstrap our cluster: -* master (etcd+controlplane): Depending your needs, deploy three master instances with proper size. More info is at [the recommendations for production-ready clusters.](../../../../pages-for-subheaders/checklist-for-production-ready-clusters.md) +* master (etcd+controlplane): Depending your needs, deploy three master instances with proper size. More info is at [the recommendations for production-ready clusters.](../../kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) * IAM role: `K8sMasterRole` * Security group: `K8sMasterSg` * Tags: diff --git a/versioned_docs/version-2.8/pages-for-subheaders/manage-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md similarity index 68% rename from versioned_docs/version-2.8/pages-for-subheaders/manage-clusters.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md index e6f69885338..23fc13f7b51 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/manage-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md @@ -10,13 +10,13 @@ After you provision a cluster in Rancher, you can begin using powerful Kubernete :::note -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../../../reference-guides/kubernetes-concepts.md) page. ::: ## Managing Clusters in Rancher -After clusters have been [provisioned into Rancher](kubernetes-clusters-in-rancher-setup.md), [cluster owners](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. +After clusters have been [provisioned into Rancher](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md), [cluster owners](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md index 2e7f151e5c2..fbbe7813b4e 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md @@ -13,11 +13,11 @@ After you launch a Kubernetes cluster in Rancher, you can manage individual node 1. Find the cluster whose nodes you want to manage, and click the **Explore** button at the end of the row. 1. Select **Nodes** from the left navigation. -Depending on the [option used](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) to provision the cluster, there are different node options available. +Depending on the [option used](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) to provision the cluster, there are different node options available. :::note -If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters](../../../pages-for-subheaders/cluster-configuration.md). +If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters](../../../reference-guides/cluster-configuration/cluster-configuration.md). ::: @@ -36,9 +36,9 @@ The following table lists which node options are available for each type of clus | [Download Keys](#ssh-into-a-node-hosted-by-an-infrastructure-provider) | ✓ | | | | | Download SSH key in order to SSH into the node. | | [Node Scaling](#scaling-nodes) | ✓ | | | ✓ | | Scale the number of nodes in the node pool up or down. | -[1]: ../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md -[2]: ../../../pages-for-subheaders/use-existing-nodes.md -[3]: ../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +[1]: ../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md +[2]: ../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +[3]: ../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md [4]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md [5]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -47,17 +47,17 @@ The following table lists which node options are available for each type of clus ### Nodes Hosted by an Infrastructure Provider -Node pools are available when you provision Rancher-launched Kubernetes clusters on nodes that are [hosted in an infrastructure provider.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +Node pools are available when you provision Rancher-launched Kubernetes clusters on nodes that are [hosted in an infrastructure provider.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) -Clusters provisioned using [one of the node pool options](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) can be scaled up or down if the node pool is edited. +Clusters provisioned using [one of the node pool options](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-pools) can be scaled up or down if the node pool is edited. -A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. +A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. -Rancher uses [node templates](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) to replace nodes in the node pool. Each node template uses cloud provider credentials to allow Rancher to set up the node in the infrastructure provider. +Rancher uses [node templates](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) to replace nodes in the node pool. Each node template uses cloud provider credentials to allow Rancher to set up the node in the infrastructure provider. ### Nodes Provisioned by Hosted Kubernetes Providers -Options for managing nodes [hosted by a Kubernetes provider](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md) are somewhat limited in Rancher. Rather than using the Rancher UI to make edits such as scaling the number of nodes up or down, edit the cluster directly. +Options for managing nodes [hosted by a Kubernetes provider](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) are somewhat limited in Rancher. Rather than using the Rancher UI to make edits such as scaling the number of nodes up or down, edit the cluster directly. ### Registered Nodes @@ -76,13 +76,13 @@ To manage individual nodes, browse to the cluster that you want to manage and th ## Viewing a Node in the Rancher API -Select this option to view the node's [API endpoints](../../../pages-for-subheaders/about-the-api.md). +Select this option to view the node's [API endpoints](../../../reference-guides/about-the-api/about-the-api.md). ## Deleting a Node Use **Delete** to remove defective nodes from the cloud provider. -When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) +When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) :::tip @@ -92,11 +92,11 @@ If your cluster is hosted by an infrastructure provider, and you want to scale y ## Scaling Nodes -For nodes hosted by an infrastructure provider, you can scale the number of nodes in each [node pool](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) by using the scale controls. This option isn't available for other cluster types. +For nodes hosted by an infrastructure provider, you can scale the number of nodes in each [node pool](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-pools) by using the scale controls. This option isn't available for other cluster types. ## SSH into a Node Hosted by an Infrastructure Provider -For [nodes hosted by an infrastructure provider](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), you have the option of downloading its SSH key so that you can connect to it remotely from your desktop. +For [nodes hosted by an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), you have the option of downloading its SSH key so that you can connect to it remotely from your desktop. 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, go to the cluster where you want to SSH into a node and click the name of the cluster. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md index d74b70822d3..09c74502119 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md @@ -38,10 +38,10 @@ You can assign resources at the project level so that each namespace in the proj You can assign the following resources directly to namespaces: -- [Workloads](../../../pages-for-subheaders/workloads-and-pods.md) -- [Load Balancers/Ingress](../../../pages-for-subheaders/load-balancer-and-ingress-controller.md) +- [Workloads](../kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) +- [Load Balancers/Ingress](../kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md) - [Service Discovery Records](../../new-user-guides/kubernetes-resources-setup/create-services.md) -- [Persistent Volume Claims](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) +- [Persistent Volume Claims](create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) - [Certificates](../../new-user-guides/kubernetes-resources-setup/encrypt-http-communication.md) - [ConfigMaps](../../new-user-guides/kubernetes-resources-setup/configmaps.md) - [Registries](../../new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries.md) @@ -180,7 +180,7 @@ To add a resource quota, 1. In the **Resource Quotas** tab, click **Add Resource**. 1. Select a **Resource Type**. For more information, see [Resource Quotas.](projects-and-namespaces.md). 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. -1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit](../../../pages-for-subheaders/manage-project-resource-quotas.md) +1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit](../../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md) 1. Click **Create**. **Result:** Your project is created. You can view it from the cluster's **Projects/Namespaces** view. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md index 9898df21025..b5fd1fee669 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md @@ -10,7 +10,7 @@ Before you can use the NFS storage volume plug-in with Rancher deployments, you :::note -- If you already have an NFS share, you don't need to provision a new NFS server to use the NFS volume plugin within Rancher. Instead, skip the rest of this procedure and complete [adding storage](../../../../pages-for-subheaders/create-kubernetes-persistent-storage.md). +- If you already have an NFS share, you don't need to provision a new NFS server to use the NFS volume plugin within Rancher. Instead, skip the rest of this procedure and complete [adding storage](../create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md). - This procedure demonstrates how to set up an NFS server using Ubuntu, although you should be able to use these instructions for other Linux distros (e.g. Debian, RHEL, Arch Linux, etc.). For official instruction on how to create an NFS server using another Linux distro, consult the distro's documentation. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/provisioning-storage-examples.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md similarity index 64% rename from versioned_docs/version-2.8/pages-for-subheaders/provisioning-storage-examples.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md index 44fd9593fba..b1d89e54c05 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/provisioning-storage-examples.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md @@ -10,6 +10,6 @@ Rancher supports persistent storage with a variety of volume plugins. However, b For your convenience, Rancher offers documentation on how to configure some of the popular storage methods: -- [NFS](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md) -- [vSphere](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) -- [EBS](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) +- [NFS](nfs-storage.md) +- [vSphere](vsphere-storage.md) +- [EBS](persistent-storage-in-amazon-ebs.md) diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md index b13cee6512d..0bede8b10ae 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md @@ -13,7 +13,7 @@ In order to dynamically provision storage in vSphere, the vSphere provider must ### Prerequisites -In order to provision vSphere volumes in a cluster created with the [Rancher Kubernetes Engine (RKE)](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md), the [vSphere cloud provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/vsphere) must be explicitly enabled in the [cluster options](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md). +In order to provision vSphere volumes in a cluster created with the [Rancher Kubernetes Engine (RKE)](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md), the [vSphere cloud provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/vsphere) must be explicitly enabled in the [cluster options](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md). ### Creating a StorageClass diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-namespaces.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-namespaces.md index 0419be358a6..48ae6879c01 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-namespaces.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-namespaces.md @@ -12,10 +12,10 @@ Although you assign resources at the project level so that each namespace in the Resources that you can assign directly to namespaces include: -- [Workloads](../../pages-for-subheaders/workloads-and-pods.md) -- [Load Balancers/Ingress](../../pages-for-subheaders/load-balancer-and-ingress-controller.md) +- [Workloads](kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) +- [Load Balancers/Ingress](kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md) - [Service Discovery Records](kubernetes-resources-setup/create-services.md) -- [Persistent Volume Claims](../../pages-for-subheaders/create-kubernetes-persistent-storage.md) +- [Persistent Volume Claims](manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) - [Certificates](kubernetes-resources-setup/encrypt-http-communication.md) - [ConfigMaps](kubernetes-resources-setup/configmaps.md) - [Registries](kubernetes-resources-setup/kubernetes-and-docker-registries.md) @@ -44,7 +44,7 @@ When working with project resources that you can assign to a namespace (i.e., [w 1. Click **Cluster > Projects/Namespaces**. 1. Go to the project where you want to add a namespace and click **Create Namespace**. Alternately, go to **Not in a Project** to create a namespace not associated with a project. -1. **Optional:** If your project has [Resource Quotas](../../pages-for-subheaders/manage-project-resource-quotas.md) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). +1. **Optional:** If your project has [Resource Quotas](../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). 1. Enter a **Name** and then click **Create**. @@ -64,7 +64,7 @@ Cluster admins and members may occasionally need to move a namespace to another :::note Notes: - Don't move the namespaces in the `System` project. Moving these namespaces can adversely affect cluster networking. - - You cannot move a namespace into a project that already has a [resource quota](../../pages-for-subheaders/manage-project-resource-quotas.md)configured. + - You cannot move a namespace into a project that already has a [resource quota](../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md)configured. - If you move a namespace from a project that has a quota set to a project with no quota set, the quota is removed from the namespace. 1. Choose a new project for the new namespace and then click **Move**. Alternatively, you can remove the namespace from all projects by selecting **None**. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/new-user-guides.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/new-user-guides.md similarity index 100% rename from versioned_docs/version-2.8/pages-for-subheaders/new-user-guides.md rename to versioned_docs/version-2.8/how-to-guides/new-user-guides/new-user-guides.md diff --git a/versioned_docs/version-2.8/pages-for-subheaders/cis-scans.md b/versioned_docs/version-2.8/integrations-in-rancher/cis-scans/cis-scans.md similarity index 87% rename from versioned_docs/version-2.8/pages-for-subheaders/cis-scans.md rename to versioned_docs/version-2.8/integrations-in-rancher/cis-scans/cis-scans.md index d9c5dbecabb..c6423844d0c 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/cis-scans.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/cis-scans/cis-scans.md @@ -29,7 +29,7 @@ The Benchmark version is included in the generated report. The Benchmark provides recommendations of two types: Automated and Manual. Recommendations marked as Manual in the Benchmark are not included in the generated report. -Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](./rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version. +Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](../../reference-guides/rancher-security/rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version. The report contains the following information: @@ -48,7 +48,7 @@ The report contains the following information: | `actual_value` | The test's actual value, present if reported by `kube-bench`. | | `expected_result` | The test's expected result, present if reported by `kube-bench`. | -Refer to [the table in the cluster hardening guide](./rancher-security.md) for information on which versions of Kubernetes, the Benchmark, Rancher, and our cluster hardening guide correspond to each other. Also refer to the hardening guide for configuration files of CIS-compliant clusters and information on remediating failed tests. +Refer to [the table in the cluster hardening guide](../../reference-guides/rancher-security/rancher-security.md) for information on which versions of Kubernetes, the Benchmark, Rancher, and our cluster hardening guide correspond to each other. Also refer to the hardening guide for configuration files of CIS-compliant clusters and information on remediating failed tests. ## Test Profiles @@ -90,7 +90,7 @@ There are two types of RKE cluster scan profiles: The EKS and GKE cluster scan profiles are based on CIS Benchmark versions that are specific to those types of clusters. -In order to pass the "Hardened" profile, you will need to follow the steps on the [hardening guide](./rancher-security.md#rancher-hardening-guide) and use the `cluster.yml` defined in the hardening guide to provision a hardened cluster. +In order to pass the "Hardened" profile, you will need to follow the steps on the [hardening guide](../../reference-guides/rancher-security/rancher-security.md#rancher-hardening-guide) and use the `cluster.yml` defined in the hardening guide to provision a hardened cluster. The default profile and the supported CIS benchmark version depends on the type of cluster that will be scanned: @@ -103,7 +103,7 @@ The `rancher-cis-benchmark` supports the CIS 1.6 Benchmark version. ## About Skipped and Not Applicable Tests -For a list of skipped and not applicable tests, refer to [this page](../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md). +For a list of skipped and not applicable tests, refer to [this page](../../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md). For now, only user-defined skipped tests are marked as skipped in the generated report. @@ -111,12 +111,12 @@ Any skipped tests that are defined as being skipped by one of the default profil ## Roles-based Access Control -For information about permissions, refer to [this page](../integrations-in-rancher/cis-scans/rbac-for-cis-scans.md) +For information about permissions, refer to [this page](rbac-for-cis-scans.md) ## Configuration -For more information about configuring the custom resources for the scans, profiles, and benchmark versions, refer to [this page](../integrations-in-rancher/cis-scans/configuration-reference.md) +For more information about configuring the custom resources for the scans, profiles, and benchmark versions, refer to [this page](configuration-reference.md) ## How-to Guides -Please refer to the [CIS Scan Guides](../pages-for-subheaders/cis-scan-guides.md) to learn how to run CIS scans. +Please refer to the [CIS Scan Guides](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) to learn how to run CIS scans. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/aws-cloud-marketplace.md b/versioned_docs/version-2.8/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md similarity index 75% rename from versioned_docs/version-2.8/pages-for-subheaders/aws-cloud-marketplace.md rename to versioned_docs/version-2.8/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md index c487e1d6f92..13b1398077e 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/aws-cloud-marketplace.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md @@ -16,12 +16,12 @@ Rancher offers an integration with the AWS Marketplace which allows users to pur - Rancher must be deployed with additional metrics enabled. - Rancher must be installed on an EKS cluster. - You must purchase at least one entitlement to Rancher support through AWS Marketplace. -- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md) for more information. +- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](adapter-requirements.md) for more information. ## How to Use -1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md). -2. [Install the CSP Adapter](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md). +1. Complete the [prerequisite steps](adapter-requirements.md). +2. [Install the CSP Adapter](install-adapter.md). ## FAQ diff --git a/versioned_docs/version-2.8/pages-for-subheaders/cloud-marketplace.md b/versioned_docs/version-2.8/integrations-in-rancher/cloud-marketplace/cloud-marketplace.md similarity index 100% rename from versioned_docs/version-2.8/pages-for-subheaders/cloud-marketplace.md rename to versioned_docs/version-2.8/integrations-in-rancher/cloud-marketplace/cloud-marketplace.md diff --git a/versioned_docs/version-2.8/integrations-in-rancher/harvester/overview.md b/versioned_docs/version-2.8/integrations-in-rancher/harvester/overview.md index 55a9f5b16ac..9f280c70782 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/harvester/overview.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/harvester/overview.md @@ -6,7 +6,7 @@ Introduced in Rancher v2.6.1, [Harvester](https://docs.harvesterhci.io/) is an o ### Feature Flag -The Harvester feature flag is used to manage access to the Virtualization Management (VM) page in Rancher where users can navigate directly to Harvester clusters and access the Harvester UI. The Harvester feature flag is enabled by default. Click [here](../../pages-for-subheaders/enable-experimental-features.md) for more information on feature flags in Rancher. +The Harvester feature flag is used to manage access to the Virtualization Management (VM) page in Rancher where users can navigate directly to Harvester clusters and access the Harvester UI. The Harvester feature flag is enabled by default. Click [here](../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md) for more information on feature flags in Rancher. To navigate to the Harvester cluster, click **☰ > Virtualization Management**. From Harvester Clusters page, click one of the clusters listed to go to the single Harvester cluster view. @@ -24,7 +24,7 @@ The [Harvester node driver](https://docs.harvesterhci.io/v1.1/rancher/node/node- Harvester allows `.ISO` images to be uploaded and displayed through the Harvester UI, but this is not supported in the Rancher UI. This is because `.ISO` images usually require additional setup that interferes with a clean deployment (without requiring user intervention), and they are not typically used in cloud environments. -See [Provisioning Drivers](../../pages-for-subheaders/about-provisioning-drivers.md#node-drivers) for more information on node drivers in Rancher. +See [Provisioning Drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md#node-drivers) for more information on node drivers in Rancher. ### Port Requirements diff --git a/versioned_docs/version-2.8/pages-for-subheaders/configuration-options.md b/versioned_docs/version-2.8/integrations-in-rancher/istio/configuration-options/configuration-options.md similarity index 81% rename from versioned_docs/version-2.8/pages-for-subheaders/configuration-options.md rename to versioned_docs/version-2.8/integrations-in-rancher/istio/configuration-options/configuration-options.md index fdfc51d41bc..35546a12f03 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/configuration-options.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/istio/configuration-options/configuration-options.md @@ -28,16 +28,16 @@ The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=fals If you would like to limit Prometheus to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true`. Once you do this, you must perform some additional configuration to continue to monitor your resources. -For details, refer to [this section.](../integrations-in-rancher/istio/configuration-options/selectors-and-scrape-configurations.md) +For details, refer to [this section.](selectors-and-scrape-configurations.md) ### Enable Istio with Pod Security Policies -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/pod-security-policies.md) +Refer to [this section.](pod-security-policies.md) ### Additional Steps for Installing Istio on an RKE2 Cluster -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/install-istio-on-rke2-cluster.md) +Refer to [this section.](install-istio-on-rke2-cluster.md) ### Additional Steps for Project Network Isolation -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/project-network-isolation.md) \ No newline at end of file +Refer to [this section.](project-network-isolation.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/integrations-in-rancher/istio/cpu-and-memory-allocations.md b/versioned_docs/version-2.8/integrations-in-rancher/istio/cpu-and-memory-allocations.md index 10fe77c9ec4..d61b13089cd 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/istio/cpu-and-memory-allocations.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/istio/cpu-and-memory-allocations.md @@ -45,7 +45,7 @@ To configure the resources allocated to an Istio component, 1. In the left navigation bar, click **Apps**. 1. Click **Installed Apps**. 1. Go to the `istio-system` namespace. In one of the Istio workloads, such as `rancher-istio`, click **⋮ > Edit/Upgrade**. -1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](../../pages-for-subheaders/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) +1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](configuration-options/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) 1. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations. 1. Click **Upgrade**. to rollout changes diff --git a/versioned_docs/version-2.8/pages-for-subheaders/istio.md b/versioned_docs/version-2.8/integrations-in-rancher/istio/istio.md similarity index 86% rename from versioned_docs/version-2.8/pages-for-subheaders/istio.md rename to versioned_docs/version-2.8/integrations-in-rancher/istio/istio.md index 93f1e9b7cc5..c622d0d2180 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/istio.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/istio/istio.md @@ -18,7 +18,7 @@ This core service mesh provides features that include but are not limited to the - **Security** with resources to authenticate and authorize traffic and users, mTLS included. - **Observability** of logs, metrics, and distributed traffic flows. -After [setting up istio](istio-setup-guide.md) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. +After [setting up istio](../../how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. Istio needs to be set up by a `cluster-admin` before it can be used in a project. @@ -29,7 +29,7 @@ The overall architecture of Istio has been simplified. A single component, Istio Addons that were previously installed by Istio (cert-manager, Grafana, Jaeger, Kiali, Prometheus, Zipkin) will now need to be installed separately. Istio will support installation of integrations that are from the Istio Project and will maintain compatibility with those that are not. -A Prometheus integration will still be available through an installation of [Rancher Monitoring](monitoring-and-alerting.md), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. +A Prometheus integration will still be available through an installation of [Rancher Monitoring](../monitoring-and-alerting/monitoring-and-alerting.md), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. Istio has migrated away from Helm as a way to install Istio and now provides installation through the istioctl binary or Istio Operator. To ensure the easiest interaction with Istio, Rancher's Istio will maintain a Helm chart that utilizes the istioctl binary to manage your Istio installation. @@ -55,21 +55,21 @@ Note that this is not a production-qualified deployment of Jaeger. This deployme ## Prerequisites -Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](../integrations-in-rancher/istio/cpu-and-memory-allocations.md) to run all of the components of Istio. +Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](cpu-and-memory-allocations.md) to run all of the components of Istio. If you are installing Istio on RKE2 cluster, some additional steps are required. For details, see [this section.](#additional-steps-for-installing-istio-on-an-rke2-cluster) ## Setup Guide -Refer to the [setup guide](istio-setup-guide.md) for instructions on how to set up Istio and use it in a project. +Refer to the [setup guide](../../how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md) for instructions on how to set up Istio and use it in a project. ## Remove Istio -To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.](../integrations-in-rancher/istio/disable-istio.md) +To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.](disable-istio.md) ## Accessing Visualizations -> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.](../integrations-in-rancher/istio/rbac-for-istio.md) +> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.](rbac-for-istio.md) After Istio is set up in a cluster, Grafana, Prometheus, and Kiali are available in the Rancher UI. @@ -87,7 +87,7 @@ To access the Kiali visualization, 1. In the left navigation bar, click **Istio**. 1. Click **Kiali**. From here you can access the **Traffic Graph** tab or the **Traffic Metrics** tab to see network visualizations and metrics. -By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](../integrations-in-rancher/istio/configuration-options/selectors-and-scrape-configurations.md) if you would like to use a different configuration for prometheus data scraping. +By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](configuration-options/selectors-and-scrape-configurations.md) if you would like to use a different configuration for prometheus data scraping. Your access to the visualizations depend on your role. Grafana and Prometheus are only available for `cluster-admin` roles. The Kiali UI is available only to `cluster-admin` by default, but `cluster-admin` can allow other roles to access them by editing the Istio values.yaml. @@ -107,15 +107,15 @@ By default, each Rancher-provisioned cluster has one NGINX ingress controller al ![In an Istio-enabled cluster, you can have two ingresses: the default Nginx ingress, and the default Istio controller.](/img/istio-ingress.svg) - Additional Istio Ingress gateways can be enabled via the [overlay file](configuration-options.md#overlay-file). + Additional Istio Ingress gateways can be enabled via the [overlay file](configuration-options/configuration-options.md#overlay-file). ### Egress Support -By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](configuration-options.md#overlay-file). +By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](configuration-options/configuration-options.md#overlay-file). ## Additional Steps for Installing Istio on an RKE2 Cluster -To install Istio on an RKE2 cluster, follow the steps in [this section.](../integrations-in-rancher/istio/configuration-options/install-istio-on-rke2-cluster.md) +To install Istio on an RKE2 cluster, follow the steps in [this section.](configuration-options/install-istio-on-rke2-cluster.md) ## Upgrading Istio in an Air-Gapped Environment diff --git a/versioned_docs/version-2.8/integrations-in-rancher/kubernetes-distributions/kubernetes-distributions.md b/versioned_docs/version-2.8/integrations-in-rancher/kubernetes-distributions/kubernetes-distributions.md index b8e6a48e325..689dd6423ed 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/kubernetes-distributions/kubernetes-distributions.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/kubernetes-distributions/kubernetes-distributions.md @@ -9,7 +9,7 @@ K3s is a lightweight, fully compliant Kubernetes distribution designed for a ran ### K3s with Rancher - Rancher allows easy provision of K3s across a range of platforms including Amazon EC2, DigitalOcean, Azure, vSphere, or existing servers. -- Standard Rancher management of Kubernetes clusters including all outlined [cluster management capabilities](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md#cluster-management-capabilities-by-cluster-type). +- Standard Rancher management of Kubernetes clusters including all outlined [cluster management capabilities](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md#cluster-management-capabilities-by-cluster-type). ## RKE2 @@ -28,4 +28,4 @@ Primary characteristics of RKE2 include: ## RKE2 with Rancher - Rancher allows easy provision of RKE2 across a range of platforms including Amazon EC2, DigitalOcean, Azure, vSphere, or existing servers. -- Standard Rancher management of Kubernetes clusters including all outlined [cluster management capabilities](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md#cluster-management-capabilities-by-cluster-type). +- Standard Rancher management of Kubernetes clusters including all outlined [cluster management capabilities](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md#cluster-management-capabilities-by-cluster-type). diff --git a/versioned_docs/version-2.8/pages-for-subheaders/custom-resource-configuration.md b/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md similarity index 51% rename from versioned_docs/version-2.8/pages-for-subheaders/custom-resource-configuration.md rename to versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md index 37c2f337d78..eb1020ac1a2 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/custom-resource-configuration.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md @@ -8,5 +8,5 @@ title: Custom Resource Configuration The following Custom Resource Definitions are used to configure logging: -- [Flow and ClusterFlow](../integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md) -- [Output and ClusterOutput](../integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md) \ No newline at end of file +- [Flow and ClusterFlow](flows-and-clusterflows.md) +- [Output and ClusterOutput](outputs-and-clusteroutputs.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md b/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md index 65707e0980a..66f1614b045 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md @@ -8,7 +8,7 @@ title: Flows and ClusterFlows See the [Logging operator documentation](https://kube-logging.github.io/docs/configuration/flow/) for the full details on how to configure `Flows` and `ClusterFlows`. -See [Rancher Integration with Logging Services: Troubleshooting](../../../pages-for-subheaders/logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. +See [Rancher Integration with Logging Services: Troubleshooting](../logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. ## Flows diff --git a/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md b/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md index 3ae66c9145a..e62870d33f6 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md @@ -8,7 +8,7 @@ title: Outputs and ClusterOutputs See the [Logging operator documentation](https://kube-logging.github.io/docs/configuration/flow/) for the full details on how to configure `Flows` and `ClusterFlows`. -See [Rancher Integration with Logging Services: Troubleshooting](../../../pages-for-subheaders/logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. +See [Rancher Integration with Logging Services: Troubleshooting](../logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. ## Outputs diff --git a/versioned_docs/version-2.8/integrations-in-rancher/logging/logging-helm-chart-options.md b/versioned_docs/version-2.8/integrations-in-rancher/logging/logging-helm-chart-options.md index 643114f6d7c..d68865a3afc 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/logging/logging-helm-chart-options.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/logging/logging-helm-chart-options.md @@ -45,7 +45,7 @@ Logging v2 was tested with SELinux on RHEL/CentOS 7 and 8. [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8. -To use Logging v2 with SELinux, we recommend installing the `rancher-selinux` RPM according to these [instructions](../../pages-for-subheaders/selinux-rpm.md). +To use Logging v2 with SELinux, we recommend installing the `rancher-selinux` RPM according to these [instructions](../../reference-guides/rancher-security/selinux-rpm/selinux-rpm.md). Then, when installing the logging application, configure the chart to be SELinux aware by changing `global.seLinux.enabled` to `true` in the `values.yaml`. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/logging.md b/versioned_docs/version-2.8/integrations-in-rancher/logging/logging.md similarity index 80% rename from versioned_docs/version-2.8/pages-for-subheaders/logging.md rename to versioned_docs/version-2.8/integrations-in-rancher/logging/logging.md index 427422627f3..a79c896ec6e 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/logging.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/logging/logging.md @@ -31,13 +31,13 @@ You can enable the logging for a Rancher managed cluster by going to the Apps pa ## Architecture -For more information about how the logging application works, see [this section.](../integrations-in-rancher/logging/logging-architecture.md) +For more information about how the logging application works, see [this section.](logging-architecture.md) ## Role-based Access Control -Rancher logging has two roles, `logging-admin` and `logging-view`. For more information on how and when to use these roles, see [this page.](../integrations-in-rancher/logging/rbac-for-logging.md) +Rancher logging has two roles, `logging-admin` and `logging-view`. For more information on how and when to use these roles, see [this page.](rbac-for-logging.md) ## Configuring Logging Custom Resources @@ -49,38 +49,38 @@ To manage `Flows,` `ClusterFlows`, `Outputs`, and `ClusterOutputs`, ### Flows and ClusterFlows -For help with configuring `Flows` and `ClusterFlows`, see [this page.](../integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md) +For help with configuring `Flows` and `ClusterFlows`, see [this page.](custom-resource-configuration/flows-and-clusterflows.md) ### Outputs and ClusterOutputs -For help with configuring `Outputs` and `ClusterOutputs`, see [this page.](../integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md) +For help with configuring `Outputs` and `ClusterOutputs`, see [this page.](custom-resource-configuration/outputs-and-clusteroutputs.md) ## Configuring the Logging Helm Chart -For a list of options that can be configured when the logging application is installed or upgraded, see [this page.](../integrations-in-rancher/logging/logging-helm-chart-options.md) +For a list of options that can be configured when the logging application is installed or upgraded, see [this page.](logging-helm-chart-options.md) ### Windows Support -You can [enable logging](../integrations-in-rancher/logging/logging-helm-chart-options.md#enabledisable-windows-node-logging) from Windows nodes. +You can [enable logging](logging-helm-chart-options.md#enabledisable-windows-node-logging) from Windows nodes. ### Working with a Custom Docker Root Directory -For details on using a custom Docker root directory, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#working-with-a-custom-docker-root-directory) +For details on using a custom Docker root directory, see [this section.](logging-helm-chart-options.md#working-with-a-custom-docker-root-directory) ### Working with Taints and Tolerations -For information on how to use taints and tolerations with the logging application, see [this page.](../integrations-in-rancher/logging/taints-and-tolerations.md) +For information on how to use taints and tolerations with the logging application, see [this page.](taints-and-tolerations.md) ### Logging V2 with SELinux -For information on enabling the logging application for SELinux-enabled nodes, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#enabling-the-logging-application-to-work-with-selinux) +For information on enabling the logging application for SELinux-enabled nodes, see [this section.](logging-helm-chart-options.md#enabling-the-logging-application-to-work-with-selinux) ### Additional Logging Sources -By default, Rancher collects logs for control plane components and node components for all cluster types. In some cases additional logs can be collected. For details, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#additional-logging-sources) +By default, Rancher collects logs for control plane components and node components for all cluster types. In some cases additional logs can be collected. For details, see [this section.](logging-helm-chart-options.md#additional-logging-sources) ## Troubleshooting diff --git a/versioned_docs/version-2.8/pages-for-subheaders/monitoring-and-alerting.md b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md similarity index 67% rename from versioned_docs/version-2.8/pages-for-subheaders/monitoring-and-alerting.md rename to versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index 5dd758fab60..48b4114d458 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/monitoring-and-alerting.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -30,7 +30,7 @@ The monitoring application: - Defines precomputed, frequently needed or computationally expensive expressions as new time series based on metrics collected via Prometheus. - Exposes collected metrics from Prometheus to the Kubernetes Custom Metrics API via Prometheus Adapter for use in HPA. -See [How Monitoring Works](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md) for an explanation of how the monitoring components work together. +See [How Monitoring Works](how-monitoring-works.md) for an explanation of how the monitoring components work together. ## Default Components and Deployments @@ -38,7 +38,7 @@ See [How Monitoring Works](../integrations-in-rancher/monitoring-and-alerting/ho By default, the monitoring application deploys Grafana dashboards (curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project) onto a cluster. -It also deploys an Alertmanager UI and a Prometheus UI. For more information about these tools, see [Built-in Dashboards.](../integrations-in-rancher/monitoring-and-alerting/built-in-dashboards.md) +It also deploys an Alertmanager UI and a Prometheus UI. For more information about these tools, see [Built-in Dashboards.](built-in-dashboards.md) ### Default Metrics Exporters By default, Rancher Monitoring deploys exporters (such as [node-exporter](https://github.com/prometheus/node_exporter) and [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics)). @@ -47,41 +47,41 @@ These default exporters automatically scrape metrics for CPU and memory from all ### Default Alerts -The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](../integrations-in-rancher/monitoring-and-alerting/built-in-dashboards.md#alertmanager-ui) and click **Expand all groups.** +The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](built-in-dashboards.md#alertmanager-ui) and click **Expand all groups.** ### Components Exposed in the Rancher UI -For a list of monitoring components exposed in the Rancher UI, along with common use cases for editing them, see [this section.](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md#components-exposed-in-the-rancher-ui) +For a list of monitoring components exposed in the Rancher UI, along with common use cases for editing them, see [this section.](how-monitoring-works.md#components-exposed-in-the-rancher-ui) ## Role-based Access Control -For information on configuring access to monitoring, see [this page.](../integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md) +For information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) ## Guides -- [Enable monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) -- [Uninstall monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) -- [Monitoring workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) -- [Customizing Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) -- [Persistent Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) -- [Debugging high memory usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) +- [Enable monitoring](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) +- [Uninstall monitoring](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) +- [Monitoring workloads](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) +- [Customizing Grafana dashboards](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) +- [Persistent Grafana dashboards](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) +- [Debugging high memory usage](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) ## Configuration ### Configuring Monitoring Resources in Rancher -The configuration reference assumes familiarity with how monitoring components work together. For more information, see [How Monitoring Works.](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md) +The configuration reference assumes familiarity with how monitoring components work together. For more information, see [How Monitoring Works.](how-monitoring-works.md) -- [ServiceMonitor and PodMonitor](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) -- [Receiver](../reference-guides/monitoring-v2-configuration/receivers.md) -- [Route](../reference-guides/monitoring-v2-configuration/routes.md) -- [PrometheusRule](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) -- [Prometheus](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) -- [Alertmanager](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +- [ServiceMonitor and PodMonitor](../../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) +- [Receiver](../../reference-guides/monitoring-v2-configuration/receivers.md) +- [Route](../../reference-guides/monitoring-v2-configuration/routes.md) +- [PrometheusRule](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) +- [Prometheus](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +- [Alertmanager](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) ### Configuring Helm Chart Options -For more information on `rancher-monitoring` chart options, including options to set resource limits and requests, see [Helm Chart Options](../reference-guides/monitoring-v2-configuration/helm-chart-options.md). +For more information on `rancher-monitoring` chart options, including options to set resource limits and requests, see [Helm Chart Options](../../reference-guides/monitoring-v2-configuration/helm-chart-options.md). ## Windows Cluster Support @@ -89,11 +89,11 @@ When deployed onto an RKE1 Windows cluster, Monitoring V2 will now automatically To be able to fully deploy Monitoring V2 for Windows, all of your Windows hosts must have a minimum [wins](https://github.com/rancher/wins) version of v0.1.0. -For more details on how to upgrade wins on existing Windows hosts, see [Windows cluster support for Monitoring V2.](../integrations-in-rancher/monitoring-and-alerting/windows-support.md). +For more details on how to upgrade wins on existing Windows hosts, see [Windows cluster support for Monitoring V2.](windows-support.md). ## Known Issues There is a [known issue](https://github.com/rancher/rancher/issues/28787#issuecomment-693611821) that K3s clusters require more than the allotted default memory. If you enable monitoring on a K3s cluster, set `prometheus.prometheusSpec.resources.memory.limit` to 2500 Mi and `prometheus.prometheusSpec.resources.memory.request` to 1750 Mi. -See [Debugging High Memory Usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) for advice and recommendations. +See [Debugging High Memory Usage](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) for advice and recommendations. diff --git a/versioned_docs/version-2.8/integrations-in-rancher/neuvector/overview.md b/versioned_docs/version-2.8/integrations-in-rancher/neuvector/overview.md index e2701265fc6..cec0d643afd 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/neuvector/overview.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/neuvector/overview.md @@ -8,7 +8,7 @@ title: Overview ### NeuVector Integration in Rancher -[NeuVector 5.x](https://open-docs.neuvector.com/) is an open-source container-centric security platform that is integrated with Rancher. NeuVector offers real-time compliance, visibility, and protection for critical applications and data during runtime. NeuVector provides a firewall, container process/file system monitoring, security auditing with CIS benchmarks, and vulnerability scanning. For more information on Rancher security, please see the [security documentation](../../pages-for-subheaders/rancher-security.md). +[NeuVector 5.x](https://open-docs.neuvector.com/) is an open-source container-centric security platform that is integrated with Rancher. NeuVector offers real-time compliance, visibility, and protection for critical applications and data during runtime. NeuVector provides a firewall, container process/file system monitoring, security auditing with CIS benchmarks, and vulnerability scanning. For more information on Rancher security, please see the [security documentation](../../reference-guides/rancher-security/rancher-security.md). NeuVector can be enabled through a Helm chart that may be installed either through **Apps** or through the **Cluster Tools** button in the Rancher UI. Once the Helm chart is installed, users can easily [deploy and manage NeuVector clusters within Rancher](https://open-docs.neuvector.com/deploying/rancher#deploy-and-manage-neuvector-through-rancher-apps-marketplace). diff --git a/versioned_docs/version-2.8/pages-for-subheaders/about-provisioning-drivers.md b/versioned_docs/version-2.8/pages-for-subheaders/about-provisioning-drivers.md deleted file mode 100644 index 1e129210c4b..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/about-provisioning-drivers.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Provisioning Drivers ---- - - - - - -Drivers in Rancher allow you to manage which providers can be used to deploy [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. - -### Rancher Drivers - -With Rancher drivers, you can enable/disable existing built-in drivers that are packaged in Rancher. Alternatively, you can add your own driver if Rancher has not yet implemented it. - -There are two types of drivers within Rancher: - -* [Cluster Drivers](#cluster-drivers) -* [Node Drivers](#node-drivers) - -### Cluster Drivers - -Cluster drivers are used to provision [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md), such as GKE, EKS, AKS, etc.. The availability of which cluster driver to display when creating a cluster is defined based on the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters for hosted Kubernetes clusters. By default, Rancher is packaged with several existing cluster drivers, but you can also create custom cluster drivers to add to Rancher. - -By default, Rancher has activated several hosted Kubernetes cloud providers including: - -* [Amazon EKS](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) -* [Google GKE](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) -* [Azure AKS](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) - -There are several other hosted Kubernetes cloud providers that are disabled by default, but are packaged in Rancher: - -* [Alibaba ACK](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) -* [Huawei CCE](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) -* [Tencent](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) - -### Node Drivers - -Node drivers are used to provision hosts, which Rancher uses to launch and manage Kubernetes clusters. A node driver is the same as a [Docker Machine driver](https://docs.docker.com/machine/drivers/). The availability of which node driver to display when creating node templates is defined based on the node driver's status. Only `active` node drivers will be displayed as an option for creating node templates. By default, Rancher is packaged with many existing Docker Machine drivers, but you can also create custom node drivers to add to Rancher. - -If there are specific node drivers that you don't want to show to your users, you would need to de-activate these node drivers. - -Rancher supports several major cloud providers, but by default, these node drivers are active and available for deployment: - -* [Amazon EC2](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) -* [Azure](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md) -* [Digital Ocean](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md) -* [vSphere](vsphere.md) - -There are several other node drivers that are disabled by default, but are packaged in Rancher: - -* [Harvester](../integrations-in-rancher/harvester/overview.md#harvester-node-driver/), available as of Rancher v2.6.1 diff --git a/versioned_docs/version-2.8/pages-for-subheaders/backup-restore-configuration.md b/versioned_docs/version-2.8/pages-for-subheaders/backup-restore-configuration.md deleted file mode 100644 index 104584f741d..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/backup-restore-configuration.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Rancher Backup Configuration Reference ---- - - - - - -- [Backup configuration](../reference-guides/backup-restore-configuration/backup-configuration.md) -- [Restore configuration](../reference-guides/backup-restore-configuration/restore-configuration.md) -- [Storage location configuration](../reference-guides/backup-restore-configuration/storage-configuration.md) -- [Example Backup and Restore Custom Resources](../reference-guides/backup-restore-configuration/examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/cis-scan-guides.md b/versioned_docs/version-2.8/pages-for-subheaders/cis-scan-guides.md deleted file mode 100644 index e76d47504e6..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/cis-scan-guides.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: CIS Scan Guides ---- - - - - - -- [Install rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark.md) -- [Uninstall rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/uninstall-rancher-cis-benchmark.md) -- [Run a Scan](../how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan.md) -- [Run a Scan Periodically on a Schedule](../how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan-periodically-on-a-schedule.md) -- [Skip Tests](../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md) -- [View Reports](../how-to-guides/advanced-user-guides/cis-scan-guides/view-reports.md) -- [Enable Alerting for rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/enable-alerting-for-rancher-cis-benchmark.md) -- [Configure Alerts for Periodic Scan on a Schedule](../how-to-guides/advanced-user-guides/cis-scan-guides/configure-alerts-for-periodic-scan-on-a-schedule.md) -- [Create a Custom Benchmark Version to Run](../how-to-guides/advanced-user-guides/cis-scan-guides/create-a-custom-benchmark-version-to-run.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/deploy-rancher-manager.md b/versioned_docs/version-2.8/pages-for-subheaders/deploy-rancher-manager.md deleted file mode 100644 index 74e282f0832..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/deploy-rancher-manager.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Deploying Rancher Server ---- - - - - - -Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice. - -- [AWS](../getting-started/quick-start-guides/deploy-rancher-manager/aws.md) (uses Terraform) -- [AWS Marketplace](../getting-started/quick-start-guides/deploy-rancher-manager/aws-marketplace.md) (uses Amazon EKS) -- [Azure](../getting-started/quick-start-guides/deploy-rancher-manager/azure.md) (uses Terraform) -- [DigitalOcean](../getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md) (uses Terraform) -- [GCP](../getting-started/quick-start-guides/deploy-rancher-manager/gcp.md) (uses Terraform) -- [Hetzner Cloud](../getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md) (uses Terraform) -- [Vagrant](../getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md) -- [Equinix Metal](../getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md) -- [Outscale](../getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md) (uses Terraform) - -If you prefer, the following guide will take you through the same process in individual steps. Use this if you want to run Rancher in a different provider, on prem, or if you would just like to see how easy it is. - -- [Manual Install](../getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/downstream-cluster-configuration.md b/versioned_docs/version-2.8/pages-for-subheaders/downstream-cluster-configuration.md deleted file mode 100644 index b9fbad0b966..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/downstream-cluster-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Downstream Cluster Configuration ---- - - - - - -The following docs will discuss [node template configuration](./node-template-configuration.md) and [machine configuration](./machine-configuration.md). \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/installation-references.md b/versioned_docs/version-2.8/pages-for-subheaders/installation-references.md deleted file mode 100644 index 6108728b04f..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/installation-references.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Installation References ---- - - - - - -Please see the following reference guides for other installation resources: [Rancher Helm chart options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md), [TLS settings](../getting-started/installation-and-upgrade/installation-references/tls-settings.md), and [feature flags](../getting-started/installation-and-upgrade/installation-references/feature-flags.md). \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/istio-setup-guide.md b/versioned_docs/version-2.8/pages-for-subheaders/istio-setup-guide.md deleted file mode 100644 index 24475f7ffea..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/istio-setup-guide.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Setup Guide ---- - - - - - -This section describes how to enable Istio and start using it in your projects. - -If you use Istio for traffic management, you will need to allow external traffic to the cluster. In that case, you will need to follow all of the steps below. - -## Prerequisites - -This guide assumes you have already [installed Rancher,](installation-and-upgrade.md) and you have already [provisioned a separate Kubernetes cluster](kubernetes-clusters-in-rancher-setup.md) on which you will install Istio. - -The nodes in your cluster must meet the [CPU and memory requirements.](../integrations-in-rancher/istio/cpu-and-memory-allocations.md) - -The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) - -## Install - -:::tip Quick Setup Tip: - -If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md) and [setting up Istio's components for traffic management.](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md) - -::: - -1. [Enable Istio in the cluster.](../how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md) -1. [Enable Istio in all the namespaces where you want to use it.](../how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md) -1. [Add deployments and services that have the Istio sidecar injected.](../how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md) -1. [Set up the Istio gateway. ](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md) -1. [Set up Istio's components for traffic management.](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md) -1. [Generate traffic and see Istio in action.](../how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/kubernetes-components.md b/versioned_docs/version-2.8/pages-for-subheaders/kubernetes-components.md deleted file mode 100644 index f048b5ba19b..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/kubernetes-components.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Kubernetes Components ---- - - - - - -The commands and steps listed in this section apply to the core Kubernetes components on [Rancher Launched Kubernetes](../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. - -This section includes troubleshooting tips in the following categories: - -- [Troubleshooting etcd Nodes](../troubleshooting/kubernetes-components/troubleshooting-etcd-nodes.md) -- [Troubleshooting Controlplane Nodes](../troubleshooting/kubernetes-components/troubleshooting-controlplane-nodes.md) -- [Troubleshooting nginx-proxy Nodes](../troubleshooting/kubernetes-components/troubleshooting-nginx-proxy.md) -- [Troubleshooting Worker Nodes and Generic Components](../troubleshooting/kubernetes-components/troubleshooting-worker-nodes-and-generic-components.md) - -## Kubernetes Component Diagram - -![Cluster diagram](/img/clusterdiagram.svg)
-Lines show the traffic flow between components. Colors are used purely for visual aid \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/machine-configuration.md b/versioned_docs/version-2.8/pages-for-subheaders/machine-configuration.md deleted file mode 100644 index e1b9bb72f0a..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/machine-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Machine Configuration ---- - - - - - -Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2.md), [DigitalOcean](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean.md), and [Azure](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure.md) to learn more. \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/monitoring-alerting-guides.md b/versioned_docs/version-2.8/pages-for-subheaders/monitoring-alerting-guides.md deleted file mode 100644 index 97e3e801b26..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/monitoring-alerting-guides.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: Monitoring Guides ---- - - - - - -- [Enable monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) -- [Uninstall monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) -- [Monitoring workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) -- [Customizing Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) -- [Persistent Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) -- [Debugging high memory usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/monitoring-v2-configuration.md b/versioned_docs/version-2.8/pages-for-subheaders/monitoring-v2-configuration.md deleted file mode 100644 index 79f97d9513d..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/monitoring-v2-configuration.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Monitoring V2 Configuration ---- - - - - - -The following sections will explain important options essential to configuring Monitoring V2 in Rancher: - -- [Receiver Configuration](../reference-guides/monitoring-v2-configuration/receivers.md) -- [Route Configuration](../reference-guides/monitoring-v2-configuration/routes.md) -- [ServiceMonitor and PodMonitor Configuration](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) -- [Helm Chart Options](../reference-guides/monitoring-v2-configuration/helm-chart-options.md) -- [Examples](../reference-guides/monitoring-v2-configuration/examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/node-template-configuration.md b/versioned_docs/version-2.8/pages-for-subheaders/node-template-configuration.md deleted file mode 100644 index e6c22d5e852..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/node-template-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Node Template Configuration ---- - - - - - -To learn about node template config, refer to [EC2 Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md), [DigitalOcean Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/digitalocean.md), [Azure Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/azure.md), [vSphere Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/vsphere.md), and [Nutanix Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/nutanix.md). diff --git a/versioned_docs/version-2.8/pages-for-subheaders/prometheus-federator-guides.md b/versioned_docs/version-2.8/pages-for-subheaders/prometheus-federator-guides.md deleted file mode 100644 index 2d1c0ae8224..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/prometheus-federator-guides.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Prometheus Federator Guides ---- - - - - - -- [Enable Prometheus Operator](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md) -- [Uninstall Prometheus Operator](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/uninstall-prometheus-federator.md) -- [Customize Grafana Dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/customize-grafana-dashboards.md) -- [Set Up Workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/set-up-workloads.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rancher-managed-clusters.md b/versioned_docs/version-2.8/pages-for-subheaders/rancher-managed-clusters.md deleted file mode 100644 index 2cdb03fd909..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/rancher-managed-clusters.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Best Practices for Rancher Managed Clusters ---- - - - - - -### Logging - -Refer to [this guide](../reference-guides/best-practices/rancher-managed-clusters/logging-best-practices.md) for our recommendations for cluster-level logging and application logging. - -### Monitoring - -Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. Refer to this [guide](../reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md) for our recommendations. - -### Tips for Setting Up Containers - -Running well-built containers can greatly impact the overall performance and security of your environment. Refer to this [guide](../reference-guides/best-practices/rancher-managed-clusters/tips-to-set-up-containers.md) for tips. - -### Best Practices for Rancher Managed vSphere Clusters - -This [guide](../reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters-in-vsphere.md) outlines a reference architecture for provisioning downstream Rancher clusters in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rancher-server-configuration.md b/versioned_docs/version-2.8/pages-for-subheaders/rancher-server-configuration.md deleted file mode 100644 index 5e18f69e740..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/rancher-server-configuration.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Rancher Server Configuration ---- - - - - - -- [RKE1 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -- [RKE2 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) -- [K3s Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) -- [EKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/eks-cluster-configuration.md) -- [AKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md) -- [GKE Cluster Configuration](../pages-for-subheaders/gke-cluster-configuration.md) -- [Use Existing Nodes](../pages-for-subheaders/use-existing-nodes.md) -- [Sync Clusters](../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rancher-server.md b/versioned_docs/version-2.8/pages-for-subheaders/rancher-server.md deleted file mode 100644 index 45c3917cd58..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/rancher-server.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Best Practices for the Rancher Server ---- - - - - - -This guide contains our recommendations for running the Rancher server, and is intended to be used in situations in which Rancher manages downstream Kubernetes clusters. - -### Recommended Architecture and Infrastructure - -Refer to this [guide](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for our general advice for setting up the Rancher server on a high-availability Kubernetes cluster. - -### Deployment Strategies - -This [guide](../reference-guides/best-practices/rancher-server/rancher-deployment-strategy.md) is designed to help you choose whether a regional deployment strategy or a hub-and-spoke deployment strategy is better for a Rancher server that manages downstream Kubernetes clusters. - -### Installing Rancher in a vSphere Environment - -This [guide](../reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md) outlines a reference architecture for installing Rancher in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/resources.md b/versioned_docs/version-2.8/pages-for-subheaders/resources.md deleted file mode 100644 index 52e61353441..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/resources.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Resources ---- - - - - - -### Docker Installations - -The [single-node Docker installation](rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. - -Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. - -### Air-Gapped Installations - -Follow [these steps](air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. - -An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. - -### Advanced Options - -When installing Rancher, there are several advanced options that can be enabled during installation. Within each install guide, these options are presented. Learn more about these options: - -- [Custom CA Certificate](../getting-started/installation-and-upgrade/resources/custom-ca-root-certificates.md) -- [API Audit Log](../how-to-guides/advanced-user-guides/enable-api-audit-log.md) -- [TLS Settings](../getting-started/installation-and-upgrade/installation-references/tls-settings.md) -- [etcd configuration](../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md) -- [Local System Charts for Air Gap Installations](../getting-started/installation-and-upgrade/resources/local-system-charts.md) | v2.3.0 | diff --git a/versioned_docs/version-2.8/pages-for-subheaders/single-node-rancher-in-docker.md b/versioned_docs/version-2.8/pages-for-subheaders/single-node-rancher-in-docker.md deleted file mode 100644 index 91072d2b3b4..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/single-node-rancher-in-docker.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Single Node Rancher in Docker ---- - - - - - -The following docs will discuss [HTTP proxy configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) and [advanced options](../reference-guides/single-node-rancher-in-docker/advanced-options.md) for Docker installs. \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/user-settings.md b/versioned_docs/version-2.8/pages-for-subheaders/user-settings.md deleted file mode 100644 index a9ed1c72d92..00000000000 --- a/versioned_docs/version-2.8/pages-for-subheaders/user-settings.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: User Settings ---- - - - - - -Within Rancher, each user has a number of settings associated with their login: personal preferences, API keys, etc. You can configure these settings by choosing from the **User Settings** menu. You can open this menu by clicking your avatar, located within the main menu. - -![User Settings Menu](/img/user-settings.png) - -The available user settings are: - -- [API & Keys](../reference-guides/user-settings/api-keys.md): If you want to interact with Rancher programmatically, you need an API key. Follow the directions in this section to obtain a key. -- [Cloud Credentials](../reference-guides/user-settings/manage-cloud-credentials.md): Manage cloud credentials [used by node templates](use-new-nodes-in-an-infra-provider.md#node-templates) to [provision nodes for clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md). -- [Node Templates](../reference-guides/user-settings/manage-node-templates.md): Manage templates [used by Rancher to provision nodes for clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md). -- [Preferences](../reference-guides/user-settings/user-preferences.md): Sets superficial preferences for the Rancher UI. -- Log Out: Ends your user session. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/about-the-api.md b/versioned_docs/version-2.8/reference-guides/about-the-api/about-the-api.md similarity index 92% rename from versioned_docs/version-2.8/pages-for-subheaders/about-the-api.md rename to versioned_docs/version-2.8/reference-guides/about-the-api/about-the-api.md index 3b39d7c2717..1dd830a0d8c 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/about-the-api.md +++ b/versioned_docs/version-2.8/reference-guides/about-the-api/about-the-api.md @@ -27,9 +27,9 @@ Go to the URL endpoint at `https:///v3`, where `` is ## Authentication -API requests must include authentication information. Authentication is done with HTTP basic authentication using [API Keys](../reference-guides/user-settings/api-keys.md). API keys can create new clusters and have access to multiple clusters via `/v3/clusters/`. [Cluster and project roles](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) apply to these keys and restrict what clusters and projects the account can see and what actions they can take. +API requests must include authentication information. Authentication is done with HTTP basic authentication using [API Keys](../user-settings/api-keys.md). API keys can create new clusters and have access to multiple clusters via `/v3/clusters/`. [Cluster and project roles](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) apply to these keys and restrict what clusters and projects the account can see and what actions they can take. -By default, some cluster-level API tokens are generated with infinite time-to-live (`ttl=0`). In other words, API tokens with `ttl=0` never expire unless you invalidate them. For details on how to invalidate them, refer to the [API tokens page](../reference-guides/about-the-api/api-tokens.md). +By default, some cluster-level API tokens are generated with infinite time-to-live (`ttl=0`). In other words, API tokens with `ttl=0` never expire unless you invalidate them. For details on how to invalidate them, refer to the [API tokens page](api-tokens.md). ## Making requests diff --git a/versioned_docs/version-2.8/reference-guides/about-the-api/api-tokens.md b/versioned_docs/version-2.8/reference-guides/about-the-api/api-tokens.md index ea8d8f40279..d19fdd47b68 100644 --- a/versioned_docs/version-2.8/reference-guides/about-the-api/api-tokens.md +++ b/versioned_docs/version-2.8/reference-guides/about-the-api/api-tokens.md @@ -49,7 +49,7 @@ Set the `kubeconfig-generate-token` setting to `false`. This setting instructs R Users can enable token hashing, where tokens will undergo a one-way hash using the SHA256 algorithm. This is a non-reversible process, once enabled, this feature cannot be disabled. It is advisable to take backups prior to enabling and/or evaluating in a test environment first. -To enable token hashing, refer to [this section](../../pages-for-subheaders/enable-experimental-features.md). +To enable token hashing, refer to [this section](../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md). This feature will affect all tokens which include, but are not limited to, the following: diff --git a/versioned_docs/version-2.8/reference-guides/backup-restore-configuration/backup-restore-configuration.md b/versioned_docs/version-2.8/reference-guides/backup-restore-configuration/backup-restore-configuration.md new file mode 100644 index 00000000000..1f74b2fad9b --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/backup-restore-configuration/backup-restore-configuration.md @@ -0,0 +1,12 @@ +--- +title: Rancher Backup Configuration Reference +--- + + + + + +- [Backup configuration](backup-configuration.md) +- [Restore configuration](restore-configuration.md) +- [Storage location configuration](storage-configuration.md) +- [Example Backup and Restore Custom Resources](examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/best-practices.md b/versioned_docs/version-2.8/reference-guides/best-practices/best-practices.md similarity index 95% rename from versioned_docs/version-2.8/pages-for-subheaders/best-practices.md rename to versioned_docs/version-2.8/reference-guides/best-practices/best-practices.md index 7009f6cce70..546ae01be94 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/best-practices.md +++ b/versioned_docs/version-2.8/reference-guides/best-practices/best-practices.md @@ -14,7 +14,7 @@ Use the navigation bar on the left to find the current best practices for managi For more guidance on best practices, you can consult these resources: -- [Security](rancher-security.md) +- [Security](../rancher-security/rancher-security.md) - [Rancher Blog](https://www.suse.com/c/rancherblog/) - [Rancher Forum](https://forums.rancher.com/) - [Rancher Users Slack](https://slack.rancher.io/) diff --git a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md index 3fd02858c9a..a4db6a3e650 100644 --- a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md +++ b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md @@ -8,7 +8,7 @@ title: Monitoring Best Practices Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. This is not different when using Kubernetes and Rancher. Fortunately the integrated monitoring and alerting functionality makes this whole process a lot easier. -The [Rancher monitoring documentation](../../../pages-for-subheaders/monitoring-and-alerting.md) describes how you can set up a complete Prometheus and Grafana stack. Out of the box this will scrape monitoring data from all system and Kubernetes components in your cluster and provide sensible dashboards and alerts for them to get started. But for a reliable setup, you also need to monitor your own workloads and adapt Prometheus and Grafana to your own specific use cases and cluster sizes. This document aims to give you best practices for this. +The [Rancher monitoring documentation](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) describes how you can set up a complete Prometheus and Grafana stack. Out of the box this will scrape monitoring data from all system and Kubernetes components in your cluster and provide sensible dashboards and alerts for them to get started. But for a reliable setup, you also need to monitor your own workloads and adapt Prometheus and Grafana to your own specific use cases and cluster sizes. This document aims to give you best practices for this. ## What to Monitor @@ -90,7 +90,7 @@ Sometimes it is useful to monitor workloads from the outside. For this, you can If you have a (micro)service architecture where multiple individual workloads within your cluster are communicating with each other, it is really important to have detailed metrics and traces about this traffic to understand how all these workloads are communicating with each other and where a problem or bottleneck may be. -Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click](../../../pages-for-subheaders/istio.md) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. +Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click](../../../integrations-in-rancher/istio/istio.md) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. ## Real User Monitoring @@ -98,7 +98,7 @@ Monitoring the availability and performance of all your internal workloads is vi ## Security Monitoring -In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans](../../../pages-for-subheaders/cis-scan-guides.md) which check if the cluster is configured according to security best practices. +In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) which check if the cluster is configured according to security best practices. For the workloads, you can have a look at Kubernetes and Container security solutions like [NeuVector](https://www.suse.com/products/neuvector/), [Falco](https://falco.org/), [Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/), [SysDig](https://sysdig.com/). @@ -112,4 +112,4 @@ When setting up alerts, configure them for all the workloads that are critical t If an alert starts firing, but there is nothing you can do about it at the moment, it's also fine to silence the alert for a certain amount of time, so that you can look at it later. -You can find more information on how to set up alerts and notification channels in the [Rancher Documentation](../../../pages-for-subheaders/monitoring-and-alerting.md). +You can find more information on how to set up alerts and notification channels in the [Rancher Documentation](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md). diff --git a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md new file mode 100644 index 00000000000..72c44ac9a78 --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md @@ -0,0 +1,23 @@ +--- +title: Best Practices for Rancher Managed Clusters +--- + + + + + +### Logging + +Refer to [this guide](logging-best-practices.md) for our recommendations for cluster-level logging and application logging. + +### Monitoring + +Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. Refer to this [guide](monitoring-best-practices.md) for our recommendations. + +### Tips for Setting Up Containers + +Running well-built containers can greatly impact the overall performance and security of your environment. Refer to this [guide](tips-to-set-up-containers.md) for tips. + +### Best Practices for Rancher Managed vSphere Clusters + +This [guide](rancher-managed-clusters-in-vsphere.md) outlines a reference architecture for provisioning downstream Rancher clusters in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. diff --git a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md index 74243559753..6d35b2dc2d8 100644 --- a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md +++ b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md @@ -43,7 +43,7 @@ Configure appropriate Firewall / ACL rules to only expose access to Rancher ### Size the VM's According to Rancher Documentation -See [Installation Requirements](../../../pages-for-subheaders/installation-requirements.md). +See [Installation Requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md). ### Leverage VM Templates to Construct the Environment diff --git a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/rancher-server.md b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/rancher-server.md new file mode 100644 index 00000000000..a79561ced2c --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/rancher-server.md @@ -0,0 +1,21 @@ +--- +title: Best Practices for the Rancher Server +--- + + + + + +This guide contains our recommendations for running the Rancher server, and is intended to be used in situations in which Rancher manages downstream Kubernetes clusters. + +### Recommended Architecture and Infrastructure + +Refer to this [guide](tips-for-running-rancher.md) for our general advice for setting up the Rancher server on a high-availability Kubernetes cluster. + +### Deployment Strategies + +This [guide](rancher-deployment-strategy.md) is designed to help you choose whether a regional deployment strategy or a hub-and-spoke deployment strategy is better for a Rancher server that manages downstream Kubernetes clusters. + +### Installing Rancher in a vSphere Environment + +This [guide](on-premises-rancher-in-vsphere.md) outlines a reference architecture for installing Rancher in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md index 1ed05696fa2..8c71b562ae0 100644 --- a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md +++ b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md @@ -30,11 +30,11 @@ For best performance, run all three of your nodes in the same geographic datacen It's strongly recommended to have a "staging" or "pre-production" environment of the Kubernetes cluster that Rancher runs on. This environment should mirror your production environment as closely as possible in terms of software and hardware configuration. ### Monitor Your Clusters to Plan Capacity -The Rancher server's Kubernetes cluster should run within the [system and hardware requirements](../../../pages-for-subheaders/installation-requirements.md) as closely as possible. The more you deviate from the system and hardware requirements, the more risk you take. +The Rancher server's Kubernetes cluster should run within the [system and hardware requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) as closely as possible. The more you deviate from the system and hardware requirements, the more risk you take. However, metrics-driven capacity planning analysis should be the ultimate guidance for scaling Rancher, because the published requirements take into account a variety of workload types. Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with Prometheus, a leading open-source monitoring solution, and Grafana, which lets you visualize the metrics from Prometheus. -After you [enable monitoring](../../../pages-for-subheaders/monitoring-and-alerting.md) in the cluster, you can set up alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. +After you [enable monitoring](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) in the cluster, you can set up alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. diff --git a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md index 16707e39feb..896a4978b12 100644 --- a/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md +++ b/versioned_docs/version-2.8/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md @@ -29,7 +29,7 @@ This is typical in Rancher, as many operations create new `RoleBinding` objects You can reduce the number of `RoleBindings` in the upstream cluster in the following ways: * Limit the use of the [Restricted Admin](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) role. Apply other roles wherever possible. -* If you use [external authentication](../../../pages-for-subheaders/authentication-config.md), use groups to assign roles. +* If you use [external authentication](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md), use groups to assign roles. * Only add users to clusters and projects when necessary. * Remove clusters and projects when they are no longer needed. * Only use custom roles if necessary. @@ -93,7 +93,7 @@ You should keep the local Kubernetes cluster up to date. This will ensure that y Etcd is the backend database for Kubernetes and for Rancher. It plays a very important role in Rancher performance. -The two main bottlenecks to [etcd performance](https://etcd.io/docs/v3.4/op-guide/performance/) are disk and network speed. Etcd should run on dedicated nodes with a fast network setup and with SSDs that have high input/output operations per second (IOPS). For more information regarding etcd performance, see [Slow etcd performance (performance testing and optimization)](https://www.suse.com/support/kb/doc/?id=000020100) and [Tuning etcd for Large Installations](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md). Information on disks can also be found in the [Installation Requirements](../../../pages-for-subheaders/installation-requirements.md#disks). +The two main bottlenecks to [etcd performance](https://etcd.io/docs/v3.4/op-guide/performance/) are disk and network speed. Etcd should run on dedicated nodes with a fast network setup and with SSDs that have high input/output operations per second (IOPS). For more information regarding etcd performance, see [Slow etcd performance (performance testing and optimization)](https://www.suse.com/support/kb/doc/?id=000020100) and [Tuning etcd for Large Installations](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md). Information on disks can also be found in the [Installation Requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#disks). It's best to run etcd on exactly three nodes, as adding more nodes will reduce operation speed. This may be counter-intuitive to common scaling approaches, but it's due to etcd's [replication mechanisms](https://etcd.io/docs/v3.5/faq/#what-is-maximum-cluster-size). diff --git a/versioned_docs/version-2.8/pages-for-subheaders/cli-with-rancher.md b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/cli-with-rancher.md similarity index 67% rename from versioned_docs/version-2.8/pages-for-subheaders/cli-with-rancher.md rename to versioned_docs/version-2.8/reference-guides/cli-with-rancher/cli-with-rancher.md index 547d4c50308..a0e50c51b71 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/cli-with-rancher.md +++ b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/cli-with-rancher.md @@ -6,4 +6,4 @@ title: CLI with Rancher -Interact with Rancher using command line interface (CLI) tools from your workstation. The following docs will describe the [Rancher CLI](../reference-guides/cli-with-rancher/rancher-cli.md) and [kubectl Utility](../reference-guides/cli-with-rancher/kubectl-utility.md). \ No newline at end of file +Interact with Rancher using command line interface (CLI) tools from your workstation. The following docs will describe the [Rancher CLI](rancher-cli.md) and [kubectl Utility](kubectl-utility.md). \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md index 0c9a27c1694..03860d29c94 100644 --- a/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md @@ -65,16 +65,16 @@ The following commands are available for use in Rancher CLI. | Command | Result | |---|---| | `apps, [app]` | Performs operations on catalog applications (i.e., individual [Helm charts](https://docs.helm.sh/developing_charts/)) or Rancher charts. | -| `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | -| `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | +| `catalog` | Performs operations on [catalogs](../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md). | +| `clusters, [cluster]` | Performs operations on your [clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | -| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | +| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md)). Specify resources by name or ID. | | `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | | `namespaces, [namespace]` |Performs operations on namespaces. | | `nodes, [node]` |Performs operations on nodes. | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | -| `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | +| `ps` | Displays [workloads](../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) in a project. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | | `help, [h]` | Shows a list of commands or help for one command. | @@ -88,4 +88,4 @@ All commands accept the `--help` flag, which documents each command's usage. ### Limitations -The Rancher CLI **cannot** be used to install [dashboard apps or Rancher feature charts](../../pages-for-subheaders/helm-charts-in-rancher.md). +The Rancher CLI **cannot** be used to install [dashboard apps or Rancher feature charts](../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md). diff --git a/versioned_docs/version-2.8/pages-for-subheaders/cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/cluster-configuration.md similarity index 50% rename from versioned_docs/version-2.8/pages-for-subheaders/cluster-configuration.md rename to versioned_docs/version-2.8/reference-guides/cluster-configuration/cluster-configuration.md index 60e02a8cd40..04264ce4b2d 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/cluster-configuration.md @@ -8,18 +8,18 @@ title: Cluster Configuration After you provision a Kubernetes cluster using Rancher, you can still edit options and settings for the cluster. -For information on editing cluster membership, go to [this page.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) +For information on editing cluster membership, go to [this page.](../../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) ### Cluster Configuration References The cluster configuration options depend on the type of Kubernetes cluster: -- [RKE Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -- [RKE2 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) -- [K3s Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) -- [EKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/eks-cluster-configuration.md) -- [GKE Cluster Configuration](gke-cluster-configuration.md) -- [AKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md) +- [RKE Cluster Configuration](rancher-server-configuration/rke1-cluster-configuration.md) +- [RKE2 Cluster Configuration](rancher-server-configuration/rke2-cluster-configuration.md) +- [K3s Cluster Configuration](rancher-server-configuration/k3s-cluster-configuration.md) +- [EKS Cluster Configuration](rancher-server-configuration/eks-cluster-configuration.md) +- [GKE Cluster Configuration](rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) +- [AKS Cluster Configuration](rancher-server-configuration/aks-cluster-configuration.md) ### Cluster Management Capabilities by Cluster Type diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md new file mode 100644 index 00000000000..897728cd346 --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md @@ -0,0 +1,9 @@ +--- +title: Downstream Cluster Configuration +--- + + + + + +The following docs will discuss [node template configuration](node-template-configuration/node-template-configuration.md) and [machine configuration](machine-configuration/machine-configuration.md). \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md new file mode 100644 index 00000000000..b28ccd669dd --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md @@ -0,0 +1,9 @@ +--- +title: Machine Configuration +--- + + + + + +Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](amazon-ec2.md), [DigitalOcean](digitalocean.md), and [Azure](azure.md) to learn more. \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md index bd79dabbed5..e4b77c5174c 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md @@ -25,7 +25,7 @@ See [Amazon Documentation: Adding Permissions to a User (Console)](https://docs. See our three example JSON policies: - [Example IAM Policy](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy) -- [Example IAM Policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) +- [Example IAM Policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) - [Example IAM Policy to allow encrypted EBS volumes](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-to-allow-encrypted-ebs-volumes) policy to an user. ### Authenticate & Configure Nodes @@ -44,7 +44,7 @@ If you provide your own security group for an EC2 instance, please note that Ran Configure the instances that will be created. Make sure you configure the correct **SSH User** for the configured AMI. It is possible that a selected region does not support the default instance type. In this scenario you must select an instance type that does exist, otherwise an error will occur stating the requested configuration is not supported. -If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md), you will need an additional permission in your policy. See [Example IAM policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) for an example policy. +If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md), you will need an additional permission in your policy. See [Example IAM policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) for an example policy. ### Engine Options diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md new file mode 100644 index 00000000000..bbe4d6127c3 --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md @@ -0,0 +1,9 @@ +--- +title: Node Template Configuration +--- + + + + + +To learn about node template config, refer to [EC2 Node Template Configuration](amazon-ec2.md), [DigitalOcean Node Template Configuration](digitalocean.md), [Azure Node Template Configuration](azure.md), [vSphere Node Template Configuration](vsphere.md), and [Nutanix Node Template Configuration](nutanix.md). diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md index 67cd280e470..dc3974e551f 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md @@ -17,7 +17,7 @@ title: AKS Cluster Configuration Reference When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. -Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../pages-for-subheaders/manage-role-based-access-control-rbac.md) +Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) ## Cloud Credentials diff --git a/versioned_docs/version-2.8/pages-for-subheaders/gke-cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md similarity index 97% rename from versioned_docs/version-2.8/pages-for-subheaders/gke-cluster-configuration.md rename to versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md index de9a1638a9c..8b63d9b8490 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/gke-cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md @@ -107,7 +107,7 @@ _Mutable: no_ :::caution -Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md). +Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](gke-private-clusters.md). ::: @@ -117,7 +117,7 @@ Assign nodes only internal IP addresses. Private cluster nodes cannot access the :::caution -Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md). +Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](gke-private-clusters.md). ::: @@ -204,7 +204,7 @@ The node operating system image. For more information for the node image options :::note -The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](/versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](logging.md) is compatible with the Container-Optimized OS image. +The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](/versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](../../../../integrations-in-rancher/logging/logging.md) is compatible with the Container-Optimized OS image. ::: diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md index 120be47a641..553ab6396cf 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md @@ -30,7 +30,7 @@ This scenario is not officially supported, but is described for cases in which u ::: -If restricting both incoming and outgoing traffic to nodes is a requirement, follow the air-gapped installation instructions to set up a private container image [registry](../../../../pages-for-subheaders/air-gapped-helm-cli-install.md) on the VPC where the cluster is going to be, allowing the cluster nodes to access and download the images they need to run the cluster agent. If the control plane endpoint is also private, Rancher will need [direct access](#direct-access) to it. +If restricting both incoming and outgoing traffic to nodes is a requirement, follow the air-gapped installation instructions to set up a private container image [registry](../../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) on the VPC where the cluster is going to be, allowing the cluster nodes to access and download the images they need to run the cluster agent. If the control plane endpoint is also private, Rancher will need [direct access](#direct-access) to it. ### Private Control Plane Endpoint diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md new file mode 100644 index 00000000000..e4da90d371a --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md @@ -0,0 +1,16 @@ +--- +title: Rancher Server Configuration +--- + + + + + +- [RKE1 Cluster Configuration](rke1-cluster-configuration.md) +- [RKE2 Cluster Configuration](rke2-cluster-configuration.md) +- [K3s Cluster Configuration](k3s-cluster-configuration.md) +- [EKS Cluster Configuration](eks-cluster-configuration.md) +- [AKS Cluster Configuration](aks-cluster-configuration.md) +- [GKE Cluster Configuration](gke-cluster-configuration/gke-cluster-configuration.md) +- [Use Existing Nodes](use-existing-nodes/use-existing-nodes.md) +- [Sync Clusters](sync-clusters.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md index 6d260b3dd68..d97170934a7 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md @@ -6,7 +6,7 @@ title: RKE Cluster Configuration Reference -When Rancher installs Kubernetes, it uses [RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) or [RKE2](https://docs.rke2.io/) as the Kubernetes distribution. +When Rancher installs Kubernetes, it uses [RKE](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) or [RKE2](https://docs.rke2.io/) as the Kubernetes distribution. This section covers the configuration options that are available in Rancher for a new or existing RKE Kubernetes cluster. @@ -20,7 +20,7 @@ You can configure the Kubernetes options one of two ways: The RKE cluster config options are nested under the `rancher_kubernetes_engine_config` directive. For more information, see the section about the [cluster config file.](#rke-cluster-config-file-reference) -In [clusters launched by RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md), you can edit any of the remaining options that follow. +In [clusters launched by RKE](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md), you can edit any of the remaining options that follow. For an example of RKE config file syntax, see the [RKE documentation](https://rancher.com/docs/rke/latest/en/example-yamls/). @@ -92,7 +92,7 @@ Project network isolation is available if you are using any RKE network plugin t ### Kubernetes Cloud Providers -You can configure a [Kubernetes cloud provider](../../../pages-for-subheaders/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. :::note @@ -135,7 +135,7 @@ We recommend using a load balancer with the authorized cluster endpoint. For det ### Node Pools -For information on using the Rancher UI to set up node pools in an RKE cluster, refer to [this page.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +For information on using the Rancher UI to set up node pools in an RKE cluster, refer to [this page.](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### NGINX Ingress @@ -329,7 +329,7 @@ See [Docker Root Directory](#docker-root-directory). ### enable_cluster_monitoring -Option to enable or disable [Cluster Monitoring](../../../pages-for-subheaders/monitoring-and-alerting.md). +Option to enable or disable [Cluster Monitoring](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md). ### enable_network_policy diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index a2a510c7145..0f42286e43a 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -121,7 +121,7 @@ When using `cilium` or `multus,cilium` as your container network interface provi ##### Cloud Provider -You can configure a [Kubernetes cloud provider](../../../pages-for-subheaders/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. :::note @@ -139,7 +139,7 @@ The default [pod security admission configuration template](../../../how-to-guid ##### Worker CIS Profile -Select a [CIS benchmark](../../../pages-for-subheaders/cis-scan-guides.md) to validate the system configuration against. +Select a [CIS benchmark](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) to validate the system configuration against. ##### Project Network Isolation diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md index 3c363d053cf..183cdb4f558 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md @@ -6,7 +6,7 @@ title: Rancher Agent Options -Rancher deploys an agent on each node to communicate with the node. This pages describes the options that can be passed to the agent. To use these options, you will need to [create a cluster with custom nodes](../../../../pages-for-subheaders/use-existing-nodes.md) and add the options to the generated `docker run` command when adding a node. +Rancher deploys an agent on each node to communicate with the node. This pages describes the options that can be passed to the agent. To use these options, you will need to [create a cluster with custom nodes](use-existing-nodes.md) and add the options to the generated `docker run` command when adding a node. For an overview of how Rancher communicates with downstream clusters using node agents, refer to the [architecture section.](../../../rancher-manager-architecture/communicating-with-downstream-user-clusters.md#3-node-agents) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/use-existing-nodes.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md similarity index 67% rename from versioned_docs/version-2.8/pages-for-subheaders/use-existing-nodes.md rename to versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index ef751d50e55..d6386aa119e 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/use-existing-nodes.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -9,7 +9,7 @@ description: To create a cluster with custom nodes, you’ll need to access serv When you create a custom cluster, Rancher uses RKE (the Rancher Kubernetes Engine) to create a Kubernetes cluster in on-prem bare-metal servers, on-prem virtual machines, or in any node hosted by an infrastructure provider. -To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node. +To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node. This section describes how to set up a custom cluster. @@ -17,7 +17,7 @@ This section describes how to set up a custom cluster. :::note Want to use Windows hosts as Kubernetes workers? -See [Configuring Custom Clusters for Windows](use-windows-clusters.md) before you start. +See [Configuring Custom Clusters for Windows](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md) before you start. ::: @@ -29,9 +29,9 @@ Begin creation of a custom cluster by provisioning a Linux host. Your host can b - An on-prem VM - A bare-metal server -If you want to reuse a node from a previous custom cluster, [clean the node](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node](../../../../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. -Provision the host according to the [installation requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) and the [checklist for production-ready clusters.](checklist-for-production-ready-clusters.md) +Provision the host according to the [installation requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) and the [checklist for production-ready clusters.](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) If you're using Amazon EC2 as your host and want to use the [dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/) feature, there are additional [requirements](https://rancher.com/docs/rke//latest/en/config-options/dual-stack#requirements) when provisioning the host. @@ -45,7 +45,7 @@ If you're using Amazon EC2 as your host and want to use the [dual-stack](https:/ :::note Using Windows nodes as Kubernetes workers? - - See [Enable the Windows Support Option](use-windows-clusters.md). + - See [Enable the Windows Support Option](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md). - The only Network Provider available for clusters with Windows support is Flannel. ::: @@ -60,16 +60,16 @@ If you're using Amazon EC2 as your host and want to use the [dual-stack](https:/ 4. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -7. From **Node Role**, choose the roles that you want filled by a cluster node. You must provision at least one node for each role: `etcd`, `worker`, and `control plane`. All three roles are required for a custom cluster to finish provisioning. For more information on roles, see [this section.](../reference-guides/kubernetes-concepts.md#roles-for-nodes-in-kubernetes-clusters) +7. From **Node Role**, choose the roles that you want filled by a cluster node. You must provision at least one node for each role: `etcd`, `worker`, and `control plane`. All three roles are required for a custom cluster to finish provisioning. For more information on roles, see [this section.](../../../kubernetes-concepts.md#roles-for-nodes-in-kubernetes-clusters) :::note -- Using Windows nodes as Kubernetes workers? See [this section](use-windows-clusters.md). +- Using Windows nodes as Kubernetes workers? See [this section](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md). - Bare-Metal Server Reminder: If you plan on dedicating bare-metal servers to each role, you must provision a bare-metal server for each role (i.e. provision multiple bare-metal servers). ::: -8. **Optional**: Click **[Show advanced options](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. +8. **Optional**: Click **[Show advanced options](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. 9. Copy the command displayed on screen to your clipboard. @@ -137,5 +137,5 @@ Key=kubernetes.io/cluster/CLUSTERID, Value=shared After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster: -- **Access your cluster with the kubectl CLI:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. -- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. +- **Access your cluster with the kubectl CLI:** Follow [these steps](../../../../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. +- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../../../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. diff --git a/versioned_docs/version-2.8/reference-guides/kubernetes-concepts.md b/versioned_docs/version-2.8/reference-guides/kubernetes-concepts.md index 707fb8e1c51..e1e880e8cd4 100644 --- a/versioned_docs/version-2.8/reference-guides/kubernetes-concepts.md +++ b/versioned_docs/version-2.8/reference-guides/kubernetes-concepts.md @@ -57,7 +57,7 @@ Each [worker node](https://kubernetes.io/docs/concepts/architecture/nodes/) runs - **Kubelets:** An agent that monitors the state of the node, ensuring your containers are healthy. - **Workloads:** The containers and pods that hold your apps, as well as other types of deployments. -Worker nodes also run storage and networking drivers, and ingress controllers when required. You create as many worker nodes as necessary to run your [workloads](../pages-for-subheaders/workloads-and-pods.md). +Worker nodes also run storage and networking drivers, and ingress controllers when required. You create as many worker nodes as necessary to run your [workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md). ## About Helm diff --git a/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md b/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md new file mode 100644 index 00000000000..62bade46a2a --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md @@ -0,0 +1,15 @@ +--- +title: Monitoring V2 Configuration +--- + + + + + +The following sections will explain important options essential to configuring Monitoring V2 in Rancher: + +- [Receiver Configuration](receivers.md) +- [Route Configuration](routes.md) +- [ServiceMonitor and PodMonitor Configuration](servicemonitors-and-podmonitors.md) +- [Helm Chart Options](helm-chart-options.md) +- [Examples](examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/prometheus-federator.md b/versioned_docs/version-2.8/reference-guides/prometheus-federator/prometheus-federator.md similarity index 97% rename from versioned_docs/version-2.8/pages-for-subheaders/prometheus-federator.md rename to versioned_docs/version-2.8/reference-guides/prometheus-federator/prometheus-federator.md index efef5f5abae..4b1e8a21143 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/prometheus-federator.md +++ b/versioned_docs/version-2.8/reference-guides/prometheus-federator/prometheus-federator.md @@ -24,7 +24,7 @@ Prometheus Federator is designed to be deployed alongside an existing Prometheus 1. On deploying this chart, users can create ProjectHelmCharts CRs with `spec.helmApiVersion` set to `monitoring.cattle.io/v1alpha1` (also known as "Project Monitors" in the Rancher UI) in a **Project Registration Namespace (`cattle-project-`)**. 2. On seeing each ProjectHelmChartCR, the operator will automatically deploy a Project Prometheus stack on the Project Owner's behalf in the **Project Release Namespace (`cattle-project--monitoring`)** based on a HelmChart CR and a HelmRelease CR automatically created by the ProjectHelmChart controller in the **Operator / System Namespace**. -3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). For more information, see the section on [configuring RBAC](../reference-guides/prometheus-federator/rbac.md). +3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). For more information, see the section on [configuring RBAC](rbac.md). ### What is a Project? @@ -43,7 +43,7 @@ As a Project Operator based on [rancher/helm-project-operator](https://github.co 1. **Operator / System Namespace**: The namespace that the operator is deployed into (e.g., `cattle-monitoring-system`). This namespace will contain all HelmCharts and HelmReleases for all ProjectHelmCharts watched by this operator. **Only Cluster Admins should have access to this namespace.** -2. **Project Registration Namespace (`cattle-project-`)**: The set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace. For details, refer to the [RBAC page](../reference-guides/prometheus-federator/rbac.md). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace.** +2. **Project Registration Namespace (`cattle-project-`)**: The set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace. For details, refer to the [RBAC page](rbac.md). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace.** :::note Notes: diff --git a/versioned_docs/version-2.8/reference-guides/prometheus-federator/rbac.md b/versioned_docs/version-2.8/reference-guides/prometheus-federator/rbac.md index 8b54ce9559f..276dd7d75f5 100644 --- a/versioned_docs/version-2.8/reference-guides/prometheus-federator/rbac.md +++ b/versioned_docs/version-2.8/reference-guides/prometheus-federator/rbac.md @@ -8,7 +8,7 @@ title: Role-Based Access Control This section describes the expectations for Role-Based Access Control (RBAC) for Prometheus Federator. -As described in the section on [namespaces](../../pages-for-subheaders/prometheus-federator.md#namespaces), Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: +As described in the section on [namespaces](prometheus-federator.md#namespaces), Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: - ClusterRoleBindings - RoleBindings in the Project Release Namespace diff --git a/versioned_docs/version-2.8/reference-guides/rancher-cluster-tools.md b/versioned_docs/version-2.8/reference-guides/rancher-cluster-tools.md index 63d8490bc41..ca037f533de 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-cluster-tools.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-cluster-tools.md @@ -21,7 +21,7 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For more information, refer to the logging documentation [here.](../pages-for-subheaders/logging.md) +For more information, refer to the logging documentation [here.](../integrations-in-rancher/logging/logging.md) ## Monitoring and Alerts Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. @@ -32,7 +32,7 @@ Notifiers are services that inform you of alert events. You can configure notifi Alerts are rules that trigger those notifications. Before you can receive alerts, you must configure one or more notifier in Rancher. The scope for alerts can be set at either the cluster or project level. -For more information, refer to the monitoring documentation [here.](../pages-for-subheaders/monitoring-and-alerting.md) +For more information, refer to the monitoring documentation [here.](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) ## Istio @@ -40,7 +40,7 @@ For more information, refer to the monitoring documentation [here.](../pages-for Rancher's integration with Istio was improved in Rancher v2.5. -For more information, refer to the Istio documentation [here.](../pages-for-subheaders/istio.md) +For more information, refer to the Istio documentation [here.](../integrations-in-rancher/istio/istio.md) ## OPA Gatekeeper [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper) is an open-source project that provides integration between OPA and Kubernetes to provide policy control via admission controller webhooks. For details on how to enable Gatekeeper in Rancher, refer to the [OPA Gatekeeper section.](../integrations-in-rancher/opa-gatekeeper.md) @@ -49,4 +49,4 @@ For more information, refer to the Istio documentation [here.](../pages-for-subh Rancher can run a security scan to check whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark. -For more information, refer to the CIS scan documentation [here.](../pages-for-subheaders/cis-scan-guides.md) \ No newline at end of file +For more information, refer to the CIS scan documentation [here.](../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/architecture-recommendations.md b/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/architecture-recommendations.md index 1ece990ff8c..b84375fbda5 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/architecture-recommendations.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/architecture-recommendations.md @@ -57,7 +57,7 @@ We recommend the following configurations for the load balancer and Ingress cont It is strongly recommended to install Rancher on a Kubernetes cluster on hosted infrastructure such as Amazon's EC2 or Google Compute Engine. -For the best performance and greater security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and greater security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. ## Recommended Node Roles for Kubernetes Installations @@ -99,7 +99,7 @@ With that said, it is safe to use all three roles on three nodes when setting up Because no additional workloads will be deployed on the Rancher server cluster, in most cases it is not necessary to use the same architecture that we recommend for the scalability and reliability of downstream clusters. -For more best practices for downstream clusters, refer to the [production checklist](../../pages-for-subheaders/checklist-for-production-ready-clusters.md) or our [best practices guide.](../../pages-for-subheaders/best-practices.md) +For more best practices for downstream clusters, refer to the [production checklist](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) or our [best practices guide.](../best-practices/best-practices.md) ## Architecture for an Authorized Cluster Endpoint (ACE) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rancher-manager-architecture.md b/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md similarity index 50% rename from versioned_docs/version-2.8/pages-for-subheaders/rancher-manager-architecture.md rename to versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md index d7e76f28573..97ef05d0b6b 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/rancher-manager-architecture.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md @@ -6,16 +6,16 @@ title: Architecture -This section focuses on the [Rancher server and its components](../reference-guides/rancher-manager-architecture/rancher-server-and-components.md) and how [Rancher communicates with downstream Kubernetes clusters](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md). +This section focuses on the [Rancher server and its components](rancher-server-and-components.md) and how [Rancher communicates with downstream Kubernetes clusters](communicating-with-downstream-user-clusters.md). -For information on the different ways that Rancher can be installed, refer to the [overview of installation options.](installation-and-upgrade.md#overview-of-installation-options) +For information on the different ways that Rancher can be installed, refer to the [overview of installation options.](../../getting-started/installation-and-upgrade/installation-and-upgrade.md#overview-of-installation-options) -For a list of main features of the Rancher API server, refer to the [overview section.](../getting-started/overview.md#features-of-the-rancher-api-server) +For a list of main features of the Rancher API server, refer to the [overview section.](../../getting-started/overview.md#features-of-the-rancher-api-server) -For guidance about setting up the underlying infrastructure for the Rancher server, refer to the [architecture recommendations.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +For guidance about setting up the underlying infrastructure for the Rancher server, refer to the [architecture recommendations.](architecture-recommendations.md) :::note -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../kubernetes-concepts.md) page. ::: \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/rancher-server-and-components.md b/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/rancher-server-and-components.md index e9fec332622..d30d4900d23 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/rancher-server-and-components.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-manager-architecture/rancher-server-and-components.md @@ -10,9 +10,9 @@ The majority of Rancher 2.x software runs on the Rancher Server. Rancher Server The figure below illustrates the high-level architecture of Rancher 2.x. The figure depicts a Rancher Server installation that manages two downstream Kubernetes clusters: one created by RKE and another created by Amazon EKS (Elastic Kubernetes Service). -For the best performance and security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. -The diagram below shows how users can manipulate both [Rancher-launched Kubernetes](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters and [hosted Kubernetes](../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md) clusters through Rancher's authentication proxy: +The diagram below shows how users can manipulate both [Rancher-launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters and [hosted Kubernetes](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) clusters through Rancher's authentication proxy:
Managing Kubernetes Clusters through Rancher's Authentication Proxy
diff --git a/versioned_docs/version-2.8/reference-guides/rancher-project-tools.md b/versioned_docs/version-2.8/reference-guides/rancher-project-tools.md index f199d246d2c..d2b99f71fa9 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-project-tools.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-project-tools.md @@ -29,8 +29,8 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For details, refer to the [logging section.](../pages-for-subheaders/logging.md) +For details, refer to the [logging section.](../integrations-in-rancher/logging/logging.md) ## Monitoring -Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.](../pages-for-subheaders/monitoring-and-alerting.md) +Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rancher-hardening-guides.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/hardening-guides.md similarity index 62% rename from versioned_docs/version-2.8/pages-for-subheaders/rancher-hardening-guides.md rename to versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/hardening-guides.md index 5db6c192945..1ab615e083e 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/rancher-hardening-guides.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/hardening-guides.md @@ -26,31 +26,31 @@ Each self-assessment guide is accompanied by a hardening guide. These guides wer | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | |--------------------|-----------------------|-----------------------|------------------| -| Kubernetes v1.23 | CIS v1.23 | [Link](../reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke1-hardening-guide.md) | -| Kubernetes v1.24 | CIS v1.24 | [Link](../reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke1-hardening-guide.md) | -| Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](../reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke1-hardening-guide.md) | +| Kubernetes v1.23 | CIS v1.23 | [Link](rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke1-hardening-guide/rke1-hardening-guide.md) | +| Kubernetes v1.24 | CIS v1.24 | [Link](rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke1-hardening-guide/rke1-hardening-guide.md) | +| Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke1-hardening-guide/rke1-hardening-guide.md) | ### RKE2 Guides | Type | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | |------|--------------------|-----------------------|-----------------------|------------------| -| Rancher provisioned RKE2 | Kubernetes v1.23 | CIS v1.23 | [Link](../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke2-hardening-guide.md) | -| Rancher provisioned RKE2 | Kubernetes v1.24 | CIS v1.24 | [Link](../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke2-hardening-guide.md) | -| Rancher provisioned RKE2 | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke2-hardening-guide.md) | +| Rancher provisioned RKE2 | Kubernetes v1.23 | CIS v1.23 | [Link](rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke2-hardening-guide/rke2-hardening-guide.md) | +| Rancher provisioned RKE2 | Kubernetes v1.24 | CIS v1.24 | [Link](rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke2-hardening-guide/rke2-hardening-guide.md) | +| Rancher provisioned RKE2 | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke2-hardening-guide/rke2-hardening-guide.md) | | Standalone RKE2 | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](https://docs.rke2.io/security/cis_self_assessment123) | [Link](https://docs.rke2.io/security/hardening_guide) | ### K3s Guides | Type | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | |------|--------------------|-----------------------|-----------------------|------------------| -| Rancher provisioned K3s cluster | Kubernetes v1.23 | CIS v1.23 | [Link](../reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](k3s-hardening-guide.md) | -| Rancher provisioned K3s cluster | Kubernetes v1.24 | CIS v1.24 | [Link](../reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](k3s-hardening-guide.md) | -| Rancher provisioned K3s cluster | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](../reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](k3s-hardening-guide.md) | +| Rancher provisioned K3s cluster | Kubernetes v1.23 | CIS v1.23 | [Link](k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](k3s-hardening-guide/k3s-hardening-guide.md) | +| Rancher provisioned K3s cluster | Kubernetes v1.24 | CIS v1.24 | [Link](k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](k3s-hardening-guide/k3s-hardening-guide.md) | +| Rancher provisioned K3s cluster | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](k3s-hardening-guide/k3s-hardening-guide.md) | | Standalone K3s | Kubernetes v1.22 up to v1.24 | CIS v1.23 | [Link](https://docs.k3s.io/security/self-assessment) | [Link](https://docs.k3s.io/security/hardening-guide) | ## Rancher with SELinux [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a kernel module that adds extra access controls and security tools to Linux. Historically used by government agencies, SELinux is now industry-standard. SELinux is enabled by default on RHEL and CentOS. -To use Rancher with SELinux, we recommend [installing](../reference-guides/rancher-security/selinux-rpm/about-rancher-selinux.md) the `rancher-selinux` RPM. +To use Rancher with SELinux, we recommend [installing](../selinux-rpm/about-rancher-selinux.md) the `rancher-selinux` RPM. diff --git a/versioned_docs/version-2.8/pages-for-subheaders/k3s-hardening-guide.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-hardening-guide.md similarity index 100% rename from versioned_docs/version-2.8/pages-for-subheaders/k3s-hardening-guide.md rename to versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-hardening-guide.md diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md index d0ddba7d1e7..c34143594e8 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md @@ -6,7 +6,7 @@ title: K3s Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23 -This document is a companion to the [K3s Hardening Guide](../../../../pages-for-subheaders/k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [K3s Hardening Guide](k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md index 1d348069a2a..0b199590889 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md @@ -6,7 +6,7 @@ title: K3s Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24 -This document is a companion to the [K3s Hardening Guide](../../../../pages-for-subheaders/k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [K3s Hardening Guide](k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md index e7373288b35..fe6b3ef299c 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md @@ -6,7 +6,7 @@ title: K3s Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27 -This document is a companion to the [K3s Hardening Guide](../../../../pages-for-subheaders/k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [K3s Hardening Guide](k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rke1-hardening-guide.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide.md similarity index 93% rename from versioned_docs/version-2.8/pages-for-subheaders/rke1-hardening-guide.md rename to versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide.md index 4d6f97e18c7..fa442feb275 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/rke1-hardening-guide.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide.md @@ -151,13 +151,13 @@ Execute this script to apply the `default-allow-all.yaml` configuration with the ## Known Limitations - Rancher **exec shell** and **view logs** for pods are **not** functional in a hardened setup when only a public IP is provided when registering custom nodes. This functionality requires a private IP to be provided when registering the custom nodes. -- When setting `default_pod_security_policy_template_id:` to `restricted` or `restricted-noroot`, based on the pod security policies (PSP) [provided](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) by Rancher, Rancher creates `RoleBindings` and `ClusterRoleBindings` on the `default` service accounts. The CIS check 5.1.5 requires that the `default` service accounts have no roles or cluster roles bound to it apart from the defaults. In addition, the `default` service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments. +- When setting `default_pod_security_policy_template_id:` to `restricted` or `restricted-noroot`, based on the pod security policies (PSP) [provided](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) by Rancher, Rancher creates `RoleBindings` and `ClusterRoleBindings` on the `default` service accounts. The CIS check 5.1.5 requires that the `default` service accounts have no roles or cluster roles bound to it apart from the defaults. In addition, the `default` service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments. ## Reference Hardened RKE `cluster.yml` Configuration The reference `cluster.yml` is used by the RKE CLI that provides the configuration needed to achieve a hardened installation of RKE. RKE [documentation](https://rancher.com/docs/rke/latest/en/installation/) provides additional details about the configuration items. This reference `cluster.yml` does not include the required `nodes` directive which will vary depending on your environment. Documentation for node configuration in RKE can be found [here](https://rancher.com/docs/rke/latest/en/config-options/nodes/). -The example `cluster.yml` configuration file contains an Admission Configuration policy in the `services.kube-api.admission_configuration` field. This [sample](../reference-guides/rancher-security/psa-restricted-exemptions.md) policy contains the namespace exemptions necessary for an imported RKE cluster to run properly in Rancher, similar to Rancher's pre-defined [`rancher-restricted`](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) policy. +The example `cluster.yml` configuration file contains an Admission Configuration policy in the `services.kube-api.admission_configuration` field. This [sample](../../psa-restricted-exemptions.md) policy contains the namespace exemptions necessary for an imported RKE cluster to run properly in Rancher, similar to Rancher's pre-defined [`rancher-restricted`](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) policy. If you prefer to use RKE's default `restricted` policy, then leave the `services.kube-api.admission_configuration` field empty and set `services.pod_security_configuration` to `restricted`. See [the RKE docs](https://rke.docs.rancher.com/config-options/services/pod-security-admission) for more information. @@ -165,7 +165,7 @@ If you prefer to use RKE's default `restricted` policy, then leave the `services :::note -If you intend to import an RKE cluster into Rancher, please consult the [documentation](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. +If you intend to import an RKE cluster into Rancher, please consult the [documentation](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. ::: ```yaml @@ -404,7 +404,7 @@ addons: | ## Reference Hardened RKE Cluster Template Configuration -The reference RKE cluster template provides the minimum required configuration to achieve a hardened installation of Kubernetes. RKE templates are used to provision Kubernetes and define Rancher settings. Follow the Rancher [documentation](installation-and-upgrade.md) for additional information about installing RKE and its template details. +The reference RKE cluster template provides the minimum required configuration to achieve a hardened installation of Kubernetes. RKE templates are used to provision Kubernetes and define Rancher settings. Follow the Rancher [documentation](../../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) for additional information about installing RKE and its template details. diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md index 9c6d1369a90..774f12f8be9 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md @@ -6,7 +6,7 @@ title: RKE Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23 -This document is a companion to the [RKE Hardening Guide](../../../../pages-for-subheaders/rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE Hardening Guide](rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md index 5f3c20fb37f..e37a56d277e 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md @@ -6,7 +6,7 @@ title: RKE Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24 -This document is a companion to the [RKE Hardening Guide](../../../../pages-for-subheaders/rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE Hardening Guide](rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md index 9fe9ca2045f..bfb274d96fa 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md @@ -6,7 +6,7 @@ title: RKE Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27 -This document is a companion to the [RKE Hardening Guide](../../../../pages-for-subheaders/rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE Hardening Guide](rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rke2-hardening-guide.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md similarity index 98% rename from versioned_docs/version-2.8/pages-for-subheaders/rke2-hardening-guide.md rename to versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md index 378050c8e45..0cce6028916 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/rke2-hardening-guide.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md @@ -124,7 +124,7 @@ When both the `defaultPodSecurityAdmissionConfigurationTemplateName` and `profil These namespaces are exempted to allow system pods to run without restrictions, which is required for proper operation of the cluster. :::note -If you intend to import an RKE cluster into Rancher, please consult the [documentation](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. +If you intend to import an RKE cluster into Rancher, please consult the [documentation](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. ::: diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md index 3099612cacb..d9145e2ce85 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md @@ -6,7 +6,7 @@ title: RKE2 Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23 -This document is a companion to the [RKE2 Hardening Guide](../../../../pages-for-subheaders/rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE2 Hardening Guide](rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md index ba80c0a516a..0e74634d09d 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md @@ -6,7 +6,7 @@ title: RKE2 Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24 -This document is a companion to the [RKE2 Hardening Guide](../../../../pages-for-subheaders/rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE2 Hardening Guide](rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md index b7d4a36ea4b..c93773a62a7 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md @@ -6,7 +6,7 @@ title: RKE2 Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27 -This document is a companion to the [RKE2 Hardening Guide](../../../../pages-for-subheaders/rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE2 Hardening Guide](rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/rancher-security-best-practices.md b/versioned_docs/version-2.8/reference-guides/rancher-security/rancher-security-best-practices.md index 1a5cb92faa7..ea78abe7d0e 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/rancher-security-best-practices.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/rancher-security-best-practices.md @@ -18,4 +18,4 @@ See [OWASP Web Application Security Testing - Enumerate Infrastructure and Appli Some environments may require additional security controls for session management. For example, you may want to limit users' concurrent active sessions or restrict which geolocations those sessions can be initiated from. Such features are not supported by Rancher out of the box. -If you require such features, combine Layer 7 firewalls with [external authentication providers](../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication). \ No newline at end of file +If you require such features, combine Layer 7 firewalls with [external authentication providers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md#external-vs-local-authentication). \ No newline at end of file diff --git a/versioned_docs/version-2.8/pages-for-subheaders/rancher-security.md b/versioned_docs/version-2.8/reference-guides/rancher-security/rancher-security.md similarity index 87% rename from versioned_docs/version-2.8/pages-for-subheaders/rancher-security.md rename to versioned_docs/version-2.8/reference-guides/rancher-security/rancher-security.md index b03d7c1da30..dff8475c3ce 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/rancher-security.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/rancher-security.md @@ -23,13 +23,13 @@ title: Security -Security is at the heart of all Rancher features. From integrating with all the popular authentication tools and services, to an enterprise grade [RBAC capability](manage-role-based-access-control-rbac.md), Rancher makes your Kubernetes clusters even more secure. +Security is at the heart of all Rancher features. From integrating with all the popular authentication tools and services, to an enterprise grade [RBAC capability](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md), Rancher makes your Kubernetes clusters even more secure. On this page, we provide security related documentation along with resources to help you secure your Rancher installation and your downstream Kubernetes clusters. ### NeuVector Integration with Rancher -NeuVector is an open-source, container-focused security application that is now integrated into Rancher. NeuVector provides production security, DevOps vulnerability protection, and a container firewall, et al. Please see the [Rancher docs](../integrations-in-rancher/neuvector/neuvector.md) and the [NeuVector docs](https://open-docs.neuvector.com/) for more information. +NeuVector is an open-source, container-focused security application that is now integrated into Rancher. NeuVector provides production security, DevOps vulnerability protection, and a container firewall, et al. Please see the [Rancher docs](../../integrations-in-rancher/neuvector/neuvector.md) and the [NeuVector docs](https://open-docs.neuvector.com/) for more information. ### Running a CIS Security Scan on a Kubernetes Cluster @@ -45,13 +45,13 @@ The Benchmark provides recommendations of two types: Automated and Manual. We ru When Rancher runs a CIS security scan on a cluster, it generates a report showing the results of each test, including a summary with the number of passed, skipped and failed tests. The report also includes remediation steps for any failed tests. -For details, refer to the section on [security scans](cis-scan-guides.md). +For details, refer to the section on [security scans](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md). ### SELinux RPM [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8. -We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: `rancher-selinux` and `rke2-selinux`. For details, see [this page](selinux-rpm.md). +We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: `rancher-selinux` and `rke2-selinux`. For details, see [this page](selinux-rpm/selinux-rpm.md). ### Rancher Hardening Guide @@ -84,16 +84,16 @@ Please note that new reports are no longer shared or made publicly available. ### Rancher Security Advisories and CVEs -Rancher is committed to informing the community of security issues in our products. For the list of CVEs (Common Vulnerabilities and Exposures) for issues we have resolved, refer to [this page.](../reference-guides/rancher-security/security-advisories-and-cves.md) +Rancher is committed to informing the community of security issues in our products. For the list of CVEs (Common Vulnerabilities and Exposures) for issues we have resolved, refer to [this page.](security-advisories-and-cves.md) ### Kubernetes Security Best Practices -For recommendations on securing your Kubernetes cluster, refer to the [Kubernetes Security Best Practices](../reference-guides/rancher-security/kubernetes-security-best-practices.md) guide. +For recommendations on securing your Kubernetes cluster, refer to the [Kubernetes Security Best Practices](kubernetes-security-best-practices.md) guide. ### Rancher Security Best Practices -For recommendations on securing your Rancher Manager deployments, refer to the [Rancher Security Best Practices](../reference-guides/rancher-security/rancher-security-best-practices.md) guide. +For recommendations on securing your Rancher Manager deployments, refer to the [Rancher Security Best Practices](rancher-security-best-practices.md) guide. ### Rancher Webhook Hardening -The Rancher webhook deploys on both the upstream Rancher cluster and all provisioned clusters. For recommendations on hardening the Rancher webhook, see the [Hardening the Rancher Webhook](../reference-guides/rancher-security/rancher-webhook-hardening.md) guide. \ No newline at end of file +The Rancher webhook deploys on both the upstream Rancher cluster and all provisioned clusters. For recommendations on hardening the Rancher webhook, see the [Hardening the Rancher Webhook](rancher-webhook-hardening.md) guide. \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md b/versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md index 8f3649e7a85..ad7fb02ad7b 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md @@ -23,8 +23,8 @@ Rancher is committed to informing the community of security issues in our produc | [CVE-2022-31247](https://github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg) | An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation in downstream clusters through cluster role template binding (CRTB) and project role template binding (PRTB). The vulnerability can be exploited by any user who has permissions to create/edit CRTB or PRTB (such as `cluster-owner`, `manage cluster members`, `project-owner`, and `manage project members`) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. | 18 August 2022 | [Rancher v2.6.7](https://github.com/rancher/rancher/releases/tag/v2.6.7) and [Rancher v2.5.16](https://github.com/rancher/rancher/releases/tag/v2.5.16) | | [CVE-2021-36783](https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8) | It was discovered that in Rancher versions up to and including 2.5.12 and 2.6.3, there is a failure to properly sanitize credentials in cluster template answers. This failure can lead to plaintext storage and exposure of credentials, passwords, and API tokens. The exposed credentials are visible in Rancher to authenticated `Cluster Owners`, `Cluster Members`, `Project Owners`, and `Project Members` on the endpoints `/v1/management.cattle.io.clusters`, `/v3/clusters`, and `/k8s/clusters/local/apis/management.cattle.io/v3/clusters`. | 18 August 2022 | [Rancher v2.6.7](https://github.com/rancher/rancher/releases/tag/v2.6.7) and [Rancher v2.5.16](https://github.com/rancher/rancher/releases/tag/v2.5.16) | | [CVE-2021-36782](https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f) | An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields like passwords, API keys, and Rancher's service account token (used to provision clusters) were stored in plaintext directly on Kubernetes objects like `Clusters` (e.g., `cluster.management.cattle.io`). Anyone with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data. The issue was partially found and reported by Florian Struck (from [Continum AG](https://www.continum.net/)) and [Marco Stuurman](https://github.com/fe-ax) (from [Shock Media B.V.](https://www.shockmedia.nl/)). | 18 August 2022 | [Rancher v2.6.7](https://github.com/rancher/rancher/releases/tag/v2.6.7) and [Rancher v2.5.16](https://github.com/rancher/rancher/releases/tag/v2.5.16) | -| [CVE-2022-21951](https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c) | This vulnerability only affects customers using [Weave](../../faq/container-network-interface-providers.md#weave) Container Network Interface (CNI) when configured through [RKE templates](../../pages-for-subheaders/about-rke1-templates.md). A vulnerability was discovered in Rancher versions 2.5.0 up to and including 2.5.13, and 2.6.0 up to and including 2.6.4, where a user interface (UI) issue with RKE templates does not include a value for the Weave password when Weave is chosen as the CNI. If a cluster is created based on the mentioned template, and Weave is configured as the CNI, no password will be created for [network encryption](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/) in Weave; therefore, network traffic in the cluster will be sent unencrypted. | 24 May 2022 | [Rancher v2.6.5](https://github.com/rancher/rancher/releases/tag/v2.6.5) and [Rancher v2.5.14](https://github.com/rancher/rancher/releases/tag/v2.5.14) | -| [CVE-2021-36784](https://github.com/rancher/rancher/security/advisories/GHSA-jwvr-vv7p-gpwq) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 which allows users who have create or update permissions on [Global Roles](../../pages-for-subheaders/manage-role-based-access-control-rbac.md) to escalate their permissions, or those of another user, to admin-level permissions. Global Roles grant users Rancher-wide permissions, such as the ability to create clusters. In the identified versions of Rancher, when users are given permission to edit or create Global Roles, they are not restricted to only granting permissions which they already posses. This vulnerability affects customers who utilize non-admin users that are able to create or edit Global Roles. The most common use case for this scenario is the `restricted-admin` role. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | +| [CVE-2022-21951](https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c) | This vulnerability only affects customers using [Weave](../../faq/container-network-interface-providers.md#weave) Container Network Interface (CNI) when configured through [RKE templates](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md). A vulnerability was discovered in Rancher versions 2.5.0 up to and including 2.5.13, and 2.6.0 up to and including 2.6.4, where a user interface (UI) issue with RKE templates does not include a value for the Weave password when Weave is chosen as the CNI. If a cluster is created based on the mentioned template, and Weave is configured as the CNI, no password will be created for [network encryption](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/) in Weave; therefore, network traffic in the cluster will be sent unencrypted. | 24 May 2022 | [Rancher v2.6.5](https://github.com/rancher/rancher/releases/tag/v2.6.5) and [Rancher v2.5.14](https://github.com/rancher/rancher/releases/tag/v2.5.14) | +| [CVE-2021-36784](https://github.com/rancher/rancher/security/advisories/GHSA-jwvr-vv7p-gpwq) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 which allows users who have create or update permissions on [Global Roles](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) to escalate their permissions, or those of another user, to admin-level permissions. Global Roles grant users Rancher-wide permissions, such as the ability to create clusters. In the identified versions of Rancher, when users are given permission to edit or create Global Roles, they are not restricted to only granting permissions which they already posses. This vulnerability affects customers who utilize non-admin users that are able to create or edit Global Roles. The most common use case for this scenario is the `restricted-admin` role. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | | [CVE-2021-4200](https://github.com/rancher/rancher/security/advisories/GHSA-hx8w-ghh8-r4xf) | This vulnerability only affects customers using the `restricted-admin` role in Rancher. A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 where the `global-data` role in `cattle-global-data` namespace grants write access to the Catalogs. Since each user with any level of catalog access was bound to the `global-data` role, this grants write access to templates (`CatalogTemplates`) and template versions (`CatalogTemplateVersions`) for any user with any level of catalog access. New users created in Rancher are by default assigned to the `user` role (standard user), which is not designed to grant write catalog access. This vulnerability effectively elevates the privilege of any user to write access for the catalog template and catalog template version resources. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | | [GHSA-wm2r-rp98-8pmh](https://github.com/rancher/rancher/security/advisories/GHSA-wm2r-rp98-8pmh) | This vulnerability only affects customers using [Fleet](../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md) for continuous delivery with authenticated Git and/or Helm repositories. An issue was discovered in `go-getter` library in versions prior to [`v1.5.11`](https://github.com/hashicorp/go-getter/releases/tag/v1.5.11) that exposes SSH private keys in base64 format due to a failure in redacting such information from error messages. The vulnerable version of this library is used in Rancher through Fleet in versions of Fleet prior to [`v0.3.9`](https://github.com/rancher/fleet/releases/tag/v0.3.9). This issue affects Rancher versions 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3. The issue was found and reported by Dagan Henderson from Raft Engineering. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | | [CVE-2021-36778](https://github.com/rancher/rancher/security/advisories/GHSA-4fc7-hc63-7fjg) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.11 and from 2.6.0 up to and including 2.6.2, where an insufficient check of the same-origin policy when downloading Helm charts from a configured private repository can lead to exposure of the repository credentials to a third-party provider. This issue only happens when the user configures access credentials to a private repository in Rancher inside `Apps & Marketplace > Repositories`. The issue was found and reported by Martin Andreas Ullrich. | 14 Apr 2022 | [Rancher v2.6.3](https://github.com/rancher/rancher/releases/tag/v2.6.3) and [Rancher v2.5.12](https://github.com/rancher/rancher/releases/tag/v2.5.12) | diff --git a/versioned_docs/version-2.8/pages-for-subheaders/selinux-rpm.md b/versioned_docs/version-2.8/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md similarity index 85% rename from versioned_docs/version-2.8/pages-for-subheaders/selinux-rpm.md rename to versioned_docs/version-2.8/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md index c72c72ff56a..f2d93d01bb1 100644 --- a/versioned_docs/version-2.8/pages-for-subheaders/selinux-rpm.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md @@ -17,4 +17,4 @@ After being historically used by government agencies, SELinux is now industry st Enforcing ``` -We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: [`rancher-selinux`](../reference-guides/rancher-security/selinux-rpm/about-rancher-selinux.md) and [`rke2-selinux`](../reference-guides/rancher-security/selinux-rpm/about-rke2-selinux.md). \ No newline at end of file +We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: [`rancher-selinux`](about-rancher-selinux.md) and [`rke2-selinux`](about-rke2-selinux.md). \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/advanced-options.md b/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/advanced-options.md index 081d79e4b04..4d410831bf9 100644 --- a/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/advanced-options.md +++ b/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/advanced-options.md @@ -19,7 +19,7 @@ Use the command example to start a Rancher container with your private CA certif The example below is based on having the CA root certificates in the `/host/certs` directory on the host and mounting this directory on `/container/certs` inside the Rancher container. -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ``` docker run -d --restart=unless-stopped \ @@ -38,7 +38,7 @@ The API Audit Log writes to `/var/log/auditlog` inside the rancher container by See [API Audit Log](../../how-to-guides/advanced-user-guides/enable-api-audit-log.md) for more information and options. -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ``` docker run -d --restart=unless-stopped \ @@ -61,7 +61,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) See [TLS settings](../../getting-started/installation-and-upgrade/installation-references/tls-settings.md) for more information and options. @@ -87,7 +87,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ### Running `rancher/rancher` and `rancher/rancher-agent` on the Same Node @@ -106,4 +106,4 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) diff --git a/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md b/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md index bc81ed966c2..4936d839dd2 100644 --- a/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md @@ -24,7 +24,7 @@ NO_PROXY must be in uppercase to use network range (CIDR) notation. ## Docker Installation -Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md) are: +Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) are: - `localhost` - `127.0.0.1` @@ -46,7 +46,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ### Air-gapped proxy configuration diff --git a/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md b/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md new file mode 100644 index 00000000000..e605bd0c77a --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md @@ -0,0 +1,9 @@ +--- +title: Single Node Rancher in Docker +--- + + + + + +The following docs will discuss [HTTP proxy configuration](http-proxy-configuration.md) and [advanced options](advanced-options.md) for Docker installs. \ No newline at end of file diff --git a/versioned_docs/version-2.8/reference-guides/user-settings/api-keys.md b/versioned_docs/version-2.8/reference-guides/user-settings/api-keys.md index 95a26a81a45..d5ff1d1fb24 100644 --- a/versioned_docs/version-2.8/reference-guides/user-settings/api-keys.md +++ b/versioned_docs/version-2.8/reference-guides/user-settings/api-keys.md @@ -51,7 +51,7 @@ Users may opt to enable [token hashing](../about-the-api/api-tokens.md). - Enter your API key information into the application that will send requests to the Rancher API. - Learn more about the Rancher endpoints and parameters by selecting **View in API** for an object in the Rancher UI. -- API keys are used for API calls and [Rancher CLI](../../pages-for-subheaders/cli-with-rancher.md). +- API keys are used for API calls and [Rancher CLI](../cli-with-rancher/cli-with-rancher.md). ## Deleting API Keys diff --git a/versioned_docs/version-2.8/reference-guides/user-settings/manage-cloud-credentials.md b/versioned_docs/version-2.8/reference-guides/user-settings/manage-cloud-credentials.md index e93b79d5c07..f32c283f3b3 100644 --- a/versioned_docs/version-2.8/reference-guides/user-settings/manage-cloud-credentials.md +++ b/versioned_docs/version-2.8/reference-guides/user-settings/manage-cloud-credentials.md @@ -6,7 +6,7 @@ title: Managing Cloud Credentials -When you create a cluster [hosted by an infrastructure provider](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), [node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. +When you create a cluster [hosted by an infrastructure provider](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), [node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. Node templates can use cloud credentials to access the credential information required to provision nodes in the infrastructure providers. The same cloud credential can be used by multiple node templates. By using a cloud credential, you do not have to re-enter access keys for the same cloud provider. Cloud credentials are stored as Kubernetes secrets. @@ -14,7 +14,7 @@ Cloud credentials are only used by node templates if there are fields marked as You can create cloud credentials in two contexts: -- [During creation of a node template](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for a cluster. +- [During creation of a node template](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) for a cluster. - In the **User Settings** Cloud credentials are bound to their creator's user profile. They **cannot** be shared between non-admin users. However, admins are able to view and manage the cloud credentials of other users. @@ -29,7 +29,7 @@ Cloud credentials are bound to their creator's user profile. They **cannot** be 1. Based on the selected cloud credential type, enter the required values to authenticate with the infrastructure provider. 1. Click **Create**. -**Result:** The cloud credential is created and can immediately be used to [create node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates). +**Result:** The cloud credential is created and can immediately be used to [create node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). ## Updating a Cloud Credential @@ -40,7 +40,7 @@ When access credentials are changed or compromised, updating a cloud credential 1. Choose the cloud credential you want to edit and click the **⋮ > Edit Config**. 1. Update the credential information and click **Save**. -**Result:** The cloud credential is updated with the new access credentials. All existing node templates using this cloud credential will automatically use the updated information whenever [new nodes are added](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The cloud credential is updated with the new access credentials. All existing node templates using this cloud credential will automatically use the updated information whenever [new nodes are added](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Deleting a Cloud Credential diff --git a/versioned_docs/version-2.8/reference-guides/user-settings/manage-node-templates.md b/versioned_docs/version-2.8/reference-guides/user-settings/manage-node-templates.md index fab13f80ffc..2d83b899104 100644 --- a/versioned_docs/version-2.8/reference-guides/user-settings/manage-node-templates.md +++ b/versioned_docs/version-2.8/reference-guides/user-settings/manage-node-templates.md @@ -6,10 +6,10 @@ title: Managing Node Templates -When you provision a cluster [hosted by an infrastructure provider](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), [node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. You can create node templates in two contexts: +When you provision a cluster [hosted by an infrastructure provider](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), [node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. You can create node templates in two contexts: -- While [provisioning a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). -- At any time, from your [user settings](../../pages-for-subheaders/user-settings.md). +- While [provisioning a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). +- At any time, from your [user settings](user-settings.md). When you create a node template, it is bound to your user profile. Node templates cannot be shared among users. You can delete stale node templates that you no longer user from your user settings. @@ -20,7 +20,7 @@ When you create a node template, it is bound to your user profile. Node template 1. Click **Add Template**. 1. Select one of the cloud providers available. Then follow the instructions on screen to configure the template. -**Result:** The template is configured. You can use the template later when you [provision a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The template is configured. You can use the template later when you [provision a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Updating a Node Template @@ -30,7 +30,7 @@ When you create a node template, it is bound to your user profile. Node template :::note - The default `active` [node drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md) and any node driver, that has fields marked as `password`, are required to use [cloud credentials](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#cloud-credentials). + The default `active` [node drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md) and any node driver, that has fields marked as `password`, are required to use [cloud credentials](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#cloud-credentials). ::: @@ -47,7 +47,7 @@ When creating new node templates from your user settings, you can clone an exist 1. Find the template you want to clone. Then select **⋮ > Clone**. 1. Complete the rest of the form. -**Result:** The template is cloned and configured. You can use the template later when you [provision a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The template is cloned and configured. You can use the template later when you [provision a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Deleting a Node Template diff --git a/versioned_docs/version-2.8/reference-guides/user-settings/user-settings.md b/versioned_docs/version-2.8/reference-guides/user-settings/user-settings.md new file mode 100644 index 00000000000..496fde5638c --- /dev/null +++ b/versioned_docs/version-2.8/reference-guides/user-settings/user-settings.md @@ -0,0 +1,19 @@ +--- +title: User Settings +--- + + + + + +Within Rancher, each user has a number of settings associated with their login: personal preferences, API keys, etc. You can configure these settings by choosing from the **User Settings** menu. You can open this menu by clicking your avatar, located within the main menu. + +![User Settings Menu](/img/user-settings.png) + +The available user settings are: + +- [API & Keys](api-keys.md): If you want to interact with Rancher programmatically, you need an API key. Follow the directions in this section to obtain a key. +- [Cloud Credentials](manage-cloud-credentials.md): Manage cloud credentials [used by node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) to [provision nodes for clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). +- [Node Templates](manage-node-templates.md): Manage templates [used by Rancher to provision nodes for clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). +- [Preferences](user-preferences.md): Sets superficial preferences for the Rancher UI. +- Log Out: Ends your user session. diff --git a/versioned_docs/version-2.8/security/security-scan/security-scan.md b/versioned_docs/version-2.8/security/security-scan/security-scan.md index 061d0af8edd..cacabb6266d 100644 --- a/versioned_docs/version-2.8/security/security-scan/security-scan.md +++ b/versioned_docs/version-2.8/security/security-scan/security-scan.md @@ -6,4 +6,4 @@ title: Security Scans -The documentation about CIS security scans has moved [here.](../../pages-for-subheaders/cis-scan-guides.md) +The documentation about CIS security scans has moved [here.](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) diff --git a/versioned_docs/version-2.8/shared-files/_cluster-capabilities-table.md b/versioned_docs/version-2.8/shared-files/_cluster-capabilities-table.md index b74973f5a67..6cffdba23c4 100644 --- a/versioned_docs/version-2.8/shared-files/_cluster-capabilities-table.md +++ b/versioned_docs/version-2.8/shared-files/_cluster-capabilities-table.md @@ -2,13 +2,13 @@ | --- | --- | ---| ---|----| | [Using kubectl and a kubeconfig file to Access a Cluster](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md) | ✓ | ✓ | ✓ | ✓ | | [Managing Cluster Members](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) | ✓ | ✓ | ✓ | ✓ | -| [Editing and Upgrading Clusters](../pages-for-subheaders/cluster-configuration.md) | ✓ | ✓ | ✓ | ✓2 | +| [Editing and Upgrading Clusters](../reference-guides/cluster-configuration/cluster-configuration.md) | ✓ | ✓ | ✓ | ✓2 | | [Managing Nodes](../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md) | ✓ | ✓ | ✓ | ✓3 | -| [Managing Persistent Volumes and Storage Classes](../pages-for-subheaders/create-kubernetes-persistent-storage.md) | ✓ | ✓ | ✓ | ✓ | +| [Managing Persistent Volumes and Storage Classes](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) | ✓ | ✓ | ✓ | ✓ | | [Managing Projects, Namespaces and Workloads](../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) | ✓ | ✓ | ✓ | ✓ | -| [Using App Catalogs](../pages-for-subheaders/helm-charts-in-rancher.md) | ✓ | ✓ | ✓ | ✓ | -| Configuring Tools ([Alerts, Notifiers, Monitoring](../pages-for-subheaders/monitoring-and-alerting.md), [Logging](../pages-for-subheaders/logging.md), [Istio](../pages-for-subheaders/istio.md)) | ✓ | ✓ | ✓ | ✓ | -| [Running Security Scans](../pages-for-subheaders/cis-scan-guides.md) | ✓ | ✓ | ✓ | ✓ | +| [Using App Catalogs](../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md) | ✓ | ✓ | ✓ | ✓ | +| Configuring Tools ([Alerts, Notifiers, Monitoring](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md), [Logging](../integrations-in-rancher/logging/logging.md), [Istio](../integrations-in-rancher/istio/istio.md)) | ✓ | ✓ | ✓ | ✓ | +| [Running Security Scans](../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) | ✓ | ✓ | ✓ | ✓ | | [Ability to rotate certificates](../how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md) | ✓ | ✓ | | | | Ability to [backup](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md) and [restore](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md) Rancher-launched clusters | ✓ | ✓ | | ✓4 | | [Cleaning Kubernetes components when clusters are no longer reachable from Rancher](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) | ✓ | | | | diff --git a/versioned_docs/version-2.8/troubleshooting/general-troubleshooting.md b/versioned_docs/version-2.8/troubleshooting/general-troubleshooting.md index 77ab7e24806..d162d499805 100644 --- a/versioned_docs/version-2.8/troubleshooting/general-troubleshooting.md +++ b/versioned_docs/version-2.8/troubleshooting/general-troubleshooting.md @@ -8,7 +8,7 @@ title: General Troubleshooting This section contains information to help you troubleshoot issues when using Rancher. -- [Kubernetes components](../pages-for-subheaders/kubernetes-components.md) +- [Kubernetes components](kubernetes-components/kubernetes-components.md) If you need help troubleshooting core Kubernetes cluster components like: * `etcd` @@ -33,7 +33,7 @@ This section contains information to help you troubleshoot issues when using Ran - [Troubleshooting Rancher installed on Kubernetes](other-troubleshooting-tips/rancher-ha.md) - If you experience issues with your [Rancher server installed on Kubernetes](../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) + If you experience issues with your [Rancher server installed on Kubernetes](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) - [Logging](other-troubleshooting-tips/logging.md) diff --git a/versioned_docs/version-2.8/troubleshooting/kubernetes-components/kubernetes-components.md b/versioned_docs/version-2.8/troubleshooting/kubernetes-components/kubernetes-components.md new file mode 100644 index 00000000000..53863435277 --- /dev/null +++ b/versioned_docs/version-2.8/troubleshooting/kubernetes-components/kubernetes-components.md @@ -0,0 +1,21 @@ +--- +title: Kubernetes Components +--- + + + + + +The commands and steps listed in this section apply to the core Kubernetes components on [Rancher Launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters. + +This section includes troubleshooting tips in the following categories: + +- [Troubleshooting etcd Nodes](troubleshooting-etcd-nodes.md) +- [Troubleshooting Controlplane Nodes](troubleshooting-controlplane-nodes.md) +- [Troubleshooting nginx-proxy Nodes](troubleshooting-nginx-proxy.md) +- [Troubleshooting Worker Nodes and Generic Components](troubleshooting-worker-nodes-and-generic-components.md) + +## Kubernetes Component Diagram + +![Cluster diagram](/img/clusterdiagram.svg)
+Lines show the traffic flow between components. Colors are used purely for visual aid \ No newline at end of file diff --git a/versioned_docs/version-2.8/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md b/versioned_docs/version-2.8/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md index f1e6b8f8594..635e4d07371 100644 --- a/versioned_docs/version-2.8/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md +++ b/versioned_docs/version-2.8/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md @@ -6,7 +6,7 @@ title: Kubernetes Resources -The commands/steps listed on this page can be used to check the most important Kubernetes resources and apply to [Rancher Launched Kubernetes](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. +The commands/steps listed on this page can be used to check the most important Kubernetes resources and apply to [Rancher Launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters. Make sure you configured the correct kubeconfig (for example, `export KUBECONFIG=$PWD/kube_config_cluster.yml` for Rancher HA) or are using the embedded kubectl via the UI. diff --git a/versioned_sidebars/version-2.8-sidebars.json b/versioned_sidebars/version-2.8-sidebars.json index 1237d7f7b40..642622cc15f 100644 --- a/versioned_sidebars/version-2.8-sidebars.json +++ b/versioned_sidebars/version-2.8-sidebars.json @@ -11,7 +11,7 @@ "label": "Quick Start Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/quick-start-guides" + "id": "getting-started/quick-start-guides/quick-start-guides" }, "items": [ { @@ -19,7 +19,7 @@ "label": "Deploy Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/deploy-rancher-manager" + "id": "getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager" }, "items": [ "getting-started/quick-start-guides/deploy-rancher-manager/aws", @@ -40,7 +40,7 @@ "label": "Deploy Workloads", "link": { "type": "doc", - "id": "pages-for-subheaders/deploy-rancher-workloads" + "id": "getting-started/quick-start-guides/deploy-workloads/deploy-workloads" }, "items": [ "getting-started/quick-start-guides/deploy-workloads/workload-ingress", @@ -54,7 +54,7 @@ "label": "Installation and Upgrade", "link": { "type": "doc", - "id": "pages-for-subheaders/installation-and-upgrade" + "id": "getting-started/installation-and-upgrade/installation-and-upgrade" }, "items": [ { @@ -62,7 +62,7 @@ "label": "Installation Requirements", "link": { "type": "doc", - "id": "pages-for-subheaders/installation-requirements" + "id": "getting-started/installation-and-upgrade/installation-requirements/installation-requirements" }, "items": [ "getting-started/installation-and-upgrade/installation-requirements/install-docker", @@ -75,7 +75,7 @@ "label": "Installation References", "link": { "type": "doc", - "id": "pages-for-subheaders/installation-references" + "id": "getting-started/installation-and-upgrade/installation-references/installation-references" }, "items": [ "getting-started/installation-and-upgrade/installation-references/helm-chart-options", @@ -88,7 +88,7 @@ "label": "Install/Upgrade on a Kubernetes Cluster", "link": { "type": "doc", - "id": "pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster" + "id": "getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster" }, "items": [ "getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks", @@ -106,7 +106,7 @@ "label": "Other Installation Methods", "link": { "type": "doc", - "id": "pages-for-subheaders/other-installation-methods" + "id": "getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods" }, "items": [ { @@ -114,7 +114,7 @@ "label": "Air-Gapped Helm CLI Install", "link": { "type": "doc", - "id": "pages-for-subheaders/air-gapped-helm-cli-install" + "id": "getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install" }, "items": [ "getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry", @@ -129,7 +129,7 @@ "label": "Rancher on a Single Node with Docker", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-on-a-single-node-with-docker" + "id": "getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker" }, "items": [ "getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher", @@ -142,7 +142,7 @@ "label": "Rancher Behind an HTTP Proxy", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-behind-an-http-proxy" + "id": "getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy" }, "items": [ "getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure", @@ -157,7 +157,7 @@ "label": "Resources", "link": { "type": "doc", - "id": "pages-for-subheaders/resources" + "id": "getting-started/installation-and-upgrade/resources/resources" }, "items": [ "getting-started/installation-and-upgrade/resources/choose-a-rancher-version", @@ -185,7 +185,7 @@ "label": "New User Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/new-user-guides" + "id": "how-to-guides/new-user-guides/new-user-guides" }, "items": [ { @@ -193,7 +193,7 @@ "label": "Authentication, Permissions, and Global Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/authentication-permissions-and-global-configuration" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration" }, "items": [ { @@ -201,7 +201,7 @@ "label": "Authentication Config", "link": { "type": "doc", - "id": "pages-for-subheaders/authentication-config" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups", @@ -222,7 +222,7 @@ "label": "Configure OpenLDAP", "link": { "type": "doc", - "id": "pages-for-subheaders/configure-openldap" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference" @@ -233,7 +233,7 @@ "label": "Configure Microsoft AD Federation Service (SAML)", "link": { "type": "doc", - "id": "pages-for-subheaders/configure-microsoft-ad-federation-service-saml" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher", @@ -245,7 +245,7 @@ "label": "Configure Shibboleth (SAML)", "link": { "type": "doc", - "id": "pages-for-subheaders/configure-shibboleth-saml" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/about-group-permissions" @@ -256,7 +256,7 @@ "label": "Manage Role-Based Access Control (RBAC)", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-role-based-access-control-rbac" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions", @@ -270,7 +270,7 @@ "label": "About Provisioning Drivers", "link": { "type": "doc", - "id": "pages-for-subheaders/about-provisioning-drivers" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers", @@ -282,7 +282,7 @@ "label": "About RKE1 Templates", "link": { "type": "doc", - "id": "pages-for-subheaders/about-rke1-templates" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/creator-permissions", @@ -307,7 +307,7 @@ "label": "Manage Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-clusters" + "id": "how-to-guides/new-user-guides/manage-clusters/manage-clusters" }, "items": [ { @@ -315,7 +315,7 @@ "label": "Access Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/access-clusters" + "id": "how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig", @@ -328,7 +328,7 @@ "label": "Install Cluster Autoscaler", "link": { "type": "doc", - "id": "pages-for-subheaders/install-cluster-autoscaler" + "id": "how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups" @@ -339,7 +339,7 @@ "label": "Create Kubernetes Persistent Storage", "link": { "type": "doc", - "id": "pages-for-subheaders/create-kubernetes-persistent-storage" + "id": "how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-persistent-storage", @@ -355,7 +355,7 @@ "label": "Provisioning Storage Examples", "link": { "type": "doc", - "id": "pages-for-subheaders/provisioning-storage-examples" + "id": "how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs", @@ -378,7 +378,7 @@ "label": "Kubernetes Cluster Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-cluster-setup" + "id": "how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup" }, "items": [ "how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs", @@ -392,7 +392,7 @@ "label": "Infrastructure Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/infrastructure-setup" + "id": "how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup" }, "items": [ "how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster", @@ -409,7 +409,7 @@ "label": "Kubernetes Clusters in Rancher Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-clusters-in-rancher-setup" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters", @@ -418,7 +418,7 @@ "label": "Checklist for Production-Ready Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/checklist-for-production-ready-clusters" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture", @@ -430,7 +430,7 @@ "label": "Set Up Clusters from Hosted Kubernetes Providers", "link": { "type": "doc", - "id": "pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks", @@ -446,7 +446,7 @@ "label": "Use Windows Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/use-windows-clusters" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/azure-storageclass-configuration", @@ -460,7 +460,7 @@ "label": "Set Up Cloud Providers", "link": { "type": "doc", - "id": "pages-for-subheaders/set-up-cloud-providers" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon", @@ -480,7 +480,7 @@ "label": "Launch Kubernetes with Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/launch-kubernetes-with-rancher" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher" }, "items": [ { @@ -488,7 +488,7 @@ "label": "Use New Nodes in an Infra Provider", "link": { "type": "doc", - "id": "pages-for-subheaders/use-new-nodes-in-an-infra-provider" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider" }, "items": [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster", @@ -499,7 +499,7 @@ "label": "vSphere", "link": { "type": "doc", - "id": "pages-for-subheaders/vsphere" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere" }, "items": [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere", @@ -512,7 +512,7 @@ "label": "Nutanix", "link": { "type": "doc", - "id": "pages-for-subheaders/nutanix" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix" }, "items": [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos" @@ -529,7 +529,7 @@ "label": "Kubernetes Resources Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-resources-setup" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup" }, "items": [ { @@ -537,7 +537,7 @@ "label": "Workloads and Pods", "link": { "type": "doc", - "id": "pages-for-subheaders/workloads-and-pods" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods" }, "items": [ "how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads", @@ -551,7 +551,7 @@ "label": "Horizontal Pod Autoscaler", "link": { "type": "doc", - "id": "pages-for-subheaders/horizontal-pod-autoscaler" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler" }, "items": [ "how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/about-hpas", @@ -565,7 +565,7 @@ "label": "Load Balancer and Ingress Controller", "link": { "type": "doc", - "id": "pages-for-subheaders/load-balancer-and-ingress-controller" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller" }, "items": [ "how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing", @@ -585,7 +585,7 @@ "label": "Helm Charts in Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/helm-charts-in-rancher" + "id": "how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher" }, "items": [ "how-to-guides/new-user-guides/helm-charts-in-rancher/create-apps" @@ -596,7 +596,7 @@ "label": "Deploy Apps Across Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/deploy-apps-across-clusters" + "id": "how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters" }, "items": [ "how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet", @@ -608,7 +608,7 @@ "label": "Backup, Restore, and Disaster Recovery", "link": { "type": "doc", - "id": "pages-for-subheaders/backup-restore-and-disaster-recovery" + "id": "how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery" }, "items": [ "how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-restore-usage-guide", @@ -630,7 +630,7 @@ "label": "Advanced User Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/advanced-user-guides" + "id": "how-to-guides/advanced-user-guides/advanced-user-guides" }, "items": [ { @@ -638,7 +638,7 @@ "label": "Manage Projects", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-projects" + "id": "how-to-guides/advanced-user-guides/manage-projects/manage-projects" }, "items": [ "how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies", @@ -647,7 +647,7 @@ "label": "Manage Project Resource Quotas", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-project-resource-quotas" + "id": "how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas" }, "items": [ "how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas", @@ -663,7 +663,7 @@ "label": "Monitoring/Alerting Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-alerting-guides" + "id": "how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides" }, "items": [ "how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring", @@ -677,7 +677,7 @@ "label": "Prometheus Federator Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/prometheus-federator-guides" + "id": "how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides" }, "items": [ "how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator", @@ -694,7 +694,7 @@ "label": "Monitoring V2 Configuration Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-v2-configuration-guides" + "id": "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides" }, "items": [ { @@ -702,7 +702,7 @@ "label": "Advanced Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/advanced-configuration" + "id": "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration" }, "items": [ "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager", @@ -717,7 +717,7 @@ "label": "Istio Setup Guide", "link": { "type": "doc", - "id": "pages-for-subheaders/istio-setup-guide" + "id": "how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide" }, "items": [ "how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster", @@ -733,7 +733,7 @@ "label": "CIS Scan Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/cis-scan-guides" + "id": "how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides" }, "items": [ "how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark", @@ -752,7 +752,7 @@ "label": "Enable Experimental Features", "link": { "type": "doc", - "id": "pages-for-subheaders/enable-experimental-features" + "id": "how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features" }, "items": [ "how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64", @@ -779,7 +779,7 @@ "label": "Best Practices", "link": { "type": "doc", - "id": "pages-for-subheaders/best-practices" + "id": "reference-guides/best-practices/best-practices" }, "items": [ { @@ -787,7 +787,7 @@ "label": "Rancher Server", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-server" + "id": "reference-guides/best-practices/rancher-server/rancher-server" }, "items": [ "reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere", @@ -801,7 +801,7 @@ "label": "Rancher-Managed Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-managed-clusters" + "id": "reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters" }, "items": [ "reference-guides/best-practices/rancher-managed-clusters/logging-best-practices", @@ -817,7 +817,7 @@ "label": "Rancher Architecture", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-manager-architecture" + "id": "reference-guides/rancher-manager-architecture/rancher-manager-architecture" }, "items": [ "reference-guides/rancher-manager-architecture/rancher-server-and-components", @@ -830,7 +830,7 @@ "label": "Cluster Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/cluster-configuration" + "id": "reference-guides/cluster-configuration/cluster-configuration" }, "items": [ { @@ -838,7 +838,7 @@ "label": "Rancher Server Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-server-configuration" + "id": "reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration" }, "items": [ "reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration", @@ -851,7 +851,7 @@ "label": "GKE Cluster Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/gke-cluster-configuration" + "id": "reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration" }, "items": [ "reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters" @@ -862,7 +862,7 @@ "label": "Use Existing Nodes", "link": { "type": "doc", - "id": "pages-for-subheaders/use-existing-nodes" + "id": "reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes" }, "items": [ "reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options" @@ -876,7 +876,7 @@ "label": "Downstream Cluster Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/downstream-cluster-configuration" + "id": "reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration" }, "items": [ { @@ -884,7 +884,7 @@ "label": "Node Template Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/node-template-configuration" + "id": "reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration" }, "items": [ "reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2", @@ -899,7 +899,7 @@ "label": "Machine Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/machine-configuration" + "id": "reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration" }, "items": [ "reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2", @@ -916,7 +916,7 @@ "label": "Single-Node Rancher in Docker", "link": { "type": "doc", - "id": "pages-for-subheaders/single-node-rancher-in-docker" + "id": "reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker" }, "items": [ "reference-guides/single-node-rancher-in-docker/http-proxy-configuration", @@ -928,7 +928,7 @@ "label": "Backup & Restore Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/backup-restore-configuration" + "id": "reference-guides/backup-restore-configuration/backup-restore-configuration" }, "items": [ "reference-guides/backup-restore-configuration/backup-configuration", @@ -943,7 +943,7 @@ "label": "Monitoring V2 Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-v2-configuration" + "id": "reference-guides/monitoring-v2-configuration/monitoring-v2-configuration" }, "items": [ "reference-guides/monitoring-v2-configuration/receivers", @@ -958,7 +958,7 @@ "label": "Prometheus Federator", "link": { "type": "doc", - "id": "pages-for-subheaders/prometheus-federator" + "id": "reference-guides/prometheus-federator/prometheus-federator" }, "items": [ "reference-guides/prometheus-federator/rbac" @@ -969,7 +969,7 @@ "label": "User Settings", "link": { "type": "doc", - "id": "pages-for-subheaders/user-settings" + "id": "reference-guides/user-settings/user-settings" }, "items": [ "reference-guides/user-settings/api-keys", @@ -983,7 +983,7 @@ "label": "CLI with Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/cli-with-rancher" + "id": "reference-guides/cli-with-rancher/cli-with-rancher" }, "items": [ "reference-guides/cli-with-rancher/rancher-cli", @@ -995,7 +995,7 @@ "label": "About the API", "link": { "type": "doc", - "id": "pages-for-subheaders/about-the-api" + "id": "reference-guides/about-the-api/about-the-api" }, "items": [ "reference-guides/about-the-api/api-tokens" @@ -1011,7 +1011,7 @@ "label": "Rancher Security", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-security" + "id": "reference-guides/rancher-security/rancher-security" }, "items": [ { @@ -1019,7 +1019,7 @@ "label": "Hardening Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-hardening-guides" + "id": "reference-guides/rancher-security/hardening-guides/hardening-guides" }, "items": [ { @@ -1027,7 +1027,7 @@ "label": "RKE Hardening Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/rke1-hardening-guide" + "id": "reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide" }, "items": [ "reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23", @@ -1040,7 +1040,7 @@ "label": "RKE2 Hardening Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/rke2-hardening-guide" + "id": "reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide" }, "items": [ "reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23", @@ -1053,7 +1053,7 @@ "label": "K3s Hardening Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/k3s-hardening-guide" + "id": "reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-hardening-guide" }, "items": [ "reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23", @@ -1068,7 +1068,7 @@ "label": "SELinux RPM", "link": { "type": "doc", - "id": "pages-for-subheaders/selinux-rpm" + "id": "reference-guides/rancher-security/selinux-rpm/selinux-rpm" }, "items": [ "reference-guides/rancher-security/selinux-rpm/about-rancher-selinux", @@ -1150,7 +1150,7 @@ "label": "Cloud Marketplace Integration", "link": { "type": "doc", - "id": "pages-for-subheaders/cloud-marketplace" + "id": "integrations-in-rancher/cloud-marketplace/cloud-marketplace" }, "items": [ { @@ -1158,7 +1158,7 @@ "label": "AWS Marketplace Integration", "link": { "type": "doc", - "id": "pages-for-subheaders/aws-cloud-marketplace" + "id": "integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace" }, "items": [ "integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements", @@ -1175,7 +1175,7 @@ "label": "CIS Scans", "link": { "type": "doc", - "id": "pages-for-subheaders/cis-scans" + "id": "integrations-in-rancher/cis-scans/cis-scans" }, "items": [ "integrations-in-rancher/cis-scans/configuration-reference", @@ -1189,7 +1189,7 @@ "label": "Istio", "link": { "type": "doc", - "id": "pages-for-subheaders/istio" + "id": "integrations-in-rancher/istio/istio" }, "items": [ "integrations-in-rancher/istio/cpu-and-memory-allocations", @@ -1200,7 +1200,7 @@ "label": "Configuration Options", "link": { "type": "doc", - "id": "pages-for-subheaders/configuration-options" + "id": "integrations-in-rancher/istio/configuration-options/configuration-options" }, "items": [ "integrations-in-rancher/istio/configuration-options/pod-security-policies", @@ -1216,7 +1216,7 @@ "label": "Logging", "link": { "type": "doc", - "id": "pages-for-subheaders/logging" + "id": "integrations-in-rancher/logging/logging" }, "items": [ "integrations-in-rancher/logging/logging-architecture", @@ -1228,7 +1228,7 @@ "label": "Custom Resource Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/custom-resource-configuration" + "id": "integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration" }, "items": [ "integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows", @@ -1242,7 +1242,7 @@ "label": "Monitoring and Alerting", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-and-alerting" + "id": "integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting" }, "items": [ "integrations-in-rancher/monitoring-and-alerting/how-monitoring-works", @@ -1281,7 +1281,7 @@ "label": "Kubernetes Components", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-components" + "id": "troubleshooting/kubernetes-components/kubernetes-components" }, "items": [ "troubleshooting/kubernetes-components/troubleshooting-etcd-nodes", From a2600713b00ffc5212ef6b149d5d52928d1c07e8 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Fri, 22 Dec 2023 15:18:57 -0800 Subject: [PATCH 29/77] [2.8] Fix links to 'shared-files' module import --- .../kubernetes-clusters-in-rancher-setup.md | 2 +- .../new-user-guides/manage-clusters/manage-clusters.md | 2 +- .../cluster-configuration/cluster-configuration.md | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md index bb5e556d5c2..f088c16e1c4 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md @@ -19,7 +19,7 @@ For a conceptual overview of how the Rancher server provisions clusters and what The following table summarizes the options and settings available for each cluster type: -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../../shared-files/_cluster-capabilities-table.md'; diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md index 23fc13f7b51..fc05cfd581b 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md @@ -18,7 +18,7 @@ This section assumes a basic familiarity with Docker and Kubernetes. For a brief After clusters have been [provisioned into Rancher](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md), [cluster owners](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../../shared-files/_cluster-capabilities-table.md'; diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/cluster-configuration.md index 04264ce4b2d..7b15f647a03 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/cluster-configuration.md @@ -27,7 +27,6 @@ The options and settings available for an existing cluster change based on the m The following table summarizes the options and settings available for each cluster type: -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../shared-files/_cluster-capabilities-table.md'; - From 5a344c33f760ccc104ddb976b25d4888f8597639 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Fri, 22 Dec 2023 16:27:56 -0800 Subject: [PATCH 30/77] [2.8] Add redirects for pages-for-subheaders removal --- docusaurus.config.js | 348 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 348 insertions(+) diff --git a/docusaurus.config.js b/docusaurus.config.js index c8bfef2d794..7a991389d24 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -245,6 +245,354 @@ module.exports = { { fromExtensions: ['html', 'htm'], redirects: [ + { // Redirects for pages-for-subheaders removal [2.8] + to: '/v2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers', + from: '/v2.8/pages-for-subheaders/about-provisioning-drivers' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates', + from: '/v2.8/pages-for-subheaders/about-rke1-templates' + }, + { + to: '/v2.8/reference-guides/about-the-api', + from: '/v2.8/pages-for-subheaders/about-the-api' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/manage-clusters/access-clusters', + from: '/v2.8/pages-for-subheaders/access-clusters' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration', + from: '/v2.8/pages-for-subheaders/advanced-configuration' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides', + from: '/v2.8/pages-for-subheaders/advanced-user-guides' + }, + { + to: '/v2.8/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install', + from: '/v2.8/pages-for-subheaders/air-gapped-helm-cli-install' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config', + from: '/v2.8/pages-for-subheaders/authentication-config' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration', + from: '/v2.8/pages-for-subheaders/authentication-permissions-and-global-configuration' + }, + { + to: '/v2.8/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace', + from: '/v2.8/pages-for-subheaders/aws-cloud-marketplace' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery', + from: '/v2.8/pages-for-subheaders/backup-restore-and-disaster-recovery' + }, + { + to: '/v2.8/reference-guides/backup-restore-configuration', + from: '/v2.8/pages-for-subheaders/backup-restore-configuration' + }, + { + to: '/v2.8/reference-guides/best-practices', + from: '/v2.8/pages-for-subheaders/best-practices' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters', + from: '/v2.8/pages-for-subheaders/checklist-for-production-ready-clusters' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides/cis-scan-guides', + from: '/v2.8/pages-for-subheaders/cis-scan-guides' + }, + { + to: '/v2.8/integrations-in-rancher/cis-scans', + from: '/v2.8/pages-for-subheaders/cis-scans' + }, + { + to: '/v2.8/reference-guides/cli-with-rancher', + from: '/v2.8/pages-for-subheaders/cli-with-rancher' + }, + { + to: '/v2.8/integrations-in-rancher/cloud-marketplace', + from: '/v2.8/pages-for-subheaders/cloud-marketplace' + }, + { + to: '/v2.8/reference-guides/cluster-configuration', + from: '/v2.8/pages-for-subheaders/cluster-configuration' + }, + { + to: '/v2.8/integrations-in-rancher/istio/configuration-options', + from: '/v2.8/pages-for-subheaders/configuration-options' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml', + from: '/v2.8/pages-for-subheaders/configure-microsoft-ad-federation-service-saml' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap', + from: '/v2.8/pages-for-subheaders/configure-openldap' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml', + from: '/v2.8/pages-for-subheaders/configure-shibboleth-saml' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage', + from: '/v2.8/pages-for-subheaders/create-kubernetes-persistent-storage' + }, + { + to: '/v2.8/integrations-in-rancher/logging/custom-resource-configuration', + from: '/v2.8/pages-for-subheaders/custom-resource-configuration' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/deploy-apps-across-clusters', + from: '/v2.8/pages-for-subheaders/deploy-apps-across-clusters' + }, + { + to: '/v2.8/getting-started/quick-start-guides/deploy-rancher-manager', + from: '/v2.8/pages-for-subheaders/deploy-rancher-manager' + }, + { + to: '/v2.8/getting-started/quick-start-guides/deploy-workloads', + from: '/v2.8/pages-for-subheaders/deploy-rancher-workloads' + }, + { + to: '/v2.8/reference-guides/cluster-configuration/downstream-cluster-configuration', + from: '/v2.8/pages-for-subheaders/downstream-cluster-configuration' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides/enable-experimental-features', + from: '/v2.8/pages-for-subheaders/enable-experimental-features' + }, + { + to: '/v2.8/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration', + from: '/v2.8/pages-for-subheaders/gke-cluster-configuration' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/helm-charts-in-rancher', + from: '/v2.8/pages-for-subheaders/helm-charts-in-rancher' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler', + from: '/v2.8/pages-for-subheaders/horizontal-pod-autoscaler' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/infrastructure-setup', + from: '/v2.8/pages-for-subheaders/infrastructure-setup' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler', + from: '/v2.8/pages-for-subheaders/install-cluster-autoscaler' + }, + { + to: '/v2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster', + from: '/v2.8/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster' + }, + { + to: '/v2.8/getting-started/installation-and-upgrade', + from: '/v2.8/pages-for-subheaders/installation-and-upgrade' + }, + { + to: '/v2.8/getting-started/installation-and-upgrade/installation-references', + from: '/v2.8/pages-for-subheaders/installation-references' + }, + { + to: '/v2.8/getting-started/installation-and-upgrade/installation-requirements', + from: '/v2.8/pages-for-subheaders/installation-requirements' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides/istio-setup-guide', + from: '/v2.8/pages-for-subheaders/istio-setup-guide' + }, + { + to: '/v2.8/integrations-in-rancher/istio/', + from: '/v2.8/pages-for-subheaders/istio' + }, + { + to: '/v2.8/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide', + from: '/v2.8/pages-for-subheaders/k3s-hardening-guide' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-cluster-setup', + from: '/v2.8/pages-for-subheaders/kubernetes-cluster-setup' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup', + from: '/v2.8/pages-for-subheaders/kubernetes-clusters-in-rancher-setup' + }, + { + to: '/v2.8/troubleshooting/kubernetes-components', + from: '/v2.8/pages-for-subheaders/kubernetes-components' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/', + from: '/v2.8/pages-for-subheaders/kubernetes-resources-setup' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher', + from: '/v2.8/pages-for-subheaders/launch-kubernetes-with-rancher' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller', + from: '/v2.8/pages-for-subheaders/load-balancer-and-ingress-controller' + }, + { + to: '/v2.8/integrations-in-rancher/logging/', + from: '/v2.8/pages-for-subheaders/logging' + }, + { + to: '/v2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration', + from: '/v2.8/pages-for-subheaders/machine-configuration' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/manage-clusters', + from: '/v2.8/pages-for-subheaders/manage-clusters' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas', + from: '/v2.8/pages-for-subheaders/manage-project-resource-quotas' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides/manage-projects', + from: '/v2.8/pages-for-subheaders/manage-projects' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac', + from: '/v2.8/pages-for-subheaders/manage-role-based-access-control-rbac' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides', + from: '/v2.8/pages-for-subheaders/monitoring-alerting-guides' + }, + { + to: '/v2.8/integrations-in-rancher/monitoring-and-alerting', + from: '/v2.8/pages-for-subheaders/monitoring-and-alerting' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides', + from: '/v2.8/pages-for-subheaders/monitoring-v2-configuration-guides' + }, + { + to: '/v2.8/reference-guides/monitoring-v2-configuration', + from: '/v2.8/pages-for-subheaders/monitoring-v2-configuration' + }, + { + to: '/v2.8/how-to-guides/new-user-guides', + from: '/v2.8/pages-for-subheaders/new-user-guides' + }, + { + to: '/v2.8/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration', + from: '/v2.8/pages-for-subheaders/node-template-configuration' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix', + from: '/v2.8/pages-for-subheaders/nutanix' + }, + { + to: '/v2.8/getting-started/installation-and-upgrade/other-installation-methods', + from: '/v2.8/pages-for-subheaders/other-installation-methods' + }, + { + to: '/v2.8/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides', + from: '/v2.8/pages-for-subheaders/prometheus-federator-guides' + }, + { + to: '/v2.8/reference-guides/prometheus-federator', + from: '/v2.8/pages-for-subheaders/prometheus-federator' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples', + from: '/v2.8/pages-for-subheaders/provisioning-storage-examples' + }, + { + to: '/v2.8/getting-started/quick-start-guides', + from: '/v2.8/pages-for-subheaders/quick-start-guides' + }, + { + to: '/v2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy', + from: '/v2.8/pages-for-subheaders/rancher-behind-an-http-proxy' + }, + { + to: '/v2.8/reference-guides/rancher-security/hardening-guides', + from: '/v2.8/pages-for-subheaders/rancher-hardening-guides' + }, + { + to: '/v2.8/reference-guides/best-practices/rancher-managed-clusters', + from: '/v2.8/pages-for-subheaders/rancher-managed-clusters' + }, + { + to: '/v2.8/reference-guides/rancher-manager-architecture', + from: '/v2.8/pages-for-subheaders/rancher-manager-architecture' + }, + { + to: '/v2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker', + from: '/v2.8/pages-for-subheaders/rancher-on-a-single-node-with-docker' + }, + { + to: '/v2.8/reference-guides/rancher-security', + from: '/v2.8/pages-for-subheaders/rancher-security' + }, + { + to: '/v2.8/reference-guides/cluster-configuration/rancher-server-configuration', + from: '/v2.8/pages-for-subheaders/rancher-server-configuration' + }, + { + to: '/v2.8/reference-guides/best-practices/rancher-server', + from: '/v2.8/pages-for-subheaders/rancher-server' + }, + { + to: '/v2.8/getting-started/installation-and-upgrade/resources', + from: '/v2.8/pages-for-subheaders/resources' + }, + { + to: '/v2.8/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide', + from: '/v2.8/pages-for-subheaders/rke1-hardening-guide' + }, + { + to: '/v2.8/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide', + from: '/v2.8/pages-for-subheaders/rke2-hardening-guide' + }, + { + to: '/v2.8/reference-guides/rancher-security/selinux-rpm', + from: '/v2.8/pages-for-subheaders/selinux-rpm' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers', + from: '/v2.8/pages-for-subheaders/set-up-cloud-providers' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers', + from: '/v2.8/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers' + }, + { + to: '/v2.8/reference-guides/single-node-rancher-in-docker', + from: '/v2.8/pages-for-subheaders/single-node-rancher-in-docker' + }, + { + to: '/v2.8/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes', + from: '/v2.8/pages-for-subheaders/use-existing-nodes' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider', + from: '/v2.8/pages-for-subheaders/use-new-nodes-in-an-infra-provider' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters', + from: '/v2.8/pages-for-subheaders/use-windows-clusters' + }, + { + to: '/v2.8/reference-guides/user-settings', + from: '/v2.8/pages-for-subheaders/user-settings' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere', + from: '/v2.8/pages-for-subheaders/vsphere' + }, + { + to: '/v2.8/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods', + from: '/v2.8/pages-for-subheaders/workloads-and-pods' + }, // Redirects for pages-for-subheaders removal [2.8] (end) { // Redirects for dashboard#9970 to: '/v2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/rke1-vs-rke2-differences', from: '/v2.8/cluster-provisioning/rke-clusters/behavior-differences-between-rke1-and-rke2/' From 09030fe0320080400d66ef5633b764f589d03454 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 3 Jan 2024 11:25:28 -0800 Subject: [PATCH 31/77] Update links to upgrading Rancher Prime PAYG cluster --- docs/pages-for-subheaders/aws-marketplace-payg-integration.md | 2 +- docs/pages-for-subheaders/azure-marketplace-payg-integration.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index f646f9889e0..8f32d947ab5 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -244,4 +244,4 @@ Yes, nodes can run anywhere. SUSE Rancher will count the total number of nodes m #### How do I get fixes and updates for Rancher? -To update the Rancher product to a current version before the marketplace listing is updated, please see the [documentation](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md). +To update the Rancher product to a current version before the marketplace listing is updated, please see [upgrading Rancher Prime PAYG cluster in AWS](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md). diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index d1e0a1f0d0e..d0e6f49304e 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -224,4 +224,4 @@ If the Racher Prime cluster is offline or disconnected from the Azure billing fr #### How do I get fixes and updates for Rancher? -To update the Rancher product to a current version before the marketplace listing is updated, please see the [documentation](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md). +To update the Rancher product to a current version before the marketplace listing is updated, please see [upgrading Rancher Prime PAYG cluster in Azure](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md). From e730c9632704c95044b84d88e79aebbf1271bc4a Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 3 Jan 2024 11:37:25 -0800 Subject: [PATCH 32/77] Removed wording about upgrading before marketplace listing is updated --- docs/pages-for-subheaders/aws-marketplace-payg-integration.md | 4 ++-- .../azure-marketplace-payg-integration.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index 8f32d947ab5..4ba6cf8f4ac 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -218,7 +218,7 @@ If the billing mechanism on the primary cluster is active, a support case will b #### What are the resource requirements for installing Rancher on EKS? -Please check the official documentation for best practices. +Please check the documentation for best practices. #### Is there any difference between Rancher Prime from the AWS Marketplace and the versions I can run in my own data center? @@ -244,4 +244,4 @@ Yes, nodes can run anywhere. SUSE Rancher will count the total number of nodes m #### How do I get fixes and updates for Rancher? -To update the Rancher product to a current version before the marketplace listing is updated, please see [upgrading Rancher Prime PAYG cluster in AWS](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md). +To update to the latest version of the Rancher Prime PAYG offering supported in the marketplace listing, please see [upgrading Rancher Prime PAYG cluster in AWS](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md). diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index d0e6f49304e..3b57462a2f7 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -204,7 +204,7 @@ For deployments where Rancher Prime is managing multiple downstream clusters, be #### What are the resource requirements for installing Rancher on AKS? -Check the official documentation for [best practices](../pages-for-subheaders/installation-requirements.md#hosted-kubernetes). +Check the documentation for [best practices](../pages-for-subheaders/installation-requirements.md#hosted-kubernetes). #### Is there any difference between Rancher Prime from Azure Marketplace and the versions I can run in my own data center? @@ -224,4 +224,4 @@ If the Racher Prime cluster is offline or disconnected from the Azure billing fr #### How do I get fixes and updates for Rancher? -To update the Rancher product to a current version before the marketplace listing is updated, please see [upgrading Rancher Prime PAYG cluster in Azure](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md). +To update to the latest version of the Rancher Prime PAYG offering supported in the marketplace listing, please see [upgrading Rancher Prime PAYG cluster in Azure](../integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md). From 36ef7b30ba97b87e9dc5758abe2702b36e8675c2 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 3 Jan 2024 11:41:41 -0800 Subject: [PATCH 33/77] Fix formatting for Note --- .../aws-marketplace-payg-integration.md | 8 +++++++- .../azure-marketplace-payg-integration.md | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index 4ba6cf8f4ac..eda81c9a5a8 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -175,7 +175,13 @@ The AWS Marketplace listing for Rancher Prime is tied to a specific version of R #### I need a prior version of Rancher, can I still use the listing? -No. There is no choice over the Rancher version when deploying using the AWS Marketplace listing. If a prior version of Rancher is required, this must be installed manually using the standard documentation. Billing via AWS Marketplace may not be supported with previous versions. +No. There is no choice over the Rancher version when deploying using the AWS Marketplace listing. If a prior version of Rancher is required, this must be installed manually using the standard documentation. + +:::note + +Billing through AWS Marketplace may not be supported with previous versions. + +::: #### How often is the listing updated (including the version of Rancher, etc.)? diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index 3b57462a2f7..e86ee5d53ed 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -162,7 +162,13 @@ The Rancher Prime marketplace listing is tied to a specific version of Rancher, #### I need a prior version of Rancher; can I still use the listing? -No. There is no choice over the Rancher version when deploying using the Azure Marketplace listing. If a prior version of Rancher is required, this must be installed manually using the standard documentation. NOTE: Billing through the Azure Marketplace may not be supported with earlier versions. +No. There is no choice over the Rancher version when deploying using the Azure Marketplace listing. If a prior version of Rancher is required, this must be installed manually using the standard documentation. + +:::note + +Billing through the Azure Marketplace may not be supported with earlier versions. + +::: #### How often is the listing updated (including the version of Rancher, etc.)? From 55693253440874de32742cd17c4ce8ee65dba8d2 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Thu, 4 Jan 2024 11:55:17 -0800 Subject: [PATCH 34/77] Grammar / formatting review --- .../common-issues.md | 2 +- .../installing-rancher-prime.md | 6 +++--- .../prerequisites.md | 6 +++--- .../troubleshooting.md | 6 +++--- .../upgrading-rancher-payg-cluster.md | 4 ++-- .../common-issues.md | 2 +- .../installing-rancher-prime.md | 16 +++++++++------- .../prerequisites.md | 6 +++--- .../troubleshooting.md | 14 +++++++------- .../aws-marketplace-payg-integration.md | 2 +- .../azure-marketplace-payg-integration.md | 4 ++-- static/img/install-rancher-prime-home.png | Bin 79391 -> 595609 bytes 12 files changed, 35 insertions(+), 33 deletions(-) diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index 0ab5d3d4aa5..d1e7b7a462c 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -2,7 +2,7 @@ title: AWS Marketplace Common Issues --- -1. Uninstalling Rancher Prime may not cleanly remove all the resources that were created by Rancher. You are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, we recommend first preparing and migrating any other workloads off the cluster to destroy the cluster to complete the uninstallation since cleanup is not recoverable. +1. Uninstalling Rancher Prime may not cleanly remove all the resources that Rancher created. You are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, we recommend first preparing and migrating any other workloads off the cluster to destroy the cluster to complete the uninstallation since cleanup is not recoverable. ```shell helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index c15b3af1493..e9d8ce02cb3 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -2,7 +2,7 @@ title: Installing Rancher Prime PAYG on AWS --- -This page covers how to install the Rancher Prime PAYG offering on Amazon's AWS Marketplace. +This page covers installing the Rancher Prime PAYG offering on Amazon's AWS Marketplace. ## Preparing your cluster @@ -65,7 +65,7 @@ eksctl create iamserviceaccount \ ::: - The Rancher hostname must be resolvable by a public DNS. Please refer to the [Prerequisites](prerequisites.md) section for more details. For example, if the DNS name is rancher.my.org, `$HOST_NAME`=`rancher.my.org`. + The Rancher hostname must be resolvable by a public DNS. For more details, please refer to the [Prerequisites](prerequisites.md) section. For example, if the DNS name is rancher.my.org, `$HOST_NAME`=`rancher.my.org`. ```shell helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ @@ -137,7 +137,7 @@ You may now log in to the Rancher dashboard by pointing your browser to the Ranc :::note -The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](prerequisites.md) section for more details. +The Rancher hostname must be resolvable by public DNS. For more details, please refer to the [Prerequisites](prerequisites.md) section. ::: diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md index da875b11172..ab57dd37f42 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md @@ -4,11 +4,11 @@ title: Prerequisites Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible EKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. Please refer to [Creating an EKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress is installed on the EKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deployings Ingress-NGINX on an EKS cluster. +- A Rancher-compatible EKS cluster. For more details, please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/). Please refer to [Creating an EKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). +- An ingress is installed on the EKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deploying Ingress-NGINX on an EKS cluster. - Get the Load Balancer IP. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the EXTERNAL-IP. - The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS is set up to point to the EXTERNAL-IP saved. -- Installation requires you to have the following tools available and properly configured to access your AWS account, and your EKS cluster: +- Installation requires you to have the following tools available and properly configured to access your AWS account and your EKS cluster: - `aws` - `curl` - `eksctl` diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index 7ef364ffcfe..b06b08d755a 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -2,7 +2,7 @@ title: Troubleshooting Rancher Prime PAYG Cluster in AWS --- -This section contains information to help troubleshoot issues when installing the Rancher Prime PAYG offer. +This section contains information to help troubleshoot issues when installing the Rancher Prime PAYG offering. ## Jobs and Pods @@ -19,9 +19,9 @@ If a pod is not in a `Running` state, you can attempt to find the root cause wit - Describe job: `kubectl describe job -n ` - Logs from the containers of pods of the job: `kubectl logs -l job-name= -n ` -## Recovery from Failed Pods +## Recovering from Failed Pods -If any of the pods aren't running, check the `rancher-cloud` Pod: +If any of the pods aren't running, check the `rancher-cloud` pod: ```shell kubectl get pods --all-namespaces | grep rancher-cloud diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index a9c5e0909b0..b660ef822f5 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -2,7 +2,7 @@ title: Upgrading Rancher Prime PAYG Cluster in AWS --- -The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are updated periodically as new versions of the billing adapter or Rancher Prime are released. In this situation, the Helm chart will be updated with new tags and digests, and a new version of the Helm chart will be uploaded. +The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are periodically updated as new versions of the billing adapter or Rancher Prime are released. In this situation, the Helm chart will be updated with new tags and digests, and a new version of the Helm chart will be uploaded. To upgrade the deployed Helm chart with the latest version, run the following Helm command: @@ -26,6 +26,6 @@ helm ls -n cattle-rancher-csp-deployer-system :::warning -Rancher Prime PAYG customers will have constraints on getting updates to the offer based on the latest version SUSE has published to AWS, which may trail slightly behind the latest Rancher release. +Rancher Prime PAYG customers will have constraints on getting updates to the offering based on the latest version SUSE has published to AWS, which may trail slightly behind the latest Rancher release. ::: diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md index d55db537d6e..230f3a0ae38 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -2,6 +2,6 @@ title: Azure Marketplace Common Issues --- -1. Uninstalling Rancher Prime may not cleanly remove all the resources that were created by Rancher. Users are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. +1. Uninstalling Rancher Prime may not cleanly remove all the resources that Rancher created. Users are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. 1. When migrating Rancher to a different AKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), Rancher Prime must be reinstalled via the Azure Marketplace on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 10a0656a221..aa01ea2d2eb 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -2,7 +2,7 @@ title: Installing Rancher Prime PAYG on Azure --- -This page covers how to install the Rancher Prime PAYG offering on Microsoft's Azure Marketplace. +This page covers installing the Rancher Prime PAYG offering on Microsoft's Azure Marketplace. ## How to Install Rancher Prime PAYG @@ -16,17 +16,19 @@ Refer to the following steps for creating a new deployment of Rancher Prime from On the **Basics** tab, specify the **Project details** and **Instance details**: -1. Select an existing subscription from the dropdown list. -1. Select an existing Resource group from the dropdown list. +1. Select an existing **Subscription** from the dropdown list. +1. Select an existing **Resource group** from the dropdown list. + :::note The **Create new** resource group feature is not supported. ::: ![Create new resource group not supported](/img/install-rancher-prime-basics-create-new.png) -1. Select an existing AKS Cluster Name from the dropdown list. -1. Choose a name for the Cluster extension resource name. It can consist of alphanumeric characters and dots, and the length must be between 2 and 253 characters. -![Basics tab](/img/install-rancher-prime-basics.png) +1. Select an existing **AKS Cluster Name** from the dropdown list. +1. Choose an **Extension Resource name**. It can consist of alphanumeric characters and dots; the length must be between 2 and 253 characters. + + ![Basics tab](/img/install-rancher-prime-basics.png) 1. Select **Next**. ### Rancher Configuration @@ -80,7 +82,7 @@ After logging into Rancher Prime, you should notice the Welcome to Rancher Prime ![Rancher Prime Home](/img/install-rancher-prime-home.png) -If your Rancher Prime PAYG deployment only has **Welcome to Rancher** at the top of the screen, please ensure you've updated to the latest version, and reset the branding to default (i.e. "suse") from **Global Settings**. +If your Rancher Prime PAYG deployment only has **Welcome to Rancher** at the top of the screen, please ensure you've updated to the latest version, and reset the branding to default (i.e., "suse") from **Global Settings**. ![Global Settings](/img/install-rancher-prime-global-settings.png) diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md index d60a356b039..cb3eec947f4 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md @@ -4,6 +4,6 @@ title: Prerequisites Before using Rancher Prime on Azure as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible AKS cluster. Please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) for more details. The Rancher Prime PAYG offering can only be installed onto clusters in regions where both the AKS and Azure Container Apps service are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress installed on the AKS cluster so that Rancher is accessible outside of the cluster. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on AKS cluster. -- The Rancher hostname must be a fully qualified domain name (FQDN) and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#7-set-up-dns) for instructions on how to setup DNS. +- A Rancher-compatible AKS cluster. For more details, please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/). You can only install the Rancher Prime PAYG offering onto clusters in regions where AKS and Azure Container Apps are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). +- An ingress installed on the AKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on an AKS cluster. +- The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#7-set-up-dns) for instructions on how to set up DNS. diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md index f94ad7f8611..4b9de5665f2 100644 --- a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md +++ b/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md @@ -2,7 +2,7 @@ title: Troubleshooting Rancher Prime PAYG Cluster in Azure --- -This section contains information to help troubleshoot issues when installing the Rancher Prime PAYG offer and configuring the Billing-adapter. +This section contains information to help troubleshoot issues when installing the Rancher Prime PAYG offer and configuring the billing adapter. ## Deployment @@ -42,7 +42,7 @@ Check the status of pods or jobs: kubectl get pods --all-namespaces ``` -if a pod is not in Running state, you can attempt to find the root cause with the following commands: +If a pod is not in Running state, you can attempt to find the root cause with the following commands: - Describe pod: `kubectl describe pod -n ` - Pod container logs: `kubectl logs -n ` @@ -51,7 +51,7 @@ if a pod is not in Running state, you can attempt to find the root cause with th ## Rancher Usage Record Not found -When you attempt to retrive a usage record, you might see the following message: +When you attempt to retrieve a usage record, you might see the following message: ```shell Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" Check Configuration, Retrieve generated configuration csp-config @@ -65,9 +65,9 @@ kubectl get configmap -n cattle-csp-billing-adapter-system csp-config -o yaml If a configuration is not listed, you can attempt to find the root cause by checking the pod status and log. See [Jobs and Pods](#jobs-and-pods) for more details. -## Multiple extensions of same type +## Multiple Extensions of the Same Type -When you attept to install an extension of the same type, you will see the following message: +When you attempt to install an extension of the same type, you will see the following message: ```shell Multiple extensions of same type is not allowed at this scope. (Code: ValidationFailed)" @@ -75,9 +75,9 @@ Multiple extensions of same type is not allowed at this scope. (Code: Validation AKS cluster already has the extension with the same type. To resolve the error, uninstall the extension and re-deploy with the same cluster. -## Resource already existing in your cluster +## Resource Already Existing in your Cluster -When you attept to install a resource or extension that already exists, you will see the following message: +When you attempt to install a resource or extension that already exists, you will see the following message: ```shell Helm installation failed : Resource already existing in your cluster : Recommendation Manually delete the resource(s) that currently exist in your cluster and try installation again. To delete these resources run the following commands: kubectl delete -n : InnerError [rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "rancher" in namespace "cattle-system" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "test-nv2-reinstall": current value is "testnv2-plan"] diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index eda81c9a5a8..b8eab5713ca 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -8,7 +8,7 @@ title: AWS Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, benefiting from a new pay monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA AWS Marketplace offerings for Rancher Prime: +Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, benefiting from a new pay-monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA AWS Marketplace offerings for Rancher Prime: - [Rancher Prime](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c) - [Rancher Prime (EMEA Orders Only)](https://aws.amazon.com/marketplace/pp/prodview-ocgjwd5c2aj5i) diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index e86ee5d53ed..d361798b8ec 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -8,14 +8,14 @@ title: Azure Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to Azure customers, with the benefit of a new pay monthly pricing model available through the Azure Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in Azure, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA Azure Marketplace offerings for Rancher Prime: +Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to Azure customers, benefiting from a new pay-monthly pricing model available through the Azure Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in Azure, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA Azure Marketplace offerings for Rancher Prime: - [Rancher Prime with 24x7 Support](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suse.rancher-prime-llc/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suse.rancher-prime-llcpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%221dafcf16-920e-46ea-80c9-dc85c6bd3a17%22%7D/searchTelemetryId/c2300fb7-ba7b-462a-ba57-a37cb5e2822d) - [Rancher Prime with 24x7 Support (EMEA Orders Only)](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suseirelandltd1692213356027.rancher-prime-ltd/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suseirelandltd1692213356027.rancher-prime-ltdpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%22c6b1d79a-b577-47b0-90e5-41e6c49688ab%22%7D/searchTelemetryId/1793144d-e0d9-466e-8e36-dfeddc73163b) ## Limitations -- Currently, you must be running Rancher v2.7.9. When you deploy a supported PAYG version, you will be able to update to newer versions of Rancher when the listing is updated. +- Currently, you must be running Rancher v2.7.9. When you deploy a supported PAYG version, you can update to newer versions of Rancher when the listing is updated. ## How to Use diff --git a/static/img/install-rancher-prime-home.png b/static/img/install-rancher-prime-home.png index 339945a389bc8daebbc313444188f91570edc49b..4e799e0e68216b3d97aaa581a977c5f3eddb3bcb 100644 GIT binary patch literal 595609 zcmbrmdpwix{|AncLz6;^L^_b=&;dCoNt9Dz7#4E28FR`p3pTeSdpwcJJQq``)hWzF*h#ba`o@rv>5=;9y{20BPU9 z`-p*ooxs3wWR8s$SOe`wUtnP1$aB)rFwoY}5Hav@vv+c}V_>-dGBNq6(c8h3&leA} zBVQzOGhX>3KP&nC9k)5dtfkSNlOpf9k1#f3uVSguqN1VEpTVLWSQc)j3{z8P&H?_X zh6co@P*CE=kx1%xr~hKr&kr|Xmr)K=!z&}HTZ|%YsJj_PrstmDw9dNKNKQM)C#2B= zVr1Jg2vL1KiM(;Q{j*5$^B=K$*;R|`HYdvAiXY}jf)5HZ>c$4UrpN~e{rjZ z%y44wr?N9ROON&c?Bvz;5d3a*tykpx#$^Tfk6M=%f}(q#NL;@9B3y=#LHT9F2{ESI z85e^5PRXD6so|k9aOVdP+lf=>7v3Z#b!u#ie~-9-Z0v&WltW{1ve>e)!g!{FLh9Ws z`ipitOXot58A><|9y~jH0PTHr>4xm;iA$GW2HxRDN2Lx{zw=bP!a06~$-%TPB|3fV z;!FL_W2hUZ*KV|r`)+FYXR&T}Aw%n8Bs<>zln9%m@uqmxS$j z$gz?@PrE@@gZ)VD_;BJ9Ev{u_DK(BgxjE+gP-fZPT=ibxpgjEV^aMT$%aoVOuS;CQ zzB#;aUj}`&u49@N;WNDU`AG0Y%29?7yQ%Fz;|hB<+Zsa~zdcmsDYp(#g#M6C(ZUxO z7BfEiQ=_NG<>vHwgFC}AeGOB~_po^8D3d3J>RrUtq)?Dcx?`GA)It4 zmb%SJSu>pYasGf=;`Wgl28|~i`Ok%rOo%$3&CuK2tQqw-bu8KDIgt zLvsri^N*)A9DC2cQ*XT_dh3K0$MpASOZJ3g*ofl|aZ8$;tO5M=FxYon@#k;UdkoCQ zAM+k*y2FxTW56zc&6zKc!8khaUf)-916mF_NA)+`9FIUu*5_Hr$E7@^qe8EyGLkbO zU*x~E^&IVqn~__Ed#d^I?twI#bF3fAygDs+nd5EL&*lkRooh#B#I7Y@^SKuGe#7)? zQiNL)6d4vc~H+D$CcGPb_0%V`Fi#VGj#qZ`;Q`{LpUr0eyY%diwq7i?%0YcptoZ zE%(;>KL7m>{nS9kY^iD8A?8kgt$%Mim^aOZ9|K~<){1pS3jJ}_w_CT>4L!xLawHdjDo*$KaQ%MMBT$a3^YyaVelJMcLdK7biVdR; zS`G6I6w$x6G|^;sD*sQaP7;xpxQ0A#C# z!?Nk|B~3fD&f8X7t0{j~j*R!M8B zGlDZ(b8g*ky~5WGd>yeEp(eg@BZ7zFd{<3t5}fnWt%TbJru{;Bjwb!Le>1 z>n?j=W_mkxd1ysuFjH~9m5 zYnKG)qLHyLnHiY{lZtJp+T=}|O)StHXeHuP7wP#vVh6DR{?K((&fk?j_{f!i08t1p z+jDks6T_kLg1G*&_>vL3k+#p*LrS~e%2S*8x4Dm_f1S_% zvcS*%yAmOGbwSfDM_D`pAH6fS~_gTS@7A0j^#P$Vf$ zbg?0|!n0;zGk#@*bHnFY&ZT{d{xte&@{@j5Y4yqKxvG2B@aklL*i!xG=9cT)tR1?f ze8GG@r=WUKXGBiz4J-#%KJqx&Hn=FbjmbA;F%-^uj%9|0?Z`(abrB^blsYaF_Bm5M zJFKW)y`HbW>&{gTlNY6tkM1PDIL8qvJax{5cU^`eV{vj=;5`2cK|{gi^Su{}Zxu_o zDm&Z#j&tmDRQE(3le#QAb-R7wPFFaYpR1YFJk_#(^}6Z1k{OasUsG;OmsA4uyP1bF z7Z3j#A8|UT*z3m~XJQ;$7NdnHiwQ~u>1T+llfyD2A7JglpQxz@sWR_oQVEjow|>gz z-gLTKck&&lmDtWj$mQVs><@FbKirRd2*2Nu-ISSjQi9|03;3+StitS&D34)Hj$7_{ zFYSR=Q_$FvGX~8Wu~QEvuAlb0f9#T)_I8Oyu|%<|z1CCVF2f%uraZ6Su)?_yu2>XM zV98&TQOS60w|SAb=7G*sYo2j;-lj1I?PW5JIcG6mJw-JiBfTrDEhsUCRMCgFf2>J9 zn|tQ+hc)QWey$Wu4wgDnS?{DV*)@~SqUM7r9VVd0@l00rYjutivC}SaTPMmB~_X7@{VK}UK&pcPxX_9M<>*uSQ z>j%YCX%$NNh22M=jDqmrt23;VN!Ykb)rBcqO<4=IUPC|F zu->qv`Qy}Vf_DmHVJ^pW&WS58mEAM_&~ME96{k)^@cxt_-mW?h^Y2O(|Pyi;6u>ks35oZSH1%4iBu2LzdK;J8Ky=gcquCpyD zxxi|>aU}Kk# z!dtjmR?*ydT7}lr1bvRsy*FNLQ0C)kw91xBc~7;q{rRJ2$D4(*&t5z;S~A^tpXDhN z>kB@;*VFCL?}HopT08DE^DFWQB_ui6es{}GX7S9H*(|DKx=h1F!y%$NqSESWz_ras zs~!Ot52V9uy{oSWc#XN?YnASOy>}EA1Jkb>Ts4`5cPOR!U~JWG^@p>og%1pt3@69y z^<(vE=@-=0guC`bcOI?x&A7D5*Sf`D?!A2Z?%8V&&b+tJbBKwc8d3xpe)KRHRJ`7@ z9$i&dxzxR?RL2`~(D>`d#=8MVgZTG9i=w<3pMQ;-t7H_3nVGoHJH`6M#U;11z2-4$ z``eQQ`K0P|Z#{#_8M4%)A3lxN&hKb(UM?X$7pB!R(4~*Y`HDyi0^l{;&Q#l8SC>Ho zSY~5jW)xsx0hSnnhbp7s|195Q6lXZ{&w3^XhDav{=6`=i4|qPjy#^kK+x+YK$eRd; zqrj_^z{B@5(|mnfaFD*Hpr9Zvb6xuSbxGh8lBj10PitRE1nR=ScJiP7 z+_gj5dN?6Ho!k&2hx@g*ar5$25fwc=(Er^2^*!x;o&NVo2-LrS7Vrb558si#CM6^N zKl=tYRX$v+XyD{)=W2G>2@bRwa17OJGBVed|JmUG^Va_!^1n7U{ohTm-@J9}zc>A_ zxBlOo8l&tyG~D38K|NLfx5NIu@qfSh?+ulu4}bfAwZ*?0`k%ExORI7yOaD)=sdBKf zg4KYIJnM8<-w1dHPP4-s;~MZs{9n(&GHdWHrq-N928P=V+IQ8Bd>I$g*x#pWmhJ0z zsSa*17ng{$Ut~@QjBFG^FFdfgeGy_L$4}%GAJa5s)I7n>c*5-1=abxQA}>@#UdUQM zc>dzW!p>77y=Kj%OX+cLz|akz;)nFWdADF=ug=`ZYkL)9l|-9r!yWwX z-I1R;DOjd$n6jQseA0#)P`sRa#qJE+d;Q&7<(BV!(ZPMNaCgV`vb7|PJ~WRYZr!nc z&F+R-*hGFQDqJ={r^wi?6Q}PM^gEB9YIBJwws^U0y$Dpj_mI5p0_zlfJ8@r|n)E_b z?ytWX@IwY}GMlvTHfE*yea*}^G3zOeE<2uZy-f;p1O3n}eT550_vgYFOI9j|KpXCz zASi^V@F|5rN$ixotgf;xo=?SnwSnYlpZO^++`7AUuD??aXq&7pw@T>w$@nb)Bw>>A zLJ3>c^S{2kaxj5af$tSOf7#`|m0gp@TV@0{lRmu|icAgqe?}qeSAL#TV|6+dh2E(hY0o z#ySK}nA;!VAgLLOwcmQ1G!I#ar zGW{<%eu(|`cb z_s1qFLRA%|wY8N=A8{J1>8h>$(%8ggTlN?hgDLAnLw2s%DtgX5(bS~NU}bOKJZM=Bp@>$#+U$;!%_J@z9$uuyocp{hOplmC-; z!mU%+t_fG^2L@ILt1TR<{rK0HNj@Y*@Y_wjptrgX9-*?RZ2^(aJF&m>OMYG%^gxM) zqwWxF#G+8?GR)vqQ!YMgv=YSB&o0hbH^qgMp5kiUuUGP>y5fAv#x!e3SH(2{Kpndn zsoVCrvmDOmoyVQj88(b*=IgjSPlhvMRd!v&I$)_@qTmgsw%IDVnPKi<>gmKW$$NbU{spc20QM()6!#l!M^)r%|-Z#Ts0P9C`D`_oLSQq@BfDw|+~X zH2z$#d16PzabZN{IlmmQ#o?iyW#4%We&M4Fc9}_Gz-PevsM11VL;izgDXUv@Zo|qc z*X^QpKPeC1i#=_B5wvtRP7R!dN#g->o8N)RbC-rv6MKn}dU&jC1dTN*eev2!v zsm^a3PA`%A8ey81)d@kZB#v-Pg^&-%VfL$Y!hvs!z-|R4{Axc)8F~3$QketCYV&>1 zlD^;7UcU%MbhK{gug$zKzDCYoh=fU&Nbbm?=d$$DoMD^a`M*!N#A?N#gKM32e?cps z{v_u*AfvG+yPI%(fyIzCP-L4jrmwPQR5_Q2&W99O>Eifd0X-s$wi@l1k}YgBBDvO> z_oxkyJem>sNUt6|(Df)92^yt~yE62%+6m1w1JhrIeNy~pF^o1OaKr+X32Y6Jv3 zne?_D&!$NV2Gi`FC#AF;n&v)HD za%`3w-xDJ~6d(Hr-#zlNh~HR_m3Z@gqPNUWZqnFJ;EWGDlNK_=1PC*m89>lX5*SpL4B4dv_{K-)y=~^#U#g(D3SQlHqe(ibr&b<&p-J{DVTw0#!XOT0LpZLs+YL*P_8AP? zp~3s|jMvx6Ze*Zl%%N^0eQ0I<+Z=8y(_I@5ntZpczRrcM{w>%Nzb`^IfTNS73iTa2 z3&TIqO@>{b!-r}sy|7n{-gp6O8O42Ep&wn>VX13Q1dAbeR^|0g``*nGmtOJ^*5)Q& zXwlO|R73yd{4hqM`bhcW@W~^r(8ZFCl3`mdvoQ2}Qf@*Wd^~U`rAIG^>b=$BwVsEj znn2Ua{-m-M&w`LU4%KK5)A_qje4UU-ludt^XmRB_zg<;GzyE0FLG@TCr8DiZcX!k~ z%OzbgB&P%+9Jqek3>ZN+(riC#)-Z0e#!_K>K-c5<_jY#j>~ktuLryn3x#q;K?=1$8 zz?>8vyG7iBwkDI|KpC}*s>SiFtaK`MagG?!T*n$;)`SYKNBZUi!xz1J!^(f=OJu+# z0k{bJTgJ>EPxx<+M(&m6-RGzmz{*w6W~I1(f5FcBWza2nhb)T~4_qH~0QE;@d8p4fHj0Ja)j9GbJ?d1!g^nzY%@2`z*`O{9 z7QC@+k{44ZZ=*IgHJ6)HP`Fb^f<8raLb)O(A2^#fE1ibIwD*F9}b3RPZdzT zdo=k6-CKmF!4;!2A9OEZvTJ;X(Y-;{gkTR z^?=obT+UzK*%>)NKrGzD^}Qw&A$~v!AgEKle;aCT>7WP|y!|#NNQA>X;<3;kMf+piG> z@G<#u8~|>ou;P-m!6uU~Z^*mhrBY)BfNW6gOenuB4LQ70AOr=|CVF)5oFe36n=w-G zdbeL%4MYTqJ~%j!gjV~NjlK=7;IO0pk=tb(bx4<&@eon%N5U^MKS)7+tpo8<=A4U( zUz8`qow(yuq%b_j`8nD zKZ+U*+G>MsqwnEK&fuLt$+fOv2)2~$Ry!0dyD<`6%m2~(BnJgqeFeMNPEeD{Kj=-a zd0JLhw!XX4wS(3>?-6#N4m;RRE)a=a;~w1GY*Ab18$^1EV>!|kz4B_ac-swRvA{UI z-lDeO!`Zn`LFvPuafy~}Z~KKk;adI?a*C4@aqP@klP@8ZFLAz*bs8)wxdzEmU1`5j zBPvA9=oMu4;ck;OD{egJzi=oi;krx*A0+hG=KMsS9C_w7r^xiTS zgr;UqXv(t?K?wrQuDW?)ra-)dh?PWwXDzHjV3&Mnk_8kw@)TX+{V{Q&Px9#7jB*C} z&7TNP-wv-N{+>PX9#XVZI|H*PAG?BU(v$J&Z&a+@?THmq zt17I6w+Q)^!tp~m?Z)*+9(`YTa>&thGvStm2%bClqH6ZH`)f&QKEtzMTw1`NpH@p= z^(_3GVPEnFms^AvHEnnahMO!!XB$!6F{7Xng?jWHd{g&} zjex{g^}>jBFU7QV(VMH6E?vSssb^}CMdK+RF$FUH7^u9UY5-x>&ycMTsXLRQ8M6>4 zKfL4+!-A0EI(w_TVD?vbJnV)G@v3x9gKS!!bA0aA{u{W23tHQGZrrP*e#Q%N zBVt%oIDSk-+^6XT-~3IPsRQFUgefZ`r8OmM1y|C_Zt5xUnSQaE4iEpL7=B)(^t_}vchLQ->hB?- zPsd+*LcBV)$yF@$=tpAD+xmfH@yV5BwiSDKX@GE_NedGiskadiKa56G9ANOmU{&Ii z+F)7R?BFjyq{NY$PE|+q-j7yl8sjZ}hWc1R0u$hzFXjSRc3StBFrmQJ9`E*REt@V6 zkE?DzNgoqa+j@y#1nNbNABn$ai6zYUSUKyl(^PP&`stU^PTUFVtB0s<^V*A89x=U} zQSJBQ1nkC}<8By1=7+2O1C-TZH38*^tOrrOW+IJzaLnVL(Y{6*;bI81S0HNpT)>jL zKR|}|%Dy%=HCb8kw`AmrV6}x*{7U(cit7DkZ{2+|#P$s$S!l;;Pj27pGYKc3sNBE} zhv9KGmO7XQd#N_Zm^#eHAgq|~f2;)1h0L3c&D)3$SHpEov38a{+4fr6a&)hr6oa}iVJcd~&PAX=TxbC+zDGPqM6I&HGC|K`L}WZbTZLH!RCy+Z zXx`@usi*B{!`IxhrX>hlo^c9$(G=T~9BPEK6#!1ZuF=RoVa7-o#~l2}kLF^biewn$ z85z<-1TSG|`(d-xu1A7U@Y7s)t#MJJ+&-h8Z|U%X=_@5dzV4#QG;rWakQc64&LunD z$bQeia$ZlZeV}XK!l9t+$HyDwFT8}cj=g~*Mv2$z_aj*A&*Xim2C!9);u-AX-9EVh zgCP*DLw=+b;4bqu#e-iW&pC6K33>cDzpvAC&9-^-G~3wWuo;Y*^Mt`bjw5A-Q zb@^f6uLo4WU(4ey>e^SlO!6j3L1o{S6!<{tXNc~wBmt_w8F3LCL!fm3Nyk?+5!b_P9!EAZjNaB^Y;r0yR#&U@r{5=FL!p>1@1AZJ)z%_Z1Rz<%P@J%eut? zpzbeF00v?Z-{_qXL1vfZ%1h7Hgs~UH#X*V82?sBD^a^47f0Fk<8t+QE8_(LttJojD z4y-YyvL*;&AB1;viOQ!Q5tTKvLFea}9>TQrGcoQpG#t4T=Ff40I^;7#L)nZJ*|uyK z{Wba)eSP<{F%$k$SrY9DuE`Eo^vVBKVeu!+tG0TlCseO!utr@i!VHc@3=euVupaAs^cZiB(nvNBqDT@A72urw*6-9j7sbD-Qf(G?2=Q^ z51B6Wu6_RL1KB>R_UNGfkBRiY8_8`>&SN+;Hp-ZW+sxLK)p-|C2-#5#sYGF?MBEC2 z9^Dv6)rJVt^UK29O4eloxLyt(V->`n53kkGY=tR(Y&`A0pkE0S@V(9_BF{ArSk!m+FAqHIjx9g(jwGH_|eIo!=z9o%3 z#7*(xj-dXOF>@m$r=8K`!84lPhb*{&8ZqZlyEC+yk8;Sq2Y2mKJE#IUu2m3#(Nqt% zy2y-2&r%ESH{C*vnpercaOIvI4aiRQh(2DsP~5fWqaMN>4c{NUc+gPHSxsgV|1 zv6t#laipPrQyU_!(Gv5E3u@-R@k%eB`1;pZ!u-8Jl+9;XqOm9VO38LO7&F%wj|pn> zX#3r-6sS)Z(EdS9efmSz@eL(sz}Nvydy+_A!?$+1jV?F|C+J|(Zd8-_ly{ycNcxW% zqXRvYcsgXQ{7LV7vf%;usi%53)vhD7sq4x9^9yAk&Ine*iug;*B|@yIa-MCX^L>~f zIzz{A<(8wpXbBGUv`L@q#CrDePaoeD1y`q(8Pf0R`dDHU2^{W{?3AF@ufkhsO~Xvr z?bTUam+Hph@tGmS%d4z@0OC|L31~Z@WVPG3SBwqz8n#QFm zh>D-8d#jI?Wehe(SDAuPSnWz7-??qkt5Y zPYJ*bx%&D6T}JH;Rw#V)un4R`N{N+fo*cgou5sHaNA-8F5Bb1?;j{8J%OGin#zd^^ zt*+VZbb5h;vb~U=0V~+bIlL)EBD+~U!7t>aDP>2 zo-o&5M3_)A-)6R^ae5w;?Qr&Z)?zs!pcTC$m?%UVp5IWDic$&iz$QBEqM z4s+t}fMEbHNiN&{e2Cz%ZSz8DV8yNZ;HNp1h>`3{$zPCX^ThI5NCgpmfu5!0Op7J| zlCyVgO~S~bu|5!Z#icTkeI|yR5D18Y@NjF8V1F0!4!0a->$%Oxp%(X*v z3r>Mhz1R96{vm?cn}?@e;H#Rz9Y1KgYG9SY@!D$^hNLnVh;(y7AHBRh z$K^Of{(&EERm%~^Mn;X(FgKLZ(FO-V7%Gwk2uJng5bsO#lZ3wCc0;mX?bq~Dr-B9O zA#e~m)hTf;jdCmRKLd$k3OrMqJ z*5H#ha`6YWC>qemMF4pY#HbtqfM}=Hb#G_G?TZgB3|-{ zk*p(yrUJS1M)M3U9!Cdu8)$<1NcUcybvk4=fI{>0QnD{>cXLXEo877F<&x zv9UQGzaxPpU`r46?FWU&(LY852s*0(a$C(HWPMgXvO8svKnv%$TH>QL#|tkOXoW9v z^(`RECr|AhYI3F9x!Iro+^N1C#`?F47v^%IGu<;~dG2Y-?wF^)kD0@~yvK2J2j3Ht z(|ySN(9f5Sa^u9}I?R?$k82<)zn(qxJBQ2u&=+OY*;IP|XrHFZa#bxeO3LJ z$wDJMQ!ilR=5>W!i_^cAhp#dtcrHII9FJG4+4?PrWKQUz0~QXW&%jbH6tHxa)T`0o zBa#-QAF)xewHRV2pn5CO-^Warysm>c$DY~G)3cC{p1)nsFM7wKi(L?VWDk(9$2F~f zK%h{Up$e~+!~ugokh^Qn7;D0rypk_#^Zi{A|F9pJ--)tkmAvy0C9~m3^ligsT7uTO zBKeVkUj~}+AFt2vANvvWk6^5}zkIybL02~pP)S;y2ZZ}3k(pQCeKkFvaCXePMK&|1 zra5BHg}Yik$D0~*blVwOP_vyExVzjEQDu-H0a9?cvUnL?gT;29lCqfTVp|r*-VOiE zvnb=#d$CrH;5pM>kE-V@aQ@rQgkO4HbVgsdP@DggkA0)i3T1qy>^4M!hfY}&c!<@_AxRqfv=uFbfv#hgc? zm;iu*V!;7&mnRdx^(1upj}~rXG#BSFW(2F2oLq2Wr+h}Nkju;B#_+OxbPQ=vry||gg{JWNbhj`bC+u@74 zGV6)ce!B^uozFE|&J3DHbAOj^Y#x)D_->r#xM~d&AX39vq3?x@a-t(rH$SW2jyNuW zdJ=1zT9luE>~Vt!Z+(e!K=jFZAUGKkrnvRTLj0;@mTB?tz3V=0^K2%nl z`s-%JoM#Bs!Bj8L?0GNN!^&#C79AI*FvWi?^^5Aib`{osy53$xfKL-II^(ZNa#Fs3 zm2Yje@jByq3s98+GEvzm!F6V?5ngE;UqpsF>5CzuW6TIWN`yW@K1k8vw$#snN~l_T z>3Fpbcz;V+zM$}3iQru=$AP0Kh3Wm`9${z$GSH|c_8r9^ZaA3d@~kiIaa8}V*c6Yr zV|Ud;yIcW(IfPttMk&}eLCD89H!uj9;Fb3<3tw^B1;uag`Yh3`OX`YXv0VugJW(jc zBp;3Yt}K9mb^E+`cmSpiEB<%Mjm?AmBDOKZfz4LWW;WIT2ecbQ7gpYi3|_weBxx9({{>&$ zdq!MqtImP?rJEMBKb;+8t>aCNZUF;*P6iIhI>UsxM$85boG^fCPAsz3s+I4oi+0R; z6;VcD;x!&9JO#G^p=liK%DraJ#k^Go%bTFrW znU6xjL@om4_Bb3%WetH^n$~wpwY9&nvl9W(O`=$MFy(E#8!2 zcK8R`#3I`I59@7>e>e|;R%L(pJP>~Y%x?;+Ypow~=SRf6-118OQPCR%&2fSb{ zj!!CNE8kI;6dCJK{`cyR&GQQ9RRLM45+tljITR{1%Bl}X&9LLDj_E<$x$%)~AooMF zeAJn|w=pt;sM)fw1TYW=@P~1(gVzr+bX6cAY_8r>h?>2u|H&1Qz`q@Wp?wQrT*d?b zKlzo~zOVmun$H4&kF!94#uzjII{nVA)yG*6m$#1JqCS`X;&}NlxlH#y+tXi32*<+h zh*G=aoVz9qh@`7!HWrnG`+DRo9?T~4m9FrC)`MD@on{yZJB5;>IP^fAv8{R!P=!LU zzmCb)obXi7IXSJSOPujKkM#FG3HcdD_izcsc=h`xJs{alX9s&#O^Bz`s)TpT({O4`@!24^qyTToZq6~}s zvDyBD^o|ty_{Sp}40wRv475qtx*k_qeLaM10J&^ldj{wW)$eJ4+N9+J1`e@|L#lg3 znrE*z5x|?UFSO&qn+*c~qU-&&`(=TP{v##1kF!a@fZaJ+qh%*=6s5sZZj3e=yb!N! zW83n|^1?lyzbiL~DY5s=NnNRMxAcIt%4{ng~X^Qzsg+rVa8Ws3sX)>;-`5myNG958zB@etP*_tdm zPd>ue(+)uimWHQnJXGj`(vSX$*IrwnJ9HsdzKtC1iDfWeLz$W)I-gBKvR+s2QNNz{JvBRgfM*&l*x zT5+4yun%D1$)*YSO&eHp)#@6h1L}h5FF(*<$FZK+^4w;@J2_CE&VB&Kxr3ZgXpUeQ z6*GLMSDZNs*$NUzHXxLv6BWOtf$Jt^;WC#~Gxu}D<(8}f{q?K;}{Koi3X^h;E(lh7c(8oB9vA!M}hQ%n{R2ei0^>%@vewZuHZD4Q}xNM;A0 zREdx(w^Q9GFwHoNBzS$31aVR$P^MQH3nR zB%jky;mgE!^BKW4(^gwvTYXkS`PD?eH#I+qdU5?sT&Sb2L<%^Fq zucrac;Cxb{Y|J(N$^_tsl&EY_R&GoV{EoSTOd*LQ!9I!1kiHL+?%#2l^bJRZt7Ut0 zoOm&KAN@Px7&1@3-+)$-CFRnm_rrval}TF#?$u4b)q?|^Rkabf+P#2%LMR!CbiqdgH_9;hVN%Sfj*d=%Y=x9%#eHhC zaG2lUl{&{3=H9mHfeeL3GE}&r)DAoII9c_GYn?ZlTt~Mf{+xA{n>K+O!`tjTZcvim zb8x7Ce<>>E~^-5~xg>G>{ zO&5QymqasGU$uNpEBfl2IHI(9@;V4a%!T;O7i$*Ok^UgRa!^EE0Z&W~T3}V3di(hG z>a`Jpvr!cl<~!^7S~wXn6}Ly8T(JLkXl^@OvdFVhzO!C4H_IH9qPO-ws4=z=+Yy5_ z?I68LQsqU%S%C|8-E!tmO}<1WnPdS<=p*m?TsvLkQEnb9L%-%T4yPslVO;BgQbGcF ztn*^^#wULKC_wMJpF|cOqaET4WAf{9K%!c|BR8-J=wwQ(-5MAu9&t#$4^w%2lhVOO z07oQ4On1hG4-PY4(66C_Sl)2o6OgYNI^@G@2RpF@0F6T6)TvLBvYacp*(962#f-Q$ zQWtW>lBEh8fkpx18&rBAOvu6TuPx{i=A?(g6sxV4;|uLE!-YOWhHbA1jr-H7Hx_0L z1L2MvPla@Mg1%1u%CrnGHAnIFo;1hxe7YX>{E?i)_s6)U%6K#T*F1#8B+~@&>cl(u z@uM@}R559awV@`oHDYZdl-m4X*17j|Jg*5&0L}T51)eV#@g)w%tO1V zq#P~u3^UHkL$H&yq)8Bfm0RbI!0WamO(R1BG1kV|P{C4o(Y>qVow46dgcQ9URoM8; z4OtMtoaRu>r4VQw5W^a+SscQHi-qH*OMLlzUK#e$Ym7y9INh z@ntUiS*ZEdF&^FQk|Vp0qwy-sjXd5&Gl#8i04Mc62|i3o^<{8>vhr*45QGnWquWc;_5?HVY z94F4HrYV*yS@iww2u`}f_?yY4@QnV5L%fyuo4}3SW?RI8m(phJ%EEM{o1GGuhw)cH z8=^8J#APN~5bl?5M)gw;qFXJN3r>n5D>t4U(%cWgxrtKzHfJu4L=V`$UW=@Q8wk6Y zjxr+%13XOlvd*-kKhZku6uI${NpmeXZK_GScWsYHiBKf(V7XZGfLvG%26ryFt^-qb z)$Z3Ya3)u9AWDF2MgWO0<*8<^g|^HF@W9 zl0Z}V!D`|Ao`(RKqF@tw4vNh)!RS^yPJM@wUE~R!v)$%=99|lNLN1*QlT9`9A_+W2u7zzj@4lMbF%vbLG@Wmj%EW!vUV+&;}u6H3^Ei7Bze5rD&|-fJo@HoDbas$ogA6 zJM0D^kGQi7z@{*@m5;w~{&o2VChn}6RNK6i+(br5wtC}>KS4<*dx~a9eX2*NB;8PJ zvw&(rcy%)=x=fcE@yPj#i?2hj@ma;+74d^jez8NtMRTrR5At^TvU5fGk91gQG)GH3 zNc#*IVnG0d3qCPif}l+$(hssoesxLA2yTr#uV;gR7~a|yF~s~>Bf^!tR?>%WC_3#2 zCgm}16#qju_T>(dgA%maAbgmhbNPBN?oVs0%yDMKVU-1B0e^b=@ETy`4?!OK1LrGf zyiKaIojfWGBrgh>Bf(k#p?2~ITnE?IcUK~!T}QS$eHMUl-!-GCoxXw~JAO;g1R!PU zm!puapH5#nOnAIf-FB=TjSyS_l-Kpd(LzRvjyOU2PCd0fPk$f@{c%Ao6&cFk3Oc7e zFhYyD(N839tGFlT{q3}Yx~bbDE^Ef%d}8ZRVj3Uuizn(9s?8za2lCEj3#@};>G{sb zOUMKuXzm-)l;9B*ZnM`x@|RK$bqZajZZL6IL+{4#rB6Hrp#^5dS05Z5CO~IFtm#o% z)eYa)Ne%%}Q@U(Yx{?EN;MZrOx)jZqSON%fSJc^$GQQb?*?VEkEMFQgsLJ?gUSUS) zLf$nOEAuaQ8ja@Fd(8}-4@f)Jl1C+qX6W)SjV{Dm`aQ;|>{t;^Dn=epGX+0iqi=-8 zgL|h06*rXrWZ)icC^cov!tJWjY|}v+ku=k%$*Csxdpoky0RYLX{tS9{=pQ~)KO;f# zS{QJT`^_B_2n?21)Wd53Y-D7AU0w-r{*DC)bg68l#tEwp4+ED*mKTtt$ovvYHilUC zJsk%$pNr}sUFAG z*5dP_FuI3VH(zFlf!szHG~P>Y8MM)6N*~U$xlm;oNB)W)g!q7q!L^U=kKpc~ zB3OF-yaeQt^U}O#3bXRAzx_D?%&AxaKuMun;5>A{dxL_C7Yg284pO#lJ{Cp=K@u{0 z|DnT&GXQGsR~^)L2F<0nfVfRt^DCkG0(nhMc?-ksk%PUF8bv|+nrKk&Nh6D?8^i@V0%IT;afClz8o!R+2-ce5-H!h$!kCf!sAql;M+plRqSd~-n` z_`G0OR=tGszgZ(}D&o`I$ zcbA_P@pm4Z1Y@r@S^c#MAX=Eq_Pd`r*s9r9optGV@9n!21>#=jCGXHw`=%?<%{pG_ zpD_Nb)iz~(YgfyRl5N_ElX;j-oiwiOMq^}3(SXFOq1FoF8no9C3JRtT|LjGZC|yed z2leIj{RE~r=Cxy_rEtb>UAWA*RwaCD!9O2OCYszVq!jnfp5?-eVH4W}06u=n&Scpu z8?WGBYRok=?g4IB?#xV;+;DS`p7POs znK5BYUSRV3fqQvQ*T?LpI91!aZQuSbUuMa_g)N)G4?p`Yd!!uf-fa7=)MKW-0*V!X zGbwvZ+-9=T>B@9oN=dswlF0|-3igE%IvXk7B5XZ-z&H?$FWyfZGX8cc$vsro!f;Mg zM@lBe{hHpf>DGL+hAN5l8@6k4^C{qB*~!Kt0m?_$qC^ngx=E-twXpLgH9#ka0@zjb zv$G!+=W%;a=F1uk{LK3vP>B)`IsQ+xBjYrlG-;t0(u65Cv-*aK7*P^$o-9NiL$cI1 z|5W@5rc_t4sMy}R<5T8o8MdY4N}qeg)?Z98xtUhfi?wuJ)8d5hWAw>$J`MzDH*h{7 zLqkeh6B*S~mZNzFJdev)W*Yv>m zU==sCaA23tw$IB>k}}30`2|#Ua9YsgH)BV$N$f?W3(Lju|HA~E?`AIxltm+S)Flu3T{8{gR}6=qqu`s)N|-o7CVWoAT9y9qJ3 z#JI!kNxIbr0h78KA^Xts=_RtK*O+|c1TW$Wq+GHjhxl?(Am3&Lp5Ik|)O@i=NukFg z&TejQ$m?6vK68{7p8^}D7wqDiS=s41Ec7;iZll2Tr%5%%^4q|`LA==d+X^!je91DK zWFqzoj>Fpkc~Y>*mAikL4E$$KfZVANKH(snU-}1MGe>fZGtRrS$op_)TeV&F;iE`A zBF-;Jo8eV}X&90fz=c-LPvBDsNh!bqRkNVeL{2hgq8>cn{{P&MD5AX4wTa(BvdQc@i|CBd^sbY?`E$yz6n4nKGb4WxO3 z2P>i9TwN}kY*3g4Z;dhw`Yovc|L#R9kom9pDUe!+xn)QNhE3qRE6|{esAlsGl}PB| zDNBpY!$evjKucx(3*awjsN8*0a-lm2xZbEHwl5*?fO8X=9IH*m4enKW{y*%!2~gAL z8aH~XtxFZDhblYNqU3m#O=Jm>&`On3AZewF>;g*IAw&pdqgDlxCB;1=Z8zVQbsLN-%(t*{Hxy`@VxGDGJ zMF=8%7X%$!nraIUe|~?HXVWuImGZ3q{JJ+~ z`n<|rFWNg)Z0x>zxut9gP!>8n&NfB7I)RMaSC9G!3!_!7RJPRp&OSWwM`A25V?8){ zqf%Ldp{~`AmvXLt*6{Tq{>O;V8!V19>%LT zNOF)D>Eg+(>q_UkXZm+{|Em?w93Ct$t2$v0UZ1`AW0+SdQ0<@9Uq@f(R3|@?Ed*TF z{Z1*svIGQ+W-X0l<_8|Vb1pAT<5`flnfBvp|8TYvas zlxBX$x5xjhCBP3&gITA47^jU=Cs)3_>(#vV-JLJ~o3QxoBjp$c*S7ut)!*KYb5c%E zh?CbYeE;99;tOR&E?WKdp$LEcuRi0$-%hiQ+fM3!_uu5-Z@$`RwR7OF!hZky{joD2 zDQn32;olwpo1qau9r||q+0K>jDYyao_zqaGS z*&km$a`Jp{T@PXL`!8Rn9Nx4~lZuBkFCg~*+US*$w;xxnIN86TAkILl^N4f3mP2_^7I!?Q%wPhxAfiCDJ`<{d&WnJzb zbGx^@4*KU;t;3$c_i8&~ZWNeX)s4W_eN$6f@Vq&|_YeI~`L(7Asto-qVqZlq?=8wdTfG{W4r5(!#*WBx3+)mIXn5-p25i*VRzmKdYNB=)VQuAv&S1_ zS!&Q~KJ{L! zbO!T!hYbLpUVE;ipTW9GMOe`I200?dhY~fKg|+%|S%J}?3+(|8%Q)rT*>_q`dxgc6 z<8$hSlk80ioF>UFtmQ{Vco$Tkc=y9wb>30#Mta9)T}B5{&aSA;!N^6UjV4<~4Oy5Q z16g}lPQ1&mN%RWWzF@_AWhR~Wb;33zT1TF>>}~@`7?B>J&vcy`)o24NB$@V%;~B$r zx#hJC$-17=d~kPL35QBu9zO||2Z%{pVHM>b$i3CW}?2e~go-{_#Xz=a)EaZQXKnLBQ~EvnjM4=w^P> z=&py-PW8nXKkZpx`}Nlw2~O)Ud9m@^&C#SySykPs2n!Vz-#O`MRY>h$0U5puJ2bu5 z)>_jrf_+qGeeKre%fDQU(2EE>{PU;luQf4W>la&=x)zs%N$@OI+=VjZ_TuMC@qBS- zqE-6kG@|*6H1zGQGB803nmt15Z&XTa?+&JQHT_;gN_4d0Tsi$Z@nh$SMB+b*4Jvz? zin6_z6%=l<62%UY;a~nG;P5r=)c4EZL^S?067rAvPkA-6B(;-3GrjwMXCQye3j6+> zvPrhj_7m<;FTy1d`rnN9-w$_6KQZ)$U5`4Urs9lt>k-+|=4#TliI+6@NJKu$--m2o z`>WTk^zs*gXy;vQBf)Sdjqo$qo>LU-WI{GEo-kmNeoeOI1ww66VX ze8yAkB*-;MY|BFxFC98CAjh2X zQKGdf;sMvxSjQj@kO*Qo0VZV`Rwka7* zd$9WWRv>1=9Cnp861{4jVdex1oH;`GKffF-m;Pgpt3~?_7U;|5-XJG~W;fCu{4_cy z3Mk4QJMHz}bF7a$5fL(@r%|{*$@NZ4-O?H zi*MHp?feZ6;se8khxJ#S;05~UGzeZ)o;gzuH4|7-q~o1x;RF{agL$1=3a%tAW#^%D zs8Lrx3vnN~>Fe*Zph|z3!d-+Z9rh-^be%PXUz&q0FZdNjR5W4=79$cXBq{eCHMDbf zIIr-H4ekr7Sf^c6q#bYc7kpr6bgMD8;UJ4PvEIm~He{_AP`IXscKXXRxQW!dK9-I= zTrARIoS*~bjg~^qBetww4d$r%0j#qiXFq%f7^1p$$?O$=iw1PC9e&C8bwX@z;^2_Y zSqr044Hoz;Sp0@kdFog?|6RSYpU#T%6cytecdn%4Py0Pi54)sKlgG3}65r>I(6$#u z^Dd8O^a@OL=)2K+8I6WD{%I%4fbOi+&|TXUZU->113W>H_OahvivvOYh5ncJbYdaQ z`B5@nYMp_Q!gW>_8l&QqlvWcOmUvIlK{lJ%kKhG?Y4@>@O=`}h2WrcHCK-i9DID}? zxw4zyt=<#%%eex2$+d0s>(={DqJ}sFwyIim~n815Qg;Nq?nb zo&gFEPV4QBftDTN&gPg#H5mJO=Nws=^St$i`gEG0F^T`JjaQC=4nhU-JD*cv!p!~E zpa#w$H(JB=$AG-u88X~1(BJV$AR>zg(@|prBQqkIClu}5F9D=XU_*x4O9Tj81J~Q~ zvUMbzI$A%&^B*GG@h8VL^F?!HadKU>ep*Lt8tf>$pQaG)`U+V3VcQSUu2dHr$GDFH`a)=87;(O{DrtAO@R(=0)wDtBanrL!Oh z&*Xhk0S}4qJ!5e1d7M?}s~;kcUE{CaeH(#2BKl3c=azZncOe!3)V`?l*~@ZC@jUZq z(MyZ;0{Ysl`HgRDyT>&k=$bK;Zn?%Ay-fd;eo-b9?ZubwXnYcQN*lY}5kEH4;r_e} zzD^ADcjN*!9c{5Sfe`)S*R-rT=c+SZ$>=^jS^6@W^m;VeGHvuz5~5e*@I)T&(8mr7 zM84oSon~_Suw7suLWSE-z2x_pl+d8g(@6$#`_z@4iD?F~fsEt*1X4ca%}b!EBYo-_$Md7~#yeUj>>t5{4$&V?+W)TG)3fh{`EaD7m6J05Vrhx`?#4bVjK0&< znKpNEcv=S$r`Q<1l-Oz}`)aqS1s?OPL?z}2w^BmQ;}tGH3);|CtIU+XzdwUQTR*X3jd=h zOWwR)#(ctvf$@~J_<H~}`;eA`roCoL z)_rRXl3E*zRk0d)pyyQ#b71?MqgulVay5^<)=&OiUGeH?v&Nw?FxRd?9nAag-J9AQ zgwGul7Xl$=%8g*>P9Mt)8IW-;GYou~weEV`#-}EaM}4S(kN9V8+QU zAoP(6*TG)K_oP_I-+y&?bX9jNCl&o*w=a866+sUqtH`ad9OVn%C!^QG8M+i(PHLE@ zz5;kGuwC>kSLNI`+x}x~aU_4iu)ad;gBcqR{&+Nsgz&KUfd{5U-2RWe+0a6|s5eCP*>B|@m=6a6h5)d?a2H8?t z^T13_W3XzKsbi#1Bh`#M(vd_PQC1V3O{T^fheb)sH9ctjj1t9^%LlymA zGxwfAW54b2fTK45Ra-4$?l9thpdvoQ8n7K)Kzap)3Y`*zkI3Fwd(-1-H+3VFTcbYC zonTzH@7fx&_L6;LhuADQ>2BiGhEBTk_V4{*iZbffOo~FgC?ODdF*3|Ca%QUyLU%!G$^z;fl_c>G_{kX#yzWcA@ zSo&?Ah?;Zn|5P3Kh;B0D(~gwir5J@^F*w@qFieZPMu)Z7snOH3$2*PNe0n~WHITRC zNyvuX)K{(>k(SUJ9YsE}d&wy62>nKf@*qd6j%YX}wkBN7FtyYH%-_aI8FbO<-bHR6 z2HTLu|4k+A7XWb}3GA0DT074mTvQ#7W)(`lX`|UHO<1@0mBm!D4<;BOq|JLo0*8YkU%B&y7v{ zjfA}l*=$d$PFfe68Dp|fYje3|AOS^7Let@CPD`3c{H%{DtA?I>$5Z;lrUyXUq8L5; zhTZb<>?j>Yy9V#rPR$?v>tpu&Bt3ql^AVZyG_30J1Hvcx*XPONE=xu(eyfjW0avw; z&?tN$iYKN9<6_#1VqbRcp7zq{uv_RjNx$EEiMzS|R&D$xIWD8Wa6Yv+A%7>$LBD=; z8Gc?Cq=Sggz<8_ik71P>7V86|c<4x9gQX6?`cx9^o1@wYI%2Fb30LtH6k^|b;TYFC zE9`N=XDpgELzJ#Lew9Uy&%yweCCBk(i<&?tE$4KihCUsRjXyckZcXb11>WQ<;!Vbm zJNQiuB!koFI!0%~{1Dui2hs&VmIng584P`NWaq}4oQWk13Y^?`L?3Zxe%iCl=~1D* z*bKl{ZUoF_+0pxI*x3vm*?{pz_G#dyMC&UqI#7E=G6=hF!~2P{6`(U_=9s!e1au`S z>)b6wIaJ54edP7BECZ`-`7R|cIBz63a?Myt7-iEWie2mg#Vao#mhNg-ZJO$iPO{mI z{HCgm>s#{x$9oGar0{Q6ScAJ+wQyx&kPu0WW|GYoygcbT509{%&?D-PQm_+NOikr; z0m;70>!8b05$)=gA>FiisndFa>MlkF9&G2{8Y`a-hGj&9u#6R}P|Rs1RHJM{O_|wh zaS8&v(~{>%F@aq@Dm#Rov6d!_q8Szi%I0Rx&Z*A(N70m%jy_XUTRKCoNv_MH73d3q zj`*YkG1b~z`0rF!uY!Qk62gG1=QnewB%RbEUX4y zd9i=Rk{uqt4_~)F3-;Dl5SU7M%c$Q1gK=(F?VSeecv?&Eap3-`Gs`nhkHTDLnnzR(5T+Rjad5fEJ?n~&obxxvNwIL0DZYh>gx#;LAoGg?*AKcFXl8MueB-2AgV&KXR* z?EK3Q<>?=9T10!;6=NO5+K5UCe3wnM%6Ow=wB5}=Pg&6vstNCg25T3!5cyL;=t`w6 zgCTi+P;d7PihQrpTrH&z+q`;REh0p3j<^Elm3 z{Dy|`_kOM{fi=Rc9a$%ZA87|Ju&ki(j?NgPGj z8v&~fx-YDH+>&kYv0Uw$9c4q=7TL3B?z+@P*tT|beuA3Vf73A4<4*Z^Zr6_g&>wj6 zt1li#$A^a}q_-z?9Ut#5I&6!9H7!5QFgM2%@s!zowq`BX6dv@D_eT7i;W7!!a$%AT z>z$Rz8wF*CU_xUBO~?bpwe6+O`Od|8;z#C&k?n?9;V*zx*Z~&oiEUZ`XLx4g=b^2e zpF}oZz(3uYB8cjWy>eSXEa7=V@r|vOwZW3b2`xp-LCLhofcESygH>m}3X7%Q4eSAV z=bQKAzDA>n8-V&!36VMLf*3`TU`gmfE+wyGCc#YGK1xC7668p_7h-qJ9+{`x7PpqH zns{?9G#Hm*0m@{xlM+|~xd2>yj)#{}<}&8QXAYL$L*J1SzZMY9dyA7ibtRt@vJ{eZom>bFPr^Hwz4~ghI*5ks9Ia<_S_j{K8OV&SyR^yt$&gR@{Z#j6?NAu zu(>_KB#;(pU_W?E{LUuUqwp0#d!^(GZWyXp(yLV|lvoM)3D10)xjsw}*(0-iP-(!N zPYoW{4_iXeNNz#Jp0fI=u*a(&pcq37V5wBoeo>sAFLd>*_GEoUVKHrD(^ssKIsG26 z1H*3KM!CQEO*Xx-xEBPHgl!Cju}VI(f|8>(i58NWr43(07c2}^TxN-^hxGnB)P9@f z868m1J`+BJT4^ zbIeIIUC&dNn|&V%mRduOmB|k~r-SFx*r#RBg(B{NhG>?3E1=kCxvSIwDIWC_M8={< zxO^8hp!gXgYyl0>mO*qP-x3jo4mdW>ceYN;mwN^AAoo%hv$c&jA98e?R%!W^>%(U!W8a@HRyg$Rb zpJ#zhjG)|_5$D+vZwI~a1{4F#H$auo67IO!4RoV3#A~fr2^e;;r%5F;sF6IdpF#8i7Qh8qdk+48hc9Y51mcs8q$MYQXcoXB~6x+bK;lYlC#FfLt z<}6bQ&xxY5ZQOU99A;HNkRr$w#h@suk=ZHvrm)9_oP?iypyug|P)-6w3wb&_R-_!d z;u0|U4H?#+wWPqlS1b<&F-fy2pi%;iLw0#NHAW71L0PY}NAtY^khm!FDN1rRX}m+u z2%Y%4vK|+D0qPy#Hks4>Iz6Nw6SJ@d9$aaepm^w4iG;_ir`Aym&QTA6=PHV+Ht4Dx zkMkDIo{6yDl7j|=S4++B9S?P{uV6f_uvpAT*!rLfrX)=ME?e4SP7bv3Lfu+PBi}*- zhRFoS0Co^{xi`hD*&bQvYh;}{_P~3XeJcuEVp2KxULRvqsK+e%2w#S9FWe~+ECJp$Qu8BFO(8R!A-4|18f@2Z$M1wF|+Dim1(u0+_`@Tok(o?uU& z2r6fsYa_pIW2jAcMQqbk$2K#I+LG1l_~AG8X!hYMo!GGXXF%~4!Sam6MRjvovPf(y>mMbgOMf(I69DjoLFw)?MZQF2 z=VroZ81u`}T{&+6XtNFDF?#iaxdg~%o~?E(-x{yC=$4h~0SS4;Yg=iQJBl7x*|SQI za@cPy7>v|JizC`H7Rt=;3C>nzxxB56^cl+gx|*!8kT2Hqe|(q^fHoXu=AnSG2_|aK zTC2%!*Ylgbii6&T&Qw8+tY3|T-ba~08UGvM zZ-y;0>DBQB*YZ;DK(V6Hk&(+>Q=WaPk4aZ-?9|1B?Ctwcujt2I344tGQ6^sxNlSo- zU3fKMES(+7v{fvZ$JX0`me&!_s06oxMhh`jEiKwopqoT9|J_V1^qtU5fOQpPgNJ^o zXXiTI<9zSfRyqXk5pJBfh02~g($lP|1wpfJQ#O3j`I{wf10E_3BC4}ax;G3Mv$UAv z)RrT7loZXu6$m~BfEORbF7@WMw$(waqEW7T%nRm=bA$ncrkw0PVAph(yf_DPM8*4+ zIDx}1mS+#!R(rD+KU(!&>Re3WtpFmH2*|eTVz~EJ?X|{cAa&viCPt0I@j+W|m-UY% zIx%(0uB%|=YRq-)2D_wNbe9iCrktsyA0x6&BS{llu= zoB85gni#NZ2S~Sl+|wjqu8uP_3;mL1?(ZDC0}jDTL(Tb+^-l6ow|NxQa3m@MYH0`} z#tW8v%hdqQR;*uG9iz;Z8BCCc@V8+vdy8Cv@vD+ZhR-yu#tRG-WA&Hfe1)ts)zJjm z!_n1vkoc)pC-KDafG-K;!8o6l=TqKR%^OtanUbO0H-~CVz1(?Mhx5d}jU;1g-ztia zNDM=BG+AaOBT!Y`6=+p6A&k{+V5S@$Amw$IPf~2XDo+x>UAa^d7FJc?I+*Pqv#1It z{h-Pp{K?h?5Hz)oMq}O^gaKLoJUFF(3n2M zvbWp44UTEUYtKJOZfQtIj&8-b99qsc@Plu?rtbLPF_WEWyTHPWGk30qCRTcrP_@4i ze0Pu27f{Flu^Rc7b-Rt)8BuP-?5MQ$otBEG;sI~=gWG<(%dTe`;Hs?&FgQ~$f(;yq z6)X>!BRgPIIB7|b7Ka>OQ>-QTu}>(n3~Ol`o+_j8b5TH891u2nj&>A0nwp912a_*T zN?4jmNG>UKa;ml5sTC%9n>#pHHU`@+8t{v3vcmR;g7#yoJCmF2lhE{@#FHP7bwBL?q5B8MwpmR+nBnh!uHQedqB)Viy3Nt_82oP)Ms9+aF_)OVBSem zFEp%LMV+lE-FgOm$pf6XQ2b)-xLeSs%K#7v|Z;I;aWIK)`-roULw>(T*<0-vPS3g z381)~7Jgr;L~S)3Ry$4hN~e0L$VZ8K3me4QT>X$dL=@Ukm^SL;rpn)`1$eXUItKFr z*qF8EuN>nmCMO_(3P)zoBG$OcN7)1roib4T!^ZZ#7oXWD@PQ!{ncnPP7^T)cAnaRavm*mX7ZjLKPw~nc$kL_d?tq|IgUg{i zB#UCbwC|nEnMbcY_nBOhph}*$wmf!DTw6>-Sr;FeNC28`@utSP1U-+Qgbe9@ zz~9}Qb7G%B&&$5&6Hyk7l*LzEt*9t!=VGy^K1&kZM!xms&a>UmCyg5&jpY5D#q%li zyJb=5rbu>Ps_~ZVj?Mi=;9BKENFKhbRWgEki2(JUAHFd#8iz|C5S$sNZW^O2xDT+UWLX@DX1WY$P=HeR2lG)GSD;Ha-x;=jasGi0pgfeK|!^ATiI@GYrr)6daE||IDd0Z>ce*#2JVMJ%b~&~mfqy&%G^;78V!b8Y&7FGzKvkV$5ys^*t5(f zG0f!{W|MoGCZm z0q}NhV{>fiv$B)Mg2A8FnsxEku)$wcuq$4I1ja&KY)nbNZNe)jEB}Eqja)<`WbRmK zJ37jwmNY!r^v>c+B?a9{Ts&%W#r4*dAKu~VxYJx>?Vg76`go7wbmOaUv ztG+UTN}!teNQioC!lw`-Ihccc{|uZUvqfvs&(wZIY0e+$@#zLwtuId2!a7)5={wnT z6EmY?Awp&h8v;a;^6d2Eg^27M8>nT|1Xh8&0Kge#hQ0ySYoV*PHmZT3zIkAmx&8Z# ze2&y*LbJO0nI3a14B9|WNGh>{D(0qC!w;aF~)6MDpi%8H!&>NPNyt z#;}7Q%7Nhl2dxZ^61o@xC8I+M+b{@7qae$Zq?z`8b5rbX#v2Q($o z5M{|36CmwvtEU4%RaqjPmBY}}6>(;Qe^PD;3z$GjXpY)IAl-t)L8S~pYr$keKMvIW zjly;3Y?Dt6-gBdnI^gm5o*j>=>#ep4b$V;zv-r3|Cv2#4AvV=5dbd^qu&cw8BG%|! zarMf!R`IZN1$x~_>Yb`|I!@`EL~nIeuI;NAp{GV#eWz&-*1MwNk!%cu#J?M~xjx`V zvL54{<1-BG8)Qq9Bpj2k`JRUjsh`~5$Jb|>vOrKO_F5%zi}k=$$Bl-7n7oV`poK&PlJTMkWu@TR+o8gRKKsGI(~cds_tBc7`Bvy<-_(M*}0h=~iSMRwKPt2pW33s^~VT z_23RscY}89Sc5&l>K>rL*DPqQ+c&KxRl0s&;eus0Al@ziDA<)oxNd+-9hpUjupuxP zK-!HNpe}}87icbsMm>rvUg`3WncD~$)2K(KXVf;7b!lx-Us*BE6^B{@o|xrzs~O*` ze&!4D;q=@uSuNxLI>ZyQOLD6`8_L{{K$hd|W{E#ISc+?-%K2u6<3rs~udL2>8BX4J ztq!=w+yQ3VK0mxlr4GjVx(WU{tU<*Ik0YL$w`f>oVuzjKK9g3xcP;GwOZtme4zGv)Ud2G=8->e4vS3_%ARn2xi%mL6+znK9f>Ur+wU_DcAcjU&>;GOIHg_za9 zI~ojoWDrrPfcGZ6rr%Ey>-`p*+EbuSbGhGFKU=L_A)F`r5|XPKE;jNx@vSSZ{Gp5Z z$VV`n1XiXV$365hOUqR-FJYb^Mxb6dXWPJ0zb9-tO{vIh@fgpm*v?kqjGXW=%E|uTffJLpLzfjVzylZo#XLIZ(21IVB!uTl$G?B6PVo z^eu}g{wkaQIcxjd0U~JyuG#0oFY1`dkxg{&g_ zS1!QScrG!6w$NyK$TPE@Zd;ZUH)F0UQaP21WNuiE08r|$(!D2TU z@UlPZ8?gGLBCyM?{xbE4=v1lpS7k#4&nVMAScDbC?9v=QnJW-D3HW7w(W zCQ|m6xxgWg0}7DZ`l@0VRm@;rk{Wjy^rU&}(;#=jY8g;+^S)?@tl_mC*#=%-c zEF!Yl*+ksTkxwYG93&0l0&~Wfk@^YC!nrZT# za0X&Oq=>I@+>)GDTeOlCFT{0&Lc8%&2+Zlc42JcR3+F~rud7q+$I=ZYC9xdP5@Q4P z3zb52@);(8VFU`ZP83G;HE9%fAx9BLyO_J<>omi}&E3_+gZ0BlCgPvr>}*!Sdb3MN zW$&_U6O$3X8D?t{EnRxcJY(h0JncwAlzfy;3DQDjwTQNV6rt{VfeG$AsC|`yHPpVg z8MW!j@m=vuhy2pZuwL=ut$<4VL$5c~5<{zm_SVzSbZsm5+xzCwK3<)WCUg0fr3@pV zLjHq@M3CPcFLm?BH%l7}=NG)Tf+2}9N;E{wm|Pnz%>Pn}z1DufUO!;3AF$W|_pw*> zwzxvSbw_%RGdH&?KmK%ET-ByCrM|n_W5S1;avvc0KhQ;}I^0Q)b5IQdf=@X(;6MW9 z2189P25AN^Oh#HPY$wixijk$bp>eUd_Cs`Bn3}P+LaJh-Us)@P5zk%`6YoG`ot4QX zpT&LR2c4FD>r44ea}*01%=mj8nR4#FY?YO@Z}{u$-a7wVWr~FgdzDD#|5mdWA19(zY}pI2E>PL zRWlR6pZg!Pg-H22GdoU}bc?$ZV$VOKP2AjO4 zqb~meih`!A6U|>JD-eU~|KC+0cU3>f{AU)x2PXIf6a2rF2?oz0Bn7a!Lyzs>2oS9Y zF~?NZTUU2h^>K!Gpku_t*rX^1 zXVfRsN5;IXM)v!^1x|fUqD2XRP%14Q}(BK`jgM2c-$@sm?#4sT}8eiAW-6ZOi45!#QvF-CXlAG=qZhbNR_t^88bp%rxT->H8@xH8NuMIUc=kSUJ4tIFw+TD#S) zuUGaOl#~mi?dXhh&Txi${f=Z4ZxY1Lrh3PEzTFx4b$>+p#Kmmm@@gnc{1XdIt%CTl zgO|InpkHK8NeGUi)wELdPOldnt06vtwoKiiJM7#ylF!|p4d;|WCdQS zFC{pqbGlPqn-1p(b-g8SA-+U@uf{>6OIBK*v9DE_p>`$=crLJbrGj9qB73%}DJpM& z7_R+lp(?P@q8s#LYkTt|t);;tcO*m|y}tBT7b|5qd6D#_o4^51_n%rn&fzQ8`I2J} zT+MzB6w*YP)>1t?0Ipej?j>LpeI50@aB3)&avPbDMJh%Q76x7+a=tfTFNq?F5>CEU zss+mqOvpKBGOkoq>i{L<<fX>}3b*sJ6b?2Wpf%-R1>Bu2X*F01s=bp(-pl_s&N5 zVs{#bRT`pXpICP`$OfR6%E8kVi#&FZfaFoZ7ypDbiJcXHBa#v8>ig3w$uD$tY=6{GZI(|P7n;v$zLNV&7F^j1CzVa$Ecq6>&&?8 zM}&<-Bl$zWPu~P_>`LMVAnQ*=|8eFY~>=Tqz@)&B_BR^X4jH3g` zj3_#aR@GQr6B&%1yxfBBTt>F&Dc)-bFdqp*Dw*W-K_{JiE7(&Wh$W?3V{nOa^ZwXS z`8h;Mn5%*}0m=4VKvG4GZMC4)G=2^ z96j5Lbt&7KhUgWI?;n66ARfErigQUMsqISQGspeF+uK7X^vaJ~-M0l%o3TuJjC{xbt`f(@?df+6 z>;CKd&LID^8ZBk*9*ay={v-n#$vu**{ATmPsNeJ|D!RjD>uSD5laOQ~$o7pM^|Gz* zS)BJZ168Y!%kS3zOU-!zH(YFQ(cc&**;TdxF zvT5}15-D%+VP;CpaG5edq;ul8n#!Xz@uOgf_$N_$GjVBtP$HjJ`w*)iV)cKMSQWg+ ztE-XVEq(N})i2I8L^$pl#-EFPY^Og_=<8kuUaF4LmxM|}Cd(a9%98S|#M727vAVu; zd+A{e0^=P&Z0S2lJ2KG<+!f$AD&dzn-79?VR);=b|JrxY+HjIREp1=DO2A9yMf^!* zrQhK{i3H_`DrTR({%R<#Ie$H_TyW$e%wJ|hR=7)N7J8FetT%67SY``4- ziliUE6@L=@3=Eq_Vij&`E9a!aEZ~i7PKm0AiP=_&mDZ)UAs>EG;vGDTmlM@{Y(Ky= zDhiUWk^2_ii+ZIV1%=>=uOO~W*IM7+lt0yz(qbi}NKplweb6v{&@laPqG8I)I5!o= zrC-`e@{p^MHhsrT4no00j^KOl$sQ(i4Lo@tXlW`bW0og>#%jgppbttVt{s|DvQ7{W z%RB5VNffKyXp<`SLMAa>_hb5RroI&KK2UGiiJ-ntS8t@wDp9!=B{z6?ymIFoKit2g z`z3bY_9lcgnWjG_7r8$1dkDE#Z*mg)&g5gg-skQ;(?!{Bd?h!jkFS5evpddB)osne z!G4=dePW-u8Q=Og-Gt%(`WE)y)MK5m!sf}O!dU5IuHFZ#@Pkd`gH7ZAxlNZf)!sA&ubveZ^?GOGK&$%g?EM~77crG$^VZ=!=3dAWE8zexDnZ6b za@=m^i@WYs@7#e_h`B`V3L`vM+pr2GK;XKeAchP@j z1-)w1VWz%olH&C)KYSby5E=Sq+wWd)W3N@l6=%1}Hd3#)F6^#1N3|(tHru`CYXjYM zFL7$q_1oT!vwY#4opS0_{p*Q7&&CkpSoEI#4P4d+Ud?nx&c$u;+BKo78|8!-sD5_4i!Uu!{57( zTs(J$H$hQryqCAe8F!B0Thvy>r1uN>dS)=2j?^F2Mv>Idhlj8OIyXdWSz6e)n&nQy zA13+qVl!S>d3PtIc_h`{QMgcD&z@WozofHrr4WcKpWP>en6{6WAvLsE4{3ePXgF++ zbb=x+xaK(N2{TkdIq2?GT;Dq1+*7@5H(98sYd$MZ%1eP_1w>Z$PfsDPFr|P+W(>a= zLz;hEQVcNM38*-y)t<2RpyC{Hv&flz*dk1^I|lAs^C@<@;@%3G0#DIzqwxCPYiUE1`l$sJKXNO6q!JQ&r^MyQdjQd8nD+YyJ z8C|Qs61aB;h>W*XzHWxv<00wxDmG*tByUZe$!gKFb>Scuh7>8tx@ym8RymDRmb4uX zQN5D@S!duc_BPgo)R460ijri}?wDEyjO@SEO8^5meSR~r8;*=DRvR|p&x^t8lg4U) zs$Qs~kN*(83{YA`#EZgjjl<;Q%`G3#AKr(0vWnTabKC~qmWz_zjM$dE{+ZYc1|M-x z-18{L*Xm>lLeRb59EJ4sPUjiRq4XJqadAVJ%@EZd@lA}Bz&~qDMcW7*grI-{U+XVn z8|PE0LI;vk<;)5is>h2+ZcwTS1~IC&G1o9#iI`#+t;To^lOo4*^){G%TqB3uV!ko^ zN1xebAr?X^KmdGaSubidU#&haQ5a73jQ+CrNMl8LH%D>R&$s)j{pOu3AfnrTVGA(_ zD_UJycfyy=+c~1!)ly1*7)|d0S?K2o2vv*MDOSGRqh7W#3k~BK3FzFdFoENx3Z!+9 zD_t)_u z&{IErSJbs&rtBkjS2nZNSLN-WgOqy1$;Hj%Px)<@z`aWgYg|7M%*KO@{0nwRuwnDB z^_BEpZvP)qK9x{x947uCG5jDg{A&`!NJ+xSGMx(gRQ>uf(~l)J^Oo}Opyb!67j&y7 z{LgL8634DdvQY6E`Af>4{7pk6kC5C3$Ap`HJi}GfH~7bwvXWTLSuq<~ARGQuY1pwI zC$tiUSp8o`zE6v7*IU#hQ2w=5Fh33`5vn7uRCa=r8*8O=(jlm;;!!5DDFlXktMoR^ zqwpf;+thKwfPsMB_di{qtjDQ8@x?ZP}QY~JIqSvGAO!)tf_jvTa?IUT* z);>J0wQ^LRt%K>e!oJ$Hj5&9eoBa@HHs*;^imMH&+l)6GpIG}9;gFcS@6^li+$g`D z`3^W<-`;o>Alr;L8Xo~$tk z&5>9;F;sd2Y_4midoeRMY~g>p7fN+?{L^3b+jfNUqKC>VoaZy;d2;auJE-L)MVp8~h3096Y9!?sJ6#_Bx@-@dYPE^*6e zFGky!GB_nWCBqNNO8j07t8D@j_eJ@2>g_G9ZuWf2>0a(w&o~ly6pVg(_G-3;C%USi96E>Gnadn2TVL``tj3XHOY_9h zd17p(hWX|#lPjFd|ArDLfVbmb#3pXl8Oq5+2C%Dy>QKr$0g~9b$PrtVN{))<%VloE zBN>QfO;T)7G^lIn@nQK;d8wy)Fx#!o(4HzKehL@O9nOB^;bu~7yn4HR5XnZo3q>FW zgDxIM-t3Z30CBc@aOU$<+KRDywkW56WohneA#x*t5ZV6B!|Vcom-tq9@V<=W8){ow z68j`9&DUP`5ICUetJKQ33Z6Dp2=jTb^C&L|7aW+ut}*x}ust~4%p}s)Fm9~Nx5XyL zkwUE%UN24t;g~hZm{6Pgq*mn5$C*LYj=uOS7n3-XskR2IWt%ms}D;$z64oR1B)Dg6l9icBfY6r6X2fIw!8>Ik3y&zR#T zcYJ0#0X`cp&pifY!&0Y{kjm~3k03)5CI)rEU`iC4=V;YsPHN$QtGas5q8pa}OtOK3 zWeI?w=}BjjHK@O3r^pq%Aw)_qW;loL2P3VDvzs47BWDMi!&pfa3#~1a?#7Pl#Yw)< zhxr1^v9U-1uTAicU(HEI{5QxBm27BBHEHN)bfkqe$YKtLK>gN(cm%^0h5R4vor_n~ zce?JU^+MfVsI@I#xa^9Wc2puoga9EkwUt_djABJVph{~LDggq7BqXWYiU=e{TDgU! zN+lw`yH7->jGc^B0?LcnxQ!(?)P{VLQB$aE2? z-nh3r&pcKn`7z!vPBN`RC#JgT7-F^)33*MaN%X_iqaan1r|*#!!41S$b>%7Zl8m8P zqSF)ju(n-co5G_7D$+j+JhCONT~U2M?Km+PYp704&HU~N<*HboWjm{T*cc@mgf~Bx z&GxN3l_q)|=DL`eJU(I@TaToFL>Kl`fWQebCIX!nhB9v2=CPQ0O$(Rugrifhlmz-# zj}3rSA=V6oJGOLa_Dx<$^u)7ZSklza1H!3ihr<8jU7=}egRku$>N)TtGgvq@_f3u4$fOs;EW9~gm1`5M z=`&!MWpA05R&lMz|17)O3OmJ+rIp+?bDi*$Jj?rY+8L+L>mH#9TRDNZd?gL~{AK*{ zW&H8~A^x}}`T1P;TPYqJffCK{BqB)3{HFjDVAy!Z0qj5QG;bbn=F}0(Q!R&oY$rG1 zkk4ItBC0thm7+baSm*KehTCmkMFtYh_yG2;dPRa{=P36b7Y(T1XNMK!unT^p#*iGE z822?g+btucuO+Aqt>4qdIjXmEE1)RIP-zS>C zd6p)Q{JrAUA9$n`nY_Ss!o={mtUFAj8`#Zyk1ZxYs)EH3mKi!7pDc^ws^9LP^B#uU zz_XMDSN&=GZ?Lt0vO*Wog}d8yAF#yA&EPZQAt67qamIMx^|@l^TY!#q!r|4a@Vi{c zZ0gi2G*eN?ULY!+{xT~4GAjM|MWvT{o6T8v2Nf4eoyh2mm{youQ+sz98GVCvLWk2?LEvT~n%t1fpri_ydt?f23mJcR?W9@r2nNeYpzFr)*~R$da!}cDbXb z%4m%XZ#l~or*69Z#fE_sjnOa7#6}k{X_5Npzl|0dDLl#q4vL=2bqMC`yL!D~Pbe3h zg7gw`(T6a6^BT}lgS54cdf(9AgzqWql{{0>9bi}k+c?*Zsrr3{?nOYroNb*BO11?K zD>ON4%yePv&TG8jvrhT&1?DFP)$b<^wh+tyS?tL{fG`%vAo^6vVEr3B+4erZP89G; z9K++Obak_bHfO6lp-~3jgZh{iS`Q!-zVargLQ1z&mv|1Ym#-$tVR zk!GWLHs$0XR&uWm%!*J|sg|caOO;=6dP_5+wb4sILev|i4+@xswQ=J>tk!5Y@UZb) z*0sPnE)hr3mJRQJmh7a_x?h~hY$<7Uy);jqY4fh23>>uaOG$PQiVauyaF4^8$D<#- z=9+K`u_5SRB>Jo!4`|JJMjYnNifdnCHup2^?bBftuHI5wK3^ zBNA*q4`-<2tQJI6;f}-ANq8&KK+A!hSFMXB_!>U9$TozmHnqI#+u8PoaBBV!vqj2q zDIzeUV@+=Dz^a_~Ozv=|AF=7DC{v8XCcv&FBGpZgeLqkIS4&IhV6S1MvoHtZAC&82 zTL%5|5g*$Zyj6!VluVL&l}O`hw8m9*_UR79IsVS1&aN#;Gs=HT*jpI!=pmERobbfBr zy^Uq2aS*tn;8VTY5Cne>@n+k3*k~8z&`@ZD`lG@wFWg>iiA}0{>ieXn+4AzD`SPOq zU%zO6t8{qKWS(XlwavQjQ-U8yzb6iY?rZiCyo4dMJT%x#*|&^g(pHk!hzuiH>&)6_ z4M+)b0yk}c$f#GmS_g!5ebs29W}4b0GP^IM0e<91{=yt6hW>q!_tfxfyvoy0D%z<7 zo22QB%H;v>+?S{RRX|Q`W@*YvFL}NGCO9t2Kr{D?9?Yh&mJ#_yuuFsTDZ}$$pAWA9 z+2mL26t)%Si(l$Lo-x0EXjYN@i~~aZwpm8Bx!%meu)v%1kvAvW=Bub&qAAh1^Og#H z^$(`4_dz2$(Xr3QIfsPhG>D>nyt6F?aFVxnBrF`D+WOD_xW0Xp3Q~ra^z5rEq@CX3 z&-ObJeaj%W;R6Iw0QUM&^1iCA0UZ#IT3|(`K@9IoAUj0rW45wQP)#gc?`1gyFj>&G zYyf9lSJ-=~Nb~+wm(OT^7YAcNpeC~@uhh`_XW8WEfSnwt3~3lRATRn z^Lm((jk+UC1&DCU65k~v-0Mn!>cn7b0E>jawKJWvM1*@zMql5r3O3D(9vWT&TFma|F_6F(_V`>Pe z*@XkBPSgT{t&arqf(VDRS|sY~ibLZx$D+<1-Ji+_$hU$ZA8}C$L;~a*)EkT3dlz#J zNjxCe5O2*jcu#uDYNd-TN&>*5{3F@QqJ*|(FS0190ED_j?VRUF_X*F+!-Un6BG?>fN}^nm#Ho4@Ds0R0 zSn65 z&C|J3WROP=pwU$WfD*e2CmJ+m$mpv&3l;+{&$W zjYml&9RR0AvXpNKDf~I#klfSk>prY*PY?01@HYdTmJ?j)zy@m03r-6p&BxGFb{%fz zv;dD4z^IVo0VjMks#M?ek%m>N zO+bHniRv2oF#~x@_s)sUK=Y;U*k~VW1i;XC(v?#b;+Awt!1uf%$)MmzX_KtsG@H^L z!As1E=(uH53(_nL@;=*g#}BWb9&)YioYm8*tGeZ+Lu+*l)syCOH@c|cv7*60DS;av z9_&<0P4M2O3#a1zn`SE<1r9@o*h`xY6?8|eX=D!%UlPithId40UN5$xmA77I zboAE^JCGWOdHxFw+Yd^=wGRQnu-^n=*woNCZtNom1bOofzep*+k-UD$ z1^x>Rd-^TsI~rUd_unOpFl_O(6^4CFg(Bra9Y$IoLqgC^fNKg9NrE z0K+zoPJGB+a!t*2GwS&LfNSazk7{*Iarl4I`0pXH@&QPs?DC^xbl<4@@!(G1P5=_g ztW^V$NXMie#);XQ$zAAvj28fj#I}?|7eQ||FtimCNs7KdD-W?kBA=`ef_LUGg5EsU zVLx9*5^seJfq!N;u@)AYO+WfI8LZ4EFCgnAd%} zs`uS~$5#sAX=U$G6@lFp6o72PWpWFm7m-bk5&+rcX+<_UB-(2RRMx1|=WHPA^aIBl zb)t?vwnm+T;8FSw)~M5_IO&QY%h^&;ewRI%TQH3>Q3BLA){y}rvnc(2UyH#;J7m6 zda&i2Ia!w>;CE|98!v(NHZy|hGQbpR3#m)VpgKfC+|86c7~qM{22RdDEr5|Kmh=6SRB zd=inL4+IFssQl?M3Zt>oH?=9g=w}wdG_|^UhLzF485o%){}MeLo{+9aNMX0~9M__UP(d zO!NZ?V-uPJjlS%NuLzU+9!O;P{DPP*4bFTlltUmFDPk*PmQ)sFMa=SfkW=c!ukD;A zpAYE(Or#_L{{j;^aW)_UjgbS0*@cY44Ui>FWHnqa3`GE#$jvaE6%*+YwtvX&fv5U( zQ}fe$=gnkcc*dYJvP!!bxT((b2Y{O@uII2kp_X@}MgZJY?NyVL>*?wx;+t8pcvHRo zN*x1kuXb2g@o3=IC2cv}HnD-8^2j>?#RcHjv#wq-x0m47Q~+)*w!*E^ zPvZqKeTyi46M)jc=x9ah`<;B8GXbc zLZ;f(0Zb3FlbZPXK|<`qD$uxO2h8jo`Fs!F(e)h|f|6%_JJ4uitS4|Iwc%8I;NGsO zOs5}{FI+E=tF+?U7{Y>z*(F1i@r;?dV-+^5)*w=#Biwa!xCj6 z)vT_`m5&{al1cp6GTsI?R+&QJc-~K{LTT!HC;2fA#+P;nEy0+e`mdT=J5W7$(W%~jq8oU@n2bx ztWzJV3B0yVWA=+I$P?jK7Gy0@1yw_LW^ROlq+B3F?S-6vk)d{l$6RH!dSbnhVKPrsQKFd#SHcH&C}FXkE%VC0QcUZD`i0zDsaT$TIrZGz1ekqD!{!j zCSh~S@NXB5yLiJTxBUFbp0$39EgNcyicINl|C&22(r*6`gHyxeR|V)BiuGcaupQVc~*$E5@aQVF9@788>^@Tzfns+A{KR;30X1Wj5j4oxU8H+4PocHY&Xrw#;fO`u9 z54bI$t!_d9J{^nO5lik030k`dpVk2I=`D-!>5C+B1f$6ckevYlvi1x006?}s$6jXz z$W8+Q*--!>>$xlzGjG?dbN|fvtx*~L-GrMVDZv*jC)m`9B{1fo5O`0-MF~X!B7~KC zvUvg1^0ko?f9h0_a3h{Tl8!Ko-gdC(2xoq|fRHM!7m!fk0uoLB3-3g}b+52`CpzEc zMI`87cqar)-ibk)avV!CsUK&AX_$a_qN{(5YGuZ{c}z#0^A`wo5GyklQX2j^>0AJR zB3D2EiHqq0-9hye9Qa%br}&-h+D9Ph`?)Bx`fJJ0%vkO_JYQAxQ0zaVLMU}B^L(CQ$(u-jHf_R#1iH7vorn+147 zSoaO4Vh2wI^bW|q|Ia#jibK&qa1jWqwH3oHbF#zjg0&Un zadu=c(7|)zv~O>jQdMg>dU*@bis3W!ODje(HRxzz4bX~lC3@t2_-;>xhnQ63x3;Ue zDk)}&b2&Em*H#SGmG%7wCbx=ujr^YDd-jP5D53|&Ese`A* z2MBAp$W1^i1|c4`6|vO8qn;WHlYW_mJuXJTtsOj3F}H9#Hgbd=Kv)C)p}30?6OS94 zeTy~$gf)brI3TP+_L>f_REH#9W6byz0bvd3XpiF}o4%jMu!c4KfGt+D3kYjCj9)IL zPb{(N?F|(_^QFCd%4NAfo3SFWi)O56&LWf5j8z1nVl^+!SfoWW)^}20=y1^?s;4_0 zBekMpi;(gqR4f-j#Uhqau@c!O8f3GS+(H?N#cG7m_6Sv5A$^Bt84tsK(ZSYc$xET1%2&~S-q7MdnXbg z#Xc1Sq}bE&gfS~Awv_H_O1F|?*VLzhz;WJY4IRmb0?-fL&inJFrcfQ3Y`0}@rxw7rE8)`_kAs)na3si5H4|f&v1pg21rh9U>{ID0GiHI z^=OuR%cC%J51|o;`x=(=n^a~~nBl~TT?c(ucuIs1XSa$2l^ya;M9FT=p_IvwD8~Dq zgnQ-FM1C($YpGTtM;cU|S}EB#H}Z+3SjmtBudgbzD_)xRT9L$fh45xKUG@wQ;8V1x zbSdWtZD9_gTSNl$;ucXa&#%X-U+|KjjiYis^sevkp#ImU2@^*6Y>1XLQMy9%>ojRZ z%LG)soBw&HhG>G%8Z(R z-wzS6u-J0}1$r(}%tpTG7R}&aOMx=-SlqW>N*FICjQ>l*XwTUxzcMdDHtB}?IJO)Z zugb7IC3_QipSZ6TiaWoh&@=+rvi6(hWFY#i8p1N2eS=c^?y-$2OcYPtx;8;6S^p)0 zdn@qECtHenym+XQIdrz`LHtZ7wY5BEw6xb7KRFq?3xB_SymjHG`Y+vC4QBP`MR%6J zVrDxXyyVVmdEw47K_V+9&yi$ieG(6FXT4q&AUkVq+Cdfj@*lNy7SY_SO*=VDysbB?gK@9 zX%Q0b45Oy=UlZTvKjNsEvr!j8-VssUOJyfk9`^IXR<`wVs*R5vp@()FcL}k+=LoNj zqGn1(QYZ`nxs5uVpiW8C_7dNHiqZc2jQ*Nzu!-xWvRLP#(P{Zs4_wzO~|Y1`GPc1Fxj^0 zv!C@6P^2kK-@rTC-d~f^FLivm6un%E{^L?49@QS+1oJeTwQqd}lv#OBtT;-O^xEDgrST3=7stbjpMXL5D>< zU`a?TBcA)t5HK*tvbo_qA5urg*6Q!NNXI$QdHF7Z#3|+a;QA_gkv{d2RedGCDy7w_ zZakY^Jw|xou0`Y$FJZ1v>m^#dy_UNJzUP60o-EN_Js`Fi`F69dKk&elwkDklH)T#S z29%MFvqfj;Es2?ci+o&5u9dzA=kX+iCt#BBp?dgkMaOtnTR!mOZOu&Rp-KboZY+wj z*haTLnAlHSig-vt0Snd3C(z3)&cDPJ$5v*K`^@-*_A7wDrV*v$uLk<(@{GBdR|$75 z@yv|Pux716aid1{MKitf0`UL5Tpaby1*aKh%qMJbGlwC^W5NZeS!vBWm-xjgv(A$S zUh~7M;7@xnfMfkV0~hsRaTpJ&vxd*6wBg zMX9ISYT?sveWHk{=!GMU!uP1Gv4xvegz0C&nf2W_a~l`Ft%FJ0RrZG2Y`Z!cCWp59 zMok-Z7J}J!I<|*1kXPTJM4guQUO+8%a+G)e+{xiReUi30&M@9mUPz3|f@42-kvPt- z;vGCOdy4<5Z#88<6+hkk6jZ_?#V}c_PliSaso^k-CT}^;EN{&?m5`Qe0&6bDoa4_7 zclr5B)z>AvpYOl;1)*5%X#3cZ_(r7@tlQTKZAkL6fMmuPpZrKkLpkq(xF|`7zQgf; zmuiVntrl$spB95bMy(Ps@Tu7y5+j&7iF_uDw47KHcwZ&xb>Em}#Z+2}Bv`TE9`E-A z4>K1(gI3@;z&55^Du6{>AuymHglN9!lM1pp%`Xh2rV$gNA?Q=%bJYmrR=$YN_7b; zqM(BNdi{pnlJi(-SKxIs7-oIkXkr8P1H``Kh>DtlNW%QpLDlq4E-ruJj4TDaP%YAj zIAP)HuR?O9`xovbb_-pT@{4PBU>EIbQ~-OLO{;Gxxb8&4x@{ z0YGe|!eEJQuzcUR#E&Vqf$eM{xH~vtZE1FqYk>CC_mCYS!_>3)fUf0I5U(hAAXEQ3 zj`V!59VrK@2ilHXd)lVXR&Wd6J^kjPP8aL+nSS6I-PXGa_ytZ23yWpT_{Fm2UbV!? zPi8}9K*5k>{$MevtA7cl*>D&f6E!-)<>dn?P42;^`qO>v7xkyJx6<%{Hvm9s#+obK z0hDF~1qW0Dfqq75uEVHHgZI;3pfmwIpL~@BLNw!{D?l6JZw=ffgxEg=q+qYa-GMzl z*5h*BXV)>t#v_rFCAiqRe4_7pOCO|g?9DQKxq){=m`7I+k*tkk zFRw`d3Rfg&$b6bb_pnsl_dP+SQshp;BFFgfsodMTcgA&P2gyJQCo*DgJjxSKQHrG; zNZ|n6mc+&ik)F16X^c~$C>w)dP%1B$E>DKux>!$!<{ruU@ zxn~>%PMX9VML8eF?tW?D8Jxu+#WGD;cZ=y+E-Os!n5%d zWMW_Vm*IWt^C%`FX*6N9Cqexc256q$f#-e;x`J3Pmt5W0Ac^JW7KqHN1*30qeb*u1 zakd9Jb$t*)&;l}6?T7JE2@?sM#xD;yZC7dPEbrumTc8ktQHb2GaLR-==?nj)L_NoU zsq7vi`+04<*WM+sZ|U~HJ&hBzdQ}I#Zs)H4!|WdS4Nljpp4CluO_Co}`T8X<;B zK_xykfYtk7P$QjEwKdy(sKA?LxoL$^o0w%WT-v^BR8>nsHkm zqTgiIdhTw3VV-wm<9>1==h|ap#s}=qQTZXoi=3jss*a#s$mW-pz?nn;n&u9a;lWe9_ zlP9bNs*vW(Tpwp^foi(F?o)s^;CyBxh~*U-$$)=T9}g6$Hdp>qpgIlts1{-^P`&lG zi}j_K>?ZTX^}G(%ht~1&nUl$wUkX%%sy1e`M5u(75RSD#)gidgTA*4%L$%CIy#_wO zZEI8lv;l6R{snEIqq|^CHZKGUR445`KnY8_CI8dzr9dEIkNSP)D`m$aLx#IIpz?wL}|`Ef%N>Nzo66!m?@)uT_N5948aticECD1O=!T z8H`HgA6=psLV0^sj}Fr8jj|ua^?j8{D~-$m(8z3{RvMXln_rWaMur7wWc2`zjQg>R z@*>QfnnUxL+nIYg(gB=UxMNSQ2WCIV;u)JyVkdI9ne#LfvBOhsjm7d_+Nb@w7L&gZ z;h5qJB2|RhDdb^t$zfr<8=w;#z}G_ekT$xK8R?}pJFaYMJyO%I zs_V_2(*U9*6WjhESTLPwoV%VsjP2;M6 z$HMw^8o406dIxOQTALUOZm4VpHk}W;lcMH_WiHohc|mKSHs?;MA8rq<*e4FOk)5S2 zlZ3CZG{l+LW)STrz-e=`MrKY}?Dh6A=SpMia^Q)D9KL%mDNW$eq0h%j8}B($+&aTL zM(?n3J?lZS4`&XN1kkbc(M=DOn7g)2gycQ=i2{*qwSd_d)vI*1r+w9ZZhW`t?S$m9 zw|+3nrDFCrUG0y|-!CYcgjbE6K`aAlKJccKL~JoK3A-&Hn)g%h>o;m_28fM3;($1? zqSwjmM@9NWSd8&{r|zxMlQq7yZxxVM#IZSqe82XKtEi^mA^lHPalY%znyPT@#W<6- zjnWTF%tFf%Sko!TKkz3QcS<%(0B)%WrOMnV*Rc7<(E+O~TziOK~JM`CS=1t`ihRdeoZV)K%}` z`B#BgIb2xh`NIZW972@v0j6oALVLW3n2hg{tR5iQZU&cJq)QXAcb#rNUjHfOv+$)E z*KT*w$=!-zx~pMc^s}u80jA@CF`%(Hq4ve3%d2@C+j;lc&(Q-3beu&O7WGWSrg~2k zrJ*@Z{dL{v5xmNKFiG7$d8-flF=Q0j=u-8bzqK8}+9@3bZ}62Rc|^juf=ng)H=!;N zzuk&h+1*2@ATTB8v4;&>x)QyCU1)8GtrbD0Gv~3dvuHC1!zDSsxExyYpw2z8BKJh! zC?gMdeX7wF6Nk2IACSCviF$FLD{kZs`mw@z`ZCR3+j_@fF1x@qRfr_nHQ-g_l}Rb^ zG1W?AC>t{fc=QX#Jit1O@fFScl2-zOh-V#{6L>H>Bfi?UBzPWyDU{uGC6KR#7bd zDLxNrBs8j>T|Gwhuarn?A{@Z9vk6E{Nhyzs%V}pO@hh&Y{VjiZSbC7~aG@HcYQyi9 z577XVJ=CDWms{=;jU4ZV3}POOuD%z`_QU7RfA9=RuCh(d8m6&PhUP*ZDB=$o^T`L0 z7!UD`r^`IObqly5mysMZI^DGg=+CVQ%(A}gf-`skt6H4QYA7ryij*s_VWz%sK+&Ij zNd;g;GXjdaaMMLOhCPOz#r8agJ0?KN4CUU_5@=xU2~BblOSbLO+b@$6FOw2~nUnxx z$*KJOLDXj)TF(5#eFVlD*i-LF)eh6@0}&e^RjGYMoflviP4kE*-OR>3Tp;FDsf}c^ z?sgxq&)ie|R$Y}8QSaCycn8*mP3{S^HMrfr-d9{l7~QleZ>@o$yKn^oP9TW1P5EZ7 z5aOVEM{Qqy*2Nx#OUP}Fa3Us+VnbolPenka(;uqi(tH<_RFt!^z@mZAZEut%c6a=R zxW1#rZ=&LQ^8eeThdu$!-Q_CU82SnaEN2kxs$DF{v;tC&#dF?%E29_tAH4@IB14StwA)&av)9?ldQKWfJtZr& zmp&-wkRqF^KaatdrLmRVUcz6bo*uLm+CrkS}1$rB{HpOc}2rn;{A z+&0g>!S_SkRQ{*~uz-5KTtHtgpnvBAY9sdo`{oAK&4a_B5o3?4KG&NIt9Z1!$1E8Z z_K-GZi8JbCA~HPWA^*mdbydHz{_0 zq7yms89@$@4eP1`hQqH|uuR+_8D?>o-FKi2D*EkJ(~W_Y)B^ehbL83QWUs9#PklCg zqbI0=;ebjjrB{zPRW@YQW2HBBK!?XHQxet1A*LuQ{Y5?z_aCyQL`<@<8M#+oY|g6G z6^6y=@0vPy>l&Vd=a*{{V;u382exG7a^owHvDsVv2|JD(;JpALKx|1lJcwp$Ra*UA zZ?-b)CfQ{Vvp|pJl-*uCb}!los{gj`SS7w|;%t%oW^19hbm55)a7nCwc}aZf4*xsc;hAIaBYmYE zv#*4uWqR0Z#lRmbz^sSQvbUAXSlKZ0I2f#yR2m^*G|sH6tixA+%Ye4$AhyJ8<&ax% zN5Dh}$;Sjum9!D;>nI!K(Fhl33a7y#$D=Q-BIVJNZHk9iQBQYs4sx;cKCL&=fqwYQ zP`@t=R&&~@f-kE3IFSJDpU=Yrw11OB5WGoAhwpCia^8q27;LIIC>p<0={>X;VEE4R zbO}%n0XNoKkv^4;iMdr&bi&H!%-^EAvu{VN%t-0S0$_w5m$AlsJ7ScF@R;qn=HYG< z_Bnl}fBlXJmXat9)}m?~jFfthn@`vd;SM^SA+<6SnTaNd>P` z=}3>5CBwZbH$Ae6a+N~{V8P_`p4)(^>q+G9bv41^{IP}c5GSRG4|MmLw0p(D+4H}D zf+Sgn^|U$eIo)xX67Xp0mJ2n@&GXGbp4a&1&KzLi{ORRW>7`cx z+iUd`HCzF8wOF#7d23cGCW;(jsFA+!ADYY3(A8Qt%ot}3k;=d>ZX*L?40T{8DGc^@ ztkAmH(aHGf@+|KYwx?v@DuJj>oue9Ybbpl}($wM>2mr%{8ws)-n!Sa-feHM@ViA=RXd6+?%812W~&OP`EygG8sJQS|UP+I9J` z15J?nFpv5|?a-HdOW_qJ?qS4teHSN9pTnoUXbb&?#=C>us`zNuSmWEGR>A6kzO1&3 z490Q3FWhy({%(5z>Riv-flP0QdOH5T>Q71_iK3I=mkwn{W(8w6^m*5tl&M7zBvtRu zB4#db;JwD-oK5R517tn@d^uT%oLmtb^G9=3M&!XKs|DQP!xLPZZZTbJi3f}m6kVN3 zyHYWZTu+UBL%&)m=h`*tW#{CWjm*bccHKinF^23M%KmA>PNJT3JOU^5mm*lxgB&xd6eQAh)32Q<`v2e4 zz{z&pTjf1GCufVCId9%@e?wQOKK!Fd<8u;#AM+>S}Q4oxOq8Rc-*$CQ8q@ z6B0G$ZpXzp1lb}gGuVfoQH{*p`b?h9F|$r^Yz8<0K27Xv_y{ zKwx1|4{za_;o>wjQk;f^*|TpXnlQ1x^u$>x1u~L8ax!4dGwRbSn*2wsH^UR*aj99_=V4RI zG#BGYJDg+TD`GNbw%X3??AN8aD}hzZR}NMc!A;%vh91o>OtIBUkUR>q#f93gyC+s$ zbw*a4Fx=?u_KI2LnewN;#{faysFy+Am#neBhc))%1(dT<*O&naIzi!Vh(zP0Z*SJd z1;flnvdA>6K$HVeEpe%q>HQE>P!lK=@QV14H!PjVoM4|1Use0siEU zu>G^YHEa+FyKN7Ij_d3DhEk#Fl!e0SpoRJ|``Q*pL$^!%xUs{@S!6G$*dhop#_lWV zq4NonTW(LJe_SBk0VNf|^)ms4fpd~R&)SHD@C+bM|4oVX(b$8b@Le%9`bO-!ftHzX z4pBnSJt|r!==L4Perr;qiJlQLErl@(Ior6hP4GdkrbU^wlCx#X*s^n+8{FP-5#{ZR z3a+Y@wzSbP(ZhFWlqlY9e$vlOxQ6B)peU!MND|YDl&y$mUbtHKnsEt+XhZ{DEhm6c zgE?fNSrk01od^5l2>Gy@ZOyZ!xe`{T@`CgV?L|9+!|&rA*vGvj(AYCWTiKu0`C-fa zP}W6@jiYk`5$CFhm1B4YM411Ht{VQ#+Yt-mcpt)X zw_or?IAt+^o~%9Lik)i<&8+vH6}#yDlhmH5D;-CrM&Jw250&|;f82rV^%aAP%n9AB zshFeEbv?S7j>U4POY4g;2dw2zZ$Rb&{ABHcryX=`Qd3hh?cd_XK)F*|_%G#7J*X?u zsAQnr>F{pA@UTKMb6OCuzV!}vp*FU{u(4}){?~G+2-mGRwq$Hg0%@__sj|{q?i31> zT<-5)ACXDPNs=6j4=?giop*ExNG3ksC7QH)`%w&yr``n#=92Ud-@sIMueysLh-wbX- zZV?^TQ(Wvv87MwI8YJ>EpzMC?DV@5tQedWTCmpCPws%$aP!6*5q*pEhz=aR`-U>{8 zwjG{U&}*81(f<1U5O1;l6+6a=w6?!0{XufarS{j3#rD_Cgdw2)71g$ZKCu@GJsSiR zuFgWU#8(Ht;`Mh#s-U1RQXg^$5sg3y7 z_F%+v@vZRQMm4l<2fhYLFFak6#{3ln;O+{2AGx-+CMRYI0}$~WVE|?;ay?bwNyQOp zrD|KkGvsY}m-s5G=MDKpAY<;UE zlSPzoXLY&(%Jo!k9tIU&HrOgyzbM~Glv7wVktG^Sv-3N5AWm`>_3UCJ=7;??W~T?b z(R~Crdt|vPTeJpU(DDsY4uBRi9Es3~?)#DR!;~-zd4%cndi_b*<_HQusUoGb(Wf`P zxLwzi(CrAAX0>rvp4{ScMc0Y%C{rtRoxp922bA%d|Lp_VdkNz&Xp0sm=zi`_;Hx@a zF(#%4X?5C5KQ(>LGH#vBZ6~T$#2Q~&Q}t5>2YjuOt)6FJjDX}1m zrl)R4erLT_1scar!le%$B>O}pj8%Le6L}XCipV;^Tlk9S#d;qe4v=~O2RUaZ;tWfg zysa-g@jbB3pqY*Zw9I2UTL45&1RFuZpb- zjuThUD`a`(C=@^X7PRSHs56{W-%`SKP0d>&%Rk)?N)rknp(D7w#Ya#ryVj=~{fc;@ z{F^3=_9#fi;wEx>0x;9^!^L9kz6L5HfG;h*2h0BvLS z&l_{D{vLPf6HIu|dOP~o{9v;*WqC@O;>o#4hbqCNvU{eH6xF?|bu*Hb!jVqpMsuJ{&w7e-VXpG1=HOV?{>p|7Sk zhQi~*h+Yf*8wBQj*kL_(MO~^zQ8QCR+_NLXij=0lM&c|2m(`WXr1BVPdAFN<#Xsb> z&H1aqWy5a(T$cQ=WU!0=Aq;l*KLwfks|+J`(Y_+0k=WE`Ta!6osS)RXZ&7QvkM?a4 zq$V2hH=UwHI~?$b%Imss&wN_8<7b^$_}4@hjT3vxCMfqYBrjc)djCP!q~gCBg8f_9 zB!cHJ*CYVV(NbIN^`we~m{-TH>k${F-J~E`f5g+(=|gY?EA)&l`U@5b4f)R%-u=Qds)LH( zY|f0HR83aUe(}wOFZ?y%%;5i+ZwB_?_syg&`DScu;BC{9TL5O```vY%oym&r=~crM z%LywxBVQNC*fm``$Z`MZ^9B}%hVOW`T8<=xp5pP`JG^kR_Ta|n;OxffTr3=CuA!nC zsg)YZG`TmhI+c4evt(-H8dBAHUhr!^TX{%Ns^p%qj!>H29rfzON!gFt zu&r?In0Q3K3r9hH>R4XW^JU|C0CBf@5tn&yZpLRk{gAQ@cLDf@pi1M26iLu@Dz2Wd zQeu}!kngiO&i8kg>DFdTNp$!Hj;P(2n$+1oMdV0c^PM8h&5_r*X=fjnwRgbpIqfxU zlfql{_&4ki0zPEFLi^{5N38dzi2rzR^81J1oBnD7R`eSrU|()HeDY664D1rzo+Wo097HD=<|zDAm35x zx<^(ZESgQ3jhI7&lJdKOJJZ;jJ?`@i?EJ^)CUUC&JbQ2ZcZYqW{td>ZbT;+hc1F9NqFB?)_M_{Ohq9&kEE7Ey~Tv0=3>qB}Lrr~TYcOj&>m-_^x|(npXT(rp&Obsp&O9+_7!YIa^LyY^16*^+T@^m_eQhj;h)TUWeDe+v?uyDlumd-M$-(NScg?8t zFd|FIyW|Lu6OViI`fQ=T6IHfYn4dP}E1r$T({fskCI`oh`*n9ro_m&&5aVtL)`#!% zI?#;{+-mcg#5*|ycC>|KwuHWA@_aoVQXvnSKcH(nv~IQq?x?=&X#XWgydA)^TbnxR zN&GVl{L{!9EPr*l&J-KKUlXJ?&)bug zPn!z&PGw(#4G4P|%{BXlrEXr+6=|kTy-%fGVK7A|&J!~4&`&_8sNoqS5Dj}jgYok%*QlwvLn zMj;&k;2V;PV}7u~(lrjsNZrW%CO8%PYL(w`q-Oo_YMZ97hF7m@`k~(UTzG#W{1S-S z6bFg?H?;yYI#@*lN0987QR@#pk#s1(a3_C_7*nn)u%NhLU!xJT^~CSEuh70FZ{G~P zL~;atG#Un#;;RzP-flwN1pSkU94}X^|NPqhzxjA1$X2dx-4I$|KAlM`p+SHD$IefQ zM_h)#J5jJR$f9gf8h%WBOPo@>uL=F6EXyc>$3}&no|`_GitK~wT6t(L&TVUIk)_se zxEnV@*95N@Ei3H|anp4a)|AvG#Zg+?dQX1|WO|}I|0~6veX0H+02CC7D=j?zWJ>NI zt;~dS%tIaCEEW(qKb=q^HvqY!|2j?aHxrUmcoCkFa-#&e6QyR=pq@RryaD`mLeslX z#NU@)W4JMC$_L9b3`T)+&;; zMM)j4ND(1GlD1k?%aSTq6oFJxQ$g7xgzQ>d5fxHRD|^z4vWP$}B5M+rB_NQfEMZN6 z1OfySLiYXnqwP%Z`{_OR%rj1>ou_a7e0b@L|H<#1^F7z~XqL-$gd0Mw7DqT1D^eNu zzM+dO@SN|64%>Jt*0?~muxfB7`O|6`V_2I~&Vj=5H$oDKF8Eh~Dxz6rZi7Edx};vR z$hvJ(^W4U&ubFp-&4={EygB9KS^cz36e3-6zMOB=Nmsl@+6Cv_otxaJM~Vw0F8T3x zOuHB&X(->@Zu14i95%kZ7>Ai+j`x~ZV`M3;~_q()n&HPL3T>b}n zab7H`hWXOzPTl?ov9=ffb5SYLj*^kqe`4q(z=k5`4CCybxvV6zZ(cR1&#h1goruqR!gooL9y;EZldLw| z#hb2v_Kv^hySz0=l~BWh4u|W>Z#vn;#B25ai$uN_rnmV`l>^siU~CYXU{r(ttgPyy z4YDPwU1%Pwraq zKhjtYnL*j=4z_leSI5_#qO7j*mBe&QT^5c&1fqEDl2DNj;M!pG|K4oO)0@0hRZNaX zuVy4`3&pQQ;lI0@M_=k}ST)As*sRG1zGhOY*dHaF(N(NAG^A1ej?8YW72tuvNE7lT zI$&f6lWG`ANp^n|0h&vvsB)ZW+#bXV0(+13=q0B5#5Mob(=Gf*sFO%T zGUpk%joL+ee|!l|<@LP7I#kw}lW&OI{l~SWhB#cM`Y;S8#KEA%DTM_>{`axL{&U!|4haBWuSpHos;4iP^2e>=hm4*-+;=GZPZ840%)k--+K*l|U^1f}R1F6-rlK!4+6w6^p%7R>*ifjlbv-z^X z6V#!Bipp?KUUA#GnQL2I?spvyEbAeSHtkx{yxe6xz917|sATTk;8_<&{cmBtM;Wy} zS7Ws^Cnmq7gaC@L{R0+lHTTwj!l4)%V;cq{V9=2V$G5X?q^0KgA~3fj-u8x6E~zOi zZS6PjLPxY-L+EeigS5p9s?b60wFX*`{wi`jLH>|2o7>n8(5c59+n|!Z!iX2i2MN>F z%>(=0;-}ULxGed&Y=`8kXgBi;cdfK&t*|36X~zaB#`>CJWH@GMIA$~!)7eDV89J|8 z4VuTrD0Ga&wvCvx9uMbzP6kP&d#MrP$zbkTuEd#Zxj}xzLRYc+o<$ zzMbX|Uio;w+vh)sXA8_x%;6+>l2CjT2Y>i>tQd$LfEQSEWcrdGsp%QO)dns@k0aXg zy9SKgpF_o&ObE)H$%$jJH&7>*8XS&-_H%0D$=7|}Id__BTHM}`dOqn;=|Jsb-}-A6 zr*Uuc`g;Dfn1vd%cZ<~}*VVlWMZs39E(MF+J+(k*6!A9Y$=bU%5!=<$K4>H07+@$9wvnqRe4)s5-zV+dG zR!Oe*mAV}4mY!>vsjXf9?S$;KGx?(HWw2s}T)7WyDeXHjoZGYCDcEJZM8Z14?mb@x z0Ftzsg|4Q8u=4T7G&&>naUGU|BJh#!< zJ*A0Ym)dYfSd=;_;@G3W-mdlA4=MP+PZu%kU*aO(@v9J5tJqa7x?B#7(VGOnJJZ5P z-_jj`_fNEhtaFjBNEU2)k42w~@MSJpASHp_^8H04oL2xQBj$t|!`y)3C(Q%WDhxrTNLf~7!%hR_uFnUg( zo=L8kwCrCmV1K5%#aorem|Vb2Bphbc0##UwdA8!pL4EY>=}$}-m?w;Ffx3e7ou$4XOC$fLmeleTw4~S|-s{q2 z#mu$a;;GP(n&u)6Ha!#OJkrzx-G^hpEa=7ugZHW&FRvn>#fQ=d!-Xbs=WCYH@ol`I zy5934$m!0ys-C_n_4mzuhBhcDklXXI?q7eQ6k9$+-;f(YPhqJ8d<+uxRV3Tgy_pu{ z!#^=6zX%eBL|x(ojP5ZF?=1nDaK|^pFFqL!PXx(&o`NGv0J z(7{g%_1}PpC1utVC%TQPRaN<+ak@Q`$9Hcf^%UCI4hH*)^9rES+n7=9Yk8jCaY8il zULxNkfEE7;V$boN@RnD~1|}OdEfgq={~oQaF)$OBP!du8K&esw$r)^N++F`>j}BpF zQI@HDJivCZMJ!JbIW8s+_}wh+j?tb2I{l2~h1R5c&YZMR4{gyHPVb;>jK2;>Pu(HM z1}+^GHjjAEE6jaGW3yV-KH0-H1?8+cUeMrBBSUi?#~{~b5~Sz*@L2Qzj%HZL}{ZvgLat{Z6O`IK?mbrPo;a6H`CBA)iv(!2@WK%^qgA<=Yiv( z@%j3TA!ZzYAXSlF-L4+s06XyWd|Xc2C2^DaMhD`dePWJ3zN+kJ3c7n zM;cN$VUvDvO)yKgbhnbM%pl>`Fn7&uyFajd<~5XMdhz7h2G>uMi_FA%-u-0{7E9_dCL%b^&ST$4?A{q~vE? zo}sN5K>y$c^&id7e_XRu;ayg3QR+K`W&E&G#O`ZT8|Suu3y>Nb3@hFn&-k>#kgZA) zcO#OY9g?yiwG1tFlWP`{)XRsZVDmu)>V){4!7|zvndJn&RsV27t&k?7gqGxjyJh2o6bEkq5lp@&L_j~8U7Sg4yo2`)nBJZ((V9%aRsRYYNv$j>?K2Hftej8 zkB1`Qmie3sr`d5ZK{1ePzZP8mGAg(CDqu7u+ufNtlEj3uPbE+i9Lq8)2r=3smg_*T0Ib&S}t83(9jo)(f z<12wAXBen}TXXHH-?7}I5(7KMm4O2gJY3Y{zqfTR59)4=o zKs;~L6%YQRvcl@nH<6T2WY>EZWgB*v^K=4v@Eb9?ej{_=M^BA)jj;m$Xl6QF>yU(G zbny;2c5`Wlz&AfkH@QF&HrH4T?bwg%?}8{uM3lJt>Xu<_5|#j6Z;-gcS-vU;TYYQm$G*E~-gKIkf;kB5*A7(SInMKQl=WXVC}*W9<@E_pBEEIv z!qD^zD`6p9y?i#qj87O(1Stxc&xq)FRLAPOyHP$JyHI6Y#JmuP$}Y)ja;u~N+pCcQ zL+^_SSAzg?a3kP<7@Ss;F8(EMR9HE7!icZVn|dHd!*G4j%0LRhEU zZdS{qddBb;YrZG!Bs{K}^e)-OPga3+P8?6J%7F2{i9Jpzt`snG52yD;Xb5e~q1qz! zgsOyK(Xg#^aRt0MTvW&fjv-7czMLs?EEhfswZG?UB)vFT zh6*F=^lPWwsLy?+pefvJ>N*r>^UPVX`=@_Gd@ge<%0V`x+_`{^PY2dOj$S4AAx zR+arWA2PaWI|TdovlhPin|O}pOnK?9NRjF6IY^~4_n8R&5g6o|Jd2RupSB*|VBspy zFMHhal+d05+uJM_2PwDF_~9%NKIx@}cq4)?L00e=F#wa6q9(_*M@9I2pb!-b-vpoN zsheqnw3kW8p`%9+5?pd|Aun*p%+Q`?i0I6>lXx@1DQ9vQQB+b9H$eNTWYoMs0Q* zDP%0h@|-hPCCKwNPlV@xdCDa6dk<)ZO@onh$740aK+{wQos0&8xP(ex6ctFu#Ry6= zd=!TtJ(kCCDKZRs0@i1DB(Tikp&hd_nF}Q2cz-10egzEq?>HH^57-xIlkcsh5~c>k ztr(`sa`^VF{rl!;HKx)s;F=CnzD#FS?Sbpd^&I`8Sv#^24P?y4FahnAS5>f;8&u;r zAkM2Hro7JiC_l<-ygxvHtgb>4PL}wmW$p}*N~*DHR|PvX@ANO@Eo$CbcRlf%TOvT^ zogSEcw8Zk*>2ljN6Hhx@rEVDn!BYQWE8ov2DgWH`gs8PcQ0~~mNzPT+&M%YwXi~F| zhH$4&E#Qe?n2LtKg63Ez^`RF-&WWMVCEZ{PG(ea{27k7`P<5`$JZgt_iYWhZhPzdm zqcBiNPX?|}GWxQ`F=9k$r(LE4s3!KAIa1_KMLNtFj0r*$`|=A((VhOKEUjb%_7~fx z;|WWoMn1{z-nu~_+gBDt@}&Wz1&Whp4W~}Nek5Qp3>96ujkd}?I$4u9kmFvNnu9VU zZ~8hwT^PBO@iP2AOc2NOqFDS+cPkW^7*6gY+@E;WyX4tz;V;Q*m~Uv#golUf8M`*Bmq z%ix{9fpY)^6B;QsM9jZz^t2xJGvlX`a;KAiqP<;pku+;pR;M6BJF!mGuih114uiI> zE@e$=F1sX5@8mp?hG>j3dR|oHuAISpHFL)%5q=TxTd~xJ^mU}+Il%Pwfw4-AnCjUh z@A0_n*l^0_NZ7=^4$ZAS{_3LT6=y<3HLR7vIn{dSSiuRKOuvp`jhjKp#Een%+$ zFWU3c!oj8flng0|9!o5-$02p>obQ?`vSKc*%crDrj-D}C7UGteJimA5h`X0TONR^_ zHHpXb5((q1TEW;R4B*GB^n6J7xYPBc>l4K`I%%-X;>#776%_(l;~!h2RqCf z#NE*ms5q6oG`|8-b#~=LiaLL<8!?UN?^b!RtCTr@8|adJJ6;I}a&fYuA}mE$Ak3ZE zfxh_|Lc)vJUhk=dL1@4f=I`|jKfRYsN?+k2)+#qt)PA?KSic1``cN4u%X2^YA_S-U zQ-Rr}(^1X9-5Qx?VKKQeeh1|GP@44h*@a$=4{^M=Y$1mEt0B-SjpQ~nUCLbzcI4Xl zs>!Wxi1B(4M8uEhhm)xJcnUC?(aP_Rp2`E=A=<~t)qSL|&+l~qQfI~o@Z`x6)Yo%q zXDh#{yL*C>DL>fU*rB=kKNgk|c)zVo7(bb!*lo(3{O);HE^D7+(=3L&vXk5|gLh4} zDhR`{V5*}0auE>o-|iegN9cLnIL*n(@OKn0Z270{piR*Uy0$*~b5tBKmx28;{~h`j zoSVPnFiYe5YG*23O?u9&n17bZ7)~Uspw3zcVtdM9qzM3tthuRR&GgcH6KJs#sGabR-ynaiN8fqclrf7lrC z)S~(NO{TB?j5MkJ$8(i~0<^OYF&g6caK;;9QFj{d?>4X8&JObB>>=tjt3JXcBQmPo zIBoR7x{-h&1hS&kJLVgw`-nGzQim&tpjdJ- znxY>etuu^$i{dXt1)$s`N5=`FC2I*?XZJOfCzs(10 zEKOYv&L|Gz)s)Dl@_T|~Qr2?Xu(Z}HR`=<;e4?o1V*u3HB?d+1b%*{mmhqeS5{Q&h zXLEbxqzq&2ZJrNI6)_}B$gBXyGX2>Ttt&r`lHfFwi~a2o^v`*jpo8jRdgW{JxPET9 zI%{e=e*ERE;vNGamypzj(580;YOj-cTb<+bC9_h+=`rd zZeRYHiHCyPN_phAsy4cRny~eJVC~`@Letr43lxI+3R|z!?iz?sEG-F(>@q@;?Tqx< zgOc1EzUXtZsrq7v8-~UHY4AqB(jD@R3XAgS1xh^jO-y0{udUuNZ?O zLJA8aql<|Ddc{(eK)d7Bpz_v+2!d-KDS`0FMP!M}MtbF8eDJyt9Te+5TQTVcnmGdI zYZ)9ioafK*_AJE9cH|f(d9jM4t24TuC-Gu}+%RjIgN=nasr(ERx=QAj3T+rt%UQ(B ztSPz|Do}3EQ01<@To3XM5W>_^md1gBoo`nYOKxtt{svsuX%{YE$4~}!=3)mt;)xe{ z*-_q#a@a_%bY;QcV)1Iu^GQ?#N<<=B-&JF6@3$CU^`^X~2JCM;jgu)`)4f4<1+#Vn zn;&DFZbs?f|M<+e3TU0aZADiYtjW8^jT1g1dgR*(_N#Sgt$Xhi9vu}#M0s2Z{I7RI zm~+3DVEpObKU2JjN8?6qex)-dT>4;%$Pm%6*#3Vmny;3uwx|A zA28mnVhlGsPQFgtI>4D68Ii<~$cD<3zXv(Ax+&vklhmo_XkL?U?&DRHtpj7pK!ICW zC2l>=Ue;w0y(=|+uW0FXatCy~u`DHlps8k4_sq^{>o-AR%(W-iJ zE6Z1_fBycy*1&28@5&Z_QF^j;aw(ARLPt2vHnw+*K2RXbi$l`j#ep#+VYWEGni;^V zq-x?E;I7#+(mh}`nZO{NGzRAA=Uxjv*!*P#4OYo$orDxT4^H>Q6EI5!(kDBqMDDdS zgQmeDhirA5A2co<9-Nnp4H0xBhdh!pS%6zTlQgg&R_$A>iwQFJQw8}Er4{{X%G{*^ z&D1p>F-!fKJei=rDKhQ@6HwZd`{=T*>N}XXh3S6A-~QN0{pW3@dK~_YUz@I4 zQAC5(l3Povm8ZY68LcKU>TBx>HCUML#|;B+XNbLicW3;MR4doBL8qAFo8*eKb4B1QQV9QDTmtdc}RyZ zx=&uBk?u#pCKXcBhV=3(d_8{5-P*OG+^>24Bew8)rtNhuQ5`kD@*ETNAsu&pYtCvz zklj2s`F77@XARO{Q9hX23MmSuUhOOqUP}qB=;bz0z%o z+o4e?QF;Fkm&>pzWm}l-0{R{b<~W|~yU|lJh?FU&ob7qa_^c^OZe48|e2Q_iVVZTm zhASBmPTd`P$iiVC39NO17A3FS`qL0c*mf0(<#y)NEIoYV1L6<%?b%`AEB5ecWjZj# z$@6^J$@u9#q?`(+=2PSz-3i+1gIb@EKeByK2_XJE9wt{%-fDK_=^cY@@g!OnnAi7R z)QY~7A@2^S9HT-b7RwY|hkjn{K92jliO<+8XGSb3v25!Q4tO63KTNWV&;x_zFF~ge zV9o@eK3Jv#e&-kJl}*H`@kIr|%jhy8p>idTO(?qNDxL6W?2Q`nJ~;KNvBxEGE_Lz^ zfJP-x2ii78P?Uzx{fHGBeNYxkXZKZgp2F}S@2@W7Q~SgqDDsBJ_eBC`VEyGpV=ClG z%(0FyO5!Q<-v7lZ`P6cL7TYvyCSil%;vxTweh2-Bjzp@g<;k{mw*I@E^|-gMHZ1pD z;_bJK78to7xBZK{6y%{#Miwpn)5&>1oP%X$Z3yi_F=}eeprZ`FeT1{OExdd>WRI=k zPr~54TN^Yq8b1-=IZ)-}Z6VZCPowuVIt}X0Cerg4L{SfH%a~sL7ih zKOymMl7?}NSWjkb98tAU|E=`2=NNoJoZ-;p!u9#%-FnL3-mQ=IAVN>5Xc81+H9Faw zQY+VisLoR4Zs7JFM6=*4E6lh%I~c~9&_t-qTldKG7ltBfW! z^O3`%*+sJ-nKj92)&%wuDva|Ui4_4Z@63Q5;?dIWYvB(2HbE%?ZU#N8ZS%%VL?rmAd|2u{V`D{z5kQa_2lAcfB_*2%7~c2Ra&5& z%Ar^qF`(`ma$GyH<3v)z3>3fSNK98-e`a-!3VTG>{W*45-B+^y>>C|!nz3)fjHgk) zQwNv;m~5=^Mh-RhpJrJpp0KPaUQU5i!OjXp}y_N?dYh4jDw^h-(p>8#0 zO+Z8QerICj+^~G3w#XLOC9?&2QTBepFEmiCU(5WRUPa^efyd2P-h@lXRmal@a#wyC zowuRsS~bY)gVwwk9Zok7*q83*Vpf~w6Kh3@qY`;>`ot+mdwKxLY{#$Z{&dnLCkM+zZv{OCffkeGp5es81ip}986=H zXHe~7mT)yiolWSTp!eG&2b8oGhmvd66Xt2EpZ<29x#}t8 znQ6aE>Ny%c0NLlwa&;h1W}TR8o!mhq=}L}*hE6ahB||Q-`tq(dOlWpbn=EfnNe0 zXAL-+hrPUajxfCmuX|9Uag2>cRu0QcoBNB-=x?ALPSg}8H~R)+dB^#UGwwdo*GK9( z+Am}bOeR5m6}6Otdk{YuEvV{Dm0h$X5SXVy8S~ae$)1kbc=3y$A)I61B_`>YynaHp z|9dOJd}lMpB0nc!NF(Fmf&Mn4ZS@p%LN#YtMCx#ft3P7!sHIvAQnBgv*Cf#z(#10+ zVDxA2Am8bx2i0`}kcnzl_tv*Pp-A*xwXLsF+cT588sMJ8+P2hvUN+%BtvV1n|Gx;IWLz=69(S655%0idQp|Hh z8R8W$lO^`Z%t!VZVclJ~w|s2h8%J!$YUGvAUaGq71vPc;byRGEMou+dn1qg%%KAZZ z>829L49CLD7542O@s3+2v1j~t`nh&PMjt8 zgX4^y&PraVbJyenPCaNiHLHYkUdSIyJd7isugJlfC?mk#)(WQ_C#vcG+!)7wLwbeHmH5!z$3ga}A zn^C(?Ac}~L((GDN$SaB{^?Ydhf#W&ax0U@Dvv)?tOBF~sxha&>`7Q1?>)^gZCNOPj z?g^+~C6%U^hAiRjn0db}I{Jq#oUV+Jgh>bZOi>Cs>ds7tV?~UW^-rr9*uH;JG5jN9 zZyHynU!CDqtu)MKa2?WTa|WmHjBS<9UdaHvjs(U8k!IY#JFzxq#<=tW!nz z$oPLIQz^yq$L|WtGZ+Y@u`QOHGmxH4aYWT+NX5^2U*a-oCm9WbCPTA`#swxO*}|Ij z1YgsTU)ZGa?(AAY*!Z&gxM8?!*7?BY;e>!ydiaF5wrr~Q2#PR%MixO1cHJr1&EjQ! z`)7==8?=(n3k(L%%N{GnFT;y7R&-|cyA)JaGkT_Oq#oQp{}{8(cou*zh~mqO|?6Td-ikbZ?>56woEni6rq>1mVqoIGOAP!+clgUYzu$9rc*!?Gcqs9GcHd00s{0Mii=TZ= zD%E%A^z#^V53Ls}A!Fj`jwC~(V)wnnX`dX_GLpXHx+~z-)7QqYa^D9Gwv|W$L2K?} z=|NY-rDQI%G*krEEA{L26~Kc8ot!M!`@9poOD(f>(jh$TP(^DU9P@A z^8KvL>dKrog*mIDN1a_U0jx}SSYdr)_<$WRo|-tCFxr)%J&6Ydt*&I=SCDgX-eVJ~nCUb99kwwppfFJNxRFTV_ihEd9oAS9-75_fS=E5CGOk~S#hO-dD zJ8pd%+Gp>&*}iwxG6n@Hs)CR|uZq_si!_qyVl<~K3+Og~gH-rG-f!_ov0Xa^ZyrDcsOG8nI%sM?xBDd*%01o60d210 zp$Y++eT52o-x{@q`l^P;oJjr_pT9!1X3Pfl)7r|ZLpG9UM20vW;EOJULh##^ zj-)P$Z|UlXLhTpgHH=Ue)?OWc{+dH(Wql^Q3*^pf>a+{UBOPq5L```-ZZ_4s>T=dG zSQ7QMa>~@BkPFqF*D`9=UsWNbZJO1lnTso`1?*pIV%?r(cmf4Pz-UCuv2 zW}BtJNWDqi99iw_R{&>xR(o3^zZv4lZ(5v4^BJATI<;Pu@`_uX0S^51TDhMnYW_Vn zezzaC&MZ zKNf($OeFdpF97KPdN^2??2_$_`GRV=+h39VAZy^eEYF8EsU7^ie?Hi-!hVR}22!Om zzwe^UP?W+9$Prp~CTN=jl(SCJri9rECCz|e8gb{ws19j;b`cr@r`ok3RQwZcp}l)u5bCUX z18APyWzOYD`LoT-D{$WlSbIwE$ys7tIpV#E$hVO{& z$A(Xs;}Z{!2NW`Q`~dMe9gb;nZ1VWrgPL-eDAxksbJFR7wk3D%o9%lED<0zKQkUmk zfx+K{uCG}v;O_$f+1<+(enao&fwXP11&quZ<2n$F>y-Af^@KU^Fy)mose!bRJ?3&J z`aF6ahy9_l&4BS2tf$M={fB+@yLOg(97w=DT*-?@6FT?9^x+Qm^Mv_ZzfHjWAIXGX zfBscEDhNf8)S&}a69uXOhypY@LcZo|Xn%MsB0_N?VW`l)9^2|zIKDX+b~Kn-ubP3S zi7)k^z!&%&>y-vYsw^d+YLUAkYzfxp+o}$%G-pL2vDHHO^J-~W^0inHs^)^j zUudHKAz%IzPTS{Yr5@W~1zrF1`h|HinT48Z92y>n^m}aI+1nl9duQDn;@D( zs%e{_FG+_v^W;VbK&i)0@l8A4t}!w^C-1oaOa=&33B~_j86fc~$N*b@m#PcRzeIHr z{VS<1@*vf~u~(+GF;99metSZe7c+5OyJkDDmF#+~xQs^c!IW-^APak@7Lc0ee~3~3INXVULw`sA%znk2J}9{R z!Qfk5$XoOGzeeaU-2d9P%suaAT`mrb`Aw@bBI;0IR>#kM(biB_oDrO%d*{HE?-cZd zN@!hTR6)_J8&zGOW0O4O-o&nDFk@&{5Bb7G5+9@$p+eniLLFO*%JAj5X@|zSm6apNa}Bj zsP{R@6tXILdkRxLDcW1OgeafeXKH^15)%1eqGr$jx2oAMViTB)_g|NZuWI&{bYyxo zIo7q(6mQJhwIk+OUmz$3IX6~a_>pan#-znwuqIencFC+*2i+QZ9P~}v0-qo_NShRP zKk+y(^up!JF&4;B(OSw6ZlF^G| zkBPlhb9PHOI`fQPh(O#psl$WBWmh2IViDdlA`$U?Qhmmj6Y%V~=OAUMGC)i#NJ@Or`_OwCBNk8U>siB)cR;6F064)zpn((wmLHwWrZE zTt{4Ni#IpZ+@xL~Fgvi#11( zR2L_I6}ebBTom3dlQpj0GL|+n!LCJBOp4cFV0gypBj3Wup@A(OUy2W*CD z3N;lGnwdx{w~MYYPX<56x@C>uj*WhVtGOWy^6Ch1z?-n_F#b&u2p=DPkZ?%2D(d$$ zF9Lj~8xU7#nOukUr1M@??pcW7`_cq+)}susn)h|INzcnVt@y*?PgtsiPt*cowcGe2gB83J6j%d zbV^w-Yt0I#3Q1EF!7jyPm`)|keQ=|1Q97PsYsenkN7 zK(wxSnO6`a4&UpkNtl|8a19_MVTDCoFjYYvFL&QN%m|I+#WXu(XsfOu(XyUe+VY`| zsEwWkh})J)*JD$!xcs0){w|Fh<^LMvhU2ec+-SY1@Vh%!$Y@qW-~vFm^Wi zTk!-kCKl<9!uGW0$c9$oN1v1&y6#Zm;L)+JARq4_QA+=X(zgGy%a1wuyGtp-W|L17 zf@Cpu3Bh?YZEqoO6&f15i@)3Ab*?gro1YUjHP-aby&9LA)iw4PPRC?4v|W_-QKBRj zG(L;sL-}w7p$}GZvD#AWb+88&2G0;zRV!cm|c-nw2ZwOeF2^k z%F7Ho*jz&7g(97!cX!sVNFuA9Y23v6Q`c(4Zn%xLPig{enR!W=jf~}Q>h7-`Up3T0 zelo*OIR$L^Yc(6kPcu;MK@KrLrIr$ZDYbN5jra%wtmd>g4cpijm)Rw;alTd?m@{A1 zj8%8Jcw@3A(v+T09n}QV+Q(9dlc$qCw*^HjjC;600#Jr4g38;2GoY)YuN1<%e`L0a zyDP2RErXcrW7B<2(}`t&Y|ft2z3=aPbN2TRsFRo`)LcRX)OKbl!+;v~xxx5{SO{@YxkX!m$6`9&8oQ>sEN~N+(i@S73J|e-7vOtY5eY zTn=G4!Kvb^SxQ@jibt%bSdUvi&q3Sp^{q2r@M!bx6uvV|P-1D}J$LBAqC;PB#M8{t zhdB0lM#@HWaY$UjY_D-3b)@yKh;bCMo4yJXlmILVWY(^_Yq>l9B6X4%uqNz^oBQT_ zt`O8}hszGN4uc!V?fTs^G4p#de~$JgK`>*U1b2niAq`86nl2olc#n|@)sxJRUpO5! zKE!w&ynyqW(%>{`)-&KqD)$T~{PNfXR6Ts^!7m~ptN#rM$eE`g4s-ck;*mcr)>-`Xz0Kd00CDQ-=40e&FkGDlRYaPl-e`lfn8 z#pNHv)yagDz@^)U8to49_&kp`Eg}l%(NvL<%T{-z!j0#a<7(BrGC*@$DXE4L$$`y{ z_P}E2g14U7Qd9T@8fo0?o56JXOALb)4_HzoZQSr z)l*9#?!|VD-OnLW^l;q-n{VWZmk+1yMW@?rO8v}n+Y}~+uh7@0>lT=`bBg;4PBe)M z6K>|>@t=Tt&5CDn>oB*l+`EdPZ>nTtxbIv68v{}Gx1O+=3D`na4<(Sfk z05p|BcYlkN`MLcPq4b3J9f@l@ThdbD=2_DKYyw!oCSZSu)M-%Yx3>O-4Ri&W9CYg*?QXmPArsi1 z1d35gz0X-&I+k4{OOE#w0$m1j&ehBM!k-aq?&fCr5>(KuVc!=Tmi&8m6~TV^)s}cFiHSO=@q8 z9p|$?^5w%JDOL>_!K7X}VL=_`Jet$|DZ|qPG7YQqw&y&a-mqn@eE_BwF-hDL)dCPm zpeGz1csr%6la-(jXA})CDg7oIeG3m*m$&oPC;2|CcTnNLfp{uIyZc8|S$c@z=k)8E zr%aO6J_VBGMY=}|R7fNi&s5j;d{X8fWyy6pf?$nC2bdPb z%igPM(i0lHg0ZfagJtVirCWNIgok)5cVzfENA1zcqD^a-6bd8<++g$|I21N{Q9<$S z$j{+<SX;;}Jj)?u&{u6c@T%QhoV5#1|y*#KL9mGdnKi(oF%qyTZYcQhw<1=G=9R-arb; z;Z*FJxfiDq&WH_EYtK2Zm*#}=W54ZrXgBL&%e(6SK?|04Vrb;EVejNal+PUkHs<^7 zw53O>uTgHVUqx<#r3T_7)ivdy&SOUJ)_o{OVKs1PTjX$4dNvR{;@wBD+n^=ncBRUW zT5g1pO}!#_jl`E~1g^+EK94V`0U)R9@Qt$Czueghu+vq@h{5bkP*&BM{(qQ<`&15X z2Oh+cmfn#*Yo5ym)4W)!@!Nx+PUyd|I)P8+VCK+2baSRE?+`n9qGdSi%cXOxQ{BPJ=ogqTDrCt&bQ{U!;d z+$wIP(I*^Dq=giL%N>M-vszJL-EX~b$e=b>^8Oed|4wAh|DTMGafa;s4lOnTis~nt z7(e4f-u%N1n#R#91>(RMDc*1fEx%aiyE<)PIJ?H8P5K)0Z+-%8%}IED|NB5iIP#?u zzWlR8kq0G5Z@fAf2@V^d?UCT>*;BYgg52CVa5^GrG-^df*<9*agru)9;zja7!gO`> zz<#&*sdWM_OFk~!A-O8r&Ah^0D=k_p?8r;nu|bNlzGeWj&fRe&YKB+6N-)A+9UG%! z`Cc<_K!8tCCtdEK(@XnT3GnFI?>G~mF7S;Vmv}P4N6(XpA2c`(P~bu* zrH&Nam_w7L*d~199mma*mcqa$k4Lm5AkCb_m}|T?A7{>i+_Cot-&lu~wnDZaJNMJM z1>%>_Ei|U+ZH8yY6wgtu4v*wYW24BlNPlh&9LL_PoC?4126n0)lX)W85=el2qft4s z1)h6doh%7O9{YtjcS*UrL%c3S`3CH?)w$dIbibwRdaHN*{3D0=tS+Ep zjJ{Q*yB;GQGhZ++11>i+HR*z_=qOqyYZSoB|8!LGG+=D$qIWg+6vu7{mGqO_?vh>M`I5|19aG>TY(z z-*Hb*Ia@ep>^^6vEmKr$QQsJ4+YmPH(d0q+cLT_iA!}@(*^d?im#r(i z+;S1!U3=a0^CR%?64f8mq5r_?5W(OL z-$VzGlLi)x5(ZG^g#Z;oXsD!qWBBMz1tugQ4{*;njDB4Xa^?jM^al-OWWGNaveDri z*Qit7E5VPH;_u0t3JAIB?BB1bzh$3f&S@6aj52Ri%|P3BoKsY5CzY&YA}k8AsmLbN>&|)ADz&0X?~E*vdlb(7x_dto_2ikP z>QYRp2MwuJ_N?5-?u|#n#~j;OEfpx%Dr2L%H$JVZDq^%NxQs>|>JZRdc5sT}AJF`H zJN@f(d}l80*QBa-GcvBG%l zij)^)bH!#uTZYQw0VeZb$T5%USL+lsuaUeX(&x@pm_=68ZLzRK2jagGzns5lh_>(G zL+iNcfH!Vem3&6^VoWS(1Na2ED7@W%GcyyQLNZ7P4yPBerca4mFdGX5>-;uqw*X+y zXbr&;w^y4#kc(B1-3884bw6-Owgx4*j9Zu}(j)eI?I+!{Il!JJy)kNb>g75OnC~?j zq9m0k*j?4RZuQl&U}e$RX}D7`eK1@eJ%FbpdBHSkIEt5RECkfn|6iWKTWl4&Ev(x! zeRx4_`6o%QPvNH zK3wy~yXUsO^ueOk*()FJSaftv`teVud)H-@ObKgs4D3dgm(-Z2na0p;VW!m~VXxe@ z?dWiCR{4onMwYR(${HNME=ig)n)KfWQ#7zG<`kY;!(NFsf}CSP$>mT9RI0sSS9nWh)7rVNGnn?Zf*ZVLpV$Vpx@$1|y9n=O4 zg7Pa0R`E>HsA_plO0idvQ8FB2@62WGA+OJ?2KBiW>fjTEtS5QhZ+^P`_~!q*{FwfD zh>hApzWpK9O?>-#gv&7EoV0Vj-a#@nP4qki2F2J`;cX+L!g77$HQTM&DPpCef`2;X zQ);AM-co+xprm!=^@1S5H$jy1Z=b5QZt~fEzH2|-__W}{AB!OiqtdKNcocgb_fT^Q+w~HEJg9EXWt9gf zosg=~{>4u0Xx6yCOFKYClpyE%E&u}Bl>j-BS!6zV_@nwdW{c5+@xlEIlJ z^4=N4f+{3>4f<1b(I?xaBTb}_m@u~c50IM0ihW&BFJc!1Uuzfof7pA|u%_>=U%!^N zw6)4st0+QfOO1TPW*MPn4cVXz;>zjJE*7fA+hb{jJ|E-tf<^d>N#JZE)p3vQ5c_ zjh72L!J>Q213|=1xzG2MF~WG=U-PKwMS>9138Qq^9D>;@D z`YZ>&;VTTi<(I28V0H4p`j;S|R}@Hdz>mgl*E*{IA$_vCsrJ!`_#ih7M-jhoo_qE-*^SO+dxr!zuPC*DlKevp)+yDx)Q$ z>j17#@C~M=hhR+3_$M2Oe(IJAj0pCWcBeSWTikfufi3oV3*yKFnQ+D~aMcx_X3Wj=eY38gN7B$vm9CBTm z3=_168u7~3lxk`IfVCd9ksRM(_6)QVw%# zA~u3Xx*$8GPQDmdS4yCu+MPM;(J3za1meooR^x=_5m+iv152}1Ss>cmFrDWgp6?kV z+>We;q9$&b=p+3u80G-?YdV0yZz5@FyK?_~Rc({pk7npq)hWJQz^lS)YUo&18Bfni zpTRAkBf&>zQJ z*~_f8>5pD$MQERUrMPlYi{AgEGl(2u9d7fR@)jBn6N7TBtBm(-T5ls?_l#&;yVN9< zNP9?oO50m-nUR8cgV#0x-8ozO?{t>SsN{M(E8*f!mM`gJ)8db&;R6|6LB+{EQN9UH zHqg<^+cC##zOWCTKJRbYKU)VroVds* z7uUaooW}qJd0tNs&f?LEcG58N=cKOVls=61ekUTd+8LJ=JaFC>;U?{JEFaE1x;==r z$R8F_wmn(9&&sFF{bgIOdIF363+K0o+qaBN@7pGuKo0mSH{A0ZYkA-<9&KDbaKVFm zY`X%V^2>TKF51ec>i1K6{69l|_#U_;?XW|^vMJ%y{ucce^mol0^f&kq=x^Sip}!0Ni2jbFyhDF)`Xl-q^A7zT^BVol zs(AGl{Vk3!euMtLVS_;Z&CoRWZ}gRonzo^OjbWN%zA$0fb2ScEiZ6UyOEz0xOUGFjD&rUzZJjXp-)lS)TJ`!J` zY}|&)@kwloC+m+CO`;S<(UT7l=;s`=bS$$&_r~>vK5kF>H-5~iiaCbHzVje1OE0in^$M$_{lxl7ym17d>V9(QCFkJ!vyE_uHTWy<6U0Q`Yk2X zUX)AV4Ipp-5n)m47Wq$t5%_<8x78fmZVr-e#g?5j7))rXb57`UnaYspQ&GZz?)Z3SSM%*hB*0rYmUd1a1oG zNcX7vAE24TiLrYE#wXt88{WLsew%MtTFU-8-w^ZXrc7${?@XCxuT7bDzcXc8vmy>6 zKWNA16B*5aMP0zUwuu37+)ku*7sXiHR39Yy2g^L+XI^>qblJHd7d!t--Lzx`^fWrV9=FSl;;0!ePs7?Gg+;HTcfevIWrmDm2XDo3yfV+jpoxC zhJ48!xEH*0tW=nCK%pE}#Pc~VV%AFaoW@5qt27bE;MW1n4(*}avq8zQC{z{bPJ_08 zYuG*gOi;~(Ti6FiBu^N!e;yBLmsQFte!~fv{k{!A%^mQizZx7mqicBV37IwOzl+kt z9T`k3irT7A->=nZoN| zLupl~{gp9o8^wlf*)Qy#8B&C=Bo8+6wvk@bHOwp9q}p?wY;!>#VL5+(HGRIhLoMRHUrG(}Ej9A*QuBAI!QHsniIn`| zBKQCBkyY_>*x~8Pv%M1CJhIUA3~(?$19meGZ2Xj)y|8;452+1MZN4cEHLISz63iwJ za~5+8-qVqm+Kl%`V_Fq0XI8dRKGF;;!Z{euHg~Lbrj=sQbO3m&*^H)|H^-G6xd3oM z?1^2u7%|D}+kGDfib1|I=a#;DVBUA|XF&JDKLvE7CR9;U7M~mdMyc9c9du0yDpq%! zfWlC)kBe#vXU9UHYEH<{aqI^{3YD`1M2Er8N~91SC4i>T=%>e85!x4uy<@SI`S0fV z&cDp@gKDK+lqs42&vSf0TZEDBt^A4!mIqHP=?rXi zsirwU&O<>fRhEQ;Du0@GC_xjS6-_gWPGIG*us}LzR&x+4xINsH>ROdMMQxVZm@_}- zQVt&*CH3!U%PKT`-P)Pa!fUtCCXCHpn!_plQEzlOM*IF7wj|rQ1kb0Fm!Wi(*uE{TO9k1S#;b+|tZG zk)IMJ>WC3!i&ogRaZA%MduYNUK)=-h#?clhgb4Ogx(^E-AgGoiw0u9Gx(B^E2nbRe z=e!g%sx9VeVT=4r^kC^Saawg-$KfR)VV*nwAPkV#Zb>PYJ5TY!Uh9IG-<+gGHBQvo zA~y_AJt5XiY-06}w5{3bRV3w9IJU%60KF+0(+4p`aRCxi?#Yb}D=KA89!(;H zgjtyx$whZX=|?Ovn-E7&^)E_-ii;bC*DHLm842E2D5Nlb^8{$>p-)vGrsJ^au_QVf z9WA@;h3VRZo$?DJh~B^D>S)C}$KjPWbUcsw$tH(nWObX3pWRV!lp%jhw9A~kzniqs z5vr{Jv%DwhFXTOAonPlYxqr-ia{esux%7{DPw~%r&zwKxJ)_Lt<~=E|^PWX&?{|4m z+)Mepyr0tOc&Q#(0i7 zBnuJeD!IBDNrx@HMCbd89-(6K)B=tXx$eJe~m#|(+Z;fOT&Sj^)X;26Na-WYx8$GdD0jFWwTD;;?I63X00!cDPW+U7K0 zMb=W~i*relxPHMI8fm+y+Cy$%4UbIr9q#Qvo!StIA7@{OEfk$a#>Hxk47|D|)8sc3 zb={kZ`g#pi8xWY-oQr(C4=*0o@M=eT11xzaT3x&nL|?7*Sm=hU6*ilMRzQLxW;F5{ zI%^XAHjn!jwJm0^-4Mxq;YEr&MY0aZ$UdCe!8Av{Fw!LFzh-T}D@pJ2SAUnJzf01e zM9}{aFG-iJJ|nMfpxEe!%pjGu^sz?x4(5<*>0BM^!*cQ@oF<*j)x?K3ySdSQqF~(i z$SYE?K|9y=OlaDQ_5Fw0S+M-hXbNZUYZpNI$laQR0dE&X+Zz0TZydfs`YBZ@(xmd{ zx(yf=2VtO;n|?tE#4J^9Z%Z&+2OOK{yqX%P%4*e!2`Y)L;UYmPDTSzV9Uzi=1Zdgd z$|Df>t36|KcCmP9qMGVcOPmgaA$7bbO>UTtsZm7IJmyY+VV$Lqsv&YAN|EQYjhqIs zE1p$!@6JTOkVjBTRp`Yolg_M~33Q7~@Rgvb+{7`ons*@qho6f#W-E3m z6pw*HJfhDLO_ZWkSXVB_s(a-rz7^v0Iwn`kZBf!u&81@scg4l>>NZd4QT`&6oZCSpgm>XZ-Jy^!F?2|LRxLWvkfc`Vj4rBp5Mn%B*`K^UcUehx#zilu(U3 z_K86=&1#K{X^FP zYuJwJi@74p%MJBVKf`!e%f7407cx~vLOiDbXx}=}#tJCxUTF%F**fMJngIDZyBofBTX!GqlT<0#Mq> zH{?UiwqJTS&#ZS%n}YN%e8t_tejUC7{v5t?m9*3igf93(n{^?f-$)$yAMZS2T@b3~ zPaDg3?(C;Cp?vm_Vme8to($3OhzJPK_@aEiY}`s55{JDZG397IlXlX6CKy z(=x``WzxwI;1Q<5jkfIsacYQ64S7y7aygfL#MsHe0Mj@Jfi`DEEO3P=q2_Wy1z3T@ zKNZ%QC!05$510opeO;;Ab{Q!qVYhy3>kayyt@rRRw%*Z=(3<>}Fa)2nSy;e$=rfg( zt=Pi!72aRe3Xsc!iV;l}L%F0+q8KYuEh0tP@*w$D6aHNFo|s4ms5%ta1q!^_i&^%o zL7ej1ARhFqLHr;EKJ~^Re$9x0(-ev2ca_Iq^OwNe&9L3WRz?hp>st&8Wva!dEd4ha zl*7MbQ2hUcKtTL^fq<~hi`{cI>e8YtlzTX+k+s-G0*&!!S!~@zp30Wa{uOY6mT>`w!=P-}qo0jOTmaf9-s)uD|%y z7KNYnM8w4<A{VCY-Q@#$ASobPXrwO-e^omzhMg{3f zo-tji5H&^Y40)=V9+yRWOIkdz=vYzcTzYm1{`Q|?DW8oFY@>9;YN=MNA8INrkl7Z) zR50k}7-@I~b91{(1!ze{^F(3ZC8@q|NijxrbSfzY>@vsN+8jYS$lGOG3{|vFQq8L2 zMlsLy&SdP^C-#sxRKqcs)0x-(jW+SDD$o@pmeRUpM3kJs;qvegwG88Aqd8HI)ddYM zjcc(@ohjH=0duIL)`ay&%*Q+QbEPPx*7cD?7}Vo&q0O@G>Dna2tfWY+@3SADR|baRp0?A72(7%;+Au|k zP&JY@^Es4GU5T*sBS;UIGTm$dioO$yUdN$o&E6TtgMVij|L?w;VzSoFl#kynA7SUv zD?rmyu71)xRC8PqG-MoUFEhplHi1_pC9stV6BYEpY4Ix^(~o!2>v$S(z7=d)Z&9*o ze;iZ#<4UtQ2_zVhzwKGwO^8wn3*`W+N9F;+TW@8L&no3Kok=725#sev>-%J_)4@iq z#Z!^9#fIOvcZYEMB#k!8`8!F7K9U?t^Jq&^vngF#((G41;>nL)pGhjZS#!>_${hnJ!ojqdP(99I`UAfN&~ zMJjnV4N9zPeiI%T=%D&Uy<+Q20rKE1mfi@e?9cach~c*0hekDZW)pSYO7%<3W7D<_ zf9rduVB~CaUaMu6V@D?`c+^KedcCi0cFOl>$w}ccg{#js0QT`Rn_^E*Wg^%s3&hC$ zY7@(qj`K^wDyOc4@><|!%DJ7n^#15DwFRr%B!+f&JP&!M(WU+}187r88VQ8Q?8!u1mR{sK5nVoPg zj!fDo;9G9MxIRm~9`#tH-P`{!2WYrNT6Z!T7P?*MC)G5~Wif+=*cy4ww`ep&uJZsF}4#s~7g%Y=vLE9U0 zX)y}E{gFJc&V36ib)emrN&ZlmV^eu9Df%O!KASByMP{=rk!L%bJ_P$ipKt)zn(Q`%8B&mxj5vyP=NgEtPH~Q-;1UY=RweJz#N9S@DD2wa zJ*HeX%-)0-QMaqRyed}XhCp@!=(_j+PGQOST+&iPm>FUAR~D|$K*ku+0C>B(PLEUJWZl8 z-^7AoR3-@3rc?*QtX*oVgX(kVvoinK-rceP^W*T_E4c%D?6_C|oZAa2&tsfDu|mhC zzwc0y&8`eSR zTh;;dcTSVi3EhOFJio)XtmQ=V*@Mm`8Ut~<&nIgirOOd2j3AZu?XMGdI~gj`l+Z%&DcOjMmC<=SyTN*JcVG#09ax9>z~nCPy8 z7;jB03?5nV*24s7Utz=`DExSWZQ>TddSoQ-GGMN-(JjY5D*7!;7r{z_25n{D#Hq@+S2s}p$X@|j1~;wvEy(hle*szE&dl7(nB{VIhcsskD*qMl zy)B}~HEhZRiGQ{~+iU|2dBd$0L%>>OBl%*;CRr0grfP+)VFaZZq1T6L z9a0HeA-x*+K2y9;`%l`WF?Upf*r{$5`b_FaiH43=x>{=J7_&2$nARW%ussh;?H@Sw ziY;C$HsRvYz&G)5_?vjRjq)YbD3+r&pidenNSjc`%w%5YyL)1I?03xTko*K?8a}v& z2gZ$-hLUgk2p%)~(_u+6Ql@a_MFgPT_VDcK+rT-g_70~-Am2mP**zj`?3;aW1)1BF zdtWGKtYh#n!|v|4V{0qAbLil~a=VI5u{T#~S-b_UfJJ1-QT-n06S;o5W%f07W#4;J z8eTtBAI$st6M!v58T+!1#IZz@L-$Xb56`tabl+cE`ty?~{O>2v-%p8lNyg zOV`3T=Ts~y^~%~u^+kS#%R_poPx5x9!Y6#nbT0I=fiNOwPt619xME^w^x4RFKFC(1 z4-&=T0ca?3eQO0+&l38i=$WYqLpQG<+#wcl>bF4d&+Qwny6CL>z?t?r8K=L^v8~W` zjWKo42zXT_RT>GQU%`%i*fxj08kgq6NT>v)9&F`7qYAf6j|*5~mWslkI?=c_H1wbZGm#+Wp<&{Xf*; zS;GlCCZ)OAmXt23oSfwI6k($%H>-?D#eVZL6+AkxBGy`qxSUISU;9O-3OIU;ceFz6 zOgB%OoK_w^o4+aF2kCL&A*N_2Z`yD2)qGukIfP$Pt`SBMPglsE_X9vz7@oy%p_u5y zMkpqo!Lx4YhRmLGqUj)8_Qz8m)jJ zgV40+$#a3J4z&iGgh@fdN{N18U@lxgTlQfqyW@ZAjpf}fum;C`uF9X<@O^%QwdT_%z2f__oqQh-qjZ)jb1%;pTf zX+OZI=XBUbi+g0U%B8hFimlU-G(B0~*wn5f+-JAEduereRSkS)+o!j>{dWn65OTn}>=~;?G8@ z!kyW#?^|0qDvg5G!#Z16I4kL41W);uc2pk>9lbLllJF$=;yX~~M#fe}A?{%l8-BdiuQG4^$_ z;z)7<_84f>FRASWtsS2)rpFF>ea0L0 z>hC`f3)9HP3Uurp;LI~OrH#oR#DV8a5R({!=J(_45lYjbijj=E>}xxL_mv$~C(duw876+0RzpXL3h#2fXn~UV>HZ zvbk@@;isxY_W=3_8XqgE>Etrg-ang2eI=awxWdAlsR)xM09x-T%XvyTcdcvSv?NCa55d%2@h0p5SjhK^my# z`k&(or2iQC@)Lk;$j4E#)0;v7b#}~Qarh7MkKpHpLH~59FyQ!|OnV3TZ0i>;Dr$y6 zO&!F*Mfr67^d;DO?XanMHprIryRi;Lrlhj z6#qvqcEj+(cEz@6O&x>Az&XGhN?>y{AF{ zX+9MbUvq`r?w+FV>JwYWxT8RqxiH23V(CsYwFOpFq_xQH-d&8GJ=jKl89k5&tgJ~q zAr!2+M2dIXfEikx>wP=ofr;{oStTI2@JeQ`>`p1M-==#JZ37bHQxX%vF=a#$VumA! zyCN0mP{zE#YTVl_c#!_ncx9$gwfFTFPT>55!!?IT@^9`*N6p`$IN$boKO=wtdXG0H zoL4R+Xm`&u%>P2aqfU?-F`}g;f;oCSGOXOtH^EYv?WpP0!?u51ZU9v_lT66`Hw|EB zlo7d-$*z8zcp7CF3q~_*oOf8qFb^FaRCux zt*Qkw!up3xQGg0C#VL#Fo=jH`!<`dcj68yeMOR3f^K#yuuwW&u-_$nIm+oeN6A8A8 z_d%(D6AAu=NRV4n#MR?A8;&Z>D`2I@LzYKoP!=4BAQ{hC&iR~+oeknJ_kp=!7vY%V zh#7hGtnrXVlH9IznV%@HIXrM)TK9pqgv$fB2(yG+v)j)C&(5|)@CLwJMUAURgMb=h z6hQXygRh-)iWUS9b**3(l&yX(wsh8bSD!xlmO+3{HZlkj{g!mvNW1sCxm77Lfr~de zPn`(a)2~evn}iw$tqo(X4ulbhP{@cTdPy`HRPkIhmSi1XQ%>M_(ow1u!VIKF+d`Oh zI0K2*zM5S>phxbK>IdrLZsU#*W{!YEUD7R8E5tx~fh)+z$bsMLU>i~PmX-1gAJ52y z`h|~|^`9b||2I9-V#kWRn;~76hW+OfICDHqf#Ll?!H{(m7&jYf_&!9RNM;*8XyipJ z2^r`Yj4GHYP1OrBCTL)QNcYW_icsBQ>hLQwUY>~k{Q|TLrW9_hXUUs#G*8Tvq+Rt{ z@}Aw9YWeQ0Dm7_U*iS}4!Ano==uw!UuFe|>kNl4UhQ9#?e}nG+JD|IhpZ$b5sJ^J= z@(ck^h7yI|`ixk|OnrR-tNe84i&b}92OLb6 zDNt$lO%Kg9j<+q|dY~DL7fB;EKfaG&x5liht{u9XpV&LEc_;RP4<_2uN8J_wWHpYM zJW~DYK`MUo%P;~XRp6rF*f@j^NLND~w+E$Q`l2M?xAi|HmTicT26nq~D4*fvs>D{F zPK~J5zH-)cgv@sGfpCk83YMR7N;I2mn2j5Inq zhg&4vA);6e1m zlGTxz^lG?6%&Cp3wm*<(gD+=x7h{b$zdl!itPK-Exm}<6 zz&@(W7@%Uj=Ve3x8;N)EZZ9^{;|r$VdSLHpp$xsQ|LgfF1KX0}upTnX zmwq1lsZ`yM1Ic!q@LQ>8YgXrZFlbA=wNzJ}D_x{;!&AZ?sHUY2#Zi(nyw33^81)&R7F^mdRmB0-nbla0@^(y49Jht~H>ZhY+5I^3IcoYI_8v z`_e@xbT3wVjSb{o^a?sa>CX5bG3A>=>#Z=t5!AoH5di-ljzDW4UJ%&}elpxx;XvRE z2$K>!x||n62-O$<(D}W9gExXRQ_22#Em`wo%uL_l;BQ2Gs+9H+#RD?!oE7Ct;K0B? zLqFh$o2ADeHu6`(E#(E(jwxIhVToCf{gr~7HZN>%MZKmPXSDp5g)rthVZ6_f&j31M zAxcgz5!)>+l>`TLr@Kk>u5%~nGM-nt#V|@C^1L#7OrB35S>Ky|@@fhglM>rBYLmlt z4U7uNJ^P{~sy`c9+0e#Bznnu)C6a7n4>*TS-RuSg8OcYht=EIP4pV@+B+Manbzoq( zsN`yqpbs3**epH*Agrr~T16PuSESMB1Mk!`#y+&rsGdm}e*^e@4>5=>$+66`rLRBc z_2lRLR@8qnzZKaayxFI}^dde4dtZa$&_9lw8lu0a7AelHv<{;hK2&wkWigBwZtPs z3DRngi#{7^5<)Kb;E%MLh43JulBLRKTqNO%*cR8eDL=~4zrZv53Onf40}4v8nAx9x zMAZ3TVKan|pm?=X{VWX?CaG-a3~0ZcwjwfAaPDHm`&EG#x355aZ*mpe>yiV@P{oUdM?z)XzxNt4ajOwm8+ zX5REIxG@cR84%-Ls@|<5o~OI7@#Oiq)wmXca9*LEg|f{4A5Y3<4b4xHQS1DUX6&I> zT?M)aU{|QGQr(N~JsE@fr2TNP#kj>R|Tk?d-!GT zQuhVq5sgJuBpkQ`X)nJSH+X6eAAHIu-Xg(&T|&nQ^6Ku4XL)?|SC?qmotv7EUZSYB zbmK&UXkgBvadt|5!|B0E9!U4oePt!0%!l&SaLeuv!McDzjZ=Hix0yv0;2ZP3q?MRZ zpRpWIc_3n>N_>drlhD0)Lji$KgQ+01B2z0AF@YmN2-1>O-UHp z(D-=&y5Sepa&*hsiE!*S&r$CMNq}RhC!b@e{`Q|qqb{g`Q+t)Ak!fOSNhPJ>(C+D> zjB^_K97=|v@n2b^NM;FO8O|&-)A;{Np=`3rHTj6#uQ`-h#UDR5d!o>0JRfzf@*r`G zKPiTPUIrvC$7k-a zf`M{(c=Y>&a<{@p=bL-y?@r7Ze*R!tOrv}mYIOL{q~if)6aJl$xC1ELFUQ@yftM{y2ObzL@A8SNo4c2cFN$dlD~+ zXDxa2WAC7o6ToHtRd*8;S}lIkAfeN!MRu&T^X9}J%+RSH>Tjm*qm-&YHh1W1uBsLF z%a&`7oEwSC$VYYhg2)y?g1yUUc-g6Opg+V-GB^tKXJMzSo}GBGq9|DQ^m_BlRYd>p zcyr3$%0hRhAuPDwGMU>g5c7HFtD#bW_069fW_#mY};Us zMdpMJ6qUJVk2{6fddRQuN(YC^^>)DaEu%l_T2|yi@171RU00rdJaF}%M;!sU(<6TS zi}2|w>FIaM6$|||lJES=2bqfD`~~Gr9=U;@ir$V}7*Aq~5_r-5ZWw^{|AzDhCW)cWPZ_vA9>7k_>^4F=V$d(B!96np?|f zsu~sAsMaC}>dBQ(N8LEV{c)V&@GzWG7<`HSr2-JJ4q&+lp0?IUseN8hV_|;rYZNnT z#{Emn^Q;{nV8;9A3BIzfQ4pePZ8OELJ$uVWbqn$dIDdRbHaFqYMS{bSn+_mG7FxCQ ztnZCEUhZg#I1uQam+W~dm+ztOA=4b^hjiRqrRblJOv%LOJs>qXxD+US{Z?+^$l%{X zQx~k*&{V!0)YO!`B11IsBdrPT)D`3(vh2iaQq*2Ja$g=OhIRSqQ&Zbq5p_$~kQbDL z2`({Pz@mC4RXkX55QOyZyQ+e5?wzm;Im|qQ6!*O-=Y$p}S-I7!bWbZb<|7;!M*?)) z&EtyW?TQYqobU(oqNt*rh`!yoXwc9{spIWsjSjV^3e>NZ)a{)$->oF)kXC(jpO5bQ zyua76&HWnpg?kwFX2^B?(cWI~u&E;3(e5973lH9#{BepEwK*h1a5yB9-(ImQ@m61k zqORK|(r;yjd_uOnW2-#l$NY_xpM0CT+(Ea$Fr$r)ypKBIafx<}$z(OQtng^Nu<__%pzT}}z}u^$>QvgEAM9!y5_VH+)q{3KOG<&O_b_T*#BLWI9zWWIM<3c2 z8Un9xmfcyyJcCHga9KcHG}7@^GbVEj^=ydvF>7+{F~ z;ZW^^mHqkbkr2BxZI`Wt&p{C6h&#-K@a+vaSw`4*YBRFAdFROZH&XD*@R)jzqfz0q%;eWuoh|j&s}W9XOeQ*$J;} z=XX%h4bLansh%gg;GUf*v<7T(3?J*7SafMD*kx_Aa?``sc#MO;ba&d+p@NvuHdIW! zpJB=Q`Sl;Jc0kRpH#|Kz1_S}W#owZgh0D?&WcFaGWQk6K=B2&2bS1N*rwoOC8$hl(6^ zRga2uz5`2u)`=eWMAeFCgL@suToy3p5uWD1{ags%^CCuL7p_J;epv7OvSo~xknTcB z4^Ov_v1vAn>nv!^QCNrm^HVMWbyp<+l0Cp4xmQH7D&g-aJP`O19C%E8G5eE+K5%zq zaMH%VcCR&GQXSP9I2}JPnRz;Y+yg1c2G3}#M%T}EWT#8Rb<@w|Q>5Vsr6v4NQ*WMp zlHXwh1#C+NMjkeU*Y2N2lH$uL@ndl=YuWQxQ)1|grJFu)-J*Q>p|iTW0K7jjEmD?d z;trGL$FI4i0ya5jqmILiVTTI&>zP}jT))vd--0d02-ihkkS!&(g$+do?XE!8sR-fq z)-!RZe%wtYJrp9t?-4D>B68NRpn@4km-hC#xfNmL`!SQZq{6=4v{U4ohfOfu3j*g8 zTShsqqC9xyqUe5kOWTx8{VE`_?@S$)-5X$@d5ovK-n&f!aFfrs7Uzmdm8KX4;FV0T-wvglpsy$7hXi*%My$CEdw9-fFh-5G%B`}+8N%45HA z|KmZp;ZL8h)1GxY%Ut0k=oy(lXQC|A1)aI=bb4V$@ssOM2p_JkLNuD_3iZK;vMGqU z&y>#&8@3r)aMu#-NYIl^%?JG3k@tx*i>?y|aBMfJYE(S^N{l$eBLrKQnsAW@oxEQ7 z6lcr16f?Z$6M+r(?1g-*PjjEET|;8}l9nth|U}_fhG!PwgRm z=~c1pZZ~tO zwS4qZ221OD1xv1%bD19~d%i896p;PlIjV+H$)RM5McnB15gRjqQWbuI9{qA9uImmD zv!!isvJ*PImdOI%O0;QOJ9H@2DF(3wLNcwru}n&ZLP_}XbJtU+PTeW6G|4u%^oWcb zl^ls%&s@_u(V3{k9^F`Zb!g~f%V76m+yOFwM>1QETSa0orvKC_=0iiLa}#1lyT=`| zd(1K76snHvrZ});3@1MBaQ-7ozIpPxq!4KWenIe(X5lki#=wcR&cXOM>unPgWG*}%jCjPmS9cOwAi}r{M2>CiwE&1PXpq* z_EOqL!Uel<_eCXJI+b+^+2Hk?ca>eXQ}&%YZ^vw$c*zL{XGk_uQd{lzj|}pk-VAee zu2@D?slcJv`p-1?9Wz0iggN?IGL`=7bQ3d})dCcwSs4ev7KP;r1XX1>WnUFrt_$8^ z>VTr#M;rren0j{DEsa@4Ix^haAYV?+NBO(>i+2Nu4s|U`{>b>??j4t1hLVqcwieB@ zarX>sfx_D+m)HmDW}fDqx65@Wu3u~X!Mf1MZ#$6;#Ipm$o3~rVUefAr z^LEJD@34SC`LV8_vUe6;P@&hHyd;aN-nWuA;|}9HX^6D-As1V)oG%aBg0Pa}i6LS10A) zs2_w9PcrJ|r8Z`sjQWG^%_KX2?~IOocQZ@WX91GuCqQwtyGkgig?+Szw?@Vu`8%Z5 zcI$SvG54+=>Cax)KOrbqf4}b7i;lpB%RwCl3ym$hbUFLl_;pkj_-F~K9%yQX3cEgn zEE=xFPj26%8*Gp~UR+V^B$ye^ZY+b^mk!%OkH_xl5v~1l@%WyM4jm|WFL7a>Wm7+%qu0~kR3kVg*DJ%Bh z?c~OAPdI7HOgU})CP(1LUy|<1L;j~g-5r%pbBBBYnifz+UQrEBo`Yzs#TrFA#_$yjuOC(j}f{i3asQIE3;0hD7Je zqEb^l=5ByI9o8GWEK2y1q=wUGliQo@1}iQ5`oG55i6dj+al;Q>N!bu-R4ywJs#OdZho0khMjlwNBMV z>(^baKDIVNm2phA6hk|fPGLXKfmY5$p>XS_;G3g>T|@sgXY#{q!y2zRj=OshJL7}A z?R`9aOT4ERkw$*lK_00;>fVxQJL3N*9|1b!myf_MF z@Ri&!hU?22|6{<6QOQR6;*{1v7h3S(b!ajX7>*iOJBHhL<)N${vFjLtm(VYhGc)0z zNU05R@_*hc$#HFED*R`$q|UXc>*R2M0uAi*S?U%aQ>p*ajq6ciZ6Cx#?aeNkN;CIg z15@Le=BwiimIL5vpM_?zpmG#^G%kSWV{9;He{C?Jf7W1xgzttR*9ADTNxm{(d31Z{ zWX@8%&W|eWKVGLZoQn6`FXGPJSg>+)Z*scoH0SIzV=_>*q_ShxQQ=&r<@xjt4 z+3Z9K$=@@HbVEsP`|$ta&cgoal@uq!VV7&=ygpqk+Oq zuh=IcaWsOlfzj814^g9D8HwYl7poGEfv!k-v z^3Gdl_IJ8Ix_?v8>tG#C6w?`i>bbR=*_eXq42`11xz-Sk5kNi50-D0ootowMYtX9% zVeMJ-KPYkt42|c=Qv*(u(QM~4`>L}$Fbu=_c315e989Z^b0v#dRBUDL8oRDaG1pec zy>AU-h6GpSGU>v@^d?f37IT)Rp`St^qAGFP$6c3x&m9PkM9De11E_!(Pzf zY!|bgvQcgdFRNRJJ1$CO_gS$KCxfsvwg))^hQ3xvHPD)LPkq8pa2K-;LOK+@f` zq9Pz7VGJyrR#XHUkwHcQ8A1qC7!v|*qo6WGM41UH0x~24fds-NV`L13A&@XnA%rky zfP}!C-g~ce_O7!})p@IS?KJulTU}=&#viAb8}0HSdJhn|mAI*L_fJb&#-5SxJLU~5J&DjEy@PadJF9x_S$t#_ zHjywf8z$3^kjm+)uyd2R3|<$lB2Pk`iG%hn!40nbVRyQFoLDcsw@-`ia3J(ETK+f{ z@SFd}h*O!p%7;Y7{L>p%r`0o~15>V{%ev=D-EbbsYgpBV8*0FmGB+Vh22Pb1ojdiF zepvmguE~$A5X5F*?^0Pvtc`8$xX$;|K#66MvwBX!x{Gw@|L>~9yeINl)j9Qo8X3$X z0c#l<#I_I&SOQ(Xdsjr0Cd#q~R-j|B%B9|h^bO101t&tl{WYsxRzeueJMpg3aB=cX zZ$fe1RgHSn*|SSeermH(F!q1ASk+u#AJ&+FF0D%aSW5b*2GKS(uiA*0H%C46d+mQ5 z{cjqi5@)|N^g1)T$;B=0tc?nM|DSvt(6)kPT2?UMW}zLuY%eO|Fk z#o&*a$pogFqhl(LnweE4H-2Cl*qJT-!(Fa0L2&kA)J#FrU$)5KGeZXcyS2!Hxmjee zQVytI*Tl9>@7U=Ugp3}bAPV)yc9{3qdM4P|S{waFGC$csm$KhYoRdYjXZn-_Om%3K zdIUgwUq8tZgRn}-*3j<*k*U?(DuQFdm*pjmPKA3SAwlz%eVMkD7NAPdHuO!Rx>li^FYmaf z+eb7!da9nK&2RmR%)Dl|Q(TKM(TzHA2|c~PGSnAc7aOtI+8te2wl@xc+IvUGX>{eW zD*BxTpuR#z%k3gxmvWs!YYlBw&R~C=P9wQL-#hcdI}bVXrxI$)4p@5Qt^uO&>q0fe zXzPjI7{Ef#knvS5n%dV`&W4AxGWrj`G!6qx7eWZ5{*sj1_C@dg=R z`%+|XJ;K-3A2Ltf*0;?{b^~Tsc0h)6x0EW%p>M#k4B3c@l7X6BX6{t|Vt)ix23;#3 z8(PSGP1NNnm%q*;NXl9S9|ndbr!AQ*SZW^KFP=INh|64|Eb|l`b;q8_7lX< zfz<+FZ4-ys`;xnrUfM8i`O}+g4rd`oE)HmL?66(LsNz740VQWjJTKzp$3-URiw7h~ zm(Y(ahiZiA)~()2oUH%298xEHC^6&0ehQ`Bz@2fUSyc7yNS5&_5*NvYpKhBOBspV@ zn7j&Sh`>FxS-d4?scQH(j}9C#DRd}*yfp%_-6DCL7fC+W<>~qh?wW+cRMP=DKoG%O zcHeE^!lG%uWO(15uJJNF#M_qnCldws<5O>7>SVW4J7*m9Pwk|in4 z-^}b(>xT|EdXCts7JmoK%OeTqe^0blfo+s_nq0dtFw{Lb6v+m<-&LBlhj}Ft_Ugnt z?m$RMvj<7`PUNMva#JY-R4?b&j9%vWi>LAvt~56WJI^8(YnHn@rtzT+RTHy8jQ9-!n4l^ZS3NJKQuK zQg)JZ$~rNRuk7wB&(Q8`Wk+2dvs+c)`aHBL9vQ?*>&n$T$rX}mCo-=+wWaWWJBHeO z<&)Ze%zY=MLNrO{M%}IYSLLxxyS*q<#tCB2*O8@Ppj^cg<2{BV(3+w61r%<%%0*e*=Lk8px>S_2yJbB4rY36xY`D$Ukx6d6 zZ!YD!bozADtlz74)l8Z8_-Lz(Hw)YvnMc!G?T*Q7-IXQ|tQHE5wL%+l8|qt)8M{S! zv8JY>UZ&s*RiaID&B#By06_RTFT~($UjqI{e_jIl*_L100vI<0vAPsqZ1l3Fa$mav zIc-{G8tj;F@+s__j<1`3A<+c%vNvFYXE+*bt@R7nMvx0tq5|)Sg&(VSRoe(MvX076 znF*zo)#4Ao)q#@Dz2~m>bE~d|c4Aj66k{(6a?XJ_KfZIzCeMw%5#E~eigkT~0>%Ox7(VVVRp8_7{vwU8G#TH2s_vGOx--msZRyd-2J+^inOd0fVr*frmEk( zPJ8Wa(XnC&L7B;^Eu%-qgPU2vi7j&$p|qw6!CZ}h2^NRhaYwRf{(v$)Vxp*Kr$3UJ&Nj26tkay4pB5}bFAUDg; zf`b>e!@5;7d9$7Boz2Szej-E1)XetKria^30(EUu$%zg}I|Ucw8&*|opItOZ8$9Ix zhBuTLh!iguogDM!CE=4!gxrpD*kaR-RDA7=1!0kbHZNYGxA)E@iC)p3jy^>L)b}MM zO4oB&p3|G9)r4Pc0KVU)53v`1$j~2UXEcYY)kYw<4stouz@~1^dM~Va?f|^@OvkEL z#}u9+X;OkR=={-K{CG(}K@5jiKRM*3|jdEfdu90or4vOjB>va4O;4@Qmjn zuT_dOD5ds5xRz0K4O{3zg6Cl^g9a(Y1{}tV*}~G{Km2tWv%A6H((C&~R3Tal{YF{| z*BcUDoDcRtuqZb5)e^x`l$3_l4DH_}`M3m7n37h^cqCA=jVgJUk3n)&rpEF?^OO8) zAY;Siz^(yRK%^TrZ?_=h87y~keZS#>qmf@8W7a<34dMQQgh-C(rr2@y#s!F_V9?`oo#cFP`{0}M>I zKQCpoX|s5lrXh1#VN+uJu_eDk8M4Tw->Y8Vv+sx0B_CUX?$$!|XLX473^Hty>EyNI#_+HwbvJ86QTR(q%iz{=a}HW3DMyem}P3;R`# z<5aS(E!XUMU$mB}*Q-Cs0CY#xcl0Mo_kg9y%L820=G;g5V=4baLxG%Td*IrJT*80J zn_ktNaMpRlW^nomj!U*vVVzn~LC9w53p?s$n^-(wFZo|>Wxw|Ma` zO7=NTBX?ZvPcjE(tN`Ip3cpUwo9<_Iv!eQ-?-jK}$85GGhk)=&Z|KhIot=;!$pt;u zCaZ6*AdFi^&+6tPaB7|_z14x}R+(}G$VCeK~P`&K>%12OrDaoMt4c5BA_7i9-|E-$XY&eF9gpXAmsVKar;V|QJtY5j{ ztebN7n93e@`(8i$wq7O~`i*&vKUdiJ2kJ+1r<3*H)DuL6@gsl&NhE(a<^h@f&eb z9X@~^fYGX1LFGh45VRq6Ov&?h6Jp1>-wK@X$_`kvpwLs8CP!DP9mu{5tfw7LBZa5I><1pO-k|DSs%ydk;!sfDsm#+e ztyb^>LaHNKHECv4vI9TP1Ol#Z+H$f88i9GT@(-uEh&z$wb@!56_^9|?1lQbxq;L;m zdqr%Aig3xH5xb3D*$H+*7yK16rycvCD}QqRr&#m$_)DVw55f@Wut7=q{kX}QhIfeg zt72>%k9L5Ns)jt*YVx zuh)K<7@F{Q%~yws%St$CQ(>uiMQ7&Ix1y&0>AhMCV~!M`Yx4en$%pU{wfvQ{b_EmT zj?P8tI6N)|pmvi_vH9IpF$bNlC9E~Dyr6{o4YDH_SQ5wc1+nYA);@>8cq)@r^0Cnj zT%?mZZBWx$xWeJD1ey4n=I&IwhVI-q+SVwUXgFBL5*Qs=7+0G3;C_-7XLUGk4_dJk ziB?~5EHOECkr#2FqGL1c_09;my5~T>i$I~2%Fws`W3jig*l&LiL0OTie>*T(!v~4; z*ta5U-T!h~*rxBfyWHbN1tuf>0)q)5l@5xXUj41jz+XkoJVUcHovye&rSxFI$&Pj% zi}-<8;II%=wxL?af@+~;KjN4l05bWYVubK-Lt0Wfh9{Ivwrri}bxq#CHmWOtu zafxojt;+@eVC^KtyvDI!4tVp|+9T;32XoaC?HdJ^xm^X`B9*v5QLI7{17{QnLqWWP z&7IU|;)NjY2Lo39pd-60a{m_k=~zy)Rm~*fn%D32!LjUvzgKJIdk6y@+3Qx3-wmmJ zqdsgvv=i1^Q7vijNiMAVmTq_zVqiqbJBMu{*0Q6Q@ehhz@i%5@We~gg?=T;4fG~wv zjC;z4?`URhiAYzRsO3_6*Wy)g85^ZF>0#08YPRfV>mKOzrcTpe2PPkm8) z551|Zcv+|nl+(E*VS|}Y|GB~vhY$QyVc9xKP5#A&!DB|fW5EU$KBJU3l5xMC7YiSI zoWT5HVd$64%+ky(7eMcpos`6Wjahu$t3$&-hQG7w7k!+Ah5&R%;v*Ipxp%TQ&UKZW zS0(F?K8PhSUody_d~P4b3Fd`6yn4^Nj(Wo^=6C6jyOCb!PaB6uUop;NzV_s@I+4v+ z&bV}LZnixNmdvqbl%1c+Y+>^c6zFsJ9+qH7RgXX1ZWs#PIcriZV;SuuavJG_L?xd_ zpE8(UIEytZC_yV)0xd|v6JY+xd-tM(`mv&dY^p}S%%`qT4KyzOy&7#I-2qSVFsfmE zDP=`IFB}E}7p>Ga3Xyig+m}X33DAffOe_c%v{7TDDl>tx9jI|t8~7pX0I%EYXw-Z& z*E}lrt>+nCiP(}r08Ku(<&FJ6I!Lw$;YB9*1gDu_1GVI0^Z|cKt-4Tr%Bi|-mt?u7 zirX;~=NO91&S4@^yHR1YB4ZlSAd9)1m7U8T&DFsj(H+B0QVM4zYU|+3PK-YH-3D@Y zG3GD2EdPvw%9Y*4Y4X|n7#ISJ6CW8}CY+#c07v0G@%7wEZUG+{RzmZmZ;oAybB(zy z4fV~S%>DW9i!jE@WuB_=|LE{VrZIN`QQJ27CqoN+*s+fjBXIC>Gj~il@|cNZzl1tt zoL5Xr8hCmsI_|nS-fsSANutab%66@Cs%G_T1*E)n^PBU~KN6+IBSYV>YkTfujhXTG zI7K-_3>#{4iul@ml6|$M<2h+_(=QsJyBAh;_VC#;i=dTN;7bQjD5+sso(z6-Q=IBq zH2(6T)$J`U39ue|TE}_R*t`lCzDVq`(4D(_INmu)%W{_7(XteB^N51U%f0ZWu+fc> z-L?m+>{A)lE^+06-4OecV$AUSVvLK5M%4Un7O8R5K3sqM(-#fa*xIu8_Lrt&Q^m2- z`(Ml@zED;7l0?~@{^y}Pzc&%}-@#ndU`+7 z9-y8iDXuQKxJ3pcl2KPaZy8vQHbSr%YgvqGrn0mt;u;))D^Q6J4h7)+P53TzpQy?9 zx`^2?UMsK6HQB964lhvs@IiifrLtDy5~6jncHO}-$3-2b?3Dggd@ z<+)q69xWd0@1=Nq@8dfv;Y53{fQ&mlSB0#7YHl0~qWTJC$Leo+9q1|i*y`^_ zcf1e#zEnR2>IycdE2kekyVx`^ocsJiihn=Lso3U?fk2{i4G z)EbX-O=D|*!{N8+V#QnVVdx+?DRUsqw`pLYCgiuKQQi-F{h4{y1a5CyYRz7e>Xd64 zJ$R%gHjP@bs$8@FHO`3kQ-4MHS=!s2lg0Lwe6Ei_bvSVOe`jsyK} ziR?o$=j2dzc{+Aib}P(4611q$_0e*JM!J{|N)vC!8MY7x!kDehb;463iZLJ_&5xK{ zf^uquOc(?Exsl_^w-*9p=xZziY}Hsu^?HzRZYTqG01-a8f^monDjav|g{sSK`s>&0 z%ayUN)LWVMlx|!r#5Nry&DzSu|Dpt59qD?{-MWLogazA_)%WjwluR3O)Ro)0)NRTf zqTNw!Tt*{wt4!kJ;vdjw`Q_FCKT%)SL#P857O*lx*M_~dfZpCH;ud&$UE~?+JAfBi z?AsJ^SR~mJZ%0kH;x(=ZGsm*hK@;{(>|xjbFq^Us#ds>smJ|%xaf}SdRNQvDtr{X- zv~dygn0L>m{yT*VVw~HMG*Ot;YnXV9&}nVrC&&|AZ`e*So#>R$dx&g|C5Xj}XyR1F z#F#YJ0;roaR>sE5CUIO@YLrPiDLP_&I&aTPn1E?YV zgJqFZc#o31sihSuFkX7pU6qA&7o!M!c|+l&TKA0_{81!_n=P8yffA=xJS$+iVy?y()VGx1aREoGfyz`#^O=g)A3UzIuu;sZj{@26GSo_00 zfokwKb?|jO`K=@vq_1uoZ?Ii4id?S!pE&!yUi}jaFR78Pt6GNxnY(4Z`-o7-e*c(v zKD*68oFKPa?wWDtY4rK}#=A}bSF$hfXt@8hxvYEAPS!g>jjCFSLtBiNwj20`cSY&I zb~V_+Si)ynI0ZK;(hBgDlkMjQMq7;?vX0%IR?=ymP3w)HYc(!8QE06-y(6LeE+r&N z;0|YBo(&44Xy8T@yoqwN*uQ7hQUI*4Dgcb7Ip@+gwZVQpItjS|%9)o@;rb!tI$I=QP0~a;Vuw8*}}$!CzQYd6>LZa^rc#aaCWHbHHfr z66?CldU)KmmQ#`q$J$zxZDR0~HLf%~t=v_&`v-qf40P{ch3GRba&r z?)v`(&%?6+r@`|WY^;t|5J}c5=(FsdAmhjn1$R3yWZQqx`x~u9?;fp4Po)+~aw|$z zg6aVi^KzJhfnZ5gZ4hd=qud!HZu4xRp#IA7@a!gb>oq0?$A=e0KReVXV+d&h|tZsknBJS3pT^V`f68SkVsLWDKE1QL|c?O&W%lh829`YHPU0Co)!U z>jcoik=5Bq%bGMuy16s`gndgJ;+)cCO=7@H9?snxs%Y$o25;9*2?h&bte$X!VgE3j zNT@ke3Ew;g3KX$G;eu=eGu10#@*}P$`w4q^+_+}W+nKa^5jmSGTFW-os(EVRP$YW| zVtb3~XAK2hd-NeinP^+PJSCtHbsf76R7(Sy^88etb+sW&mR#- zPN2{lH8&s!IW@i&P0(OEt@^3u1l*M2y&MZdwLMhIH+kUeT3c`zZG9Eo1<`RuZum1Q zJuzU!p&5S=g|=f>`dg9|?i-E@N$46_#5992gG%5u4f`qSd>S6Zzj=9=9kgOs|F-5x z8SIA8k?Om~H=Xo|BOL&o$7*{pu`3smyJKW5YF-W$euxT~AJ>50H>W#}S5px;`|j$< zRq6q%<0TO^V_4aca}}$fk;=6xn9^cY%TM{D!JCy}gSb+xOD;x@H&4~I0+RJZ8zod` zx+NnL$OxhODH;6&tFWM)fd!Uf_!Z@GSUE8;AeenS(#$1_t;cD!IC!M!HWX-{cK||4 zZu*{zu$Gwpxqt^U6`<+<;HQ4#JS{(l* ze_sJjFN`CRF>aM3r?i~ynj+s#keb^GBk({q2J`J1!UCT$9_;L!4^f?ep;%CD3YUOI zR@z2<%ZLfJ62?Hfa18?us#3!s29{eIi|I9`=AK_pG3cijBC4d^8ZtSr!xCVQnWx^l zkLebejV4gJ#VATIob$8kX=@%9>@WbpMp2VtXFg5SshfvIFoJY!3xP39zWnvI6L>cV6*ipjM` zs1|>vrp%NXNSx8ZCMSRjiVxuQ+=!U5gRiZ#18Z)mmW)?If&U@Ic1{C~wL7);$MB3_dg2Fo+?rE^U@n@!+n70=Xv@a^3ZK6Rl=`%df5WG4tB>6Qx4~U1SKu-F zeHWs)9_2wx@f}j;?E+h~hO;C3i~a`50C!s#Dwih7o@sNJEOHF2AhN+;Q%sYAExXMB z5ZU6u>f@A|P-R&mbzGhz)Lav@rg1e)9l1guip`p6w!Itj z?+Gi-v0s{#5&5u~R5y7^21QG9O{vVAM2Ba?54ha}mE*_gny$^tbTqb%oFCh0C5Ri@PJ6^IyW6 z|BoQL0qvBm{=97=jd||w?mxPcC!?voh}Z27lV#@NmuWznyaOOMZ^>YD5$+_#d;cvO z-p%Ud1q?Ly4|&T*&8Q~3XtQ^!A7rj#`*va~0HM)+l<%egN&mu0D+@zj;QG9?;By6do zp>dpNU@gz0vpSm+hgD12GPrL0>T0+>aBlvoP(PEFp9}B;9t)1KvegZ8DrefpGb!g1 zThW02yhOIIIUp}Du{;M2cBrekR%n+3(BD2yT1@LjY|g*&bl*{~L8)9O_j=U3U5Unu z-eeWLbL^@&*Qgt!x$@GSI$jr&m9HS)JE%wq7^XJvOuy<*D5}j9oER-scozisH<)|80&4LBTIXr^3NPe{LZWUlP1}`) zqxKdM8FBmI+#TKq-5Rt8C2U_13ET@FnfK9$6G~dP*KXaT!{5vL_W~M5F?IVp{KA=O zNK4$_4u4(HPk;~5yT`yhwT8U{>#CW_M-l91_bT}omLHP*JRMf9F`SU#55FheeNr>@ zsPk2H1Vg?V0&m{;676+N_%yV1$L?mguMJ8OtNA=u=C@AHq;~5>Y)vPHQmeMnLI#k+ zQ(brRd)It4!1P^PPX9(841YTp=CfupaXwiI!eQ0g(?1cSBZDoN#b_zl!|lI08w;)@ z=hGTExZHz>htWf>koFs0#d)4V#wdIGX2{$A@$eUxfO7QY+MUQoC$FaRQ}mshccRiLlj0lU$>q8(3o&jQ@_3?~%B!-AYi}ZUmz! zmJtg@iWAW-?w%;sn;#mu8Y}K(dveUUl@b5%$SDt`LeW{WQPIYfvhZHmvvNOn4CunguA(2 zB>LpkM$IkPV5~#42j1^5CoHN+@VA68dM|p~2ko{Ux900G6WCJE`NoJpg(u3#3iTNt zx!RJnSZ5dy6uNQNnHc(9BSsUI$7~lA%f_}?07nr?lKQ-jNd4hy5oUo?X~ri^MNZHO z%7zzUvv(;yVc-U;R^2JnxF!@^75EA01_OnRm8?|*4F(M}`f7b~``NBY@*QMw2r*?n z>OAcCfM-^QomNphLlKh|@i07#F|jK#fF6<3-Ni49B$qOub#C|>MnG9IR10P zYD+Ur(M>d8d`HwsHVNy}zU^zx(10~crpyy#nCU25;roUt2~y}?PTdKaP8TpxkuJWp zgB8UH-qGA1N1@*$E$%XkawpPv5=Ku2Mfd%vl!kdla&e6xWBjSMUOj{2`iVjf3${w) zdQ8Ij5Q2DB4Yr5Mq+7RaR;RQO*A5H#oz?(IP`2*+VY+OfP~Ul~m9q|v>BBW1L^SLk zCewyGIdGJPih8fDt~?|N#avg#BUQA45N&mDF%xZmjYJ7}A8r2%- zF=N|fcRPXOSVCeGn^916F&|nXS_V$^3-Fcf^;};Cs$d4u^HapiM9?Q<{Mi>xTbJ-A=pV;Ld+(-HyLKs@b4UqrgQ?CU{XzryP+g5Z&)cPW56L46K6G^FDL*=cZ~-@c%a z_644E(qJ=NLBcJD$TXKuc6scxWv1N znsO>K$%v}Yc8fO@$C}jYC&nT^#;5lpWr60Yq5siSgM@m;GmiEiz6RB~`dZk7F|o=+ z?2;O(xUUvyC?!~MuH+9K`sD2S=V9?K&ef0Nu~8(lz3~WCrJWJbdqxH1ഽXvJx zvYW_q^tp1vAx_QCVMD_7xtxgx$6m##M_q~52iRU#AN?6O2`$fbag!#KSAGi|9bEY- z!`z~Z*1Obp#ne2DQYaU0s-C!K0!$L!Nv`bx;EvR}qYKPim`F`=8gnmr#cW3KxqI&~ zJkd}m)bQbEcN4m{E03FUqlZ2T`lZP&@NKiUQn|Sj!@i^e#V$5d62EgkglE~0rIIKo z$+e|gp4_sVEuLpwHl8x0+NvBC|6i1+RfP7iMy_qlhmjClnkAp%OsUk1Tm8m}iNaSucMkG!9bLw7wR1R0!^@>2 z&U{?`XHAnsNk_z6;&{yjb6m}8vYVf4LM08~)EEEoj%YO13T4Gdu-~*0lSarbYC& zph^=;fJC*RI!agEDl=krD3Kn5lqGtw;C8gjsObz7K2p>k6bp+JMrfS`ST^{1LlhVd&ZMfP&B5H|)uTpR`(nTr5NbL@Y;jjfgi}YZ`T?U=%{#~S2ZN0$c5gds8 z?B>YJn+jh5^BKJxl}C)4#^m&)37psKVT5p!RTG$vg>(5JpPoR1V4#qCzWXPZsuIm< zrbms_S~IcLsMGwg#rhM0kp_YiOFxi)cbak_* zS`m5(98yqo#&_f;*U%UiJJM}m4CS;~-E*3p<->EsC$%GH^{Z=qtLgf7&|AMo;+?&% zr$P!{cb13~y2PBRDoP1wt;LW&5WBO^8gNjh!VUXJZ?>!}!dUyrwND%QzNV%EG=K25 z+1lHw^Yjjw- z1?{LRjzh?lPYOQAtRo%QDolFpH!Qfg94N&!qEO6*&V1T9+zP1<5lwt8`XHN-etvx1 zMin;xmb;Z%oHX!CWA8|u6dWlEuTQL4aoG=1@i}@Bsd2G3l^EtXCpcXK)gX$ zSjWEN@N#pYQjLJitu-3xO1=fmo@nT?zl`yvfTJ_PVT^sQu~GNH?j$5)d7?Vt4hcKE z8J55j#IU@64bN<-nb?+}sp*a5**44;4}o~I+#xbViV?vQea=dQw9k+-VG~E;9E$a1 zP^LTY4;XTiyjG_(?Gbb*vS9Ke>^sKGh&l<;)K&ucWE#uciCCfpR@;>{PRM~hfk=La z=|sF~%Xk7XA~|Kk^O@}E`C%@~t0R^<1XQJu678DhiAC;jJx*x)SDh~`8jyUT*rS4YAI25Txu*{nu!Hd^| zg7leDQ1^ze^<65h!dKWzSbB{ePQY{Puz5kM0{!8L+mRoP_C8|+ws%dO-+(Sm#|%A{ z=#&gS0Vub97t*rb2rgkqDI)VcQ z7kdm>JA(<5L*9F>!5(5f?}_1`S1^4rl0+C-J#g;9=erHL_8524mSH8=%Hc=>HPuwbYnb60-CDZ*APN0`-3xH^s{pQnHkDU4^$bwQRMt>y0xO%B2C( zi@RT>GJSFGQp{iTa|AZ+w0UEnk20Ju-K;lPW-O8&(4J?YW!3uul#>*uLI0~$E*qUZ zCL7)v{2U&Bg>v$|RJx$+?v?+lik9I;?oPwHR`WxNSe~RBNID^_S-xe50#F^Vm=P0+ zU#-prtPt$bMFrc$TR=-gZ2!%>>y@pA)BufgkMf3~s`yA@v5G!tadn7lKJ0M)&`Xi> z*y^|a@I|4G0@3c@3c*;9&1HE##*$8;5%X0*lFt8`j`?@U7IwMtqSg+gzVT;WxmY=u zJ$pDDx|LP1vC#FUKcYedR0-O&ukPH6p%fJuY;KMWy=2D3pqZWeWI*wEWs?UXZ{wE+s#Xs>a#wFx->G7rj!my=98fT}sWX*O8j2FjhTt zpz2V_`8iiSAWvrjO^5lDAk=GLp=0ATS6dTS4kX^N?ymyIh^`t5=9OT0g&ALbw8(so zhqSC@K^9)}zX~r#2fFNS@9;lw#Cq!Oub1-+9Qtn&OAzs>C1~~9tW;#paaa?i(8VcE zsBdeLdj-(ok?JZwpwKtQIDW&XB5&k^P2#u>ve?qsOuDFFLnS4N~u_AO_o}gwbWXf0xz6piV-G&2t zB;V0MRjFT|4syW6y>ms*odcD?2r$&*MSf8vCwKkz8)(2SQU6x8&NorIJAN zaFND|Mjk;*I{H)H6*)^1wOow_AFS;}Y@R8o5~Gbe4}kn>sh+Y+ z>{FN<-hV!NnSAT}Z)~*x_}iuH@1K3=(+478VOB7u23c$bkq$d`H%scy?|=Td{Kwbu zwy!+@@%r++7k?6$!Mf%4Fn;~HgBd|r)M2neqk6wC&4f95=~4w9Im1zUXKAK1sXfqm zR(%u8xy$2@I?NV1ByEYup03cNj%RSf&fFYN!;98k_Q&eLPjWYMpHmT2m5^woyomPGYePui8myQ3AKL-uqE3g@t=L1pa$mz?U0>>h zpgHT)NZ~`}ka65NDNuvqUEX1(rqTJQp8Mx=foqDd8&ZZ6*C@p|*#17*FyilqjEAmL zN~;SoHYsOwD+8B)xEvdoDmzpAkL&Ef64B0I>2LDDnXy!EI+9!07^Y5vg0|(No5o62qYO!VZ6X^QK zr-35b&H@SpXcP`hM1U?oaP%{(^Ol~}?10NRzj&ZRdWeQ8&A)-@R?=3Qt^_{{3JaVX zOsM@%$F#Q_|3Fa}ddgSYS>t6idll>QPNVULRA3B#oP5SK+@n-w%OLV>U}Lbc+wK~& zVm(gt=CRW$IyVV76UX)(q2%Py&#*GtI!j2ShG7`=54&FI!VcbPZlp!-I$DMP&dyA! zxw>}g6YG-`Kh6kiO#_GiV5o)@zqY^jxhgaNNs}}uMUKaDgve1~j=lx> z88Q-2=^9nrmnlac`*nKzq~BD{5yQi|V_XjXR6fVRJHbIuvwgJ)xRBid?3_A89aBOk z|GJ^=OMmEuRMg^FC;1-On%a-C62%V&n7uDz$uRAZNt=(Lc zg@2>bf0lj%dvR;N37nz7LDnCxd&0|cjBA=M(WqE+bkjzAC%->ktH`^5SATEh#clOv zZ3to4PMx!rZ1bc@Bk!8m2@eIWXzzUT)6*0-n;MKs+P&t^YmR#+%eE^F?-*M)XvCfk zxmQl4Jk8UV1Ey0`q%iCQt2OJ34c@;7NE9RQB@>cgv`7?bY5@s-GUCwLkR& zwqNy5if8|;9J)^rie#(pSzcZez?crzfsq=NZPs-Zw zNm`ai@i8kReHhkV-~R~wg-&sv{}YQ|u~Xy5@lc^|l*#B5ZTA9Le%raM8JWpT(|;#v zlUlcjYXD#E9C#GXopDG3yxdrVSJg$0CN&4(pB4^umFoUoO>R_OORfubm#{fegEM!j za`Na{s4`)~JcswMtVfTU$|`Jsr>3EaJ__fmcOsR;${inz7vAN0-hLx6CKA>6)Uh+K z(4!rmtFJVe+BMNCKbhnfWO(Jh7yYn zJ7p%$DVuF&4qxyw$rklBP9aB1pwH)?cW3yfMBUeFAsNn}YfjMKtLZe;kUZuu66p(# zmXe?4_Lqyv+mP7gcCRK&+@NAh&29}Q3!mptt-;&5cRHE@Hq>wCpZ^Ix_A@4H13IEp zJYnm|laDq_rX-q{HeLK@7eMX&rY>Ls`V^}PY=7=vKVJLX!O0Q(xVa_r6Ie63XlcYO zM}NXiN7JhFX;JZof~fBDN@_B~Xj$z|Zc9S=uNO2`79I^8rLAuD9AVJ+`p|M8OhsFpq1F$>*keA9Tu?bl?A zcXc~2T`jrFEo5Tk^|gRk*uJCYDtGGm-71K2VF&EphXYZQNSbPt&s_9rsML?-5F8?DRW{7iQLa}&cjUg6#Hu!=LwAJ{?9H-`*w?yHqw*&ktt%vOQ^ z7_B&eR*~^X)|`$}9k@+p^6YH&4XNPy8M(Gt8TwZ}W3|5%FBtgi;NKpzXd&d+uh;)g z$H%Jmi5~Xbgt-yq0J#}Co`wYlXFzAt&+q)m-ddRKj)HG{?~CD%{V%)!;k{Gh`CjEG#1cpA-2-%$eyj8e(c1L4D!C^ohN~kV>^(e!M!N=>Nfwv& zU#B1H$fk?jpH&sgb!LHc#^2f>zjNmvq487g;_}Ifmo$MRk$aBO8T7+JXlJ2cOYiCA z`sKeV3@prR-Z>CS5y|D^QG!x%!?g4yoo8}-N=7AF zO2n{A%+K*qS30qj@JIH$Yf4rwVjer|a9-uKU{*a#zvTS?VDG)Zn#|vR-(gS~L_np5 zno$Hqx=0OW6opX)WRN0N2+~3eNDrVR5a}uiND&dGhfWAB)Fe_P(g`)8w-8D~=iKxC zKF_oE-e;Zj!#Vqhv-a7404w)RvOd@Q^S)m1>xw>`3yN3YdG^A6qBXkJ+;OnsAjorK z5OdHeyX??@>~jeGU=#^=$g@74F5^ z>}JB3nYR=;es*MeqzojEULzS(`&yfdmS(A=h`1;6Ys-RB4N@knKlM4@1!gz>Lj)>F?;?fw|;$#hyTNDnd%2Cyf)lT5M5eF+)LXNj5kkBk^8`2g=cW-sfUS0zL$azIRj zWIs$=O6)!AoF;rjH_jIGTAn6zboEEDQL%JTS@WFi(VxFYe+uA^j-LQGPmEN(>bO;E zd*tWby5T0|6IvDS7a9?UWPxGocTlfOYW;mApBsSIZSy^`7vx12-IXe6~ zMrV-C+E;x=)cE!a9j*=sT160}Ve{fBMA6b&N_&Za&J}PP3HbGff~47*U*T z4lE5p+&cb(E*JAewU;&&sA1kEc!I0xafoB(IkUa66)4sYULIzQ3oF$iEj^Xb$@t>( zF37ALSqYjZm`P?KR%$S6g(rf?CyzY~ak8Alp|TfY;$*%YvK_%!o3FY9bWpo@10a5>~F{!9Sjd&C=V|-7!);zB;@S1|Ku~u zP<&YG{awgW)4TnBQ~sQzmKJimm~rxf{ix7Rxm#K;XTmQC()q)}JBM8zDy%JGZDq6l zEo@RFjSCZ2>%@Y6O26mK$Sa2Nhx>WjAG%;uCOukF)gmSnGDIx+W=HoySLN5>J&#c| zylegr9^^FDC6p{~-pv8Td%>BM76;wVmNnqRJwY!^NHdE(-YHjAdZ z7iTGAsfq^a>kocA>Zz^1m6y#IOd_K7=;qqy-1tsol>brsR_wndqe|n`hLr{rw~3j@ zXB9uU;!E_nzB9Igm`T&>eS7q1yNL^BNHCHcx%z>hl>&S*`yN)KVr7;n1v1StXGf*d zEgZyXTFr@O3ywjucR3)Z&U(cCS*l`!t|nhGoCun4MCs13-VrwDl)Ue)YulNHNuU}&OEdvD?JO<*se z*Z8Jt1jkzBV;c>8R~CQSFy#YxzrBHs1fmcpFxY-Lebp#EoiA10J5+{}QX@LYClbRr9rX5^{ZX^`y&nL}|VboMWXGuCRVn_VUbYmHVTjzHCCPUvCDR$;A)w=N#V1 z&v>j<4)Tm;=tAy1!4}(>CRQqdP(x1TYBnpaeK&%I$oq{w|Le!C+fs z0|}IOlAE2ijEy9%(+V9qt>^p@?b@pjI-=TUsM>q34rklm+;0Pt?#G z@N1>k08L%99A+cfi$@+8=uhmky z@ie#0_hY`UfZD3ImiM(f4x6tjij?Ds*-e(lv8Uf6I{OON6Yqpsiw`R)d@e@lLc19-iSUhufwy3SpyAA5DAZj6?QGYQrJ*BpQg^iO&g6O@DHlO zWN3i=?#ehm5mF14^W#een;gCrG0|Xe1S9yOk7>lQf-v2h5-6;??$3OAYD`$xJnF1B zF$=+0XRA68pc~3@Bh>6DWy z?bi!SOb_i$w9OG`%8OI}QlG;16(=)8&uMIE366@kmtN;DA`iR4nNbYw@T;I zL__7}1S(lMD=2T-cVM4~5=B4wEXiAQV#8=sO>p7>Wy%B?wR!&*CU;5o;*;Q z3>yC!FBZOp@$Ds&DUpDiX5yVXg~R^KvFKq5z?nD{Y$K;jasm1fIrUy7(?)3~QO{1VoNL@8nv{rraSply4;4(%w7t8h)?Kp5$vjVzI+|{o>s8 zYj3ZPfEbt1-_^#GY^aQJB`ZQ+ujBrMM@Is3HedP(`uL2l zGFvaWV;{SD~ z6Vr)VW%Bb*a-~Ib5=}2IQvG@h*x)=UX_OpC0Y(kc>`U&yeKR6v!BKH|UwGrT5&lCG zVC>LL3*dN#)j7Xu&Yfun+8qIy1Lcx@29M2VfPH>zyo?FPlSx8xb=ar9?INiVz8H(W z5K!D)n2mpXSDH~=-0O+*wi&MBXsb!`tT->~dhK>e>x$ zNge!0Cf1-mw%VY=4((Xn;Vpfda=7e+fE`8@nVe#8i`rT(Xt=#Ws~OyXDlg+X_f;UT z^Dw&UDt<>orVA!0H!|pVqda8BzP=)9)hw@xyj`S)tkVTHW7F&3D&gm#fGH_%KS4nG z9lRu^8RU~*k|-a`D@)33_xt<-9XE#MEviO|$Xn|0_h{e1ttKTyAFRFTuAD>9TmChj z(VO;#X+eIi&GP(F=57z5$-tXL+Q=uK^)hfWs#|Qn>oJ2|7rQ{nQG2I zlf@CD3~zOnY-{t;cm3PhJ2Y^e?^4+*yIOS^o&s<+E^or)1oyy@hEUXDz8OIai~QC< zqKf7N@0>K-PH$UCqhw`%Oz;p#GC@fU%VA*Y#Lw=y*H)txn5J9}G{}B!r?U1N4X_Z& zf0g;RqRg3CC)b5$WmBA5`vRQmT0mCz^rM&7!zBJ`Z)aY1fB*X8UNbGYl;EMZku_Cp zu24M0JM^O8c2u5uHWBAoOjDo0_CrAy|0uL42HE&}^+g6#U7uH~S3}EFMQg5?>Sq;> zmbfQ*tn;AR7-QhrAC30^!3ZxS(>f8^xOt917A%Lg24cACUuEKv) zwxv50-Fr_2bYw%gjBP@dyjlV!0)#_9aCC~qh}3z#$yZJtPyEA;*-OZzU|Ap0GV7@s zG%g#oKCom`bG9<(HxKr4HHJhJ6BDH7e!u@=Ms6%@5Tzt0Nf@z#%4%mQvJve%6oX9_aaCruddOYXZ?Hp4kH-#pb$poSixDFn)eHRkD1C( zB7~<_>a!}++^Fe7lC)<|?~~WX;^N4Ux`!gb@97 z#8^oWrZ%RJP;G=Y_kYj2-NZXlTl&01uPORrSCIqj`LYuh7&bdmQWS9|?X;04K-1^C zT!W87!wc8MU)QW@=BOLeEpY4Gv(B$g&qrDA?KSRq2SkK;91da_CRaTI5 z^;jp-#p68EqfYoS%g0ht{+>P_+*X@ESRw0>b0;1JRbDDDEXq?wyxoY}IS~0vww35@ zyM>Kgub&F@RKKc^otjbCbUrJ$MT6pUz({pdIYJcIE>lQi`&8Oy6gJc=Q$1T%*oWk~ z`w^r$67XdG#~2G=&n^8zbGwXuwela%kw-_?MHd8MZvnz-qZdQ}c{*Ho0Sk!X~yDGr%E?<-qh!6IHl{V+j3I z+>PsFSDp)o$h7d+M;%z6bo`2-kC~;r5iZYcFSyuT`L*#qLwi^kwj}xHic7S zMrTcH@IThP2|u(OzgUzAj}_IbJXtb-)?tgtDL?RO2$Qkt)O3%WB^a9j4B0EnZ0!Eb{4SQWGEs8+NDyrU7pZ-ZNT1EIy$o|M^qPb z8?VZ2G<~dEU;2gX=b!wTN5L+nz*gJYzYC|2Ae`U z-f80mQk4ajP-2{uFt}MUbtEYKQpgJ&9mZOtkIE|FYBQ*Y4_5dobjUTHMKPZJm~9&? zuoYb$t#QEJOpXe$-(jz$m(=e&(}zK4%eOV(`>EqaHFzY~M=uzz2Q6}lAKot${Y~d{ zcaAkK+aaDzP4Rh<-%SX+-|VZ15^a$vz*-^Q5jKdQqLej9<@Se2;dqxgDM^tIzy|2N z4Jab@|A&g`16cCv^ig}rM(E8==-90<@Jked8thPf_;sQd(8L7DEXme!^)kM4uwnO^3*{o6lIb>F@9ouEx6Q|p> zD;`^94u^O18)?@%{)`QNlpz~F{4i7#Xn(q~OZI{8k98W@JzatWqUf;UcGl80?LLcU zD%i0jWY|@tvNo90yF@Q*Xm!Kys!Mza!O0-b09%t}?Q%+s3xn^{0=a2>KS}FrM z@(|)ufNPzq;0Su^@143TyW@~Yury9}P{ICD;ZcE&|G}l4#bo^~w-X*NbxQ*p+#&hV zc5zculvY^wR(pk!BK+$D(7Ytd%HdWB9<)N0|B2q#(OJ#w%rGjZY?mSSkdnjP?vn3v z$^8uBsIFC=&SzKug8`qgO7wVq~in!T+E?TURzI%0yHn+kZdINc5Sv;^>5 zx<1dNcW_$=KUX;|VX+)%Z-uZj?zJ#dcAFS2E_W=wn#ADEGfIA|54&vK%TQhw7+jYs zJwyW9d#S?;4w#9w+II7_q`A&=oArrKY1z_|KW1hi^a_r3VqUPqs_{na48p6% z;X6}SXz3&l_4&mma$`M_jH0oU=jvMxaztKU)!&G`dP2$#sN9g75AY;c1&h=N!z#9y z&Ihf?3H=ocRcrwJigH5MoOZpYKq&UqaRtkXmn4ayGTM3U$1_c@=6R+`B~LlJ=HWHS zg)Oe-nOr$^<<(rL#4pF99~dQ=(T}+qdny{}bLGaL;*p8k;Bp}e##f|g;1@ekWvDC< z@8SffoiP5#N&j1?fO0GBGCL`E`C4z*Ej9)s^tXw1$ggMW(7+cn;V>bVn?)M4<}Y4x zVD^kzCOsNl#0o;!S(Aa%y)|fIsXqFtX9x+$g=PO}BK~f3l=N;9;_TscWm} ziqQUiUxClTf$?1Jd3CkL;uh#~`pFN}rbg*;kesMG<93sp3)A%2hR^QW0RQWT(K~}I zbPo^ys+*3GzZX3A*~F!1+Omomv+oLon5Gi(&4Hq?Hc7R2HvZZaPJ8-ATDpbRT5UGf z!t$kfPE%AcB?*_Z)Y6%p15Ual$$>wRq(-Ar9$UAn<5FNyFgrrtOXg{uKUgzS)p;tG zQdX0FT){5aw03U2(cb%ZrI<)?jfb;o)lD#jg(6?M{@w0)UwAqQyZz>;HX$o+vvK#2 zr9*VjNHlnB=bBJ!*1o25lR6j`DEJB;n%GW5?%tIb^14~Ewsej!P^IK>ojd2XXZ^>k zO=kPgSFXs|qOV9>kOscdn=DP8YuC(Waob$Zvs0ts)@JH1)5JznqlbPewwctSa%<9q zwa%$^W4`yLbtB5-b2ssq@qX?Db@qyRl7+%4m1|al#O9qO*5C0~Co3|XqDTROEd9;>1yvBdaPWrdi=vknb;| zkdic!;feO>_ZU*zgJ8F^li>sTIR4o<$?~>Gpvyf2j;c(06Y&NeqiWwW3mivp!81hxWOuJX?rz*cd z_0R782PXy< zA+%$c{%VI4%a`-iIVq3WVWbuEtT9B$q$l8O$*oe?gWeW#1MQBV3_N9yq(jimiXPyn zBC8Wu{&r3%^>&_3B|i8ooa+|R5U!GvLE) zlJ*+1a-8n}7Ci3oxPKH+hgA#)SAZF<%u2$oE9hyX?oU=um*(wf9fMq0glC5(hse2{ zM>qJ^dW3PK`?c4{`)2rK<4nW-Yuih5R)5wI28}2#%@s9K$Fz%(5_u*@YWdWec;6GZL0 z{f+)Li9e!77+Nrk>-IvtqqSmsJubuhwI5g}v02TW=M6X9Wz4I_up{Kkujou`H1vUV zMtWu03xNscl^8isPm7t5#?P2mEPoYrL7EC!LB-DhU$BA{Mp+y;GRZdKx((+64&>oR zru^o#p6!3qUkNo5ZZn$kMX4Yfn|$f0o7!;ac6^L3(6>sdP=&VtNOb}vai8FLE}wk{ zpWVT~^id0-j~01c9sy`kTIx|PFkxeU7q$hINhnsEq!DGH(87f=Yr6ab`r`FMft%JZ zizgiqJCw=T{d!2}dC&~F?sKc9h!R;V>#nszv!8LrePK15lC&j)`?Zpv5pBbTD%8M+g zf$XI{{0~4z$KALx!=|6@?i{-(&B+^Z2N~G{(Vv}N^b9!srksrO{R2R}M}2S}A}Q(= zO&%+ka^HoofF%9wFy=`XMrskVmFZi#d@hgJ*FuqM4vtoqi%lDq@uojRoO+7%K<+U? z3rI_peg@_?X-QLWQoG#pB7Yptoi}f>q3#}nYl6o%^t-r6VRG@jS-pauJz_O4-TiJ~ zlVgq4G}p#ClY`>$N)3EFLS|8soJ+srh>*(^Da+Axh~JCt$VfSUdlk8zu0Z!%v<3N0#rfu_-{ejbbCp) z%j_h@tMgi(_DDbbdL6L-svaK~#E4o^JLaO?lI1#EG6nsJ@ZR+>ch==p|M)7)1`^^k z2UDVT8|G~d5e&Ch|8~3$vwD-Y2UBXXykYN|uN^$@#O$POQgFxiwi}jrB&_Z-DG8LQ z#iesj%j)*Mxb}r2W-rKaUEb+Ko%Z%5mobwN3(^tb?$vbp(|B0 zCf6C}vQsBZFNH?N^i4!0ZKFzIhq`_jaaV`}8Rb z`@rHd=3bJB<$z;--6k9`c-_Zdl4jmB)uGJC`h&}%?E?JdVT+bdQi65fg8BWA{wV_b z&Q^wXt-BJZ*S>ugz2L4|^NRbZ&DAUP_C!8wqK4;JscHjQojH zNn&T)xeJZ6r4VC6>*dfq|Ad4>x0a_5RT8(sk}M^+W>o}`XDg={8FQmr(XTq9pCvid z4GOEM>z0$Mij>L+>4!wNpxn02v7yypj@ORE)-8#Ng`Q~{E@u|a;dxz?zaF*KOtsu< z)R&Ifzc3Si%rcz;;qq>#^JydY#ALp|sOCS4GHcd2Us$=y>fw&&PgS1eq6A;}K{M6q zjJ>ob;Qtiyv36qivcNFaRYC_^OigdwH2y}_^ig)!LGXK>b+HVFB;dsgHe;s(<-m`6 zZ2oknEtKqVsl<4z%&H(E7A2T$DRzBBaGP=Z}6Mw*ZPiGfM%(& zWg0nC5K@vbBuFh8{gKRqdh6YIaghXXg;~(P6K7@J)+k(SJDFpf!2y$Audh9OzB8bP zz;I-6y22nBGZCLm$hu}c$d|`xeH0{O#W(iu^J&Q6jMty^3pc7tE@GYs_`ssY&x=&L z)bY8_pg)PsxqrSWqSLaNSC}f2IawiK^PH2%A5V`}X?*r0pn`kM(SzMqL!2^TT7 zT4ar5w=K@)ndTcie1|QNSvt$&w8{ljC1x)bO%G6DxXYoWy?A51C^0g1%Z|AG8B=}yAE?fN&xAJe! z2zmGz38P~?Y#fZ%;&IggZ#*(lh0<-lYseYvuH^!tFN6OH8hIdk|IHg$rEPzbmt9<| zMwzNPbQS>JqJK1r2B1kyaY0Cdv7BVO2N4+Z^8lAv@MIoP@dQ-deQh68&yKi!kg zDL|}TDp0Fk+C?iAbJT8=e<%mZ#s{qwplmJO_a4R_GfMFm6rC4H?a6}@h$WeY z`{KNnDq81?Ycs2r^0FHtMWsfEXFse}wq73*&eLr1l{b&?A1>>sF9826IinEnu?o|C z#&7y~Qh<%oeEgn7{vCnjeeL*Qoq3aKMl24IT^BQTWx%RkaEcpu5`xef4s9Y7Yj*}W zDHL- zQzSy+0T^`L2h%L9Z?VIpD?K6tl43eoFT z%yij|c&_P;zq#cpqS{lmQPzIE-ATw7vuPF{D=AfupD#%;)ui^$z?T+6!b!{_fdp-c z>OGX>rcM5ypxPzTHA{36$XaiQQ9v3e{4c~~q$;smK z4=kJD2r5SS=+(-iqh+@@aImxjyb#EX*{fytBMR-&>baT4>eG21aqFM34E?~6*$a6} zxw;G1_)RNw{QhomS z^2TH6K=id8_tLfr-kI5Km!)UZCFSIk@|O0s>P3h9)!601ItaklyjtuN%yssXdbmhz zlcZ|KA1&@Np~t}#0Ixk8XR1r~XzlwXz&g3vB3Lcjz#b?Akc(^ertB%c3L6p6TY=2Z zFsIi$rn>jyehQQ>xBWqNM((9%pC96^xdsKEKgP5PV>dhxmV}j5xJ7C1;Lrq8?$fwM z*TJv9-M{~BKm3$6-9bOam$gnc8gR&dIJKfEXFpz&N_+Y{bxSth{KQL=%L{h#;jcA5 zw}#Uyq(16Zn@t?GYU_(PGI)QV3DBq5Pf0pblX|VMYtN40StgARB3`t5K8q0Yu|8?w zz-YZzO5Eq-`yvvZ6LKzK!jsj*Hm^6}uSeR9w3#=>#m9BH^Bh28VrRs)&fk!Sf21OU z^|zffK1@<&Y|z0{=7k*P_JRE0bb)_nigU3Oz;~dCjNdDhO7yG}pxS;`5#PIPEKO}6 z1+9Rlm(q>7$v3PltZW61;PCyBh0biZC#V0Mng8_p-Ln2|Ym*C%DDe(M9ZO9ji_KKe z;eCMYvp1GW{alQd59=M3-mIk-VUo;Tjx^U6Oig!Xu9UCtDe!e1VOArP<+J(tS!?ZI zw}62{ioxZElt($B?oEo0i@qCJ3YOcqL}etyOM!+GAuGPu$+~ zL^ABy>izm6l^utZYH6^V8#eZLo1nNA(5me$C)yt<>Ba1E0O^?}L(BK0w{1!bmLA*f zVOxA1z{4ea!MFv}P)={an*ATT8KgQndNVsP0T8f#>X_>Ke|5UuVl$W4{SBr{9$X4< zOQNQHe!xJ~Y&_-muS1LUdrGd?_NdGr^}Zx&c+?2geM$WTg;w^!pbnuA!m8hMNDq8* z2z=o_&h9BljhVQgu%1*D4)!tFyqp8RPvv#P6-Ln%CsF_=w}4vzR5~Z)T6`Uj+fnKK zf^t<6?mlS;hrnOQazUrLf>RjHj*9j`ys7S9O=^W6;~u<4bjEm3lv-KL1s9c%U+tvA zB4dE>ZS=4yq%(+z+YUSGQ0AUPKGx(}TC&h|u>a`nT|qS*bqYvWGM;IQWc&$ZXvK_X zeAUtinaV1Xx$P{=2YrfT76iDFJ^+j3;Ej*WmF?m)HOf$~(v`*DmTlV3rBZ5Yfodz> zE7hM4@Sk$B3>Xco|9xe276|X)5n*Wm3u(`QH!KMfTgET5^cW9@{L*`b{1EM8qa5-F zHjRiQlg;E0tD5-|HG~RAe$P^SQr@HnVknNcy9_pn!g20Vmy-yGS#>dnI~|xMv$NZe zzDsA-U^L}=2hs|25Drif4w0}`%0TZooyr2dxJ4^00vu1F=5zV?O|J=v~QrtCiD7N!Y|e;EEvzBDB2xSN1UF(~0p^Jz#0eMqW=DpBl8vo30lT8PJg86$a22`=QX{k4Z{#cz)HFv(^B2Ns264t~F$dj6 z5{5@sdq5C&o`!WCa=Wta3Mjt=tezG$Lo3Sc?5%3&KEhI()1IP;H6L5uR?OP}5NDei z^et*waQP@yl0<2@v@+8A8k4-COd&t9v2>5!j!A2}Al+A32MzzL{s3kv8A<-BXtdbm zgAy&z@;S9~RGib5?N8?$VQ|9RJ8LR>gGo?L zm|Z1EjxTQbre2@Fcg((MjZ_2ut-;u1NwcmJUx#??{*b=naAZa>&egODJi+#5+w8>A zKOX2u_d+{$H^e*lZB!sOI>GIrHQqEs!v`G_8LCR!k!PXz{GOD+F1rOi4=>*fimquG>CxXGlxBWS?9`r@&bxprzZHBysy99!1`)Ye1Uh2 z^Str~Xk2rilz1+)I14PLNzLx!R&pF!2UU}|UivH%NVdYvTj_s%Is8trBV ze*QG^hV9t^H}Fa#YILfO6~)%4EeP`E#XYdcNlDTT6p)tr5uy3!RF}npf&Zg9;{fgV zS!Aky5r%N4?iF}zaw{$V0`~U1ttYB2te?0Vm56S%u@#!0f0V!2;XVeWcMss&e9aIJ zR2Y9Sxa#3o>&pLUN*4fryw4Qap zwAKNx$(14|hqOH4`8r8(3hDJrEe7F)pMJmGmgEE^X)(WOx5RJd8oXa>Sb$*MS~tLS zMIUb*r&r*oaUqDeeLRQsbZa$t4t`8$#yKZDpe?4(_HV7gm1rYngLNoG?aLE`q91gN z4V?dDOQ#M`de^tl73XFmXbuXqDtO?M?5Lk|N(7kBwZDXXj&LlKXl>>*%x4|Fq-Bo? z6K`g(fL()c*CBnLRrc?<)91Rg$GUaO$CgsYIK9rwIWZ?|l_!_pU~OkyvKB-l&F}sy zO=`+&fNnjRytUUI0~stl7Eg`CJ)!v345|tIi^S_R&c+LL6e5YiklxT4QZZ0*cv?PL z%G@yv&x#D9vakJjC3?&r4P;f{SWLPZetJ^R-(3RKkyT(BDi!IjE8<%?4RaWJjm6+3 z>wYpRWiLMvmRUPZ5W}Ku2LFoL{Phlq*|aO?9{?#E zT^Yzhx_eFH*u-6gV6^b6tTwKRdcXtJjh|N~M3=xOo|83gER&yF|9-AIUiLu5%<_KP zcw*~JQ#A{_y$$mHaORI<YZx31R#iP*1riF5ID{ITowNjr@s*3+qbqny^S0J!bTSgcSvT-GBVMmsr zFartzf8xGn9W2<7DkR%uJo-9Gqr~yQYJ5IW<2xVh{^6)<2XY_&ZRuZN zr|AC%JO5XYWs51k&+6rLUo$_6PXf0H_=z@fs`irDf*U#7+V&#!1{1iThhG=IYXuAI zaZK}z1CJV<|CE2y$w6LMOz?>k}!Ivaunt@b#KHHRAP7Vq4`+VB4= zYFDdcMGd}PCQ{8DvN?24C}`5=;4j$xg2Qlu{M?Q}8igKH?s#Yog&!~I!rLpGf7FD_ z&QClx@d&uN(^20m{(v8!JmE=H?58-kwCTj7oS@5woNC<7T*7e! zjVgB~A+fjoJk6rzOJlr%Es5&r(5L-^2nFbs{G1a>%^mJ7Tx+J!N?VwM`)85ir|B^L zuiI&My!Qo^TAp#I%Ix#VpEBC5w-IP7A+%gO`AnDc_4Qo+v zZ#Ezx-}BNsXM>d6yn)8qJ8*bcp?EV(yxcKN%y3(&m=dI^GsRs2`bYDxTO*9`zo%&iL^hp3sCZlAa5_ zfSJ#3vLba<9p;3HbKfH3+o66h>oiUU2w?5skfK#W6Dmco9ZA{o%y9L9PWPfP;nQ8R zTJOgYw*E!}%Va&=l0Bp>LO44=g}%@; zgvk92r<#YC->Op$hS$ZvvN>YkRyN?9Ta!9#uQuImZ7J6Ja@(`j(|C6o&D%W^o|yJ2 z<8NzY%oS?x`RFr-*Ts#-5)p6~^fi2FAO8(L_2$4R zpD2~7xqyXlHzf=CQ2NLZiwDktdw1xIb951m$m+aIr@p)nl7#$}xDvom$IfeC6uous zsHRWpP;l)ajLmreE?Y(wviQWVhk-c=G(oH#@P!SuY5zVis_4EG?Ncevjtzh3e%(@!HLas+# zORh<)f$jQF^C77y|7e?GhfV{d;bOh8{}W7T41_E2;-#biO=JCyYS;DhShj*JwS~;G z-)L*22_N%BRVP$(k5vmE`m2l2IDR~nX75{KFbm67P=R$rU#F1+&)?L3sg!MJ?!Z{X z@J@C?ES+f&CgRG093#h4edLaCcgZxvLT)`TWcWro=D5N>-WcS*moLlqA8}gE?Qgb| zSQTcE8(%$?wGX_mV4sGUb6{$DKi}P{+_C;_pPJ%GD_E;s?z>WY<|bxEm%T@tidE9D zl0W#;$uc=|t(^05OQ`5-Es;1xvZh)XtVGwk+SHw&P@WmbT1;_S57+3#ABMG}j!$U^ zCcAd;%;T*cN)s(PytG7XFEl#F>ZPYA&V`|fCHnFDigOF0B8&5;l7DqX zPhygVl4Q(O!;Q0mnHlOo(9@?CFPb^(#np0g_w7~cp~3i=%jO`wRJXWY7I8^4DTJVA zrYo{25Vyz6C`ZN6_R~ZDv`B+$8)~vD=9X&!cVOo^9t$J*VRuoq;sY6=kGq9MZV$zV z_F*<#YLW(0ovdBVda2A_yx!-gKvORc+%nW+ME_jJv+JS+=MeHaaX4I_-R|>HSz&(_ zBh(!=c%fY|TwxPh6-CVV*CNLbUl0>b+Ee%D&Rj&oi6y6Q>2EF6+~C1B>3Q-dItT4| zh1dhZxu;Z5TJVYWc4da;qp+$4&1jW!u}+trLEm`O7xs==Vv+Y>W>58X*5C1&da7)U zUZ!x=N4eO*h8hMBgY1S~N-hJVYA+moNPmzpwhZ7-a~R4U(N{k&IeP&40`Qq2?+L`5{4@r zygol*)ycgRmJou!9eSbU^s4t8+Chc6FcuF*pelwJplUQ}{zetrL-rEo9}I>Onh;f4 zlNItOw_MOUf!W-m-!5dn= zM*t>#J5q5(S}rr=eY9cKhv2zFUA9qC$6;$V_;<-1_q$#>+!8}qqr=CN6=U6-v-!mI zVAu5=buLshRdc}1pW)URWZX*KY_Ijk{tr6jvvu}xp)LB7-}DiS{?wM*A=fHWbWb%m zQKaqT$C>WOApVFhD5SvC>Xa#b-|3oH^&BcR$0`nOn~~>JgvYf80tbxDT3a{0Gt z4)NiNsrTz!8ktcyq`~QhUO*s;>!uwN$F9@13oC2wZFF%ANKzcDCFWv+9$Bo9)n9!$ zGGX88=lQ<(mxpq`O4fhU_@6yre?ztV6j`^a#iH7B5mB}5ltrgHr~xRQt1F~-Vf^wX zp}omlE!Qh4+&dl>UZ*ybp#vQ0hr2c&AUNmYMIBB8qq0q7^Tu9zH(*^zHvioPuemv(X*&KVm< z2nO~GL`@|M$FdWrSZy^t5}K6Jq?c37fs(g~aV@=+=I@m=y&g3b`1|K(cUJm8%0&>} z0A8^t=yucv^P6tp@sDoZwn_-~*^Vy<)1-<8A4SslR$doiv?K)-Fs|g}6LxTf~$y%0z>#~#{weiS%KAEZ^ATqa>Hdso6{#7vySh2>^~PsZPDZ; z>Vzrwi?$#+Fe3XcfaMa1basuxp;kCEsv-c3`#baX*O!fe~R)gxDr(M2HjNN;Ww8$?sp<$`<_3UZj3Q5kf zl9;gLu_Y0b*<)$)%^T|Ubzh~3Hm{Dy^p2xmIXAvD;E-phue#@?c`hk!UaAZ4yVB%) zW}6<;Uzny}cXT6b1M;nl=5POI0L5HQU9SUe< z)Vs4*w+`fNdRyNBCj9C{4}Sbu^}M`?FU-dx`4(ilCpz=stMNCyxH0FLt5GUflP1VTj4e*t-q zCIllnfJkP*MWW`v6Pf>+KRAJnT;)vqAS-JGdbv$%VqrOVx=q4#v^ zVZaTk7Vd}UkBe{RmLA@GYybLt%oEQ-EraxA`HNvO7~S~oq5t6XL?aBhiv}yY*@QY2 z_1VgGEz5PY7;fy+kW`Cas6gHgy^Z@YXfGB!|5&gkqJojIG47#{mhB)v2RqQV4=gJ~ zia0pnv$6se`EoM7cQ&koZ`{0b*8v+gm1X*jTFycD4`%i-o4nw^-rM!1DVk0-&pom3 zo`SC*Mb6vH!T8IHR;_O4JODA)3i_Hb%Px(2i{fr-#QPo@K-g2KGkULhK=8O$>Yo8` zO=?B|9qPBztu`Ymq%y&|wAO;-*Xi#hn+?9rAw79nXm>KmLJA8J!Pe$IR4tu~#M^EU zd^KenK~26P7L?z2@FQ`AG-?jH;dJVxB0}$dRN?ZvAzf+Px0Yu(xVb#C`fR9VxE)KC zy&88?9?CP#zpY?=Sx=?bH@1tPn0ok036(>3;2QZ0VKa6;x#=bq8lGMA-$WdOzW+zU z!PWMEmYra;Y&~h^b1{wCE0`YUQx=BmXj|)Tf#mPkUP=;QID39vS4eiTwh~g8+I`+r zVBSlKGK*KcP^q17wTQ^VR@fEHfzl#1puA64SU!y zkUlt!GPP01tw93gVGrw%$TlF#Qh)ay=hRB>Dn&3x^1Ox1=pUnIXyyA&e4+Ku}STF$Ejf=5}9c&io^x^Jjkj{l`D@Z={FvSwO0; z8Khuc>H+LP99i8l&8enxs?kTf>Jl#sNNxPkf6~#%w+k=~Glrt`omI73yW>a7{j%Luht5$gC65 z*{zV)S4vx3l*U!n57E0wXyDi(aE`qZQ-~>#q??6VxbnK#lE-1Z-X#E#8{vRam zCVbr-K`W?Y;7chudDKT>;T8L{An|h`ekvBYe*E9Wf7cHpB}2=21xd06Naf=YGi~n;~cMYlNI7lu=viKj9ig zu19IQnHX27^8~qSg=ug)B6oUN6nboDsGLmE7g(>Z&^BaY`$xnqW!$zYtY1_R9>N6B z(QzhJZ~Aei4FxiyJHny{*H8_|aW)}ZKWx3;_Dg`+D50+n@kT;bFOqkhVD&8&E_WK_ zD04!O{B1KaG~j~dtn;$utOx@|_|D;QKpA!_3i1JS)>dKrgy`;(Faim&-etA3cP6xs z9b9^>oy^jYVAykxjvt>Eobc2wDdV2nD~p82m-RZLTO~xL zl5H(TXr+(W|M-@E*T=;IVQ!_veq!D?npy3gp~HOFvaueSRBUP9vjXW2e`q_jg~)e9 zBrTdq!e5(K6#^Jv6f&lsMDr|WZ#;;O8&O2e%8Z)cGcxiTK5r zErWUD$ zZ*V?g4ihxDjCZPQd}WRsuAh&NcV!Jf&(-gzWAqJ%N+0FW=-SYq01WdZ2DI;kp)Y4; zE^?W|k|8j88n{G8WUgL#jp%|TI;uPOy_z6K(6kU{qIic8Fj*{GZ$n9DZ~UvZ!;Tbn&d3( zW58=^Cb(F;zLt7H0>P z8-b?3-X>iJP4^iXJ`}`y#TVmSERw2z#R2a{{8pjG+4d~jKeAx>hvXN&B}b3?;4U-$ zVdmA%I(K@+v36-!yWh%UGqz-{$06@tnF-I@s;cOO=!z;V@ioje`L*Q_P)V26A$Skx zl!_}gPq&C3WXCFk=AN5b%ViVu;XzN4gZhQBpTwJDZxg@w?tLHdYPt6g zd#P^e!WrxO$-VD;oz-l*#)>mtcwUQxtZ}zW-rh1p&R%eHK4nX;Bl8 z3WNmq6|3+ec~uug6RlTP^IXLE?-nz3p4FYhZWSY)8!7Kqr#{@}Fuxh6MCO~W9VI|? z7wsK0pGXBWp_Q#63BgDS6R4`>`Y)Rv(BrP`)D}q8CzZnvpM~xcn`s5`_$`}C;|ntD zPnHrV6j2f{$`y8P6o87;KgwnxQT3KXBjpj^h9MLW}^ljpp9V zcgoF){w2|Vd{5uYT&CeE0q94JS_9J(EF-6}Sl=3aUQ3sCwceaF_k>7t0PRIk{7+z7 z{h+%(N187@r{%y%V?RoNJOn zYCuvU+9wM_FkD9u3$*E`&wV2uWt1Pi*LcGICi~E`Q8p@uq7mJ*GPC6g-HETaLbfhu+^#O!0EKGpU@*o3{9xuNdLBSJp>n;9d(2} z8L0vLV^+T6YDGJaN?_B9qK&jTA-;t(=cTQG+WqJ^YnS1E`_Hem)rBE>Z z#M`0cd3~}u_!+~~avyJnU38~4z=-bDdI*-c&MMi4VOF=DpGWUSJA0xc4)-w=jo&dk z5`YvFT=A^D!^vJXE79z98XMY+hmr86WV898n*3926S(aI*6378F-usm9!cp1N z+F8(p{?nQ9%AL|eM;Cwg97<#Fjp>K_mT%e%>_i_cEfq|gKQBINRW{nK3Dn-Xi&*@g z+8l=Ak8myO-nRMqPed7QjDAjsQA2Dfa)8J<{;~6^`SwxtH|NkkMOt1rKM>cztNVhj zdn|}Utrf(Ta#FW<^uauA)HVcEe+}N=(+ATb0=c2M6Vnd`*dr0lkrGZm20|;^M%6=r zC-=FFb7nM7oMlrmf*Zo>3oUTxvgfX>Td>T(M^v1P)8d%aE9~q`s?=9TV>+j4q4gb` zuhXDM(jKI~lEj@_eOmv4YS;L3Gk^jQ=Yags>5C4+StYOeLidjug@~EZ?Y$t6{ z9PpUj-gE+|FThg#1N3LLZ*b;*ur~A|7{bz>j*|f-T;z^RZvCEy{&6x6;vYR#1e<*o z95qpiYvLiXN5Ue0jq8QY1evx~3GP@r1WE`7Lltm59ZJ+zsYfxi0o=@Pg<>`MKjTsk z538ow2&)xzl8R~FR{70Br~s?1>W(JpXwD48H+=9}aA}C$bH1+Y8xII(-nQFs%xbZ= zS$lzE_TY!iCS9)mO~TLGG)he4@-|-2SfVbpC7sj4Ujys!VGBT5{u-_Q;()9gFWWl%*Dx8W&%iI(##(TJd}oF`NjiXxeIYNooE}`q!00 zAnB8AF85_R=T6x*$dVEi!?piZFIZrn&3Zf zn_jfccsk_nsAgC$w-$BQG(7UfJ#pcK9xr3zAg{}&i6Vz;DpSz&V!C6sMSYk5e)xR3WL>zeih`bKuIcG5LSN?fHD1RWiWh2ocQC%iv6TIx^ z6lU9aOLhHf!-na_rk?K-HTRwZqL`oNG9oKV-;9;ns06KS8{EU$I1ZgBF13DG$}0AE zn5wqQgHPV|fs=GhA813m#Yd8cowl!pRM4NE0jPA;1KIDzTI`kW_jEEZgY%rjr#>1P z2IBPg?dnXf*G0Z?v-{S6-GDNXhz;whuc|s97pbh`{hJ@NB;A!+x1nZvTi(A3QriyX5gR#tg?%e<~=go7t{>l$Equ>v2>C z5mfV&DrBU<)|GwGhB*TRQv1P9wwZsJ*Ux6ioGR(yfO@=CZ%f%-WuIbjch7T^K-&~e zL9}EiprpB!^e%Xx-Z51JHXQN`_bH(T3RX|f4@DDBj@!@BK6iU?WtWdX-t~FVt$pV> zE?JfUa>X(G^PHndATrfiV@g}Msv%@z-rt|Qkj*Lx<(7V?d6GYZU>1@QWVU9Uzm1^e zN%mWl%R%xReW&d`g2wV6A&E3Ecs`<48b0cb`AYw$L7~6X3=il?uHF}wDqys|;~(6F zZyXfPK-;1R<{7|f=3K5wowO&R@c|+<_EmBy*;0jX$t@1$CmJq`y7Fj*NV0QaL|Z5H z3&=URyYCSD*dJ{e!9Svr2_016ffGKkK0os0CZeqTEM}R7XgWs=l-#GzgHJy54>~D3 zYeW7`A#~mcerLEUnqhfh9xx$K+FC_Y)I+2Cv8VYcvMDIKkW_x>oi@gZs)c`Bwd)bTnX6IFO>G9pUhAx*{ZsIB9!oi;1|lwbsRi~@(+sNS9%}% zd5^Vn>&Wi$pf(K&Iu3DgfsXTA*p4sGr{8RiTn4&D-j^vs#w5^L-VZ@{#f8G+x zhnx(LM9%qhTs_5)WrIseS$@V^&o|p6*=0bZ6Wg&dv?W=y@U$vwodEKn7PgMEbl4jD z2r3&xX}|BV9I6V3b$4nVy|kh!uLFGHyRG?jVMnN|;%=ROG^~ZsXglew39ZPt)T3Ge zeT!)A%Z|9*&Z~vc#+F>_y=ag@&~`6u%Fv@>g!`^z`*5AKZ8<*$%U^GkHl>EEEeSCBKsxaPUtW_B6uw4uRw z{}aWRQ#AqI6hZM-$qQNpR>3B!gMdNw@-Z{?99A}tug@hDqSB}cRIPf7{#Vv46pPQD zz{d4kgZvdUl+vUqmGIBleTqAQ5ylhcr9^fF)>K4W5HP zkB^3e_s_R6bHTL)XIBh=f1O+G8`?A%nzJ5imAw_3!RWW)3y+=pYRfDrovJYznJI; zFMP`gx}?ayktU)(NW61soo_vSDN{o-XlX*h;e{X%qV@@Rwb8{quLKW6T`>S%I3)$Y zr(O$t!M}isOh3&-uZY22*oK&I(cvz>-9D%O-%&THqlZ}z5yfS=?Ka6-d2PvAp15z{ zM0Htc=^gY~UPx3K8Y0HaGo%MUYW z)jd=VT041t{U`69oQC(&7X$&i)dHB(`PZ+$ixg;o_fEOtX`z7l2rQDUBw8jO{Ur8C z%tF9TO$FVskwQN;Q>r|xz}ax~vl^}F%rrJbOe*$v+14RzuX{=#)Y+U*3>gy-g@`q* zNYtDU%Tr(#0}o^~Im3yOI+H~J$ifE!=7hKw$jC|GJ?b4<~n-Jh_+V)`CfybFGO zg)#o}3ZpCgJH@1QHJ@}-)!>R(4oi=%#xKR5Gg!*;s3--9X=bar_6$F6$j)@#dIL%4 zptH5aw}XWZNKb0sJiZcqkR8*m6xP_)TmAf7gHO(iyTeGL;5)bf&2b^D?jbg;>bUD= zx{_x5KkICU(*u|rCD%drVf7sv+26@XOs1I{h4t($9@XcG+Lzet2$I`}jlr|_dHdyN zrxFU=UEQCqh3l4O8G~G!eGGLYA1;e@NnC;FDy5ULP;D4Y^EO$W;PB?`Ha2pZ~1V%#Qauy zPI@bzI~7kz(Cm7*S}Z&C1lYGgGI3`1%4WE`o9nDV0w2f*6{}WD6(fz2;SbexeSEa0 z$HgCMj>oHI`9j^LJ?@uX?U#tisEX(+iJr#iWf9O`JvjsM=m74jnE`V!eMHzv$u~#l0${SjgId=k>Puyoil;Vx%P6wAr?3Otlxf+T&Ui^IeLv_Z{&}kL1Xpy``29 zcaKS*?CJwt>BBKr^#SRLh?Sp+Uk*3Yi_fJfU2s|&c9*FN(*&*E5~5`ZDegbCtq^-; z9qf-!Fcchn*Y1KJ2Kp5Kk4&}RjWMC59N%=IG}N`_ou;JSR78p1b6s%PEg@-A^F4*N z2zEGP)9umW!g0O5re7{?ZEZuKhA%_}2TeBws>aL_MK< z>siFb*$)peliEwOEK)FSxlpss=tIoBFP&Qmz%Y2JZ{v3nP-we;imd?b65J&^v zRJ5WhKZ$>0>hGW1z6972oe#ovFow@!IzX&|Vfyz(!?KL=d1JpAa|v5_GjWj55fxTB z7fM018VF!78`MrfJ!#Vye#pk&-zx9k*)tL&1G&RTqUojNh1hi-0SfC4#k$fFr|UUi zw4-?U;50?c2G=HrzW%1#y%Z5n+-FE8(8JO&AaO2=OQ7{Bf}VprZaL?U?!BYdQw`Ry z>a)s=cSiX~wH=`aepaOyxqTN;Uk(EpEgMDL9T?RucssqY0p*02ziM){3LD{qy%l6a zv!r2@MVNIJ{h7Q6WS14xXP_;^T;I}}q1?7_MQ;#wE^P&2M5A`3;QhIx=*<(dFS9Lm zqr2|apcRxaNc;^Z@{6NrmEhWFtm7=GiNI$z?aauEk(py-EXK2FsWdITuu|LfZp(=x zY*!yE|B2sc3iS3z5F}}Tr+(BXQnvaaF|uY*cA6;3Fm&EMl=>psX@Ag+HXZAvvlCR) zae^-+tMyAkx%37kZ98--N8L3@pZY^YFf4^5Z!!mk`l6LvxDsuL2^VOL=+MO;nKFJw z#}R&=eAaV^mYdDneOA03r9SbH+QZD63*|y#RAnN`62}v6JIFqtY`<{aM5c@wbf)O< z+ESvaZ!zob544~OTKzplwEjf%!-h^gxJeFFzm4D-!zqB1@&_GTD6AJQ@C33mdG-t@ zA7s%uwK=)1$>`^b9MAm#4qLLoU6{9_xkNkCqQ3;4#O)AHa76NrGJs3laX#oA->`n= zq>w~F9Lu&%0-7SKtwi*;q1gMrDIk%sWDpjXTAdC5K&wBUhb?`lI#b*Pc0b*YHrw>y zp{nXqoY~`i{LxQrw5{7vL3&&Lpi79I3P~}HvNhL#pz1snzn0E#WZ5T zdxK|?-gH_Au*B>^~9`gWm%kDCMNwHw!@`K zp1x?!4;bFXp2z#2FQ01R86ldwo?`DGyh5GEN73mxf3PjQo#agy%$@KnV6&-$EsG(p z*vGJX{}&GKkiu4~Ow^uV8%>b79!rnHt3-cH&j~ZYJ0I3$lH&UTEe;@{XB9Pw&Afv1?g%<$o)J9+#%%(*W@3+2cY^W% z1YmHyNjq5Qwg^lAf-q-Jj|V~XzwP?-&xFlAhw?Y>aY^E*-B?c1sVlyX9;(uS#O?lq zEB*}Hoq4K-i@8C+Pu0=W*pf8OoS7;3#OoBLP2d8vI+lJn^uvQcd90Xg4T6gm=_q%-BNeTF z$`fW~(r2hJYIp{rLUfbABX3?W2(o1#6%l4Msl3{#J;}>_LoOH9J_fiA|7?D!uV8+F zs!Tp9+Ibg^i{KTt(MBl#^$s%HnISg{y?Ap;sO z8YiQvSRl4;Us<{Tb?n{Y%BY`2h)9X!`C|FC6{5y+h{|6LJSoQ`-YWMyzma|&jvV&D zKCs~ObbTvWAsgV@Jmxnj<@K8iP|RGw|4c1uzch;YArmWpoKN9-HjR6H773pHcyEoG zIGw_F9nJNBv2l;8)3MwW$y_{dq-%dr&)3;V7?PU&aj5b`qU|6dOCwvH|HOaFyH_gk zLBmZ2U{t-asn*eViib}v6sLRa$U7e4nPY2O&}R-OUAImd<6T4nKP21LNlxhLf?ZXxMza?j)z{;gS7QqoOuI3}a93DeFi8u}- z=P}BAEABrr)_i-kR`T&tiaTrJJzyqHHL@RfwDa(}r6j&IcHA_ey=cFyLsa{d@cB&#?4}=n^+~? zyDrYi>f~aNYCza-k$v^MZm2pfHL_JVqvDLAuxXPEj)8-waV-&trdHO9 zTj@)&le#^?0C)JIGX8Si42YAT;ozI4EPhuq3^l*>8)D^&B_Pc9z-u4~SSNo_4_@jg zXQ|??Cx)6`8V6Rdw|gu*F0JUeuDn&(w@qp(c(w$ImlWW##AcV~vFWfbJ3CVyiGX+R zXv}95gRPZ@uk}xXu04~}zH6&ldW-hMqM~_H%`QQcKf0y|$yN0r4F`r^n<_f;Az24i z&cS{o;ej!fW64(+y3fkj*zMcyzx__p&L`}Z3o1)-abwI(4biyg2KT;q#z3Q70U0Ym zv)y!eT|nbQbiio*Y*r$+8LhMYIP*l)V)|{IvEo6Hg<2w_C%{aq*7gkeaLiPd3?0n$ zd3Zf4V)d3Oc0`r|??vYYDA$Us z_GAwk*zWrvhK)tYYNFOl>9tRkv#QqSbFRS!$DVBvoAsr9Vg0V+nlM%@dR>!rM^qlH z*hlieF(=D^7}6DlePb-5S0CtZF?@Ky;EfMvZFTOuqkU$zDERI)ydt5Xg&7-nu8vtg zNLCY4pbS6Gga0(~NsFWTNXp}C+|(E=+8eN!EGLVkdRy{&xv)*V;!Z5wWM^R+*^oAW z5TWlz49BEV4b3IH$kQM&TO#MNoe<7W zIEFDVM3xbfaW|D}Ory0HQ*RGxPaJC*7W$_PL))o-t(-Ga~}V|IEDyO~I4c zf754X$_e?*69=OxT{A{^?XdiG-RV z#wu`SHTV{nTUlq);-DR%pI}q@)H+2!-rFedNH(IWx_if*j%bl?KK0Xr`d0B5J~Oa4 z!gfXA$2Emy8`a3KGVo_#EyC7YVB;;SO&w*NI3-}r?p>{q$@Y>&a^IBY@!GF*4|YW0 zzMB^?L5J^>8xzuVBC;sEqei=_8rCAaze>wLo-(}0_>%mW`2H@{ZCylhe zf?DGv>T?^X11pF2NObk}FgU5xo{bQxt|Uz8p9B-a=JWfe06@Qff>Kh0fkX1>ogSoqc%P@19|$(57ep zxj61C*z8~&83Wb&M7PKdaTKJZ1{{X`I0}n!Qw#QQ$}NU zc+~fw+t}t5_AoF>t3R1d?5oan_8@|JPH>mqBCYN6CW@WHE~KAEZz`H39=!~nHr&oj zr1cG{)c3DT`KhP0e;omOgY{2dF0MInj?ZaBU$By2g@T#qxolU(oz4nWZ8uV{cRsAt zUyBmhT21VI3Zc5yKX*&6ZePCF#*YP%n&|m{5Ft@CwRPc7{ng1cz6sI$B5X(nzAfg& z5VE{gMq`8L-J7V9sJUReD;}b|1jcb#_g1J5@?6)t_1(r%mfphO^>?z21X86Z`4N<7 zrB56S*GT5isJK-9!M0y&aB;pa#oqXas&>xHEB4>HIrq*gro{iYbqc$oG^nK%a1P+G z)Sq{NmMahop4##;2+(jb)NRZ)$v3)f(^Vd?%hohs6mS?fjKG*uyQNXtwNHf%wG^P{ zB|(3_e*3vHgmL8F<6;>0e^>f0>tS1}!<8zckx;8B>EA#TmokMv*@X~tlTbqeb(Ty7e0w{8K$zDeI z#kGdktdn4uVeL}`oJYl6$MLW5ut9AozV*h*Q3EL9#n8;y4$3S{ zJ$G)JE&aPFX08b|gek1UndfQ{y-$pO3)amRPyE#zQ~LEhoAbvRizK}L-b2H|iVTCp zZ^lYNvH);KdP~>XH=yQ1Ju{`H>c-)M@n7zuv+ZpEC#MAaXzA$vl~Cwd!s(tchWp11 zQG_$sa#%d1E?R?D@RO`_7dRi>IU!dH9LMB&huAyX!NJm`c8qsC*qusVpf##o;*8-cNrH1d3w!1gB7rGxyUzb2T z_FXfDHh#U98Tq1|HU%)Zt1h=mkbJWKGxuvcZK_GbtjFbaBh=on?m5QstM5WbMB){8 zs+nQb!t=r6n?q~?;WLEzi)q7ZIGC$0Cyd?7bluBI4vtS-PD&LY*?Fe67V$bBCFj>u z{#0ctVbR24`MjsQ^rF|-n;BE&_ku{kG{W~o*6gH9Ru2Egw5fp%0)iG21|Q2NJ^hwm zdl|&~yXpm*>VQL(fM|=rx9G0-3i}DhYg8_ZXEl5Dy7r2nt8%MYJe$zrQuC(RRJHeb ztSgOHGI()s^kad6M3-!=C@ym~a`etr*L{T`R~63E^iq&RQdn z$MNL7x9YONM9yzcTkxr`ab~D0OYCRk8tX(cgOQRR@iH4{&5b`SXHgcB)>W5GlmOCp z83$_T2wDf9RAuUv6d_$V!HH%PsghCNtJkBHB8II5?`_pkmw|ouCDkIS(+#4yefNT1 ziO%$BgWJ><6@G)?T2Ew+vF!A37FBO4s^Fy}%bFK{8!n6YVwS>ad$OvoXeq5y?w5JY*v8v*Jw!jN&w)d%cLc`{CfElwKr6|z zElIackich?Zj}ZC#s0b{&iw_FsW^3hh<#a1cVnP0U001bL|~XHxPB4p&z$-aNb%Jc zwbVixz}LnlWh8pWi{%AiE6-QmG;sI!qeSus@or$&V=3!VSm*@j5)S^}U+N&=Mly1} z^P~U0Y=b$v^>k!;xdaOOt=PKX|8t{cr*?5Qqu(S&gR&SIEr2*0?mmnG!hPz%)48g< zDuRi|ljke%2uq=Jqw;w$7iow0yYp%blEJZ&t`k?O|56*I?@ionIlRG~`G!WUe+)qg z-Ch?F=AKJfe4cx6BiEBzWUM&T(kKb-&H@1^=we#aJ3k+2NZ!f&LR}(;Tt6_Eu;N`Z zPRj}2a7-K#`a5DsK030J`oOzK+s&)nrWlaxzaV+i3#sM_vexzwWdw+0IjOL}VZSl3y{wA4^6k^RBin>4{R4 z)Yoz#QL@>)uQgV3tV+3udkin2{PeO5{}ivFh8^>s)ILt$^i#lxAlE+vu|<~ai=ik1 zXx)9GoHI4LfcXRN`$oTpo6`@k0x*dE^y!lANyqIqJc)Q~0VQBmeR-um< zatEhCCdqT1c=BBCRN-$F>@eOIUnJZA=sxaMUc>YJ#k1J>K2WXvW1&SJyqp`Qc0N(my9>rA3O(MfnVXuXdCXQH&!yMgi>C;#G`pDDFxo zPFtSq(Q+Hx8T?4Sit5mQ-QEiR;J33+X>TEH$t}Q?j5RS9M|9Y=)I=3we{^* z<>;R2s%dULKcYaRnjhhJoKv((w?{;o@^_;nL?K2mPZ}#bEY4uZs@aGII(0COAGJ33 zfwV#IJw)uvVqZP$pkA`bl`Auc;8b$sbNVlZmN4g~AvNh*VO>YWNL$IjcPP+J(~swD zrn#}^QBW<(+mbi%y^qN4nk&Q+R4xt`$1Gs|IkeY5!6vQ@Y@zX`vF1SHNB_@xYfZ!-<_mq~Ch-hTh7!e1KKGkF7BeixU z1Ik3&P;wQl19-1;)A-z2*5>|~RJUS%oFKS8Q#9R@ECDheM;`I0v%|Q z?T1HJ-1#D*kdU@&$ys}2e0iZX-?OvG4nvvEB&$%QX`m~+8z2yS&YbVLxSOCJxI4F# z0Y0^r1wqD4b%5CwM7_6E|sJ#Z*bR4o)RyLw*JoL8R0Q$EI0e!1Sr71<1UpWbo6pF*)F%9(+^k0q4@ zdgTDpKJb52H~*$?{(nQ=yoD*SgwNqURH#;CzAB?aG23X;14+a!ZJ)C^QdN=pPbd4y zKTJ-5dPp0gBcpT8WZ_@8N*oJ}!aNZu=}D!N=N_`ff7;`hUq;p>;{hWSW%c88=kZ0- zH*$GKFFnrXcZX3@CPftTj|&BoP>GJFo2;N$;%a-~1cU#om$#KU(Zu*O-zX=TmoS_nO_(Eo?Ykh~SZ zvG-j=;A2#U)?M^P{9?hDW78%z@|{w0JDEY%SZqxsZZ_FHFqNzdhc-U14X*yGZ%u4& zFctHR49KV@zQBTb{&T*ga-1$FHkcP&a!`gHXN$7&<{?OqG zcvZL)`6!I>qw`~?{OaL*7$c{NsCq~9PwB2l_)-IlxsY@1aaxarwbs|cA!N5zNj@`V zxUo7VAz=#|!F$&XR?Kf8Oc%t|R8lVyz?Hj81{}MmI{lu$9;>a#N9G;7IZaL*FOD6H zm8)qLNEjp}6mzqquwPJEO@L;>;)82?Asz>j4TDcm6%V82qY7!xap!ykIxKU9eJv*8 znMq&z#OZbC!ND$#4avd%%kPT6X;w}Z-ICFKMq(|kNJTYx^i*_?qpm9Uv)#>CgUmq} zftVho?kdF0KzZ%U)Ku7lS5HKcmv*vV+ken_7k$W!|>ucW7Q)D`93|e=Uit@Q7 zASp+zy6mmtSb>=_?*CG;5{aLZ-&nBdYU+^_eq6(f-X>OapEj}P5T}}}+|8LcX~Vzy z+w#Tzh+iyK$iIvujYOwDnww8{s;=I$K2SGNU95WIf1sv-0NR9UDsxN|QXLQFdS^v&L(e(64Zqe5UoF2ij`D?sTqUf}2a!fodnkT?NgxBY%oBEYIPU=h$(+Nazfb;FY zhmSFNZ%U8#rfXoS6$Hu=(x<2uVSdIn zJ#E++5=@Cq4BR5GPgCA=O?FZhr%8=-_%*4!gC09ep%yGFFJ}&Z=*!sFSQ|}X^%xa| zdhd7yQ$}CP+(+4E3FXTDXW5edciH;4;_!c};_w!h(phoSQaP-muz7FAQ$;W?!5ZG(4Yw5UTf*77CB%A0+-O~PQPR}z+bXEfdmqbpE z02>~Nf~A(Ab#+1wMfvL^9p!HUjN{ZR>sMsBV;7Xx#>$_sWS^-XR$Z;Yi`4|I#Tq5O zm8GCWg!h;77RLUki?#B9;l+Bi{SSugMQ!rT6$2MOFU!WTt}27GtSIHB-OQF&Mt3T^ z{Wkweu6Ih{S~e{3UXpd8(_ zfqT~+8g~@648mO6ZeJ#4boBOv`_DCDNG}PPS^B6x0XDb$C&hiF0=oz;0>2#z4{8+- zZ}_NQY4P`h;I&DM+P*}4pU3|(L8wi%l69=qaF~3Da2S&rD+(QU$Gk>9UJ`&k-p^YW?pp+Wx6G?_c){ivNkaz)HLXXWqfZQ2ab7-Z7LKhq}&c zbpgfMw(~g(xP>eL5u%HXalV%kMX$|1s3yiHm5K2Y3bobj8Ci~IheTOy=8K-Ggmv80 z>nk}w>KM5Lo5SP)2-@3QsEF#wTOCW7Pllh)fcg$PD@d1>f<7VpGVG@^GCUGmbX<3Y z6b@v?Y5(uuIoYO_L{zVouC=&1&@2=Wunjh3F|3&CsasHc1K)bCR z*uXmS`PYXT63!oI6xSZ=L@=Ku0hA3$&N;(>6BXVPkd6i}$9saEbwbrol%-zW(q8+d z>Zd#sHdzv#oEEb9d@P|o&uaJ+KyCK2kka&5n<(a3BFsTx=DciD=-e`piee1#oCB2w z&F%J+1lJTS^l6ht;O^t@a+>?Hl-yjEFjzRfhw z7#SF``ZPx5u!q0Zoa>HyvR`BKYRrgh3#|EGR~ zk}N4rO-ab+g;I&lp6ib=n0k?hk5&n;!iHwnhKu8%Z4Zm#b$bmL^OYX^X8wVk3}@xx zdaR0=iux}pL=n)zJ?o*dGm0{Z#;&m+;uI^5vB_jv$Ewkd%q2|Fk{Yq|Z~Yk>>4|0y zCP3Y=eaDB_dA?&xcFlF6Yn`|4n!g!?g5E-=BADMEpE1pNs}i_&Pt>|S2N0YZ0~?M> z50k6<^MZV3OOr>h%mG^GsOqdX1@p!5{ZN(*bK{JOIp$l8!0;N#axgji9rq-^Hc$0= zYD|i+WA>Hc4xRz-#l6yqfJnP)i6%UZvFFD4*5Ikqu~>9p$=1Ar=)GM6H@S z)>)5S$!tyqFqmbSOCoUt!T}Td>!Y7+hWj0F1JDfw-|=qoxG)Fbolak`^_E~&pT&Ly z#7YnQO+SM9ePXzV&-L)Ne=0J}!hIUvD(1B;{_MIqz^XJdYS&Q+YwXbZALipb|J%*S zGHi>~+X$OM?+6VRsII$1Wj+TXz)eL0zaf`2gNUJZvx{om8NwM zL#C?YgIg&FP@NNwR{lL@opzE#G&TBfF%#HH^3PsT~f&Gy>}WUlYwfD8P9ol6^Y zr$UxGUwJ1V8inv%wVF3OiiAVdJ(I|(a4b<|p07mTq{}a!faLovq<#Tce*OE@Rrud4 z&(51Tz@%`}`QrZOQBsk!p+aCx>(-!_)wh_Co#R=J`0nnf7R@eIca>eX7Ji9CTC54m zFE&{V_tNWMLu$=RdVyk#9h|OfmWtZ~Ba$+F2sxagm?dm5a)tXCAkaUe){KEtTcb$L zfQN#X0*-Lr9ai-pqJ>9BBdy<#&gzO3NReI22OO83_)KbHcyVW^%$W( z%U%=?>(RtNF$XF6+;i=FmtE|kuG&9&USRx&s9zC0eZ~^=pGNe^wg1#U0{?Qd5-j&Q`#?*Ztzph(Q)Aft(HFHf6!efb+$c zD94onVz?Uu)tqsqrZ?nvubL?p^TnY|=cxSoB&$9!<-Ol@tZLqk?6zrzttZsVb3n%k z_oxFo%!g`sQ-Xe3&W&}NA16Jx3jwb~frr5vXI_6sN*UR@If*)Mv%?oOY&MKz&aQnB`8ngu%O z?q_X3d+BPH^R2hUPPS00JxoRJA_C);p)@$5zOz32#3>i&3 z{j~+RT-}6V%jfo!Cb-!6?xdyK(GfKr&6SF?s)tv^3wXmNr9GDl&sqlJ<0ypjL_41x z<}1|#pRd;%7Cs!L7KTsu+r2TC$@5+Ou?%?hy?C4>X2newTxT6m^=LH>Y%Evs8)KDA zg~f|AzPy~U_D2lssZ~nZ%L)5DwOUF=>S{bS0us9i!}lLn0+0s5zX^{h2Dtz^OK!mM z#$vh5?a@C9um`d=wu2I^%_WMCK&{OOlOxEph;cVMrH%v)dje5r;2Vm=Up)% z|A(SHous2_8}Yw=#YH4CvTVRD`o%GG5J#4tolas)&qk&>gr<+AVFP0a5*xbW!z+%K zM~xhPDlTQ%+!n8UU#RANPnA){kwqlOEiuJ+_l)&cWuA4_^9=Kojj;!K zk3x3>$mIyMZ`B6bSBP?@j9}A;wQsUL>cQ@OJ?-YroUPQ)u96uf)`aC=TXVjPK3;b` zRsruv@Qs`dR7jFRl`IS|w!VGeSH1tHKga%2lwk7H=c<}d&Ua4$wZq7U-%=tYVq*Ts zatgUwUA&5B{#?1T!{JLq-f$Do;$N1W;)ndlg29VX=WU|ExX^Ep6G&11BN$m$L^iEs z!HeR@kpUt>_pqd^o0t|>4vx{U?F)@f_Fs6CtYbeiV6c_zIOMIVkLVUsXcz=bpHg3H z0W1%;SCKE~G}b~hCyq$M$xCaZpZ#a@n+lwXtPtYS@pS(e(b<%1#BdH(M|)B;OfYX@ z4bHtLh?qXj+WklzfzXU9r|wpbge(PVX8VmggJ12r9hx>gpOZe)Z$BR%*f`MixH1NC zxbVf&yT}OGXJ>lo@Y>jdX~u^?|Dvp1b3@m|M(W>}@4qkKe_y`;XJ5X&>D-;rfZRpo zFVY9X7v~-s%`bIJME_Q?yHE-hA^-AN>{rA88jnkMWiF2v-}r3x`~S?BDveb3T@w}X zrF%JIIb#Wu@IG6hBkze!Rd9^kE;bW&Z05*qa}r-K_TQ zWi@s01OC6U_wG?i;QRjfw3`|CT+(TpZfZI+PC1jMm6?hH({9o|W6GE*d4tJH8cb0U z5fEvnU6wb-++|*XDJxV|GV%^m<1KHPDUza~q9ULWD4-(nqvq`MoVA{3J!?I`v({O^ zbDoy}_y^17Kfe8Z-k;a|{j~?R>)@{<>y0_Y^o`PeU;;P0Bq(mZxUF#Fg~Bmz#`D(= zIReK&y-`(^;rED)#m~QseptSlsCm@%AGi7~BJagJPtQcUuRR88|InHmUqmik!Pu-2 zF7BPV8{gW|xWLq0I~o5sJ6qejMTGLFE|q?d@C@%Sk>L6fW{v}-a?`nl(fK)YP+hE~ zBynQ%Z>5Rx7traYW%@BZqB~1LdOxCS)Ymf)`?x)rXbG>?6yAyyA2@Q@YslQELoq_q zm&AK5nYtI|s-M5C! z)aiKm>1P5-%oT<5+O#6?+Dd%Q#LKyov5Q&KOkB!viYli5BkC4sm76l3Zvx zY$a9P_d5;ylfAgt&7LpBGlE>^t_2it@>a_V_5&U@*_^ImCP&nE62(6rn!%pIpIHpi zt!PRXMaKm%hX%xpB^|L1%kVZeH}-M~?Yejt`QrJB5+KG#7$?Hj|D-!ppCP&S>CFmB z-DkU(8WWn>om(8@kO#H3B#W!%}t!TAsA9mco zHJMaG@9?@-g;SoTo6i&{L5A_w?#>B|nyQL_|>{ z!0O`k_6Y9Oks51nn?2j?B!H6n;!&XmT*clkSzt0^8uo})_JH!-q>%BoxyGjz$_CPm zC+YoI!-J-NOG^{uclU{PMKkAWJgn7R^a?Yu9$4#$@0flVvFK`XbIbCO_3vhv&JUpj zs*wQ!?j2F32X&V%h-P-`TZ`hYMe)|6_-|@atd9)sYI?8|J$}`B)9M~i?lDN4g7n*s zBMq{_du4W>D-S*co`f(`^S=JKE7*~{lw)9P;CKEd#pRdbZ@R5=V1I<)7tNdvT2HTe zg^XAxZ`&0vmu>Wm>MfhXah&%Avf!>Q!UX($Nc}<+eH{Z+*mXU)wj3934z(NiG6(8P z7aJsoi)0*qW$VZuTXBl}8CG`C`2Z#f6kp?%#%^8dxem>G-JSX7^5r70e>P|Q0Y81` z7z%lw75jZzh}$aUlx;7IW1fZG0sYkNIc%Z_@+M@X?>+F^X;H#4M%%u5UMmW865 z4KJ4zw}i#DeA8cpfi%``4IAMEZ zQG#$&!q~TTrbI_peogOB&eHCH{+x1TVD)NK>`SIvSWA8%Av;C{naR>eLZf5VuVA>`%Qs=Xn$7^z%$Fkz0kn_>gccB08B^B2#pZ>); z^3Mub5c;>m_sC(5jUFd(VSxqgi@mR-kpI|z=_7l$u;G~K;NelZp@GZ$)ZYnOW`9sSTonW^8rr(4H$!oq z=Te$R51?9munh9LwXZ&+L#1cjfRrGRH&B+(G$QwsYa*p78l@AE%^d!U=3QJ_DDWwZ zS{&LaYMQwo!rF_P_&J2eURs>UmE0J+q#wOG)EnOIEKtj$(fX@2Z(Bu4d+C&DxyDe# zS_q}FamZxSr1wC0Ot+%;kC}-~Sg2U78!6v5PGr;`sr-Vf7}^-E4DprZKS<_PQ?Cop zri4M;a3ubg8eM7Iu$>Pv`4!_z-fU|a(S_3JFzQCvgXT3al6J*Hl4o2XiK{jAn6)iX zs^x*o?(?wKD)$EGgUMk^dfNl}vg)3k6;^T(k>#A~3ZZ7ieVM&F=X2oqRS~67DYnZT zU&(6Ga~0m%GI~P-w&bq_m~kBsjTb(;Tam13eCEV9d*kt}}WEPJ)}N zBt>uoXT)7Q*L|Ov#v6zN5$CavnvIH!_v7rjE=zGft9A$2I@^I&mf5u>34s_^Y2JEL-zc75h~p_^7ZK!VQv!-z(t!Wy{`$X{#EIR%-TevMai2$#&!o{0-!dzjskxYOX+%ed@nA9h z`!EVo1kshtV(0^+8Oq@5wTcGb>81#JeeWP^+`oG2Q+KfZsAOq)J1`(2%o!!WIpTo8 z0*nC11Hj>Mrf&-seH!1~l@;DX4y|gA5L)r%bAfYfh+x9-W}lk2h41smiO;rlxc^!f zedbloO}cLqGQslXp5dMJC#w&e?I|wc9ks4w603i*ZYUCsrN`r`!MoJYhJfWmZ5cS= zlP&I0(q|k;PBYA7?cR~5zQG!K7M-~SEtWHQs+Slj{#S5<_8E2f9CHkvP9K8T zw0IJ8krNv+AfKh-(2E`3ZP$3dPL0%Q$Y$k3fq%?uBp_87+O+0iTNgYK}^U+cV&t?pRN zZ-BB(GQ)P^_+vvqKW`ZhW+vB3@3O{wdxpH_gM&^%izkQF6-2R_~&*l(FzkIpCJ9_ZpLIZW4{l|4|^Nj3A_ZB9M0eO^&$2jO-49R8+h6)^3$CwW^ z^UatbXBFs0o8gB*O;K3|9>;O-;e&valmM!i2SYPLIil_M5sN0gTq`!E(W1RMr8m=) zchN*1Sky{US#9h0eLIzbs%90S7pCnlq3_XKQI|@0-(owsoDdP`L$$k5s9faJi3Z!a zGTZ4U5b*gdsKedi=e^Q#c~K+K4}tM0)kA?($N}#YoZ2C0D{jR6X=NP0;l*`DzA+iE zy6oz`B8H>2LNcor%s6348X<8AahV9D6VcN`axQZ zR5K%M*z@Q%imLs{0R1Ou2P#SOTV&{+6r2^=q8oY#u*e~|Eq>{f?C8A<2LRArX-G5^ zdBdL+B*|H>x2mei3#jUKxk@+i#YE=g`N`9|*nx9%9_nE^1(Y%zv5)wqYSuXw!R}D0 zJ0K0H40D`NW$p%xOs~wwF|Sj92=l$()jX}X(O(j#eJD9#hblEJyKrlXvn;dB>*ccL zBOcZ#q9a#Nd_m0kaLN1nF4=n2a1ByAvtEhGBRup+B`JcqFMh|Q>TE8erXD#<@I~OZ zGo8@byp2Dze_5RVz-mNfEB!6wkabxu%^790K*=Z5va#=*M5#~hgjZ9+=e$5A>ihTF zNa+)ED-qA>c2+jh4c;r+>LVVlniXfVTjz$c?8S+$V?gUI(GHO5KH;m;dThq4G=omX zX)rQKD@xsq?G1}s=D5%yreT$hAug|S?>djqtl2mvG*A1bv8m)TbN=jWj*(R#l_X>R)d59ac z4Ej+2xnr{_X0q_* zkmDjMh5)dB-0x`J+`r!KHGhPAEWdo0 zYG>xx-aEWoAEl5CcJT1E=@sMW85h?RpX}FcPcsP9T*lKP$3McRwTRbyhJ3Iqls_a- zuccqv3#awiWXfF4{R>O}xOn)M5`b==TiYHNWc2+=oN&;kscdwa4ywZ|?(@E8S`8BV zsl$Bs5CWx{5QSxIrH=&Ej7&3b8~zre$m+h_f~~D0Qe)=BFKl6LcTGap?Sujnq1p|C zW4Rvr+6?^jQGey9jLoevBf6RxK7Y*e9)bbt?CKn}A7OKwApukkNk7KjP4i2fV;)Eo z41$=i2VkJ#_^YQYm#U$g-%h}9C*Zde@c%UdXN1EOt~Wf)PrfY^dD$nE?2}vEt&3M~ zIW>Dtc0N5Ks`)NMcHpAF6qej{czl$7!pH~SvkaFEE1*lR`}|;J{Mv17R7^DNAmW#n z=21=eodLt0Fn`_;MC3%~+VFYDrii6H$CoSit9@des(R7U$TFWXaKJ_%VVBapciJX> z(P|vl)W9*xGqFz=W7yv>%o?}{S|2Ql`npfInr4& zN@X{ZDD&w7LYpqTQ9t8MreUB!U3XV#(s@{~KoL<@#X&-TxX8I?`{-5KW zBH))+abi0wq$50sLhgEXE=sg6DqDn`l|Dl5idZ}fGiPJ#-AwXqA;R>j)$MxY=fXG% z_wQkqcjgLK9 ztPXHBqN&Bh^e|y%0LRv_JmBCFy|6r5!gdEZ9@LKPbb%^{Q@!!G4CNkCF?0UF3+dFg zyNK?7`Ai_^#h7Fvhz^%-e2@uH+(Zb_)&UUx>4S0l+N@A$oZ(6M1iL%RybnnR#B^b9 z1H1EEY~E<=W0#Lbb(()V2lX#*Xoz#XWaH%+R#=9fwQ?FcPFTN`9G1MRhQ=!IcdvAE zz%^T8@Gsq%R%tPFa`Ih$8C1aVqYdvV^d1Y1Rxe{rKZFqZJGDPV&z48?SYg7S+aLJ@ zjYWz=^`3OW&>5ch^vPp9;wfV=XZlGvsIVr8*Thl``$r?H4iLyO%CeK@f+Cs=@ZMuJT0jStBVH|wL5)1$=cA`2E7aBl63q|EU9VL7o-FZ()s2YDX$Be6n-F%8KymT20flF8hBDR~w-cKIgwoODv6Yw% zZFTWX9MfU6pm-sakf%yn>&56FFoUZJzw;0XYI9b#7h=a?5#n7zNYwuP-CzbTH16Gg zHUlBm#w~_?k+9%9m0T+r?ycx0$PQ>dB_%oUaqT& z(4YOTp{F1qSJa)2X|`72JFYDlaACa95jYh;AU>BB2b=C^w~KMEV`rlw)qo8=J{;=C#QHUj(XH6%?k)7#P*L;H0}xIs zY_aRwUAIBSa-kQpZa``zLoIX4O9!PzU_ zEjFCWR>@*@@cu?a*xC3~$9x5JtLAZfTBlRsY-uELOGDRuRn65UQ>Am%qIYJ6XX@I_ zB=n?5B%LuLFltl_TKa&!q33yPV`T zTVO-_* zBMH(Mr@cyhpx0pODEn=Or`N=eN%p7hXa*CDo0RJb&uw5WW(v|G?ciSkT7O7k*Tp-$ z`=#{9PnMENW#iC^!WC|K-_Mfw5`>YGOG3wWo=_+-nS{c^PNC4$!vv0Js9hxeQH5u{ z=IgmvKD{(2#2DVK@%?2j;3#ob=x$xHdiAKuHG$2~^|V%^;w1;1;a7Y_3#kbEs}e<^ zs`Zfd)q%^2`pz?r1gv-mn6`sx)5#Rgx=os}2yl#dVr(>zq|?tQ>wco5_=blqrfE89 zoMA|$5eP^vI3CHVVwU89sBF3;+O4Q9k;phjwci>j=R8Bw0y%BUI9{laR-6*QT`haE8Od5Qys z8%`F(`#W{c3%NxTDh-3R_!LvM`uG9V*tsdD76#W?5yPazni z|84vw?vL3RW<_C0q5j1gdE7878;MTkSIF*0H1>sj#EafD2m!k%G$#Tqy*3)+#NOfUq9}%R$mHxAn<~w& zTeie&O_h6^%GgRrTGpUjLeRPD#|1#O{2GSOfmXBlvNO3fAm7K^!y{}HhVnt@BhRI+ zS37}slVs6xNraijt*W^@q5iNsU5f3pD`uDxwb(SjPya}hl7~-Oz82CloRV&_(@oEJ&ZbPzi&na+2#HHfhoumVeBZYz#e+sNpqWJ@W#P z8$}2U$b{HUi|V3d`zP!&<}OsBK1E+847Dg*c#oh&&0Iyd@fWEt;`(l8*M|jIM|>!; zOBh)ek*Kfk94o(?Rs*p~X@aP8{EK_M8}NG)$b;e0o1{j|qe5e7>k!n!a`#i_Hoz@I zgtj_m8h?&kDl+`u8}R4U!1R4O+d|EfL85S}wur9^akDJmIJNy*coWUKq;iN`P&p70 z-&y(%^<|SUZms(IzPXafEnQ<3-S=Z|K$%OfotQmmzNb&}sRe%(eNa)?(79YuT4#$a z6oooL7Tz4RR%U?VTc8o%brkEoP}Q;c&dT26sA^o-0Mps{lx)6W;Bt-R2GVMmImI9% zn}15LlQ6DUy+p0d=7aMdFS+NYg~col`7-$tS{<;^#@f#bSj^MS$RaOWyp7ICAr)loez_@A;5F28o{JotTNnb`$Po{9 zbT3!?2uUCsmCO9v*ooqDj0If1WU-f|eX3KL)?9?}73_+;|Wd1nN87!}fkHzR#K*=VvZCqkbu|0yXhhZ_*v@tR@`tXh~1v*FUk`xUT1OkC;Z; zhc#;L1IdB$iI$}U1r7i`aeNrm?PgxOeuM zWzGb=oipFenQv#yx3lH{0kdUIkc~48GtybP#TnqK|81bnvY}@hck;b1N1%+u=l;}4 z-e0g7)@;Esxa!zMPw(nZ?H6Mz`-2J(l1h{<^fWJE>zT$W@o1}gMBkv#SQ|<@efe^b zFd44Xj4@Lwse=DQ zwr$s$+b-~fJ$FiaHy$!f)vNh;$hc!d35t9fCKfvYP0DgEi(8$0EZ$%@3QJ2GUo}qk zMOJt{>)cR}yH=fNSPDa5$`#ITN)WG5XcxKO){VvvIPRg54<|Jmuc+Vm3~B_9fl!(0e6SucUXLY4EH!=s}!`7X9ci>ePmTj~678 zcgDTe>&=@qjKHoENjhOXqkMVteX21F9FX;ryZ?{X%qtFYh7dP|Tdn*glLs=g`~$c9 z5OsT0IXwRp986~qA5a&aN1X*BHx=Gq4YskR(Oc)klUV><2=lSdt7S+gSiK~>!^6*x zYD?Q*3<1OX#)wsax|Ly`s6zs9_E=fo%Rj*ng}ervU%e?Ut2loT-SX* zFEteEOQdjLoPuNgI47ar$ik&6eyVNlLNJ6hw|1WWfmoYz8=coU{2SUalyr*em3V95 zKBEAwTmWc;1v_2(L}j-P^XZHRe4>876^ec#FqJuIk(5y5tdCn$C=(`U7Y32%uF?G+ z4b=nMJJ|C!w>_Fb-)&DHnf7?#icT5%4yrxn#I5up569*~tF@kTX-0Ddj~dzslV%NG zhK$6t^D9Bh;w6| z3QBN|PPRc6rD?ASzuBOCTmccS>Xe;H-^V{OEcD1M8%Kd+Wx1w_&^BP7s|}3dC8F>G zq99yX2@&~vG=X20O83>yXiuNfD338KRcVB{Qy(c?`KRsppA2YazqsnZp{oBL;w=pu zXkR=CU@)fGT=@r30`H7Gmjd!$;s32G8O~_E85BicC>$a0a)+}dl%}wXVbV0~L z<8_w-%VB-y5Ho$GNLXMQ$Mr*JLNIICliF}b|84h;z0E@PGkTjp71F%ZTJOXwH_mi> zJxM*-3R_lplt?mHjEmhJk&{xL z6eF*8533oeSWJGq=f2%@-|o5p)q8F<#UY3-ugVQ|4oXQ-enHFRc!b#)+$)pbuM@3R zbpL4smcFNy$M!mBwu&;FZx$}O%a1)4d&i8#nVuR8>%l7pOq5xHGDF*9?Q34be1U!! zK~FIF%ff-_OG0vk8{6cVV_78Sy0u>TsB!{_EB$Cn@qV~UzY5XH&6bn&D4?#vvaew?>4K@xZoLS=hoWHd@4{uu`|=Ab#C zU04iiC5L8o`Gk1PPSoV7Uq(UMz)2lSAjPx@ao@%}9GF#Eqi}@7rrmiYy5!;FM{ev# z-2O%0$`3pmCn)bdBr&t@0 zrp?ui7~LO2c%80%F-4aG`Uzjog5gqu(ud0_rm=@8gq;%A)yOA#f@4Fds?@W)6qujm`ST)lvNR z5r&6oO&L2;e_(;T=1QGhJ!Z!J`Hp-S>(W`YOg>ZU(-K4+#&mwj(tkY%0*K|+4&%UP z6~A=3&Rp)#i9m#sR(Syld`2Nab$_VLds;Twm7zcr=c7kA#s=2d48BLJOUte3wWoLt zh64G|m~x&|U6CX-&X~K_M60>QLTqITnqrnG3+i?x)m4%SgLDR~t0?;1g9s^9T={*g zPM!~}=!VrvSAyu=C@gBtmfvh8PfwkzV7$yiU)@Z>`6U87_@9PrSjEsfzvq1|_*58o z1hjR!lefinJ0Xx$+RQGr4uO|ZqfeEv7(s#C`G1_JMkJ0PJ2xZ9ws!;Iib@RFFU9gk z!|*(XeVVR#SOd*@)=ERnew=(u5917vc(u%h*2E02dHeTKZKpb(g@+5$_Xa_w7~)Si zRS$>fkM)ImbnlwQm{(5aWF(=#jJr=+xDNHNVkkLCN_CJ;-1GXhF%$GT%o9~_(MF9tKSGK59x`*z>rouU4v~yF-a^Hpf z^r3ENx-(Ey2M?Sb#3)LGM8tcU`kTcw?*1WK4Ic4N1`+?nr_ciGhRs&{#LEk?t(=ym zsFQZDKrP95Z0EiQ(6uolyKT9mQ?LJ;2!iX`qIPwBdNTAZjSLz+G4+jjp%{Dw| z$bCd2TmG*tD31|8k9IT>|9dYn3*r0X6t9Wzo9@dbTQ&XP{4Kt_v%8%D$OnG^VVxpWP zjv(FVPN>^?v)x0ez;g%1=`I>=v+BE0U5kH73(j>f*N#8}JKs=~ zbNdpZo{=E$Wi4p9nq5i@cD!rkZDzriY?Rzaqsf!oYBY-1+`4|r7IaNz6<#p?I3l|w zG^*dX0D(_BUp7S=zIDz!yBi{!0BL);p4Lr7jA5BUiYFwhro49OR+4)RL=z?i!&*)6 zKigiHYF(E2@(OeNE-RR;xT@YUc&CB014U_RTw$qG>rrIdX2${&Vu8S}jwiX>!FTys zcRkL0DSt>~u31K~0fBUNu+`3#S8CdJ5rP|e=f56dIJ6%=gca$V&H#f@+ zCaPfI-caDdz(--U+qhX|b;8!S6!=>T{4E9kUrT`}1g2o{Ug}ELkuZwaYt}H`K{s+5 zxG+%OxpNq=pzk@`wR>cCEBfCqv1@ooc^Hg0P;N7rA-xukT^}BIL?s$J9Z5t3t!qPr z!9KBNX$k#gF*lR@h-lKng&@Ni+_HJXR!4UwwxoyH!S^?lM#|<$5NfNt^+S%g^&{h` z?t(pxu)IPbEDCZox16n;W&}AfV^%Q8{T5A81^Q56xfVKJfvlF{$tGee+njW1@k(x6 zm3@??I)|;!yRqO(*#%Fv>EJS?M(J$=Ta@RR_1R1`8h$c zvg28WQFxShmzQoOxlwA2>3OkKN&~jbp@aggpH2`(?5MDCBQ?$k|HDq0Ht;{68+q&J zzxDI~oBR1!9fyb1Ymey?#zC&SpBZnSq!~RWn~pLq>zmE%acV%bDZ!#V4aD_X3joqc z#H_D(W+py~_kCiV97`|xbTvwn_5u9h+KfMey#wxpPkIU^gPPZi2OaY)gfR+fhdM9G zjbBpuSsl^&hq>F{qYc?Z0mfO8)5hAjDP9L1~20QFCKdi`?u zXjwuB2TtUbQ=2lES@f7u(qjnbjU_+o_Nz^&)kRKL#yhW8&r~l@{)^RszhyPvvKs$C zXEpva9+m*t`k|_O1+OLk_X*C%R?m;KWX3>$>;qJ`iegW=TM>jyZx zIAI}Z)iJ?MM2H8UJEB^!plfN?pq@)q4gXgOB4c)bWo*#+n_kP zI0|6xEavn=i!xFz=o!r|$Fqf)`jf;ZNX0%x-9c)%j9R@+j|r~4F}=ECfNwq*wTcQb zs>m^BuP|6tbS_2oba@Yn_Yq2q3F_MQGt@Y#bkbLV4lb2B=zki{JYCC!aK>^Hl^&S6 zT{ad9H||RY{@02xu)EGA`{DcIhEZGjy#hc|vYweY|LYd30+#zHHn62H~>&g4>CgzV{}dSg#`H>RXyG`AT`)JxQoSue4t;a4gLWBF1Me((6%EPs zmR<|k?u2cR3piyx0z4gb|?RUNsk5z4`D`4V5Bb)6(_ZimR+5HA!tTUkT*~4g}8d)o!v%cfGWjS zr$;JjxcBAKSq{{#&VyHjyUEy5mtiq6=zeLI!2XB_Eo+F6i*`Ic>$A^e?GtopV6s1M z0u0((1|Khd7V)z)VVb{LQAuD%AS~A`TQH##n~X$O*~$T1a?YdXTt3bvd?$I)GBT}u zCUgBqWH5X3nA|WZTsdk@eO-gyu1eD2l4)@{!YzQ)0il$rkJvn_58iGri z0MISemu!l7f6r>);3*DUv~w0ob9lwuZ6Osyaf+alwHXRZm0({u{62f2rWD5e0o0TS zQ5Cm%uJ;X|7JoJOvHk&e0!um1T$||+DKKmt!0|o}fRVTEQGu2#*YX+~{OTr^k-2rj zo77P>hxugM^iJ~Oo9G1XiE)QAR~Po%G$NhGQ2tZ zqlJZkVw7;)uf15{)*)J>X5ldJ@2*Qd2uc(1dOj-|yz59Po#Y%!s~gMl4)Lu;<21{W zTf+N18}>8HPTkF^~-*uF64&I3@WQ$;wd zHW(K-DPlPD0vFw0#ayyaZcNh*Ew+Hyq_2a#<|gA3cn#e7#a~-LBr`h=i6a9_OOp3X zNwvRT1$+rw>S3a|%SGmM1er>}a^R&=+sx_?Z0A%RDuL|K&$J_^ zKP?#*QBh|JYeRQz;hq4|Z(UPcbSyoP@Hpehz$M|#TQ0L4)|%G^jvA*S|yxb9#!2!ZBK?z*45nhO#{&)m`cmnQd{=@BTkLz?r_=BXq?A& z+R_4^cSa_w$_kfY9#>lM)?Z)atwm8f!CSobE#CSTZ~gy{xBjO_rd8u5p;wxA#K$~f znV3kAh(;T;(rZ#Ton`?{oj|49a~CCbP*uDmY0-4MBk~`hQtw94PQ9+yie`}~Ikdrz zt9C@WwK6v*oIQ3nWT4e{Ir%b#rtv64<;mq zm8f;~DizsyWjoBl(K+)ksyqn)^2ML=C8SRvlNQ~wQh$a5g2o`1xQKP49Z8thGUL_Q z3oR6J^{eV54Q}x^N)paK%?=(1ux?d%dTv84&se%(`>C^v6MA#iiukMHxqcGrcV=}E zjnj=KJ!ITj%L;+kj6_2$33g@KNaFP(NA2%waN1kz{B6wgZOrn&AZGcWLE*288(yWb zJETfoF4(lDkZ1=#}&KaGz$9_G`FLk1+Ri%iswV({XG|qXn$G z100K#kY~2MQn|q6dcLSPNWNivOG;%BqRj1uJ2xNVm^WBnFvsY>R=p$^aA&syEhh4;q zaAyoX;`Bz2X;oc^(_7)X!E4P3aWoa`k>Ax<8%nB^o-B5^2<>c0=M8^! zaRHWQ4uQ_IaS`6+dE~N-72g4jvlMjBcaX8h4u_|$?s61)1tCckmK^gD;UDL2{M=A7 z*4gScQ`<6r5!(bNowji1#05`RKo-$RQd0{{Yh;_9J2@Y#gRg=rs*O=r%@$a z5UQ@dcM(nGh_>Ca8N-)jF{I>W7J%D*!j(AOEEq1@;$kz>&o>w?5U8asAT94Qyn6ZD zkk?HYA{HRYJIPY`@FdDoCrAMy-qdIs)^o4tx8&(?p|4{(Z*G8@37o9?sEp4iE<=w! z_K)WMP}8PO+E$12!?Zg=^uGt$7-qHaK>DJL!OI!Tay);&U~J})e@mqcwUr0|xsnMe zgH>w0k`NT1x(x^g-gZ9F9UhYAnq^Y)KIK5HUZf-9l+UcJ&6{BCb-DrK!)k+U^c z72HQmY2`-(8wn|5hPN!v98AX7@hVLkO5u1V)D0sFp!=iShswyt5$W3VmPb~7#ZiuT zKLW+6Z9@vZ0hZ(hzA_)qr}!h?yBH&Dc3LzzdOu=dZ!8ntG5^##?%*^s)KPyI0!5JB zTb`Y$<1t%93(^<)PK1*M9OQtS5=3fJik3YpF*d`i3wAgdV$cUy8zeXr&D@bs1P}D=oY|+c6n9i7rS>zTI?636{o6o~KeF># zk7`y=mDcbSYftuy&r}R%-ew?g`1B}D>WUr4>ACMle()LH!pu7jognZ5kraoKmC+DR zK}g71{*Qv9pY{>l;b$(4JJ}YB>b5obi(u*mhX~9}XdHxoRCUsy)5E7`^OD_MAkuPw zf3jCyKwuZWRlYF5xpY4$Fci$E<$Gr@I&B^NUob!A@B86i+Jn(YRTun)gYn)n{Q3zC1{`CIv()Z@vM7)5BA*#!MMKj z!HQYeV?&r}Ul+W8<9KnPa%ZK7)c$PWL37=w9~}6bi|$DCgr%8?slSsjH*4x!`;CGn z-!_(VJ3dMf&uket^(IwH3rjpj21uf$VANF!jDVTPF3t5@WY2by(5TfpZUzB2+b~c_Hgcr5O6ZbxcEFsvsha*FERld-ef5z!adkd` z%VL|G#P)8gi810XMcD-1Ci-KOb^@9!YB78E8V%wdT2CvT+^e@^?fc`BEx8H%(zWyI z^YwK64EXGz`n?94dL!tkfhFfuE+`JiHk}0jvJM#14!J-Qe8HgZTnO5*l8jfBN$yWU z@*sGFR;}Mn^6I3YQGz~5Fj^3MZio6e>I%XBQuy_nZBC9K8UfL>NOAvHw-E0#i5)Xf zfi0(XEWWC%6H~}8AL>OaVM;P&KMBQtp8()QhJqw@6m2n93VCpbo6hC>x6=toiIWi&q0<~$a6 ztB6h*E<5X2D*EwFAgePRq= z7NLaxDU@TZDMW6k3E+)QJHk;kDO?d2p`;Z1I;JVng%+XgJAfN_Ba|!;#(Vm4~KYD5akbuxkCly7t@Pk@gE8mBT@U zHz_r>HC-EN)@w3JI{5zWHVL`gPj_ZVxAy4;T@S+Y3Wj{-%3^fYiox<*CbKECp9LmX#Pm)Jy7U!Dzd zTz9)gCQUl-Ye=BxKw=D28YM^lrO*iN>b=O!D;$N{>G3E_YlM^75%Qe5OS_Y6<(cs~ zZGig3B3Sx`U{FCmcayWHVm6drMKOh+zPo>H0b0CBUdfCB?6`_X5JzwVLdH1E_u#$)L;D(>ns`az7W788VF%&q(?lz{&V+Tr-n zxX-Zh(tzX02^;0VG)(bU!`^C`CF%24!~Qol4BwhAF_4*~ml#>#M7*Ky51tMD_1px=2tq6i7Xm3doh!4WJ+f1 z$eb0QUMA2iQ~yQS(z1Qr)wR{VHFeoaGF$JM2SF1M>z{Sf`MKMVBN^jgexr^8d8f_))aQ02~6|JT=ItW z$Aqc)^)u7t=MwUJ;~pD7uX1Pht@o@x#|AfzVcoCaab9KuqhdxP-7m!Iox6MoSF8Ja z?vo=1iUD!Svrn5jc<|y0X~AuuzD%!`@OxIpV?I_vX#?{1*>>4%=>~U8UJF1}{^p#G zcwfI-vZd@uJVbou+S_t(aFAa+=?aV3N1;^;W*#%9s3qcLc*H z*QcwTNp|YdQTkF_v+-}F>|Sz z9i;7T$>e(TAP)Pn5Xb!kx!6E4F7YfbeqAJTRDGq^Z(46lBCaQV`s!fDaoRg>9Q6mc z(?8wgW=*yc*}HKTTY1Y1A(Da#&=Jdb5=lqHb^(|4zu0@%ucq&`-@mO^YCX`_@qnDB zV@IZB4eLvajUcYs(y?o;G571Ap?{&T3uUAs|X)pA42l_kg z`D2^1qYcjdcXRW7B{#;rE8;6P5g+*m#_qfg4P^Azcstjk?jl#5%zAE{oeoUZYuZKv5#%&^t6 zmtKk^tzf2XO8bDc3-Prn*bg%ZP>C&qnPtzyK)RKzzRebtX4MUi+H{Qe*FovlU`FpV zkZzThTGFlJGniD6ZZ*T8bgLLjx4QRWm;jYHltCC~iCw1fGck7?dRR~HT+9ck#4>W@ zx9b3AHc-G-c965`)i;j|VupMcQHex9A-p@MUVv={sKjy$DzPsH8bN+q5{IiBje3}fQf@tLQI@YluGBWRHW3R1$n`OV8dnC^MU#kgTaR# zg|`DGiVSZKKcG@=S-nw3TQL95VMSWMUcE7NtEY|QrC{}DqgV^`Qt~aUw{??IY_ur< zGnRT5KiM2b1!!5dPycR@sIj4rA#TFW*?ir2MORN4KC-rS!%k(#ck5X8$0)GKrx)w> zN0cf2kqG?j)tj_*QyvbvZ*XnoBa6cZT_gspw-FsK`zFk-;mW~vof5*4ai&^1ytI0w z9CT}r7U||d?>Z$eYPV~9`8W;bUw%-Cu2chu4V)~nIBY`Qrtwaj`p=1Bt1~g5pBxDz z#$g7j>os~nN(`$M08-*bui4--{a1;(n7ou)K$eYoJi5kW0mC7L77G~T?WB4&WC3H@ zdFrM=FAC2yuV2$&XTDs%NS0j}DIR@IN@VdZq{LHx^#X{LxO463Abg1|8)YHOM$~u# zvMjN9U6Io^Y%gR1Gf|~B7P4$2ASEU(k`l|{wq)^{ab^xK9n;RCan$iasgvU3=BaNL zh$M)VxH`vR2ayuJkFi2xg=LMh(u<@s0oDmA0b2gC{AV?Ql&H?=3=6ZikP^Lc?;XOb z0Vz@Vj(vYk1P%r)V4lDN7Sm=S%jONV~VVlVmk7GDpEP}N;={dA{{bZy-av9)zNHKT={HjQba&xstj_s(j0=ootH2j>mj zC*Nf|rp1vah23)Jf2C>klj>vEx!AOM*<|C)U{&u7cWOw!(3U)^T2|CDYSe{O`U9|8 z-3VR^&iG(vqKVh4y9xz;v(DcNiS`;M-ZO7&m-dPX9X`Jl z0RK6_7)$q`7+JZnrg&-mnt&C$Z4(=hl))n5QDdde*R9&m=l@Dixf|ggn-W*vFvuVM zI6`17FR$(LUiM#%V3>u~=iUEv0(%KfV8-(wDl1^~-^8OJGB#(V493`kO(CoRy;BPr zTRg_D0Ay@;hJ}pn))gEM$k+?}0U0|FB4dxNF?2Fidro*3(u}3L7Lt8^!RRi-xwzt6 z!-x_xgC5s+L3l@*gVT6b(hHg15jR=KJcVt>Agr#B)`k=6e_>7?gN=!58M7@(=y+Bz zwd?ADn1K*J3q!{P~T?yu%EyMd;C%}Il zeIRXS8mg`i6BAu*rZ^da8l2R4x-9nKwNk$iyXv&|0Ep>j-aUl#mgp+;A=S+P=qY# zSkM~zfXd`R$Aazt0dRQRC@LcD3ttZ`@3zuH@e*Fh$IreJ7xr(5S;U2TSD90gxbTXv zSBh|n;%0E!oS?D6QOXWf=#0U48Ip?GnmKwKEMC@zc=UZlHiHYo>t`a7q~ z73CZX5EtSjCrN!Z!Z08%bZr=fTf~I|ap{I09OJ$_<73BsATFdG@|n7EH(m|Ih2AF< zQIbV*p}_7@M*$=*Wc}SgxxBMyKR6Z$z_H+%h2n+V>N%DNC|>S>;?)cT6tAqoigJ=Z z*gFU89u=d%9;sY_7tfB1A_UZdOZFu>7#VHEm_8$K#kekLF}kMqqD>xeS$?Hjh~_PY!9! zNiEW2yv&Dz>+3oaPu87nEQ*wF!afbHGsTkL9X&r(=@P!(5FU0TcY)hJ)QWPs;XbeL zpKR;pR?f|)#S&9Sw_sXY51}(QB@JGsYyU+0K{EQ%{KD9*9;)hglFyfq>M|JFlk_1_ z54xTbyU;e7>B8gAbt99bjpMx>7&-=gu`XQK9$}v}Xccp^xwmG_DgER9YQ~pMOySPS zcim|)mul@_KILJXnA=jZG?Pp2sVw*P1(n}+)B)^r~;evcF%S# z#J6!;CtA0EP38UXoAdJSmk0BLgIvN*kBi|vuZp*w)-El+W_u38r&fj;{cIkS7v)#6D8I z&^6a2QM-g~5_=fGvy7rx#19HbYB0nX5@VT-E>gOPAM7k$#1BSX!T32URMxGx+~Zg9 zX(5gkZ_~NSt;H>ysqoHwKo^Kf1-igeZ3%Zi!t4_$Y4L=$cq-AZ5fjbm44*4w^5E&w zSxOuxx3gGmw)BWtgu(rh@jt5GiH2ZI4^Qm2(B=HR6Uv3kxdX0K`o$K-^G6Voy|^yn^#v)A?Ld9|_O4k(LI$ z?hzHN--1(PF7tGQ7w>Wn(p zfE4lD*gb|g56}m{@<%d64$st++hKu*d;U!s9^6|N!i_)?3=wW3-1-EPForqu2@P zgEx;)(k%2rOjOV+b&cp{f#^r;RzM#Veo9N(cgWKK=z~;O4nw&}AH=LZKGq7+2ZMj! z;v+d1a~BY96o7EE!*b;G%(2t)!I857961N`z>(8GJ{W~Cl~TXV$bUMO@Uo<9fp!?2 zonVRp?c=qgW*9bb>q~5O;9g6OsIvgnh{k0;phkp=Dt8cIg5+xnP>rYt)QH9|*R1Lp zNnB!e<>i`SO5a2o{DdCnAWi;wd{7*(dFb83o4K-Z+&I9VZ_=V4w#YA>6l;&@J5Y!V zivHveNBd{Qwc5AiT2|7Z?nP9qDw)!7^un_z0OswWnr-K}-^fKK)tW+HY((%S*JPm% z^FM{dnp@lzPVP5QYT6FKF7$MgcgW0#dLJB|S!G%-h>?bpXSl=`$^2aF&=z_vmsq1Z zRre?33~Fqnevmg~B{y8i?N(U$K0F*4w#eGF`h^Ah zk4P7}<9Ghneq`bxk;B{p_cjfJrvoNmCq=lSNv5X{(3{fg=ayG%KaE}GxaDcVjk&X& zjK6&!MAm0-Sk^2eYhIvsb`IdUOf2h{OD%~UJ88< zv23gBJS4~Cho?V)DM%>j?D)1*9R@!TKQJ9H_{PQ((MWol^8|LDm3Hx=?J-4NiDy0N zWLsNW+Q^oXj5$C~?R@og3Ew;m)4Lm*gcIVW%Lte=ccna8=`P#|5wI$qxj5)~=f z6f<+@jU*lqOk-)kkp>JPJdqjLKYNyUV^4OYjXH~+fUdz+^=x*jwMUAa=>nd~4cU7| zo5g=}-d~uL!W|3Q03)OK+wZhpI%ay9xhT=mL>4uG{$)$ln)Rth<8z(3D;9dn-+On8?Is zxf>N;`vnw-6T=kESP6p*>$_km4G0YYWm%hDg%&s6+LVgqh*-UFSMo_E1?2`#5Dp8U zL2fz~#)f(ovNLSo@F5l1{YFwfGB7X zLPWt}h$twFrE?)WGi)qR7{cRA`Z;-Pal#F`nR&U*3OfSs9R5rw)JEZLdQY561aI`b{hX+Oa?orjdZd;3@$nV$II zLY9*)C|xN>_}6SV)8?M(W(S8qs;>D&}CS&lN-%9i|@N?JcV1%?2Hq z#0O!Dg=yQEYMd#+%y0>Yj|P`vpgrLgnLPs?xYf69~+jzq0!tyM~z zotXH5@2hJ-ZM(1ZwF5-VYKg=p0S8D$NOkF2s&1~_#HSEt~_#|SIaC|#vrBN@pFv# z6Me!yBAEiP=iw)1&5!qUDu`(N8b3HuR0}d?`Wa74rVJ-~E}?#XffX#=wTJd$=B*^v z6YABZpt^1#XU2=XfSlQOYy?x;<=YuXJ3Tz=pc}dQVUhcy0>tQJQGk@L=rPtp3XssniYkU8_;G)-ZX2I@7IkSz?%OYp?_yugB7F*k;mezLO&=|#G zLVYKILc3R&3MoL;NkEbVwYIx~oVjOF&RnTKHxpcVpBEsorybA`)U_?ay5?g=TZL9M zQx7C(hV7T(AUU(?gJlrB@9^-$!pIZau z%*a&<7Zmxetv~@XSVxg@zOb~mG1m%dP-`0oTH8KT<9pQq+^Kwqp;y8#9bA_}TYKz? zsTU|f(9y#^Kml^gD`i;Kyxdf#YW6EiU&r(!;zXBnqy?C#ivDx0q6Q;Bvgb1OXCVguwjag(py93uyMCwxk$DdDbWIB*S1P$5`qclAW+Q~cEdF`Z2{d8dCK4+Kg z-1lSB-Mfl@xIcD+MCi_5n0z?duwZ@|Kd-fIxx&L&^vpkK9nvw8M`bfz4MY9MmYH5Q zPu}OH5sl9=f?QkqU;m1}Z9E(9Cx24Fk+)JdHc4_2X^Fel{Y3`SWpBj4$b!Ic3_G#v z`g!pEYKu%*NM4`_wJlXyy$?4wwnS@e>9XNoyPlJ&4_kW=Ie3FFL;M}wb~b5Gu1-vr5FzK3wbX!C&xM?aD!QQH7%NSySt^399K7@pL^<(xgbN5 z7c^O(WW&@Q_xaC<={-Jipu68y?iV-`PON@h%8q#6_xq$p5O)OUI9uPfayyQk+TR+} zH#rcR-kjI&%co3*h2blcR!}BrqDw88+FL+03Pb|&vppXNZV;{(%-gKMo}*5c{6{>Z z5H<<4Z>KSHZ-Y@DsEd-?j$wlQWs}pZ0S*!ksf$WQ*wa8=6cc1o7e)QXst4+#`8-Hn zqy*}sHd{3d1+;JRe(zAJ*Yq?QehvMv@m6mA z7T5&ykP>iEr)O*Y`FZ*MPwrhBkK%6AqYQZ55(iaqFMqIVj6f!BYpknw%e#3Nl_+Fv z0elN)ND_ceI3O_=*hKl}+1hm(v3r#^7aL)>U8l>r)v!syu=qaGLI-=;!1P56qTZ8^fe`iiqHnyzlORNWa2AC?xZTd=&tJY6DSN!k{89kb&Tx?6rpuEd)aN^M^z<91wXUw56Y zfe`g(fjUEet?Qd44luoO7ENzr+8Sik9=)WwrhzpYCJamR1g1A-$Dr{6j?RHhZx@@1 zYa!DcwJdl?wIb*wHpmyT2bkV`ijs$S92n{WrnjWV@$&L?i|LK(d7;=n37Fn6-)2pO zvTE`GqMiZ}_3V+!7jgE(`{O%cfw9JzyC-IIFf?kTee>xs<2WmEEBH7UwjXCiE)f5% z>twW2yaA&Au#>P3p7%Ac65cst!JuNxz2Yi}Q>%?Wl(HIv2R%5`dj!Iu4g(A-!+CgT zY+*Ohx{2@!uXWdfwT%CN|g7(`tSX&_0EYrQaRj5qjVS{kmn z4t_{K+j+#*MOH^roJuk3M`t2mNOMck>+Lx5bsmUsoq#upAWwa$y_61K#0npG#FHJo zPm}fEbqmh$Glen4IrpwY|9R@vkBZ(FY5?6+b9tX*+}B)mu@vx$8~41!F*E{fGR+v4oS zqquaRU>}%=3A3s0K3>4cm#>P+UikCO*Q5t}R)*lIW5&^3s@Cc!&NXGMx#tTkHP}9- zr5$#!y&)w9{$L#|h9dq93k1iIK_gZLS0U4r0LB}Yuh$>yKi5w>6+j2G)Zww>s_BB9ilwsq!YjurcnK?kF_bu+U| zi4_Z{61Wr?i^5W`Ke>WF{^Tj^9)bqc8A6++#5`)G)S}MtV)zSw*@_W440tc8GlG;h zBU7EhK%D^-*heIY^DOF&t%H&nZi(CZ2&qmvm?QB5Mzx-lN2g=OuML#S&eN4OkbyFI zN2s{?U8e}|Di2J@k84s@4Dr;>Hed{WtWD^qjKeXFg z1e6LA%_5)-TBasRApvECXZ+acr2yV;lk?_BDW>&di$b-n9i{EB8910c3j?P)gG7ZG zIAL}#nu%G9LN&2PsK$@S2UsT?{_PYHcvw~s2`CNT9GFF@rUDEc^&$f>&LEwC!cM zlVYv#ZW266I#fD4Sav8!u}qk%h8Q?DTQ!~#11G5}qOy;6ER!3&#`v7#FfvIQ$YTQr z4i+$QY*?IH2MYrSKm5U6Sr1^~(BJiXglip+00PQ*bbv;B+agqhH6Ij0LbW^~RHFf* zTGA)E_#u|CEAR2WOFn_=WhG_}5KuDr;?zJu`4!b?N`LA*vl#s7SQ>m` zRBYAoSU)MkP5rY3m^1Q#IitM%Cg(wB44V``qD;M4kWzzWAxD(SW_VwSUAX(>bZ$Pac)n5%pLu+@j>#DekVEO zua4C1^m%_pixo1p9xRhinX76rvR@th)QwhO?kJKwAd(dchLthoXB}vKX;xt0%<@{N z2O4X7;>;YlGkSw47we$OeZ_1mh<6!T1@h~^xF)#PmrQSJa+;7KzSX`nvrSm(fS2|qI1*Y6GTqp3vW zT=+u!5Tn<8en@6EWCkV;@mO+Du>Dq@H1&E14fVks@EUv8B^0X1k$xGaY<7 zwGP1+Mg)`J21-L>coXfszQ&>h(#_bBI+9WJ3#JfJ-*`+}m^g7Y5YMRgT8>cegMX#>*GPa3c?!e;xJb;rA92Bn~@Wm7p3jlh?L+ zy>hNZY*R^dd$SgQbJ2Tq(OZf7A9&G2XLB{p&1FLa1M`!asD)(X3-PXqpFOC zD3W34!X_gYYxX5i{JeH1`)if!KmVVffj+32$G&0#yvanp$wd9Xl8LHwn9U+5{ieMh z>yF(SZWi!@=Y=k2Nef5g<6du!uKVOc!7j;ryz*($g7P6)Bc->P5FnyCO`QI&yFq&} z+J#Eb3dDL#Q!m^4`;ZCUZsdP9T@7z`dVrlbf|H&aY>Tw2dJc0NczPV4w%7Gt)Sn_< zwqY-K1W)8b58wf2XCu1-*Q?R#V%A1E z%}l&+E}Q6m(1oL43O+B4c>dt`aYucC>Q*!PHQ}pudYG_de8o-|0sbb%6aJX**(*AN zB4Qq_)C5zjDIQ=i^0i+R{%DcVe)5!--#1P_KG7)lWJYFzd2IfC-+ArZ-NM~oThf4| zE3wh>D>Z~^z-{E>Bk+Se0)+t6ps-*XLd-#WfN6-ZU>Yj?yp;gcpr%8Z1{Q>A;P!(C zCvbFOI$-olavrlG31&Y`+p*KF130>{I@nsuL`_0!ygIB%kDJCft;QufD?Aq+T`+>W zlQxYfNBMC>k`^6ZdzTztodbDoO(`Z{+(;(nZB~&u{oDhL3mP|8;fD#_TT-;y7~Grk z%igHENG2~BDQwrp3;6MZT2zJ&sbb?6;qBSv4XL#VOi$x075=p85;~h$Tw9l2Pg-9_fA(bLxd;&+!;ChGG)zI@U?4|5l@~{ zOu>Ii`f8m;pE~7Li5}YK$D|Vd>O+iS2Pu! z;9ohGb15(Jw4u%`K9is?!Lz;K<67KZNS``fa*OHx@I4HRcKnRbmd(DJt}EVKG^NRG zpy(Pa!QXBF*}bDp7+INK!SQL~x5LNUT(<;Z?^!s=Qz;uD4s!6C>M49K;2`G@JuNPB z@-jagXP$Xap+Y5aA6-hS9nAZR74TZoMLB)fqUeH6;?aFq;x)-^py;YuQgo?0Cs=+b)2I}0p8}b#2cOFt z%V7r`pjrDEY9K{d#LYT|MbXunFZzxcr8}!8iMHlWeMg|mJT%hQ}@YQ34MMYPh z?@a;@Qgm$?c~9t8Pylg|Q#`pzS9ZF9@QdIRfB4k$TusEbyU3K`&a*vNL&evHh$zfQ zgxY3Tn&U16qUg?iM*38qsQNq_ z5=E=4AJ^8NP`~5;e*z|CNPK%+YP5bWqs_+2#%|=%`C-vQk}<7bkKEBauSMF^C#UHd zfsvbOU4KctT+3F$luvIzSvuTDS;H< z-KuRqbCVW;=iWVr zV!eaD+`Yd3r!-&V=61dNH!Q6aWy1Xzee9)RZ0pYtg|F8?y3#kTl{c-GH?5Vx>i>zY z6~f3qYzEWWE*wSBJmj<}7G~4J>gQC*P;{D!C|4qz_Ps^zxxaO)HP%|=(h?QU;mwV# zvc6GZXhQuoFQ=>Dbw~eF1Cu>X8J#Jft}C8C&`|Dqe$0i!*|_WfAGen{W>?ZYNPyJwrvZBya4vf z(2P@*dX^N~ZEBKSqh-2FlRH)5UPwEyVNv;_rNcH_Pn=5_@eftWY(b+Hz`Y<#7nP#9>`@(MC+OZA#2qPb)y_L4p_&%VS#AEB8 z>+7|j-r<3FX9UoiqPC>P)=eiS%^CW&?-*L-y&Gh+g9|&ulZkT`wuT0J>|Yi#oFb^3 zT`?oYt!FZUS4Tqv9DpiNO*4KodP_ha?rgPt^r9UW#Fydt@gUmc8GE~%y*qGz`&foo zd=vgAh&T`zlhVHd1i;OdXE`XSn&w1)3(-e98kYGc+w&&d^CsK#-<9ogf&Y|=gKu6C zF8F85>=(kuL7O#gp}U1+m?x!7^f|YfuSjlac%b~jrPp!hCUmA2j|CqZcUIBJD~a)w(|Ha&)Y`9W>3r z{oG&G`;kbVhmN&HVBC#=V%y3!*<%Ug*@1lmhN9>05T%{#1%hqm0{hTNb27r%3w5wd5t zH9?R7VufSlQaYw&GqJ*wD&+nFK4Sbog`L&H4$7v=|BMxmK(WFJs~7NOw^Nu7OWfJ< zP2BlS-1$x1`3UC!D(>vqmlQ7D`qneEK36y`i}fS> z%T{I+BTgSV*mJg|;I8fFUB|B#pC1Ps?)g+ZM3y!`jwU?sZ0h=eVN-uXtS<-CR2L%lk=epiy1}wqgRz3!T(o?9{LFs6Z*S1gvsGTMCb7*UE0*Bnq;!uB)M&t~RWc3O7cmXx6 z2r=e$^7~FsF3xeWcIF^8LImy%2Ag29*EtF+B zlI;LTviM9vzJ<_hv4xgvODaLjzb6pY(#d+(sSI@`Of-jN)LnjU3(fs6Y@uNV^%0OQ zR6~X6Bu_j6o#b_aBe)f!lY|16Imu9|Un+2nTM8T@Ui(um1rEVdfdc|6F>HtwI0RIJ zSmykZAm#5#X|(HZ6Pfd)BjC}JKVHeO zVFrNc9od+4U~5oUGc6e)dhwbg%5!+aQ8^}X3DFyd`R+sgFyZ@KaoJGKe@9Gq9d|(L z^V`@_R2kfYCm~b@5qEmGa7%rtpuqtj=vZuUbkd1S4UX<`%&P`RqNk*?S%@#Zf&MU=m)d7u)ye53r;81}EM@{LvqOIGo zQi!NDrIKdI|62JrmIWFdti=XLxzv_i4s@Y^Rs2C08dkK`U`3mvK*clX{jyZ3c!tG- z;+d4aISLfdY7n4!hIj(gfZ|yXD4xM1FnBkL1O@Mp6nZWe&v@@ATrh>`%0Th#6pte7 z{#m{cd`G~W@1tMoLhBZFp_1!DFNyw>#{8$|gqMe@GK(&hZ_$M+2S))DnV%GWV6o>P zZ0Y#}U8oG`Ld$_JG-yc|3ibTO>v0>Z+ZJ`9Yc0A^@Glh7g$`K>&R*Akl5ceVMgHj- zd12R17oPW8mU*Z@o@6&VG!&l6MA}?Gzl`PB(QRhW zZ_G{4Msj>e3oQ3^o@rXwFW-pu>+M#JH7*nTA;=d-k|$b4O12f^_OvG3@!)LBf^@1O za2_xRFyU#{_NS)4^&tIV2PUZ9tCLT3v*LbMbw0H_CohhUMP07po2q%s3`u=l&087} z&Hi&2yYX$dliX~>`&gzOKs6RI9qkYf;qvWDJvr4sVfk~!W-CRNQ}vod>#}%ge2H}_u&^#M^Y5Q`*XvUb;nE(cX00CD%GXq(0c@On@^S6C?B1U# z7TEaqNC^Oz7<{AvSTb$_mPp176_P@fWD&F!^&6uWbkXLnzv`kLv=y*|Ko_mTA8xJz zY`CzQ@}dR`tLe@~H_1UA5txsi>RiI86dXoUoLwt8dR(s_>RDvNar_P3{G58dMhDn% zr4}|^83C~2Dia8Mh(7Sym)O*DYwlI}*WyyB^brh|K0*swTP+pZ5;dsMf`fkVGHy2Z1u*}S}!7{^K?WBo(vuQqnHkzIr-y9h*_3{zXUq?6Mq&E z6@WH=EKabi5cir`5;O(T#wB5J@7`3%%U~gv5G}-#8*2}RTZkpBMPkViL|Te$biiao zq$Rwl))7`K`n`-+j>_QI_d3O|h{SCAz~DG*zPe zW9#FX#0)yLvrocuE?rNoaDqCt{~s>{&f;abz^y?ahrA5Fnvg5qTd>SzcX06+Tf7Va zH;yh7(OUlKWmrU(=oRQCWQkr9{0do;KQf);$-VvYIGZ*?vf#$sZ$%{blKu-X!vG~f zmikM&i{&eUp$PC$p-J2C^>Xc2+&r6@p$3kw8vI3}RO!LGG{+J~SL ze(CR z9vyn=eU5e026`6%R@KA<{U*CpDIRMn#yxDFaYmH*QYG?uds*Yg^u8I+!pv`v8VXQY z>)wU5aL4(1gUoJc<7atkx?Uu5t^=q`=aeTKpZ7I=vbGWK@UB%i4MC1go}cLV_yJ~J z8I2mfQ+w4!O0!aH9uRxqmSKdA{yF56q|ZU>qqjhTyKJjz?RJPQT#r3rXYw>ho=9~B zFPt;ps&U;uW3{@WMb&$^C@?v{8=IBwV%7mm)-m~~*uW;?tj8Q2@o0MDYo8TY)1G#v z{gQ?K;mfsQ;?lDp*|zN1R%PQ@b6xCENmZY@f9Khi;E4(XtMlR-WS?H({=k;v&Nv2E=eD3OOPpH){uzO~ zEao5w!dEJOm$TOd@p8Ei+*-7ymlj$WCIT&g1@m>wzblqj3AOy;W1~WlNzyz@g4+*M z;5*$)YqCmu89*J=pE^1=Nb%+bq;}vN-)AMcC=iR8BzUbxM47HkWBPMLFpHTa5y&Jl z@3a?o%17Ip$Vy!5Napz4tO$z`Ap{5!hBi~(EKnsB9zc~swS{XxZzS&kL{=MeU zJ#k8JMqGs*U56&>{(Wp}JRhq0i-n#i^q}Sse)Vh1iw360>dLMEU__ABssUB0%|)HR zzx1~pxE7)+$r$2JFaR$(`v6s`R^x{AeEE~Qc3NH1vMa*MC1#`B0ZQ)!Xpt4x0Fg+Kl0um?Ck8%nilQsC%Ka#l|+D2 zNkg4yDOW?wo$2^;;Er*-YH`PKff6AKC=u=^pHPUK+p!0>-qdvEFX7M)ZOUV-!el7u)Y&xPelEi zg%R+_ys)LAP-1P(n??E{=lCv2Ptr`LzkHL_<6rJ;?;9Ui`O80Fb4>rdTa_5cthEeL zdy~FN@(7GJeQg(On$RYn7*LQNWWqx;imJ8qLtn;7c(fQ+4Y3tWP1j`KT3I*p4$J@E z-LH~swRe!PwHz}@4qVqBW@ED(VtO}uIQF-;_f!>9%rgxaRd!JOZgH?~rxFY%dR0KZi&6xCNOaf%LH)GO&!Nlu>mKFvHnQ5p9j6M>lh$q5PH?BaF* zk~f82s6v2|$ZUVK=WX&aA6v)3*~++T)o5}{HtUXr_gU=*S+8blxx0@8IwL#TE;Sb= zKWS&yb>#J)gyy4otKp`r@$bz&@p!K9_xQ;?C0A~=wsthnc~H!Uv_Dvpss1(?$POyWawGSxiq%&?#0UcfF&{-7setp zO40S=ORU6&v8O929yclQv7nx4oo69o*x`kccKP&z3?cf@Rg`(f1BH9k9V>Pd_A855 z55J)jvPBVTYG8}fTWnELI%21?jiFp5PP%m+2?M0u`G374<=$JP2!=?xorSddPyiFz zNs_c57j(-1-H@-mH_IhF`F5Qww>&^l!%}wmhha*05e@O`MVN@R(1dRNGTdY!0GLRS z1tt;%RyI>1UhsT4%^`K1jgSDCh{LWZF$DK6h2Y-hZNZDJ{UcCoA25)_fPrKh1scI1 zPa@UX&l(YYu zFgM$3Ug@Hc3?r1-R+iJKntCx}Nf*V1bW!Mi>BUToE~;};7Znd7C*4kFv-~0CWNoAr zASWY#N99VK{UUlb>pai9^;e=?D&2(TMu5tVG*h-j1OilU>7`O7VH=n}UW@f0y0@xq zNvv1i{CH8U7h0(1Mp8j-KWc7#skVPlxqsIqStxVY9yJ6(Dtn^3%0|@{00@$@q_PN# zYy%QPr0_JRCii*~uA{KfpVGDHi!$L{mV8kr<@Q&;r~?VJ%@lOo2l``y3H6r9_UKnI z4z@mseyV?Z%xC;gktMPXpR5eGM79H*G>8`sN)XwudF6{rB|PxX#Se6RK2&C5PS$e^ z;_84{FZvH+y-H$(&~3AlGf3%|O_!U>S>u3}3veRy4{$UVgcJF`nPUy%L{tz?#1wQg z8sJ1E04LG|a3b&nLll4$VK5K& zXmyc3R2B4}+&Ue_Bri;Kw)7(ENai$al25B@7vj6=*{^IJ=;4Fkx{Ei;m#+zoHJ$G@ z4o-M4%v+_W&8S8FJR=?HMKYmij)>XeLe&R7GrQWOml@KJBY2tyZoAojMEw>ffVY<> z)3<5mU$Vn(sS`g)hra19l)ufEfYBpSJr382xXb2jy%EEviRKx00*S9F4EOL!owQ9? z1TLs%-fIufeX1XS+nYJj&r0`RuV$HAO5{HbLDcKZbmcxQFhEae~^XFZAud{U8yrH|bmp8uv> zXZ@XfqwP8FGxD;&se;NE=eyhh`ArK6537dk8f^ga{lkiFtXER0|@ci{Y>T zWh+rclUooWm7`HXN{4$>vKjzf3!=dIBcZSAA#@Q50KhJj|cyg1Fom2?_9RE6IWn zSw(6TFd4=~s_70m&xR)n&4`&2c#1ilh`WK7DH3wtYB5|zk$IuN|_J%Q;5 zM5C$y)&&E05e%@4*a0+h)b58QiFgSTQVBsq1g-Ev^RMjTvEykGZi1i1OOTM5Fjovf zuAPIBYs#c1joNquiG=qEqCD{NZVLne?CMtL4SY5Ib6r)=`sud^Gu z{hNA{Z+Gi8b}q)=x5O!{oU7a%-qnRM_QGBS**3q~How_60~g8vfNk^r z{_HV%)ZE+VF%?GsWpuASSmC&XMM=0LnrAG~e)vmoC*tz-*qF(8?$n4wHoxh|`Pc@h zYN=zasb6L=ou$j|H(@)CJN4X9Znp5xrP!fu#NOHh<%UVgXX&ntC%rLNz={d3WqZ51 zEpM~at+T+-Pi&4K z9`xRxA{ohuxm#z~HH|Lwmc|M6?YA`_asp-FYCmT$a}1x2obxuF@@Z2k8k=s+PtH7j z5pJhsW*60(S=tZpBH`5-U!2eQUfOS70TjnIleX{v)ca>;;dG-l$Ih%DPZ|5H9QJVf z>jOubfPL*|7e21s<%uKwkjLU3Lxq*80Q))uVqbT}>zCNq7|VKxSu`i`q`+d6t2 zV~L80ly>ex2E`rDb9IJSzdGqN-<7UHl8b!$`Y}32v&-hfTlB`|A&Eefm*AU4QZFA>mJ(e53Xao@( zmq~T6aK29cK>zbY<+4xR(|jkZNWXG3&gxX8+%xR<3@E&nX|to@qLp@uwvOQh zowomk-L^CzM8&j`wGdCbFv_%dK$A|^Ezq(}Bi~MG{rcBbaC=h<&tWN7ajmIO-LGzr z{YP}fM1WPyVTVv_H}R=~z3`FolhHqjR)@Pr5m7Z`k<)v(@cM6Im$wTm7GE0 zftAhZ{MyR4mx3t+R<_gGgjpQGEpjHp0@FP)+56T+l^2c~#?}MtWq7TZr$SJE$PrJy z|7cv=Qj=}LEhc5FiEd7*s$L~nG6Y+2i^p^Tw-_}#eMX;5n7-dT8|p~dLVQpfY=KvA z0PyM>KgZ1=ZTlq-upxL!=Pjj>d)D zCCQPB$$BL@a%&rP!V$jkeTjv)87;DqBHz~WdSgiHweQ;*Q@`fYEV7X4rxLP77UD^* zGyT(=>Fn05cqKW~1IbaS_|hT3fmK5sSff6sQ42V*>`ov#3SN{PNz`kQk~5{6Yq*QV zc8;1Os6eGomLJM7Efb~)AmHNqtr`RbTx7EWa8Z3Mvl0LoL+K79@$`W_0{||@0N|nn zi&eW>pk&ZuD;0K&z{PL?Tud#S4FbT$itqqU^mFYUxfh={2!56UaFGUpi)a8`#C(zq z@YU2P;zuVB43fRhl>}%2zB(j&m;&(CHTcQtV>v5_IaOP2EvD~Mi|IQ?{jnyU3ryc8 zVESHB`O5UI1m%dHkqF2Zf=;i!F6r|O{wBkB#hm701IQ0CXEwb+dejkg)P@2!eRZaz zZwOpB->)z&i$Ts2$w)1(c3Bf!E%I2YAD)aPaqZI|HA?QW+44;|*8m)xkQ|phJ#)ei z-9Ng2%lv&TPu|lakxz{6&Gm)J|K6p4Uc|}6WksBun&@x0O2?)q$IZ-6T}i807Bg2{ zOTgi0##t@V3vAP_!!bRnq&)RoNMZNGDlKe2d5(l6?4j9s)z@?f_DRXBdHZt>zMZQU zf*c#0a?zorJ+v`>JJ@719cgfrNb4(z6F`<{?IU2Qq&L&g}O6Di2xjiK)7d(1jkw2@cy)fG> zR?I%P1@CFAMOst|NsHXPqAapC<`|Hz)ig51fJco(hV8%zw_%vLCnFD?qFg7pm1Gm! ziWsb>ys(J7AqoqRT0eFbUfhhXR4nqSqi6F)wN_(wN#(!~xn8jv<|TOre#N+j13x5A zDq>AZC0$G4*Iy+N_%&*Dm(C3Wzj`i#U&{eTzcgYzP7h)9Lr`TV*TQ3Eze7I=Po9pO zQvZVab!(k|>`v8ir&~CHew5L1kH;bChuc*=2&jyTQoQ)H1)jXWLTx%B8VIlg{W%A zw;L)Z6S4>i(?1+qB)?+P)Jx>om^A7u@@w&>0AyY}Ait88mjsJ~Nc+eLL#t#gXFG@} zrE{k(g2-R|>-82vq+oPV3Ivg1#a|*MOXSzeK!VtjiZx<(p@QrTPRUd9oLQVZc=Y# zX=~(D#q9Lob4`B|))f^~a16|V{w7rJVUAo}_y4~Ei=O3!0MC=!rlvmC1 z1nl`Ni24EUx`d&XJ9~A@tAb-sHF=b6{kPIpw<4kN`6rW?kY(Q`rW~mK0Y2;SL51Rm zQCgLBHAm#(5qBWmWd+sI$$dhJym&iKSbem6m0~lZvV)3<6JG!(Jv6EsKG@?cV6%sF zOlQ^qS{5@>7UTmt*vgzQhNE-bQtn(o)IHkwgB+icZIsLT0ghkHe(jT|(lq6C&7UKs zVo7r&;aR>hX}c%snde=4?U5hJr=KOC;Gb8W{3mx~yY>o+3lcD2$jqkBB&Ukl76-N#v#l1@78SJzk|!u(J4*GXp)gQequWAo=U`!^W#cX zD(&Cxee;O9U%O;CGJn95W8-EnF~jT-$%HtDInJJ5PmY~QCS`WVG91X?-&aUn!n2+J z75`7{c=Fc@)0kEL8A%?YCU3~**)E^GPy;mY6NbJvQRTDsv}POh*|yB7hvyaN83)cm4>GcpzXs4@gUthZ5A%4B`ZBqxGU%g?GymB{WAgbj z6wrV40{zG9b+qT3b@Y#K*3thDtfLRdbj-P##BqoAUC$AA^0&NWH*)(*gA=nkzwX7eVpT%y;|bZ$(}HA^UgvRUs&hteU^FNtX@r^aAuQJM3qp!f;p>jP znBe0ZSw&tMuCcC8UCH~@aLkKnm7I>QC*zWh@piGcR)R*Sw_O%eKHnGn)=0C*+|-P= zAsXJ+&6|uev?fn>wxFy|$Egwxa$xywmbGLsLp424Uou{uS zZ*a(>-zpM1Wcr3!8->@5fwbEu((u~Y|HaP+*Zn3E6W3J^R?VoYGx`b z;H#HQw>2fR@{mGhsYxDC5e31TD_1J4xw1S_QJF_F�i8l6k-bLLLAS6$J%3iHhil zw%0!2_viBc{_y?n^FH(sc=4C#gZuqLvGFj+iWD$F}=Q4$UV~`^HQ-m5j1Nr|}q24`b@7y(W z$^UG3?d@~6CE=x_Vc3tW@f}{GJ)}~_kvl)yP=w^R=Nod;lwGc^D(sq29`F7#;V6U? zn-brfoY%2bTfy8J{Zydru=-f&NCwf#0iN|MPuoOoRhUI1{MNKBE^EtHu+h71*Rl)a z-(+nL9~-J6YLYT$@<<4CtMS^o<@SHbNJBYHiAR)`qLDLB7PgUJ<~?? zjnxH76=5-vy$I_Z!aTJit)-U50y*w6_oPviiN8HiRzn{!hdI9q0vF3IpT96znD*S- z06;Z3sN8`3ysq=#U-a*H(*8fblQR+F-6EKfx^dp((-i^pLEQ$ZXrIPZBu=CU_<9sq zOS@OGh9ivb)xt(W0LG{e!4oa4NQS3D7o68`n;G?0S_|r~_~_4q=OlAOhG)$pQPeu7 zq0*5#;ixtA3t=4#T4*J0)ZhH!QsM3KM$N3|%9wqsN+?9KmO;Z+PGHstT2Tw2!5C(D zDfL5%a7f|sm`rdsY1p)gwu?z9tRF~B;MdFX8eWh6$GT=M(aM3Iv7Tj!T=AR(W4@Ik zViSz&(nQQJ+KgD8X(GJgAJEkr0+NoifDR5=w*f{_hgXy?>Ta_8<&tOFlF< zN(N{M-S|8?thtR-W&n}I8bBlq3iCgz--1XAjxM~#x)l}U3|Ke)TddnmupYjIRZFmc zmQcoLC!Goa;|m#sClToImJT#<02IkXu*9&r~2UHn*-@E&iScR zC#|#(VF3{&$EKd2YWt}4Q#q*%!`8SHIW18vMWJt6qij^|RE7qyQ{*8A63PC)z2S+K ze{@po+AgZxrTE4pcr zo@mhjfd9rxX=$n7dNCT1hpGmBmtMXlB;lyR5e7n%nFsFQgd~aE&a7uH-2L0Lao>f_ zh9Xh8sfAtgnFptsw5WwYQ6%iL+R=oOAlb#~ISb9~?2cmRzrb$m<9~zQ*4_RFyZIZy zZik8uU^hKyXW?Hc5;t~_ET1}T6J${C0Jyn7Q6xW*QWyS2krWJdHIdYdv=ce0mH!62 zMUjDveHRNsPJSuUw>6Z7vGQ;WdqWLnz5(o3@E6z(y}(~g$nIRVbB$@Z;tM%`_|*!(%8p4ndh;WGs2u1VfdH#gn#5DnM2{7WD3*&p&fJRAwQ(WEQ8+3 zRs3^rM#oIs^Lx~~&EXcGi+fqc0yVWL59>YBls9(|0kC_Oz(Mm(`g=Dgodqy=eh2!#K6J|YtAN&V z*4_kksh@A~buhgW*8tdRf$mjKy$&jS;H<7RONsw$StjYieG;qZtbecOI37-wcNzw; zv&~X|YAm>84#vD%Cy%!J!7y2Ri|+SsxbSnx+t)|>6?(2I%Rbhy3F?%DSQ&;R*aXc} zSF_+Gn|(_83qR2rs33`+UF#aPaxZOFJ&-)OtN7JFxcAcBm%nD`+Ao7nu7_I6Wd)wd z!rD4q?%tMUsJS7Kz6681r7m6ow=9I7%6vv@0>)7W7wGfEwIOsFIYB2^HE)h(ZsahNeW#XbW>!I~ zDv|ZEjp6C0oL}M3iIXEUjGzZ*BGjR+T;F;%2z&V!HgMyw2R3WeSOkj_s>3 zL&j@<_^B_In2tD#yms#==$eU;l9C*EazNY{b%koIdPbTL~ao0)FjnKeyAP;@(Gf=&b2+>GW`B zdzs6|L6f0WHY#_-qE|&R))AGXc@lJn=BaEj` zc2y@Uy&;u9x1U)9J35ZvewnC7#-+wM#ldnKE%)`Gq))7EUJ5##n>;jR>hf8)c|KSD05@7Cz@oqalC} z)ShgcE5DI}fa2_)AwlO(L7mNutFf@3^T9@MfW#u(A&g>vF|w?fB~l!|<-IvUFy5RZ z_9}9T=gW;vJ==wDf9%XR($2KeHt~N=8HVeOqjqyY+a`yH<0`LtTQ)%c1bZ4Ht;>z3 zEhRT@pC+cxL-^f6Du@`Oo&%Mwj0mTt@~q-IJqI+kq}!|;8&LG3V#!%>zBQtv!5}ma zuM+fu@}y=b*YPA*le(5%Et~u=+gn(-Cdc6 z*!&O-5j(hYg3T-cGU$$)xI8hJ-fmBj4uEDm&n;PlN~ZVYnua#j4`?IDn_$os{Bj#; zs`JSF5=}BS79x&5Je<4w|7__v`RXn2kSv>B(3_qyDn`&g%*HAmb7f<9no}N}sC`w| zK4fDEuBAbhjJ-yDdX;{Rl~&xFwm}kH33JmQ&yDSOkFAql7tM6)6ovhsFGl%e>V6~{ zdZX(e3pMA*ox24sH0jZgc{@+MY@3?*tDlT1W9=Pw)c$73NgmK?mr7#(k1=%K{-b%W{gX& zX18BXjRsro!lF~-&5TNkFmDmPho``u=MPz_xwqK^-bHv=X4fXU)w4|>MUBY82&O+gQ=*?p23(k%ei{c+yJvT4pWeN86ZV>)*atsoAla0QSWg?v4gTs8^Wg-m!Xxg8N~H z$I;g$PgPOGInUl~zJJBOY{dH_R2bK!eSwTX=Q*6fYW6bGo}Hnn~Y(-vJRR1GF#W}NvWTKej|{vnsF zVBH@|a?@5kF?bxHAW9&rI8?@O#WStgNpm+2L2G#9oHeNxsM4 zjl$NnYJ*|?(~^1O+Dx-bU_2>PIx{ZxrObrjS?A{FfZv7}7V&6?bR7WnHq|oqoU!!O z8WWN+l4F6?{u!?$CS7YY-w#Vs{*~x8pD^yrAFg;;()F&S%Ya$`FI&=eKrMe$Nc=^3 zKJIhzLehuP;BOX|GfMU=HQXnl=Dn~$9HgkZ4st0P_wksaWTr6L%zVXYv(@+x0f$1+ z&*(C`>pkAAtu(+)%pst-VHbrA0@Lrp5^>5|^9-h_E9OFx za%oxUEkc%C;qj><5|zTSTj)k`Ub%G967jhx0;~IwEhUSGTy7Nhf-35;`%_9h#5d5= zo5Jfx4G$tH({6R2s|Z#ZK1|(8RI{PEd6m*0VZXt>wLwN5*N9M|9YBQNi#6HMY^XKu^=XSvu#Qg zRe57gochY&Q*r6T!Iv-amjKM1!J@R*t9->TWzzJ9U&HSUzd%`(;xthfCm3Mp^z*)> z{9d=!`6mO+EC7?4Lr|q>w!3&(z;2r};CTx*&hrX8E5Dn28SMxL%|iP}do%MMuXg&c zeRgi{&wW;2VDGu!tcB}|PFC%@3l?!>>n-btLbRkez-4*yLaS~J*6BY^P%XBp(%h9) zDb&>1V%dD}2{h z_&=zv@PInMFk_U+7Xg}zzbUWmw7O?Fa-y#+FDfsPNN@Ug6Xg*_AnDs4KLp?XS&KEu)`7oQ_1p9-(Uno~a~Yyf#=S+PSy3kVZM)XEzp|a0ZSxg`2iAw8RiAgI=3X9O+AW+` z_gQrO`jUn=WKK7a_g4?ZaC@$vaDy9`Xu)1XZ*1o=M|5UPApv+ zvs$zA*kd#fg`{rC4NZb++5sVXL!xT;_COh2VedJd{uE=kAwJ_~(hw~i8{O7j?-E$i z;ngV>CP$4Lv6$X&a?3dLh*8jcOOoN`*k4v}Jzd_*JJ8qyUVWyYT}f}RH-N+zYl}@i zY7D{TL7Z+T%6)2Sa(Z}Ko`*t6AQd=9FPiV=k1rAY2NM{s_v+Ou_Zp2CWo?cbW5glY z9qV^{cqU6En<+z85RAN5rf8aW0kFtxoy(yr;d1PU^dlnUq_ozGm2(sPPu7)+jGz$T zg5W;jL5j$&d`P@K<#}>=+zj<#a#$?cWC>3;;h(eJ~^H}-?F}$|K5|$Rw}2WpW-zmic83uTuKolwv%~- zzSqhI+r_*Y6I?`J>S_hO?DQWAQTaV28)x+UN8>M^3ir=F&HH{7~5T@%jiby=5z5OFQp3LdI?I9cFAIC!&J1m!HO}QqAm~EXKA^h#kACasn=kZ z4AfMXEc@x{!rGSlxd&V*{?i;svS^S}Ib@A@v%IUTCtYs6k=`{ziRs{-COei!$iC3e zmjo`!7yNnuM?!fd_Pta>^=WL}-{pmfcjbjUmH)TO3zs&kwc*EpFCRg}Po6r>c@rVo z`{kPtzWCkilPlXlL47fBc#n@M_C20rM7?M5nq8u`f8?_4C>OkG+my6S%Y3AVM`%6D=So%E|wpIb<} zDxN3;X6B^E)$r0UTA97LSN2Bw`r?foOo-UMFBNNg&K<;k-97)Z|NI>h5#4}{=ox+F zeZXYJr^x0R8*12om~!H9AxG1f{h zv(!J6$(Hf$#yn$X82(;8ih)gS(#L4@1qm zq}9_(%8y4XbZE%U8s{pa_pS9b&DVn-)TVm9$0^(ib1n2+8t{wq?C8j>j|8=pm_f{G z`;j3Q43nnqHf@T4!R6~32EG}$yc~(aKFrR}j}Dl~M{TKTTNv)fem9q+O)#prhCEca z4X90Gx+A>w%Vaih49=l|?bCpE9>?ZsvtbX*%pV(y;*^U$C6*(;~zU&jtr zZ!h)By(GzN$X0|I&ORd<+pSWy3 zZYTIKWRKm!l^)gmA8JjJodJbF_~+#5zyR;upw~Be?Ky~{3&xB6_pL09hg-b1r}ZX4 zBhf8!{iwC-~&09W|qJ?DE^w0 z@{crI^10IP2D?z%o&;|$9hTB}cX&2bMJM{Y)C$Y`%!0I+iPAv^XS0=E^$Dxyq4)DO z54VsK=9VYRg_0u~1f?f_GK^0#YdoJg0JClY&aix@0br{P*IS#)^j4G_WsZ`zrCjqxi4gpL=rin64ZpGs{>BNvqAnuV8YXZ95~3S;}FXcn5Dm!5=xG`fpHSwx0c_rU~(oy z7>UoH5F{^^&-Y^P<1C6&gDWA8J=Zg~HU@m6LjTfqO0rtsLr=Jr&e$)F|?A1?E+=wrpV!+JdO%aI*$P*&vMZe_m>?s&? zGiJMw=1PP|!OITm{3n0{bi-Ehv;`Bg+h%1VvdO3$diWQ|fGY0o?oVyx4Skq`6}8=q zq`1o4xg$3obR1w>O5?bFcWZwj1zITclgVwP{e5Wh0j$v7cisX)mOx2CYzyzO)0-nK zBfny_&-nlX&>Z6o3xN0faVxXQ6}OTmgy}*mSLf zulXbtelYr%_B&R>Zq^aP@0x0SSKtisCzaH3su}9xOGr_CJ;-?K-k=XVReR*LInB;| z$1*%Ql&Kn>cv#Kw&%Z4BITc~wp`FyMI~P5IIwsoGidpbs!GftA)&g@F=EN&relt|K zP0ryB%6RV0Z42re=Y|&WnQ(h0H0+fzuhImnsx2CFyGO<+7q7F$qfSn0hgDzm@tDxd zak%HvarrIZA%1`e%H(bzv}9`Q#}`IFS)KLM8({Bo=H`O}^eavpW&iP}R~jqUcx6+Y z9m%d`!@Ehx+@Qh9hWF>oS(4qwe`$}jW^T_&eX6zs#?9VBlwB1T!i?p4p#_F!NWaid z*LI4DSE%bANa;CC&afMu^{ zZczpi(P;JE#|3X7;1wqy&U*mk)wY4-JmkwoE?As?n!C-&QtUQU)ldzVR(7xLwLuGo z1M%?luN`J?wJ(6!%|`T9h!;!mvshVN<`7|=Ks;aQt>h~AKA~kv2d9Y+n8XF$AL6W_ zY`&9RI-BTkPM4J5LbGNX?DR;;qVUjuO`E&zvmpE6MNlr$zR#=@m^f?W!M1_UKuT}z z_wokrl(}lueX2lke98eQ;T4wBx4jW~Y=44UFJpyZD1oMeaW5VuH(5Z4)bviB8J~&ImY!TnGjgX6)|?6PMcM z_Xf7lUbQAYI93$GNjHt%?LK2sV_D2m(1N+geBe?#abFPz_kevq%814kb`?*L=5$|9 zj{NNysfeAl-FJ2BYu3Heu31g;>75x)H`5;!x}veIbC3DGJ57rwrv`^mFPRhHkUQc4 zDdAOj?(IvM$Sej*UORv+WouIda-?5xO59+(U*USe(NK$L>a)te06XdO<`JuoTLUm? zsp#u0EHfd*GR{jo93}yMyS>6U9j-|P$1(d)0+N^7e+X&rGf}h#Wgz3=eW>v;)b9Xd z9q!q@rza?37cR8%07^-erZVrrJk5(lT;E8G*@6F**Mf?3E4%2)r|@de|Cc5k`y zLI|esp($PTvQMEYk*V$;?L{39cZ%a&J*{*v;H%?KMeyPb{a;f6&4VwBs5vy9lkfQ+ zA0O&ag5MeEn#f(F6DP)gvQrH{O&&>pei=R#c9c9^$SGoX=0wz9T1bgLJtX=U;?#Pn zG8bKZ>!#HAm<^TjHG;Iuwo=x782CjnX-5U~_oCr_plI$Mm823zJGCPpSxO5bWi}q0 z&pn@6zyDe2Rc-PXbxt68bFTT1wYRc-ifO8`5#`P<3QW!x`I6KPL(>DrN|JqiGY}I@ zf}a7V1d|{Y?hh@7XBsHjsghY(8VF8=+Jxl%d zAj1Al#i}wT6*?6$ifi63IQb3!1MX;I#(@#!0+6=+2LAEbIl~xtW&eG_USDZU*y!b? z6BtvrPCd!}waTp}LeF$bs8Vw(JuoCG>b@44aE8|rJ@5(U{LgSs*pCP>m-kI~YUk4| za_-wV>Z^6yZncU;O!BDkiRtca*;`+NT#y?^uB7M{s&OjW!?nV_aahBq{(yXviJAoq zt`GG##0U&lYmeac0-kCKSvk~VujUgL?*jpF!q|j!Wp}I?B#UtehOUZ6UfILdOGZ0QAWEdu!Ddy7Ftj=|C)X8H+P!@C zs<&kp%`ilqYWR*^1$A`})7)@L?j(cwm#qE0*hgx<@2+-(^qn;q4D!`fSI z)`H}72j-qQrw#{MON)9@p{rc%MEk|ll5|Y)*=l&r1j^15QQ#B;neB%Wp2AXla3`$; zvWVb);|Y?vLUC2{lrk{t#U}D};q?T_ozpY3qJc0-sEHS=2WOv9QsV7a9TzkX&dvY1q-Y6U_yp2Ik~HtSq9n zXGb!w$IX1ZM2ioaoU-Ju5FN?~vE-Ur<8OpydOJ`RHm=?B&ZU)!3vown z5{sR`#G6~_GiuUdJc583Sn*N|uMoTa&B7U)=a2Zxg0-WNn`)0y%J&|XtQ&GB<@?y> zpD#y`?OL7*xw?w`9Q20k$YPLb2>;gaY8d4*9-|suq+XOC?dYfYN&8Ut zMdW!nSM^;ko>rNe#JST^VG#xCo}oRQHHq=4bZ@ZDKNb-DDOPJ7qrq{5q7A1G7se*; zm}<*4FFoIy9N7;bUYEeFuQO&`t!ij+&@71SK_;xzX?Jysq-6%KO0><|Yx<=r?| zNin8~IeDu)tmGr3)H@inK22coJqpR2q)9Z)i;nV^p2tssbIHCwgz%E~;QqOI`MGeh z(@r~;zl$p|!rqK8vXEcHeJD?!O-GBb+X3y6$7NjNo0OpZb3Lt@-t%zu;ga^-xmQV- zErgS&G!5O};(X?O`VmXPrH>Paf(rp#S**upZ7@=}ShzYr)iwtXIR|tPK#yGRH1h&j zq-+mWPCW-UCs)655Z_+_)e^bGG;C2rRs0bbV|0>RgX3=l{=T<>n;c9 za1ApQW3|TlIo=PYFJWfVp;RVm_{p8s(b~h&)!n~Kp~ricYGW0;hWERVef6OGy;E@J zYpGI>xVj@6Q50Y3ynznAI-L-{66beV*4H2y$DYg|C1SJ^#S@a8KL!C~L(iNgefFdq@6U_Y@zq1wN|^{QBet%!&NIJ60EekjM|{zt;&ub3*ddWWzIL zQ5Xc+IN$Gm?p5mp?uOsmUyT7x^lG&tKN}RzcjNkW#rui14>O|GIl4N zI-!>*8r4fY%8X+Wk?ChJ@Bn5@O7_kGLJks@L(lJ<zS*C(})9&&P(?8<8^HdlNW{A2ke`YDTtL; ztM5rIwq&b+)GV@j+f?Y4?dMm6TpCkZhP|sr@i2ZsKZ&kF98WvvX6J-WzM6U`EY#9C z{2QAj0F2<1>b^Z{VoLp0odpABS zWh&0y#7TaYN+1m+r0r~$&PDYEwHHtV#kbaKQ?HlUiD-$9VLg_iI_R`(*l7x;SLf!& zV_&DbAusT%T`P}m1OrkVdVa(&`fj_-$=nU@do0SVzFuZzx!MKL+#scpqNZ*R++zNM z^M$miz`IEyz+*n3iR$K|xJu^WYYRLWTVCAVHhV8ce$mcJ^F1>mO6hpalJm1~E)L-6 zPQ4d*k4)=AfpG(iKykADxMwoc)2iIvB~cLECKK#JjS1Mp?f`Ct4Zv3{{8;s-v9vqfk#i6` z@hWWgcbibR4|hJd%J(E-TaX4UO(xAlK6d800aCmrgkv{HIQ);y*IF2JUE67c-&;}MvrBfDw2Xy_P z^o4Z51MH3!G>hB>sF|Ur569XXPs77)uJ5k4z?8R#x`%Q0LC&LI#ZKb4B0b%?h1Ijy zY=5Bo`gM3LdW(8c@idU<>V@faEn)uArGhlA z&2^2)PC<5?(COohgfo~A2g3NBURTF%le~|>$AvQ$r=Q)b+aEWyKdx#7okAgIKO1dG zI-MpPC$!+=#7i{FX5 zM*Qu#Gj!JXK8SSbK#r3famJ>(?LX>2;w_)Z>^WIfH%Rk8q1{!LM7!!gb~a_$FrIXo zO*}Z_0WvGaW$#(f6Q}k|u)_PI5GHsx=1v3;ea}Pm$PNq+?mPCAYbQ9q!7?LH+Zw=N z&NebW;%gF}X3Ed?`IW1_Uk`@1pUg#t(#9QTh?RJ@fGFD$Qo4uXlJ7!;ny?_)K@l$}A-gczN z`z#iN_?JN3uuB(-P#}aeG<{ax)2uy|n}>ZQa&=m{_t*q^q`12!<6a^6r-mLFZwge@ z5}8a&Xf~C7(JXoZ;1rtEk{im8G$P#3i!VlBci3zXtilZsJTeJ@Z-qWb{gN3lEV45o zXMxp#t?1O^Z+d)?Xy_iWM{ea-4@h2NhO|1zs8|(uEoDAr_+s^57pZSI?;V}G*r zzV=}FQh!+y(MYx@PqK+c0Nu#sj(h};orGBBB z$5}x8*Vf*(SA9r3@dPENTl8J7ccvZbGkv)dVM{W%#Q2uF@19pj4q(e?J19q)g}HXl z&mAtS5F@)L3Ln|mX&$%GUCuafXIn7^M*I9pwSxA)DjROj%9?BRC#!YHe;=MMig z-vWe!Mj_bLlO$|Y6Zqp}<`XBm)>Z1HGjx*fb>I1&{L0pb_fu(e(U@ZXFIo*BOsmD6 zOe4x?v!8A-mY=6JMUL%yQ`uU-{_(8bEczuO$egN8BiVY)2CyoU!yE~CXSVnSZ&aO7 zFB?y4`k>|uT}4Hr+VvsB6fFitCzi!UhIn?0FRc}hwr?!2SMUHqgc=@V-veX zt0WU*O+tKiZ0|0R2RCh;BB)|XV`4V+GNIn1#5lILs{+_aXad$kou|3x;@7wgtM_j5 z0CpCP&))4$?{=sEInF&Ia?X6{c~x!idHjxG#EWL|iVx(pI-sf8exuU4S|6pIANF9A z1?;VL#hPh(nS{;z;}KesJTPrOmf2+cLvpo1vMUfi;5M7NYELeZ6+x)(^5IVBmY=$% zNebuRb_O7>NUJWhqSEsj*BVs$d^?&W5vW~S9^mn8Jem>a{3zAKE1$OfrmHAYIj=S0 zx72*&se5BU?ND&FbIS8MkNFIPdw$lS6Z7`pXVm+`n1XY(p;>8WQ=@G}$X#cB5SMjXIYS)9LEqLiqEDKSLkWqvM%-9CZZr|o(lJLJ!Hi6tPV?hh zF2d!$h$8mP5-lAG+3T0*KeWn;bD|p;o5%6!Qf1RUMs^;@GKuGZ-N?SYCT z@x;cM&aQ3?y5tbQaq(%oUx0}hDJn1nT}zZZwoaEc1@NdDtj~9Q*VXm4T`}mvIMI33 zK;v;oxhW5EcP|3{_f{49ZmW8?RsE;ksxVc3+lo_HJQjRUoD@V!Hq@YkAudbmM+B`0T(mbe0&QAnT6@EX^r`;&npksmwpio6t}2~#pp1?`@y-Pr?v))bQSq*f{$Bd} z{?=R$RdVby{#J#%-~b}h9)oP66;0d5E0Tu7#^LmS%W?H8rz}~qF3emOO4kEx8)uhg zg@(W6VX&ArVuc75;nL!xFT|op?-&-O)qsD>-CK%lsus>ghol5z!fDhd?n&YIYnkD)NgiQKx?U1Hw)p?^Jurq*;tUw+!O ze2_M?WhhumL28fi?$4p3W6Fwuq*twb{_ge|!<%^G<0y_OZW7z8o7z^U1&W2s_*scr z<;YkZZC$z)nrrAWbVJtiFLt5ziN&?1pce$+3pZbop*za0iol%)Chs0saLTHMG)fJ6@A>%F;Qx#%M8;roY|95_(J0fl@1=exi#5eS$5k58 zwX~rbID*E)%}1gV##A{Bs(ZCQnpd(A8%_p|x-ds1fCGD^{ z29KonMq8z&#%j|6#N4K)-qpI*q%AQ9G3M*RrrMPgm}uO|{IQy@g&5vzFYR_V4pqJI z@#TOCT>KV^{BgIygT|oTVQt1A`lE%)y6)*Hm>iTQltSrAR^#|k(kUonvOcouUju@! zw|4fw7Lp(_a7@DRzWQ#T69M}||3M@0oRVZ?aRso{w{y!q)!1U~>6X*0fUPw0n-wqvcWLVIZXj{k7@#j7zROe|@9vjz?Wd?1jxhZXpDlzmt$6%<=jXXL!ZDj39 zTH2iNNTw}AohW}G%eYXn^?I%wYSjTt_yu5{K;0j%f2YU1(_{X-=`lZ&={{$&sDv)3 z2eKV;OGl&6>U5*8PUmys>-gvkx(uv(HdfLXjbQJq7k^b@AJ``$(f>JMeZZ+(Y^+&W z?q$4BmDb{x))KWHrf3X(2zxY_t6bpd>&(YbWM?OM=)2N+u(Z{PlMAR)=C=&~aL(;q93QUz%%Ge$ z#l#JX#S5#JForc4M>hmWWXMJ5R6U>K6RnlC2)w81z4O_sXvX`R*oKSTOVN`at1UcH zMp_6aK}W%Q=xYdMXh}|)3s;$m*5>~Pz4)AddULyUbVspiUHGE#&v9XA5qMt~E$Xbg zHUC^}w{~yI95N1qeLkZ{N`G+y86wBsF7KOO-}Vz!)%@NIeMg?+RB?vss|Z)l@W918 z@#nRRQ{2Nro56=?jl4b4)E(^zRRJJ4)ZQYoKzf%s*{3XTvQtGAu&-r!ccx0hPOnvi9+1yAY=o!{{eaJIC=T5_NiCp9?O)U8pP}& zcUG9<)pQm6m(9>_cVjX3Kt<00lfuN(EV7F3Y2h;`{7H%6;(Z>~>~prWiH+KW)vCOY za#u?7Etu7&#&Q%<`vUR{2CQzQC3uA zONkExz?*~S?p;#Q6sAR#`jM%xPgRd9 z%P1`Eg25RGo(%1Eoqg5x6|<@q#I-LhFCn{CHDB(uoCRjsknbR2cGbcMN9-Wj6Jrjb zxf}{OqI4gHD+=jDc&zL|3j#@u0*UYxqS9Wr&VBRD*-=c;`X z_UV4+L}G&~$D2Vt>LhOa0pN{ZP1ub_wGO6txg#3OMSu%wpLu(EtUM)B4oWOpD0J&y zUI3{?^z>kjn=y8HNYQHP=?|G00ob4vZtgD)Io!&&6jvsS)bWEsjg+-L2N(-`PR*mI zpTF#KuT)t^KwC1OSr#CtFD9Ljbm&Gg-NtJj!=neScW12a<3~Jmu1VmzX2O?=JKdSw zVj3%Kw-a;V?r>|6QE-<$4m;F-su11&1+)DYm44AW-?=K={>b9!-K3?}i#&7%&=I>D zv|=-DaC1(REbu|3-4)&>`g-}Aspgg63YI+^1c|C~uD8t}k@!(G&lsx|vCXBOH)f=) zaKZKct>Mpyupi6~MHFkqm$jv`i6`>5I{^w?#Or*+M`{uM2p6{zsTF2mFjn})H0^{T zVygYUDo8mNx2xWXu(R@?yw9FN=lU>AbcQpp#0PV^DWGXwCh-MfKaLObvorbFdF-u? zT(^I*m;U}L%t*!&w3ElF#xZE?@%%Ts(TSwQV+@;ug(7z7_?`S4y#$YbqlN9F5BS$N zbM(&U)_ZQ^0mF+V&0cXd1qXRHpdMGBL38#ih zS@ua+$S2F$vZp_{P2B97%K;S?rZ2NT_**rfR@1RQJc z4MNI+xrH<6h>Gc36y`M2acr96WpCtgUL|<3|9)>YOL9zVUsNy;Z^5>JKSpinYzcPS^I|F2bc z2%V*ehg@6u$Dbiy`QWbpt@X4`)3S`(HXnZ4w$w3Is=fKRq*^`8S$V!={Rch$nL$h( zD@(hAQT!~yJT(FklbE%ciukZGANc%ck@K=HZi_m$MQo@rs^%$p9tJ09QNZr(Ld+9o zYtIN&!m~AVnNsjuF2iD)Ay&`i54SGTp1hm`gvKr}9@5gzb3T9pcY1|78A1!a&+4aj zS!}ga0}v9VTCYXFFfWKsADcG6x~+Z7K5`2DJ>mNK-sRH&9d14JF5LPq-1?s`+?tE< zs%rGXTz#66&6zPADXKVN7c(F_FBV~F8US;A*aU2YDHx5IFH&y2`BwVfHW#$Oj zp>OEr9;PJA3isL;H+>DzX;nJPK25TQ=xSsWOOIqTr@6&I2ika{56LX_d`jgH*Yfej zl~?G;hqKM;%gPJdN3!uHmv~ajytCcuAS*0d7>qb~W+x&63V9H!C zH-Hife}Zpn!Duce*C#!PlxA-NNGqeYNXJJ&@7FWVsQ*3d8y)~ACQ4NA+%QbN=&~YR zY>AF5TY-^_4q#GmLq@Jqne(8*{JZyV+>w-RyACkea_ZUje`P;12pGP~`Upbgo z^)3VYE(7|1Ed#3iSM11x_Pe=GtCzmg1m59NrB!*8l3NCaY2#^{jzbCV^SiC~nCyP^ zMZ!XTNeb)BIMhFx$d~jO>I!(cOBk}e|6+7R&RpP`k;z+>h}+~A=tyA!p%Is)#5CDZ z360<=^<1~oCN0#U1-LB`r2{9hQ<0GO<6VF*ZiN+o`FL^V6+&XorJqRFdQCAkiG?T_ zE*z|E9;n3k$&u;#TanS;nxk@7+IpOJz*{RB_|bdJl+Gm_rRN*39v6Ah z(UG_i`E8vcr?hU6tg6jV?hQFQ)jr`(`xji6H5avtGFttC`P%mFFV4fJ_*4g z?_8=1QJw$Mlk}D0o>=X@GSB67BPzJz<@(Vzs4m7WBHCEKV<-)m5aMoXHCr{`eH2fc z%x5QUv7@$1SLc)cJn|6it@R$IO^y1X6_2Mru~wnrI`#6;DT-Lmbh?+vRLt7J$EG&O zDZZeitGfU=e6jo^Ao`%>b=$0;vGiFbM}gnk07h#|k?ZCAEY6$}pXxJY$(7ly*M#rq zu$q(aG7hrcV1Ijx%y*vRe_l^<>mn-l?=FDC73t&a-B(nj%Zow0 z8@j#|{LLf6G^FSU^jw&gh01*Wgg!>2D+Wy!5@V<8+t{!w<>q&d` z`||yMKJWMI6$%%&IjKa;)wG-HN2>f;zli+jd?F1_Dk7#{>}+!&5*;W{)nb)iq)ap) zI-fR1d8&_dLWYg^~f? z8lvwreVB?tg^b+Wh629t8Q}Z=dfX&f)<05fuZU|lWchEKGm1NI$jXM|)xQl6B73B} zC*h%_kCOm$|KvQ_~Rr!6HvK`P2sCeJ)) zjDOn5p7kU0q60_8Vo?_*MSZRTS}Z%w-W@fI&6QW~4CqhTOqwjZ-DxWUe)8?R&&_>% zyDqn61N5i1hvuRK#$IQ-ei8$aMUgY%BF zd7agFvRKj9eSd}@0r8)n0v--dRN$CU?FSAGQKS=Gl?MqsiQOH2GK^{BP(7F-!vDqz zV|+1PPJR#v%ne>ndBH4BpO1(hoE zBIryzGM8pI&sLXUf9!rPN2|`UKXo<4rqQ@Una;M_LdVb1hO4|}bOF(v>ld3^+T#*g zXo(m{W&q>+DiBjVUb|!l-zG6_hB}Biv!V0U(`vG1^=N6HaTg`km`>S-O~a&_o7E`K zIRbq0V*?G}9Hm^s8};vN0?OyJr!SjgXBj6KyIb~U-g=AWExP;1^47=l*8g4Qt#o|w zc$*WD7)(@GU#E>>5j>SNe* zv!Ss&_*k?3#Mf!`l0uu3b>Zf_YqzJDeCE14mgi15-aQ8w9fi?1j=<*k0p~;-;YKlV zvltAHq`~HK!WLAh zsGZr{24oJjp|JGhL(Kv7ZX>r_Hfi@`y2l;khty-jFvj)#q@QXw<@*uR1=DoGLqR7y z(JfjzVlcC=!<3ljmjk>UFc6T92i6!8JO5bt?g5oJ|*#C zbiG%FDRiP!fX-7P=ZQlc8LR-V1{Z_y0ckiPVyY|$%8Hc_kZuNxD1K;oBKHz`hucp% zj~Vxhs8bM}F7VI~XU;RaLo2iQ#vywz^Cg|me326XI6e;Py z6fgxsP2D%y=M?JZ>^;72l{`YF#JfEP~6WPKxxC%_zH-RY*#hMSVR86cxcr?$>mdzOpjVJ6;N^Xy@ zyQ)Z~qvRGo=^z8o{86tK;xw$;y}G5R>YeWz=1w=mDgSuJ=y+O$Y%?To`mtq5S6VzF zN-)|?;XtBh+#>QT)Rn?6X&RwU&^gF~fpncc_xO_tQKFtK57N;%VBp76E*}|QX-cRT zG?hi$T?Bs4yMbp)bm^IqVVt534|FZbj-3Z;jblQPvRq?`yJdA2Jg%-Hhq9lmGJD|E z&ZsXXqQ%x7R6?_0pgn8O$cSG-n&7JFDBE~#>{x*R&3=uDzO0f8#EOt%=rmnK4N;tC zS~-^d!gq~0DX#Ej=P7oOyn9p_1*|2Hp*fuLMEDKv=S5SNM!E27ns@9uGNX|FN z03I21JlcU+6#*d(1Cxl#SW z(`*~wtjJHaKp(FPK~Wy4d@dtD&L;mKA`t(7G@A@9wVcO}@qxJ{O%+y&o}tjy%hdec zgTAKbhTqmW+*$SKB?LX~3JnPaiW1nl4r;QiCwFV?QbShnACZMUG19s2=b?gT0}M$q zH4C30$IQABN(IJaM}stdN`^8LNE^n@mt->T0%fAClHV+EkWir&3T3m~5S+g8bD9GD zB-nbWkkcO-qm~Nup;1+Vz(T>PBIk}F`55Pkr*Y>WeV6zRK1>iRT5C4 z9K308b)9H;!@bFJ<@YEJi!NBH7wo01{ViRwbZF_Qd9AGdGn%GVpvFi!@0$Lcu9;Ho zwAi_GQ&>^;v87+_Km6S%OTO8A`OA#YGamh#ej%{T@*wFCLZpY|PQi@ng}khm?*!$4 z9Q3zn_t@rK_Wh-O-x+>q{o5zMe)8&=l|NqcNLolqTE_zCFFxQZFzoxa&~TG zTQxsUC~9c_u@=m3KeNzg$p1&10pPyqdAPi9Gf1br00f@Q`jnPjer|yvqyHB{2C562 zIk|iIu$Cb6T3Jw=pkY~^)Ud3GtLEvvGvNN-XYd;TF9=>AO3RShVr+{Ag==V5hd$7(Ty*247hFLlv^G2I z)J2N$ccSRrR??RRo9{+t^KOTR zoP~Agdo&hmF?h{J)F*?raii}RcvjJ@)sPnhO@7S*wD%Tv$v$>Hv^)6uNL z8}%C+>fW|3fP`UMkZ?<0{-6fM$w?eA*Pu8dA5ffIShMMiorWf@hC#zDZ(iWY=wp6a zl|1-*#MHQu2e3GAYFV7@1nen|hrvbTVHjNSFoZ)hZza0*ZTdS%W>|}~l0E!3v-&2f z#OrS8)XfEy@HbkN@V%@B7^l9FVYAq3*v0X?G8~e49Th`sOAHDgSKnw2g5Nj}UD<(K zV-Og^%ool-@Fpp98gma}%v@2s%K-^O{SQ_pI`k!Y@}}h7y6Q@G)v;}%R>H1|>TnBT z<610;jXDP`E94{X%pePpLrtmVL_hu&&mowaYfw2@KK;5o?`?ao;|zZARQ&liOZeq7 z;u3?w3^7`-g6RkzKl*#=-WG0$-}d3-K&H5=T;7gSRX2;Db~M-fIws6OKj-%sM=y;W zyjuIEadx3NPc<}<9K>ga#q{Ct+dK2=v&D07+Qzf-FJhL$#`UjbeqW9C=LER%Rw2aY z=OGVNZ-e`&Jy?ne9vzWSim?JA=j36mb=E?EBZ^LD@1Vsj3lSK|WL!k@cJL+3D%Zg4 za&^T!M?`z(O|GO?B{Ca&-&yugl zgq}EjBly1Vlz{0svR&A)VIXm7?kd_ZPRze&@KY(p{SA7tD2>Z)S_m~b{R5Z@9Rh%v zxc9(J!B92eIS_?D*Yc*C7sz*JAINtbYR3xvThd=@$#=8PQF_kajS&T5)O)s(8>ctZ zETVTu=L6-Zj@AWYCeaEYX6B4(h?%F1Yde;VYefeI^1;IkqJ#ba6dlkOfm7!I^c|_T zLyNw%nL|yxJEg|AcS<dm$AJlP7ybnv=e^TkK=B9JG~`btG?F;~on@7-Xrdmv2OqT&8y(M# zj7d>>1tQRHz|Etmj|1=*@Q;KY6&o_P_4vrHSypXxD3S4NO9jR1xi-J;@XNEyYb(qi z=px+8>w==d_GXgc+C&1afj=5)cV8(jWD1yE&IM?7HJzhqHwzN@D^*2$r(=8XkK$eD z=l9&CSp{F7zIF57yZo`c=wzcr`k zd=GNLMJ+j>fq!9$S}J9@*6Q(q31*~EJTtffvkzluNhFzpJflriMCpmz{W9)jJ?M6M z$Zh!9u?Se(C|~DObGxy@q3YAq559+=anUS6WxHZ^U7SiDg1Mb`Z_=%*Hdecn3>v`M zKCn+3R6d(U>lelsxa1!e#uw1Me^BY}08~2Mdn#RJ8Xw?eQm9Qelam*0z`j~9LGcGK z!No~jK5mEKa;=wO*l7r&C40XC$lkpXZ}aVFBi$oeQ{?1BRsjoGI*tZQhtpu`&c#k1 zT2VyT0x|~^Ev{+-nFjv_$VBs_wt}kd?gC;0+0-Gen1HWEd%LVU;6(d?_7$c%vZTfwRVC+xk*@v zwkYYo5&QC~n^uG}VIR|?#bkB>m`wdeOr~PstXJ)uwSU(W?9>9jtN&_B-b!&>kUQyU z?O!DK|!AhC8}$6+fgUocBpU6spd zcRPUnoU{%OD&9uHdy}V}d{dZ`(9bH9j&Hp@y(hl|LHrG&)Q-b~bzXcpKnXdEGEZ`Y}%YwPeYUQUk{*+K5(E;u5hd zeL+;R`5&T^e2u82`@N`yWJd>3|B$0S+RpU)1<-cGU!ZNLcsGbkl8v(#w7nCvMWpp3 zxd477YDv8PP}BkZ0nr^<#L1dd3#Jm8##G|0HIR1K(-R+G*{2^Uo*1_Szls$}f% zsuFtiKVkpAmLM%^`wg`%m&(!@k~%&Zl3e0*Aoo)NQl*97(V<0VZnVXdMP{y_`FLF- zJ#l0BDn_z%AYHL%yyyL&0*cdpe#ujIT3DrQ5mp(#fX#K&Vspbs z3#rQJUuT^99*kgYoTnEv=F| zhWh#dY0#!*m9?*Iz_&+3{7(gl{{@T0f0mvpZ_uUUAGWszHPT(MS2>Uog+aGm{L{7|u@k^5(QOUfXK% zZbdz~lhYeu>jdTKzirN=d^`Qc33jpIQ0=uepE7ZSydPvgJdeln4z?8mhe~eAi%GMq zaR+Y;Y}JH--ec-7;*#G~^R^80Olp@fFp&{e@l4^URTZ0k5iVDEA-L}41on34irEovWX8atXnSc>;iRr$Iv>->j76If6iy{c~CB2wF}kl z+G^cmc5PM9>q6Hb5X9gvDR8c zijo0iq?y(j8EI^PUW2@K(I9VcE+TK|Lw1_O&LyJyi|Th+m6&sL8 zI|D+0HWc=+HEbt;jSNww&^W<(&P9P6M&^%}DO{PUhNX4emW{-gk*etk%JXirl8R&+ zs2b*_&c>wPxLITg!5|J%92895G(o!bt!0$}D1d6l8srVs$Kzqt9EsTAiRBcy!CQXG zsH8D{~;jl?6ZpxZZ~_N_lPb3^*V8{h{U>^7Dx7m&0k_Q2}q%` zx_lm~X02QWH`-G_0LB&Qfk|hKXw|=*tu5_;nQOi(JZqmfC&|9*C2j*Gd9&1>FW-R6 z_R4i5=SSVq95P|0(SHkXau&mzE*sy6HxK;-?7tZR`@6gc`y;@#2>Q7=Y|4UAtx>Ba z^8BDA>g;!Ma`A2ZTB{^#$$5j;vRzUEwoB>w1E;9$_QH1Cq1cV7h@J(qKS@LOKdB-6 zznSY#UF(iF*oMkm+K^ z!d-9x+$H-1+=W|K1QIav9__y$)c~OV_xv60PXINptVO*Nx;Uil z@rqh6zn7$y5|vDqN=A0b0J;nQ1Ks6BcfTL@{1Bi7X^D4!Z*t_^+Pr9TOxF;#XBLUt zTVO7QTB5e;0#Vy;=Y zgpvL=*Sx*>=q;cs-wQY$J6U~G6)JVx-_1m4wTPFnzpS+DP4No~$5mQ|V?y70EmqqV zz-li7{+)Q~tE2gYM}x%Rm$DuVn0!^?_bKZWyFo0eZksA$R>JRL%rsNFdR(FU$b<41 zDzkNPmLRACZO9F<5@B*l(V`6TulXXXHv`eQ$7fr;`WRk)hD(#Y-Z}g-W+`Wv+iy8! zw5*cJMl%I<@u--R!!On|ayk7^z=Qb4#tLeV`$fh`g;B=iYpozZ)T*+sT+)&>UUM|$ z&rAD}dF=@^${lkT!15whMa`1Al`KZGt{k}VWP*fbeLs|W+}$>+anQBur#Z!P$s`?5 zk6!BI)+$8U{TUmcS8SLkl!Vr{2+{-iOba@%MS=RbH^F|~oBV5glQ>M{vsZ6fL_vjpfPDk+T|P|zA(@W zTn@IKM@xXdx82-f*bVTD2&yGOYI{m8ZpipkHk5&!k-PyeGt1zg#vT}_=g2?d-qJnK z^t2Tde|;C)e-u%_Jl=GRA-jCwosY8iVs6HmX~leX{k59btTWDR>u|5;XHUL_q(+vm zvu`kioPn9<>r{iN<00)MLtRe1vdA9yE4FYi$dYOA(rQ6p74!a7ibrrflgL}0R}-Hx zA>x%jhTm|w7x%qorFYa|jA9aBRG}9$5k{Qr?U+Qh3~(cQPX~oClWeQl_eK5Z-G)|Q zX;=~Wr_71)2uA@%ZLnO29Gf|!mto*cby>_o?8zkEicKxjRn<#u#bM*dN#4o2J>XYR z`zVa3=j^Y6D6~Dtu<&vNCVXPlxaVX}W6dwM8C70307K?d|7^yQbrGSO4r$>toa_4z zsiG!kS*i8&f{5gm*1*-s#2_)T4S4oYMpQ4S-(zG7$3_-0GS2^SBmz2UonqX3M6?FvrE`|yqj4L;pJ>I>XH_RTTEPcSBlz&viG3rv1xw;=7L7l> zRJI^V6lx@i`C3V0j}E^4MYNVSw}ou&tfkGx9RDY6u53|Jc52Nk6d12HONVI@#!YO%o~~YWe4rO>L*m!g);sZI&f9n{THxHdWMAh{80Avfg5(1tybkK0 zd{;I^@Ow|3dtTui@|`O58w!@-oRk z-f;L+7)KEVDVu>=gWo=Bf##$UE~|WKK~6nY{Uy@GMlBJjI4eT)D}pOL^;BB`s+#wU zW-+t{-=IEC*%^4H5YEk&@HOX3pxbXrzW_^<401oqor{nmg6;lvd;sp785*5I!I&1b z7DE=OX}`U1`}eVpjo#koDowuMlw1t-t3_K^~< z?*ARTj(#KO?6&kAi99X2(4zSlsVjBEQ$ZK;x*JgNThh}fu0y08W4Kf0#UW+-$NelLTp2tfsiG-sA$T@ zQeGxM)Y{=nZb%0?WvVbe_@tnS9(OmoW4WQ1QF))>gfjUFE$d7Q^9vdk`C9+&50!Gg z8M$3=qHV7FXkeHE6<8j(Mc9MhrkZn4mK}__Cq8d8eYyA%=K8zL71p~94L}j%$ABT` z-gu!oaI#oF*OSC9v%XJWM$a{+*JAv$CJ$(4vTrjQ!S)6?zE*zNt(6~s2|nM5+f&nW z;^+h@yO!4cUx&;2+>fuFkFTBoU9TOP--!4z5qblooNwr{RDXx?6LyHPE-FXGY$Ms8K_gkP@g(C^O|9fv-;)Y~up28e1!?J{JQxBCjF z8l=6vG{zb%ekJ@-8}OEpkk|Nn9wDwq_7R^XS%x|oko5e3J!s6*vWhLY~)k81icv;0< zVfuXmzS)~^gkseNar#}ov&)LJX3&zNnW?@;#Z1SW zs}&n^Y|BXD_!k^bWFSH@8W|<gA|z{NjgNczu*SE zY>ekl0*ArKP~`lLyo#@}m5}m>JH7ShIkkqOrVM1o;88@Vj+NkiTV$rhZk6fy7U)Ip z!P)K>D_mqx05kwXF@IQ$y_Y9fU~KG>mrN@qe5|;dw;^0vQMCk(9v4?X>$q!fw+6d4 zHrSIieY@iM)Ma__M003dO-is*XKqqfOumMa0i)xq*&4Umwy@e-oO0u*!g(u-2OL@9aPal=4_w6Vf-HSz!l(x9IFaa53sDEq~Kq~SD6eSu)BY0`}`lX_!DtwUYt0Rfu&LXrpLw_fG5RE zT|_&cn=a&XH-L_8Ks(R5woa58Zwp(vwG8o)Ik4klXg@xJ)DyjJ zeiZ^Ummp(e<7(+~qgHfAGqe{3KsyAd&|60>#O@s^%1P|^GmekAWyl1FJB>ireFdww zt`*<5o@yFH*_s*G6CKr0CUYEW(C_4Ej~`lRnd;>uDZe5=={9jRE_ZCEu*~ssdn_UL z#u*&MFG1(jU%fIsFV~B(uRbXx9dt(>dWB0iLpyx?X z)IDH-gO(rYe;IPQ2@SJrfv@vVT|n~#Ls{RCVfIC%`^TZ|zc`cy!k$4G3y{+sl*)cE zC=5bpeELdwKY3KR7ilGBI0+lm5T$iKRm?l!gRz;BU9<*+-wnl2zYhu{64qmvB#^Bb-KP$w0$cD_aA4-VQgei7VBE< z=f0yO$HRTsNRo#e8}|fVx8G%joIZb^Gk!bg(!v~NcuiZ!vPwVTG8ZcBw+swJ%ZIIN z>I5{ke6OO%t&-_X^S*!#7FG-qBm(}7dk41B_aIjv`+d@>TE8deb@jT4(o=EdcxG4X zp3f$(h|;dEp?TofJ*BOm=RIr|SLYHx1v2}edS4C~b0ukXdwoN;{SH=lkTN)mowbXy zIlOHKNRh*T`=B4Z>O#1=s2}u}pmzh~@I89rz&b~d`-Rs!^X*Zz#Dv)u`--QgCzs4_ zrQ-HPFAPJJcm69}BH3Fwb~QdZe51sj1YzyY*IXfrdB#VW;eqoIr@rM)zz<%-e(aV|JK3WFNShc|l{k4b z!QMRrF)}#teA!T(;CfbC0OZzsl=wQkF!_gws;QlmI}EWJuZP!=FTdSa7{7NT{NnQP zPLC|TWi(nIu8sz3eN#Wvm#&jPwdhhNt#@8@DO+f)?&FJAcb8h6tJdo7y}T zjERjV?j@TYur^&IO)%@-4LfP!b~{%kw-nBuY(}|+ui7((NayvQ%mmCHUe3@6pQuw< z+ebQpO*t@1klq}Ky6}f1HoHi$E_1@dAu7Az{w)|5y*t!B*LoepW2%B>L6hA2}U*+@1!?6i4O3^i+#}o{PKCgZ;AmKn1(1 zzEcmzy1<oo(*v$E5mBqaeWD{ipf@;1w)pxtE#J{Ks z8nia^<;onf{^_z?!l_F@$j&-2Fp);jldn-jN$JD4=sTNR7c#8XPm&HWPCua@3h!S<3&zW%p_+^cy$&-D?iZKrHU~G1(u$KPI;AvJCglWj?H~&a<+Rz_7~2N6~I$ zWRJZQrgCg`o-;C}(|Zm<1~MnItXAo~K_w%JYF=)@A+oZgBdfhVY`6$63xS!<2LdVf z>Ibn9%ctX`ztLhReb8!f(Mru4c?aT``&LzuHwLOZ3~DUJ$W2u=bF-Satg^@T694s3 zRm%9}ioJU?9Yqh!zC?y6+SViiPazEP(hiVk&6Fh6uRVVd*&zR;6Yd&Mha*T<1!Fr^ zORoG+FD-E}`*?SwzOFqE%QB(yu7?RmN6{>}px;Q2nbv`;;bK#N6@OpKIk$Iix_ z85-Dl%u*;?1)pXogO}jPZaayRTf=wwSg9N$*bM>)8InN)w!$aMfbTvCxwL%sL0}L& zI+WD=)9QR=hb&526bS7Nsw5LS5tyKS0jn>74vl;0jTT+4N@31Q-@t<^iQMQb$dJS% z#-cb`YHxq!_dOKb;0Mv4aUagzq4VE`)fTvJssbSsI&u&0u%z6k#gUgt^sPDi>n!gB zsReXmUXk4mV+gsfJ`|s z@=bW{L#s|3yxZb9cc=zy+l->Yu)08bxsm?ZJp-gO+kv%W!ZG4F1zeqg7ToZo5ilYo zosj?~_hctilS`;vW{zT_SZa{t84Ojb5T4aBVn__~z#CtCOVG#TSr=_cb2e#%PbI@@z_UbP5Xz;UK2aJ2qkj-=U9;V>0 zdbDa9Itr_A&A;P-pHjB>YhFpeR#V5CJfSG|^@nayrKlxz+X!3tiAYXIjFt6((;K{lOHSb;}>g>fcHTzyf z1|C(sNfQE_k`|JbZGdEAlyJMgY{h73e1->Ek)#k{<3zyx#j1jluO1~xo4B<*ZoNI9 zE|5#&6{UMkEt^^mSvObMrE#X*euA3l4Yr5lIgG%J(x^?+ork#(^Y`%Nw*jxAE%$~) zs_GQ$_P2;-$a#atBZx}MdgRZya){vpL_fv#6R|5_$#VHT#|~t}MpkxQ^ftuwmsogV zj};x3X7(TeV*}HJ{5gHd?souzo)M%ueNY0oen3;yT2>v;+z+v|R(W;tmdr+M-R1(U zlPjxcW{L-pn`0aAQhGY_^)6dAW9JXj|D3hq8yR1P3XA%6jSEAQfMIVzz&wBIbgELa$)|1Rvp{M(u&j2Nf}BrBJNv7D?Z50nSW zM=IAx_iJBF;6+H$$Ch8r$Ce+UL;P1-e$;7k5N8s@H-BY-=270kxJqE+s!XYZMzPYWKDY$)KHimYHhzZW07q|&4@yaHWv=URj9@`3}+0{)1X*;~y zUMU*k4`L3}y;)==vXFgK7a{(xvkwTbRS=gjUOcNNSg;xdFjiBL8E2ef9qE&3EN-6jyaPim*_qp&^H}W+q&$c&v*5mb0rKd^g5j^23zZj))s6wh1-0 zhOr@6U3NzsIZwp4iFcobR3E^{I7xm4R@IU3d}d%@Q&2afKK)vem{;rfeo}M)^cbetfrD;2UTY$@yVDOKV8n5BS+kzZ~vnZEZ{ z7YMjnekD-jcI}+KJWa;^5TmA-cDq2f98-rpP=C7hf~hL*Eo-X%slA?n>~$W>s70zs z1whUY#y!>Lw9~9gJf#QZVv>#^oE6MV23G8d;PBYWSYCi0!+1UeEojEnvhC&KJZT-) z>sHct+bpYtD$-yV1$0$Ap$g4B);6iQEuDj+a z19>8DwU`5IPc)_1JvF02aA)*gySI>OpQPmrVG+gEK$<2L@os7? z+|UNNY$XJLZobOkUM*isd;PfD?v46LN_m?2+1>vWq?9Nsv(l&3Ws_xPapg>L8naNQ zdNTj6EsdEqBYMRX2`iDs0)iiJwc}1VD3An~e-uzNIZ%QHEI9BgLLlwd2S8I*M~ zfKF>@tZ)>pp+u1&Ymp_r$+qrI*NDeo0rx5bka7zloE>MR<*czO#OD`zEfZ-0zZA_O~Pu z_D&D)u^#(dN9Z537Uj5$QMiQS2L2Pvs@vG^OI@tq!-O@4X+89a1llgEcAetd=)ODj`ceZZ7S*qWHCe^NtLia(x_APQYI9Z8>kVa`9ie>p~wISR+{EOxf}_3 zgA1J;I3b4s3x!P2=5e>pC>SBKir+2LhRs6c%P*M7!aQpx&)PkoM*8G3X^rS#Gg!ax zR+`-Wwl{bH4C1s*t+V5QVUl3#l;f*KuK@mulREh5uq4H{UKr7_|lUxgx@)@Le zP9gUZok#l&{ft&kg`xKdKmR5?BIvG-vHAtt&1vV2)WgCKFwC{0Fk$Eu#C#>OA15cwiGPp;Dm#)}TH5 zU0)W;NW?}RF0gc3`NX)p(_Q(~R8kIxPjf1eZ4i%_$E~^C?{Z?yN6x@_ZM{N z@JbM3zux`|jPo_#tK`0OJ&a6A; zuk0^3K+7MoC=?r3!x7}taSuYW`RwY?OuZe4`O4$wvhT`%FPvvNc|*9_bR(JC417joIZqk93m^b0}9|;a02@d}| z2oBaS=Yt2!i<4x%QeiwwITAl0&dp%zG3KjCoy9YFf~OvNts$EX3@t1N;X&}EWP*HW z@Mg;j?+Y|YgE>X5_y$2kb}DA=cyMMpBP78ZNQ?1^gxWd?Y1p>%UQ5b`uS zSQ%w5oZd+|^XT4FA^{@p&6B?CEEI$VcDQdKZza&~J@PXrNzES6+=9+_UaKe+qukkq zBc&zEP|K!Tsea3HU}~)czbv=w5gp0MVDwwsKk32{_Dn?;8@Eiaw^y#D{*dC>Y`|!c zhwp__^sK(PR3g}JW!cm4q^1>hWu~5Z?gzm`;=R7(vC~5-CErWJRX@7L{CTRbTek;M zlojmcWn-LSFST0d==-v~;5dHffHF=wgYp{X+oLJ5{0ydGNF=N~GHN^1y~Fk&V<$~=dE4v?APz*!bPT1xULnT+u{KUv z)o4Vi$G<=*O)`xeMRUd%(%dk4#a?sA?8wuzy-#DKYRwZ=t9Y$jv7=zKG2G=D)mLk% zrM#)wYrD3O39rrqMa&)Zy^Hk-kE3RS#?&wY4DU^6(Weg^Jx8 z35-F!-7h7s49?~O?5U;r7nAGCP``{if`eCP*utAPk5GXiV-sn*p*7M^h28+(?|qz^0mPXxIwjtF=%Be5O8KJwFwkqgtIeH-j<(ohgJyJFW^iC?cJ?NVTEyLU0nhf1Wob z&Eyh}UbNAaKPyO9izqFYU3&&B20|X0eQ6vMN|iY_gI{saPlIQMkWS@vPbd;=av-@df{7#Ah`(! zul;O*{PNk4`Q?xK<$nvt&4GKyNOs%*J{=Qy)bpl;Sx|XWF@UNIga#seFzb*3ojeE3 zPP^YP`6^6<0)Sf8W#UE_O8FGzxk2q~`2;w73~AX(#L9~R>Q4SB(mlxN3Y%EgNuC-~ z2;lP^lJuoc8iS%3Ph-+*gY)K@G!6nYsgN-Rp5hDj@=cSzlv1^O2lbLHKc4#MP6rrV zCA>1CX%f6KqGSOUK}k&_bH4XQh@#DvdEFs(ta-At_gURG>E7DutG(aM5yVk-wn(4w z{jAcUp{uB~qr6ZDY--Bp@#LExG&PNrVSnn+jc#$r(@(jaI^~J~a>Iq+m@B`yZFF-} zLf2bsj|-M}4)05DdOd3%`_}ZJl7Dt*?4P&Z^?teO)79TZUU>Fp{j&DfWgAE?=gtp# zOs%oP%p8rLOG*O=h*s%rQP$+}sKKl>@KglJb2WHW7=-sSL^PTlBGmET9V)xu+hR{& zev50^i2cdyhXiJ*EHy*SKNPdK*m%YK*_HrI$+^sflI3{jnM4^1h#t!M4|lQ~`AvvA*gE-D4WknWEB-igq|US8MTFX_Vu} z-&CuQ9<3>&J-6bSH{wapR%0g;X@%szP@h#i+M(J5A`*Ig%m7WeQZ0f{tV-h@&!;H3 zz<(j;R=>@HAR|{@6KsSW4S6&h)h4ma#5Ld|3a1LQoy=rU`6}yapP=b*9PM`o>&bZA zwYX#FGu--Lnmq{WnNwVDm2Z?L0%cT5{Y)$OIRs6dHmgOfKhQr?M>kQI~7ed|g0CqBoxh zTIs+&D;%Kw&GcXRQDoCNsYQjlETBStL(!paMDzI%#EW&g#yeOy_q7G|7jmd0)s!z_ z-6w7403kuUJOB2qbEuv(tg+@~sqb`+o~{G0s`Q{8is{8^U>nP2HDm8HVh-8!FUb{)%xM>%xxi zh@Sq|;fVBQ)5Wb4YpkJf=wrA`zE@*mX87CNNR5!7F-q0ZWYeAEw-r1dYFMKc5`@#d zqU-m?yGM5|3JGq8I}M%fnyX4%lVEc*{$ZByRM&6Lj^r@_F`i_Rc3+G63k_b0OwTt6 zAHCS2Lq_4g#jlIk!h^?R&EMGQ9hHXM$+wqn0x!aYw-(BEPXUPW<4&ySf*)_i0K^OZ z5RaMB_oz?;ZUGg#VbW^>6?#jj&CV-c5|+%fUu(KRycmD`Rw*wXf`Omv7TVJvJDrB5nwuIPV6h>xP&z?7K z zCWtVC5cxcmV-%-A;`O*Ujs(N!2VpU@mMhg0vJ%}Kb+O@)??J&zACP1tD+V$wrur?N z-d_!Jjfb=H5tq;kv8_W05$a$ zWvaop9f*ak}PlV6pGS^g5m+TAh^*O^80i`XiAb1?`tvu3|fa$36aaRxkl{p|IU-#Evk{e%sTH*A^zgT42RYC7%veP?u( zv0(I8ij>3|N0|`?QE8Hpal8c;fngA$l%OJl)P$NsKnDetl2HcfVHA;0L^>oCL&(sP z7D@<^0HH$&Ng$z|f6#gEz0SM6_Vets&RV|UEuf1l*Yzvk&nJR5WQ11L>z^vKYc^Nw z9}$U^#1WvHe-T#*SmlCEcj(LIo)yW|HsZ0K)G+TFRK`%n+(cZt;EreUdEt)U`n&fg z?`ZCaf6LS+M+bRV9Z+>%ek`PnDcLtwxFa7jO17EuDNVFK&$m@RU^;|g(Rs-sd9XO! zoY@qOfi!y*4IVA*FnnfIJ~wy&p#O5WiT<9GlR}-L-fyF4TF3hi)qt5Kv(7Xx;9vEAo0u~ocG_F!y@o&|%9vc&1>Bm$ zOwGc2L=5ED5LDe0!W{+M@htQ;F6nLitDHtdSs~~uD+JF*_Ta68`R68fbO41Q9hM%h z^f%tncKqX;_&W{rqm7mTY9HhFD<~#>iRApbQ(l7VKo>Y0E0!toC^Mb^F(^FKksP4q z8;ntQR!7EwE`@tYgh~ zwZtGYappI;4Zu34eqtTxUfKiZZLyAR!uAR4o2Tm;6cfWc(I1~P9^tPU<9Vw$pm(q* zWgt>I03s!v%vY1e(N?ePDC@!&N|ujhs!U<7S;*pO6@OXNkr&&Way1+zTX8hz>rve{ zzFm3qf8uCoCA*b8{5UC5nfu6rKtHZ22Lfit87PQHQ z@p!+De*%%>7CwPUgJ&JaU8rDdWnI*mj{noM@vA@_EqV)>9t!}|3v!NWkg?=D?2FEy zfa$|I0|!p>4yBtye7gYg^mJEI9xhEN>=AS{N2IA`$Ciz6XAv$3zj&|Hq-k@YGH-z({%fK&t3z&XL+<=P5 z;&kFk#|a~mnJP=qbPTq*Uu@p%6u}6<{lZTBX)k@|e$n4Q8~%e1#LvrK5>$n*+((;*g?2P_wP}nCwy4=$zc;<3gqd*2C-RO>y zfk-nLYyd=xj4`qujbvr?eSH7c^jSlhy&Pk(FnbOXAuii=21tRan7vbjXrA8s$D^0w zYBi4{Lz$3fKgoeN#$E2S!1h2aFxu1gLUqNTh(I&4jUeECo1@89wD?W;pcRl4OwCwY zQ8IcjFV}(x`$Uwy&ZoZLZHRB7t>9 zYFSLgAUR(?bgiZocpJ0_p>khh+JO26P%|ZrS@{PofcF`RV}Lvd&L`UE-LV;0>`JWXz2$GXOAN$6p2C$_ z+J9#!B>YJQ7rq2fYfW2sxz6YDlYa^T)hDfDHN*|1L2b+UQp>b*cB4b=!RVxOT&Attf_%yYrxl zr)O6Zkj5AoDAw5&RcA^$^VSYvzm3b~Pti1bEP)vU9rDMn=qVaj;u80&M7Y_u*40w+58~-u4 zM13SGd(*$;=`PwVI4`rDz9GBks1X1Fsau`^@I#hI{G{#dnA4{tDb2Z*%3-C)rw2Ak zpawP=MJhO3By6YNc{qg zm7(zX6LOybr1;MOQfJ-??HOUhhpdN3iLcC3Dp~+Pq|Ybgn*%-9*XEQVwiT}+0IM_` zh-Jn%+n$(PhMCGR$sg&*@uOqsUSd-i(S-(`58maJ~y@93EJ}qBC2l7x*#-G8c&haz#BAKr{SL~$(`J?F1)l^3qJ|?A+t2R z`vVV|R0HOg-3IxR<$rSVc0HeR@$#60Pq}zNEd(y8!x}QskjU6i=9U1rZ!^gaB*e*P z1GEf4x||t!2mp|tf{6eC>9Q}Ya2q81yc#2QAmrTI?7V(N(0s6Sd6Ae4JVA!~I!Z@d zAvoa4kz@KNZab{tdNK>3>do#A6>PFpH$93={$bhdl$6YSJ?%Ev;5B~gS8V7LQY4=1OUjf#|+TsUK}lHPpa?D%pcR zst>$89ybmzYWQ%Lti2!G7+Q4bMCV2x!HRRlSQqu>QEZ-0@KXK)zyfL6Q~SE;SJ=Xy zY3*x7GE|o`$!;z@LDZriIvWVG47nO>SbH%HhdTGCSj`#GsQ|=_oKM7yFDLuU$^Jh- z*=i@(FjYH;)L+BGuM;==*mzCA0N;Re70=zqZ$cu5!XO~=zR)vj;D!2lM{)X?Z{An! znS88+XA2PJsvkOGT%i!8T=`x!l6g*Znr|?0L@+8BK~vgTYg<&>l(wPfGD=1*i|gi! zngQq9K3mg|i;O}36Z*=M9|5|_a*5$7tYGpUfZ>5Y3vPY=PouvY6|$8f@bUOP_Rk_c zQC&(xTzgKSpC17;KHggHG1xQe9yQ1<;7n(mb$Sy0ca#?(iQ3Zuv&N(HsJR22R}%83 z85+6OJuNEUrcqPnuXNt)+b)xNe3jgsMaGAf73mKXYo`I7y~eavhBn>#st?_j+gko| zCI!b_jOZVEOZ>neylrrP_1e2KvVB>qAGOVo#2dX%Zj{Yldd|8pSC}Rb6r^~18wt~P zcBTM52B3s#+FfsRpK>Ta--~`6h`0^0LhyZ+B27MN2$~2oLMO5twZH!GQE)skugPjG zp#jNLtGR5eYiODe?JR-2InO>J5aWvb&bI}$FgPMkN|2-EKL%(W6ZoBSg@_bpErLq?=ofl`l9TPb zEOWYUd6hWex0I-W>^qFf!5qbaXMRLv%)n0zf-S`Oc;ZpPyb$d;o#{S8%RqcWjF-68 zaUHf0RPHiprMwClpihhxPj~%;7<7y1TNsCVgXeMBQu2#V#3r}+EWlqukfc0xKT&lEECS8%!$$-~fELzoVS;!bG^vpjWM52BSlMCKx>AmIEc4=C z^@UB8GvQ`tl?g>HC}(9ExZ`^~yaWzD3P5~loja#Z7zO-48|?`TZKu6a(r!b*>_)6U zvKCP#N0Te8^Wt`w-2erF{e+Zl?OnU0;1d4vuD7Ll!0SA;QUr1GhJYKGSDtgtmig+T zOQrCIo%%h~MBF6*Lo)8JSAxeUF-Ye>p-PbLei&22A{?wFC0bab1TX47Vp^=^)F>pybTWFaa$={*MH}XHL zS3%tmFus6~g=W6=9O?A>h`7ki$t^57#5Cdwcn*iboKvfBC=Kg7lvPz0-Rw^)IWK!E za5ZQcpsldNA@!N86|kbJQVJLgX0U4fhUbT-mJsB_OzO7EZ>Oxf(8-h1g?e?xP@nQb zp>z~}ka(b4UFpR7(7!2(kTvnY13q$E=WoPu9n`z}W>V6j7+@yS4Y;4%W$tHJ#mGxy zdJgb8@nMagQ$CgjP->7sEpTo!BcTwFS+Y)Q`5LU!9hUxz!c(SwGR2=#^G}&cAkydP zh6|O;|8YOxi3+JlY3?&5KP2NIfPd|KjE(j9q|CqOoN78@Nrzp-9-jG)9`mux=G62d z9+;|DV$J4lnc|zynobPOa4Wklduk)h$e&E{?jL_=RBV~zd;Yoz+4Oq;nUNA!${jm_ zjLUUzZ1iB~CWt$3G*rmsNM$*J-!vQ2CqG80>Gto@$SiE(LcOEt&qHideGij;+b)>0 zPXYcl72c|u2JgBhsgRP#@S5Bv^RKnT{HEkV@^_}JVn6%W+F)_9Rx@0rh1$fA`@#cb z8m+fmoLbFED_=a<=HR|1N1{`8SS}a@dQ||1wkRh_N#1%jCwh&n)2`iHF z8Ie_($I-uw2CS|ybaQF?=_SDZY*Tx`CzJTu6yKfmcFPp+Uh4Jt%lvCog+UD+uj9EIl0y6O6%1UjjIf{h-MVNo z)+qE~khk^sl|6p5LO*L#y znC1oYS)0VH#KH+Kz)E}_GFVgp_6*;g&0pt^ng($`Mgdjt)3~Hp#ID_Lg4pV{VWM_f zSrCVRx3GWikJhhB_w$BE-u{ak$}Fjv8)#T;(oCkcCL=iWKY9#_OG*+WK!w}vf?zMM z6OVcU#NX5?@GmH>RK%^V%bKguaW4aib-rc9#fa`250q}6EO*m3R*qnv7X8TJUS)oFe-{nPuB>U0}xX?ipIX>gGj2jfUXzGX};cd|1;G%+fu$P^@ngbJkBb zcUS_Z0c~66=4OBklX~-{;*e6VieTHf0;OEei~pKC{Pkt-@MZ4sKRtJtd4rg}c2jlJ zvtH?jltv8;;#zpYpH&sF6QD1ahk$}VnXlZb&ux>3kg}#C!9&dNW^lu%M!mhoX^{Xp zX6&($|M3;o=2qBX5MVQRTE}{#@Z1zt7Du~w0az)Zrl*h2VSeBSdcKHU*9Z0-77Lxe zu2$`IbSVC4o;VR;l-_Q-xb2Q}p2?!10b=hkLt?bv^Fy5+Jh&7xK z%xm>V+(}OkS(vWWegPmwhhZw!8{>1Mk(=JG7~qAo)(o%I4VEbBN2qGoyN2rJNA#{p z&p(Ud7I=v{;;MNz?oirONZ$#Ma~6viTwn&E%p8XjZ-wge+wnrT&hp&6wXn^9dv|>L z@No6sQEX+nAtkIA0kDQ)vS!t^nCKj4xRim{C~8%D7ppJLuIbA1P04dsafR{! zu0kMLNDG7Bu5aRfwnh$04|a%vrvm5p#)m(0fzHCuTb%{)m(IeMp5gy&&rs{#W%|q5 zmEi%@A>wy1gG$xVdHO`D*x7n8nT9tSR$~vXFTJbUj2&?xhVCH1s+R}89sQ+w5cU=w z%+RCw3Og4C`pj@8PIFamp<#NZ0CDt}) z9%#j}c2BOKHts!DeHsF}sp#|sQm=X`^p4LY3XU2&#?RMYkcR~GP~~f#rzw(l{csO$ z`kV{reTF1@lYk1V)-VdGq2ut~LITD&&n ztsbG&k?2QJQ)LI15+lg#twW`CbKXFslV(qwsR70e-VEnDOXFW>Vghk{v1>0NF`OW& z#hL}ez(V-Fpy$oYp45ngXIwqEDvWT)Xwz6^G$U)K=2U~gpi$r7xJ|Y%R#djFGJO4q zg3ua(5*nhhk<4Y@p)Jht!PQ{vX#IB^VdLGGp6Zu4W#y>3PH%M~#_MvEQqpbzv-Wwi zQrlK{V#odoZCm;=Q+e$_#J+h==@+!=QA4y?AR4$2hz5ey8w?PgRoj#tz0vlQ3DI~g3*he>M!SG{Xy=nL%em8k zHe=%c;qP`Ev^$+Q%)~84jl00SFDh;Ecjpt$d@yeN&4@{#`Mc=(?35@wh}f5N+7x}d z*zX!i1?Ap|Sg(JaiJtiFljv+ddQ?lWd`AmrE~!729K zPMR6L>p*FG$*)a}@IWEk&@2Y$vw2lr<-=5NAx{C|?>fl%yX)ENkLN}l%!t&pr5zpN z3SRE`P;nK_D5yqn4(vWcF!+aVW2|-3_FP^Ac+*wvq zE|B>)_<=0!3CWm3F0QpgHUhYjS8GSP0CLut9$p_8Es7ALa8$+O$5J~mB-Nwr}C0G~1(!0X|zcxLA7wu(vXPgJ#>KEjZ9~du86^f*Vjpl$55i5Nf z{8jhk)z^@7+4RBhX9fzWH*nXdO8REs%KI?ySPM#4T7tC!LlHpAly^801+O&91z)U& zc$}Hv{#$JU1|!fLhsZDL{ruQ`+bVz$Z#E6w39=$EqL%evD4ck4=1 z>Y>@W@*W=X9HeplJP0obT(+|ts1=krf3%HS#yRi?9u41Ac5+`oIp2#?b0EA*mu@Wk zQyH72W5@DlTHu$`Mygb_f=W*Aoxmi6>Si$RE7>448=Q_uTHxR zj`S8d;mB>G728`5Y=cR=K%@DAw{Sp4s%IP(zl>dn40GC>whlZiuhtYGTPlX05}`fo z8}k_q%uu1<(GB$9Y+z%N>NC4~Oda7U|aV*N)08$&{z~o?&E0c#EM!S|FIKE}W7Tj*tLG9}rN)MJe<2M#w|H7u)<(O(S-*(3sD=p>td3<{0 zKizudSO2x~;ktwGKVt)xFJpr*V}t*}u>tIg=~d8oJv#Hv`-w+}qUAkPf@PtSrbRnXl+hD;&%75K1JWba^+r+JLJ>EalGdOUD*nD2I{y{+tp%3U z0*nsmyT^>m9XI^}O&@T)hU@0;Qyw5Vc7dk~BFco9Z#b&a8iv7Cr|&GCU--3uUJv-G zpw<-lxnUVmGZZc1K+P+-M0^5Y#h|GUSLg@B_5NBIu7a;MEI6qeulgavJ@lCnPdC-g z$cLb&6}i_+%5MK^_HUzQ+X0KoyPa6?uwnN05vvB|T0!MD@xpLq=qwtpw_1IkRW2fP zy^X~L`RSmT7V#ObbRD14L?&0#u zcfdPbv_q)$_Dlco%ii(-oxNkNsgdcyDwLD~X&4&V2*L2$5L}%%KrqV7XQ%(_qZ>W1 z`JNK~o~i`V9A>SvIXOODiCiGBf9GHXxY>U{@nW|+3z+nq0xQCn0Bb%7Wgl5H*898K zqgp(gSqchZmX=%71!ddXCuYvHPjjob0WE%4UJ27=C>aPow(;F`qwzJmq}0RhXA?hn z>eqHd0pyPo@kbbD14u;JUs&f7@kR{Va40@#1*o0}WgW-WM!c)y z3PdHR>w*2e$J*X~Yfm~$_X*I*hdlg_fn=wkQcB1iDBPa8nY?03U~+LvyVf6na0}t* z`sO`wHdnek+E}HO1E#WGS61)OZOd;B0*3PwWr}-df%QAWh4shTvYA^1eJcm>r62z# z2k<|Z18@cL<4bURv%%Upe~PMVKRc$Xm;j93sD`W|DH>S3odc@lq0!5mud(IOrD?;o zxR94;BvQBhN8Z=o02ksea^Zo8LJ#(|5h1w=jI*_Xj+(aSX+Y*yNj{Vu5}+RZ9rz0F?1me39*tb` z;7+v#&l{6#x0c{i70M4W{|;MEza1n-8N{?d5;OKp9ZZNUXjEDsxpHbltt(Z(oc?|O zJLH<{U{7l_|3HQZ-|tK{vNPe+@(fL(BRL2@&lce*nV|u|P+Xe>p%YH9rz`i%>3REe zU$>~H_E|D@qVXvQ9hXg?W~YcJ|K9<@%hBtPt-j=xzvPtvFXWV2`wGKGJKrg)9@e72 zEnUYfPl(Tv6QWJOsr9TOgFqZ8JTucM$!uS2)*3b1p>SI4%Jk zXJoosVZ-F#&L3dM)2M>rli)(=OWjf6zwauo!uX|a%tuB#BREGnDv2bvlf1Bw_JVToUgSMtK=SywsKUdXV!2@G7a@7)_5Jy%#IQR~Mh$Jv6<`w( z1rs%-Nj#2~soNAwjyh1@8y9eFv7&^TTYoSRNgr6}5WKKDfnT=oVv%Xl5{eo$QI`#M zxNRI*u=E~D{3%MsU`e^MKCwA?kt1w~F_iOSG}=&3AbMWJGARh1g;#}9elm5NkIme- zFa4f<$W5L9{_XJirT9wxVTB;Y>9Xb_kwsk1j0$r0k9(Ea=f zZg}aAn-Yj)SC>f)7vGcy1Wq7?`$6SW(fX+VW~M#OEUg-~2%RYp(Vb69gw{y7%Qg2DXWWF^B`#61N(=Qd;V54}p_>na|qB zyF&g|N)35H)j?^`&4A~DTh$<#iuCrx_$Ey6A){sMUdSI56CO`v`KM1!V5eovUMh^7 z;Q5R`DNddR?1UcCDp`!%zA#=(cf5DA2G|T&B+&o&RzlGs>wh*2!BW|*;{Q+cn9J!e z+W%nze3{MskIZJ0Ywi-iA2JHo0AG+aEN-+BIXZ8AKt@s@d0-`6Ey%a(V9=r=c++Lc zbUen3>uaIb1XN?({82hn8)Uk*zm@z7y94aKLuU3Y3sK6B(U_L!KbjadVL6(p4wmZm zGB6w8Z+xF?$ZU~~FBvX7{FR)Bnt5z$`t49S5DmjDRj}ZJ@HYC$(e+EXUnAiW4V1c5 ziuWH2RpQUBoalej%1uTvx!&G|SZE-TNGyaglG^{=x;Fz6BOC9G^2k&bfX}gp65yZ( z%T4Wc_`d#U;x#md&uw?>(f-C!;qC{VlETuwpLy?r7;_;^=H*IVjnr361x_9Et5Iw1 zw@hmwZza3SCOb66LX~o0#qxrK`)IoSaqaY-AE1HV9|Dz?9I*~=Ui){1u1$=wb%NiyUhLhC>nz%z@r7D8v&sbfp4S%W`H#(3 zM&krP#J%s zyQLx3Sp_tt&ip6ig?YQ=C`t&GHeq40Z+< zxNEn&Yo9YZjVgej5r16vH;j4TQ`HWfK9Qz#SEXIN0QOA5aC_hdq@yXm_W>nJec zZ>v};%2%Zs+Qx0Tp*Dr+`6-@%f~V#`Hgtwjn2jdY`1@K2#|}3)<5=NZD9lp-66*a#8L|j^=Z(CR_Ol>^7o%;7@Y`jAAiI9tmrs%uf2g^K- zb{};DG^9IHYzdNt05yeh+l&kO?kB+I&Tct7p-ft1IVSED_u*L(bA*z@Eho}HYe>(Z zd(?$+Zr6P2l2Xn&4S0kBK{BZ5z6~9kU(|rJ5-loi%9RX}?hbjQ1m;AmlQ9n9% z5Op6`pk%7S8}q?rV7fGitFrzGBHNK0&wnUnSz}i+x8MpjS8n<%=I~@al_`E)=09wO zj4wNmUv?b-`*$4Sb*4(X8ZHthJxIh>W>-jiMl~QCUaUfZr$EDK@sc)vDV^1BB}M?U zI%6u$o@6G{et<^Sc&OA5p;0_nEsp5OUq%VRd zSLL&B5ZDC<5NsfP1YA8PM*RB6`77xA&da~8ln(%Zqg+W-J8!)haf>}7x{G|6-q&Ax zz^RhDKY7r*0pjJY8X7xUOMa#2tOT+iz$$P-v<4#}H#8(lG@^ z^L>HJ#2;YijVt_;3z8k+<7tmR3cjai(bFzEvquyoi$CB}?SAWd?D))a4EOKs-X&jX z!F8n6=}!+L#f##)VL&2+J5&RGy@{S}++$wQl(^s&LVIBHS;6iU{EqqI8l?rUJ#9SN zN!i@ZN}gs2}aCVq{{rH2)ZD-up_C#89DW3`>B#KY%DZ zd45liKsJA0UTLzXMb2+M6~DASzO+65yW1W{`o5C4KU^bPx}RszHa-GP$HfaPseOH- zAX?R+lRA5F-46QtI+DcVXrp)13YGG>ct!tF?9hL0F(g5 z;Egv5y}1sZS&(C#fGRcBW+qom-blU(Z2a@EI_5UXO9Ks**v(&hp2DJ1Q>y2mWQmj5 zPOFt~OFDUR==58QjF+H6@$CsHvrTjH)((!}@;g;{k(5@FTXPtAd8RJb$O=;Rg}Laz zrQEBluX;e#1`YTcsQBEG1tfOs=}9_X9{g##{?+F#*IPR6*0LQ}rh)Bv;&%8q6=Y^@ zDzM|q`E3ux>ooST?xKC*>H%ZPB<7f!@0Y0Um#FOt`TyOhZ9~TRF2tt$%8whbh3lyc z@;;#}8KbU2H44cr<0mzDdz5|>gqM~UxDtUQQsi;Q73lc?OS5)oS&j4;U^)CM@U`5q zXt_B8^gZSdXm6PDpPYleTwcO36ISLvkYi0*t}nMH01RODJF*W6JuX-r!Lar(t(^h6zVKo_3Wrp3wqGgPESAM z)!Q@iaXl=(-0aTawP&SzCE3hyiM!vewM1Z6=ZfADvoQRW@#n@8Mnm5#aPUUxu@K!9 zPn7Dgn6fHlPdPqntYY@#%zODgS?u`FFV$`z^r?N3ZNCU9GSfM%dg-4fwaPC`YG0Pr z{+pN76w}snH%nHOKB$0);mXD=f-^=uFOI0f!_@;t!)k$`VKotGI68VSE~OK`K z$CPT!*7HG0F*O^4emGU3W9a9YJ4FquPW^}3>)xy#qjADfUZ_}tTF)pCvk&e!9Hb+D zCLW{yYess<6QF1kO{yf{*8Ew$k~h&L>pU7P?4A^)>ZMO>-H|ISoI9fTus%BG`%D_v z<{ta#&99A(J%$dO88C=%ZkmqCPUJ%I;xf={v2}hdTq@CIbmEYwLM8$6o`X;i8Xo=$pex>;Iv)Rw91<=ZvrHLD6Bs;Zw?T^_dK847r^AJ2k_ zxa)<7RR@s(tP5aK=!L?-SJo0&3}I0o-v;@{CWR#7w|buPJ_i1eoSR(2EURV1hRl#i z5A=;sO&RQgoX29E`^XlA;{2C``v22|%KyaLf9c31l;xf&dJ8`NB<#n=x9Vri`!8H6 zeYKzd?sr8mQ-fc=i#WPAB!cH?zaRhh!q1rRPpKTa^yDiYy~>Y6x`=ym?Kq9lRoem< zuUdSjNbX$QPRV?cSVdH!p&5}=DP(79?86_5s5SDCxYd5_Bu@a%)tRx^095nf;&oy# zD#+ztVf=FqzmZ4{c|y-OvO(cehZNZjfG%24-KJ?plR$6v@U{Nc90i4%ql38yyO+DE zgX9mB08=yLL03;ad5W8LnsNeE+$kejE&jO^Dn$KDiTunFiV}^2S+X%s-V|s zF8}U)sz5(naK_-_>Vv_NTles!+RWf>xCh(-{7x|!LUka82A8T0dHAHS+B2FP!>R-d z&%9A0NwX8IL)13mb%pqnTiP2Gy&C^P-=O=aREXQ8HtYmuZAz07zEy(WE1?};MLR-n zBZl7zBm2=IXtHpv+JuBK1bz!mxDI+HspGw0)duCFj)(*-bLmaaTp@waTpOG&y|#?pO?-zuN}}Jj6Uc4BJbqvny>;8xXTXP zop4TE-s*WwMmDbHCM_ksWd7)?hwxi#r@D&kCC)8#Ir$a=ZOX!q0+(Ua@nrU5k1KH& ze~v-;NWMQpbFr0#A&|F@oCdwUH%QcEyPlSic=V&P9w_i1`r&3 z9I?Wr^UBMOahazF#||+Gi8>o(Q}ervrEW;etBB)8D4d-pr7ghKliZT) zKYa`-ObH{tH}zGsx94q)$HJzjifnD8%GHNBi+`T=U1)UCgF>^$BaTzm!(t5$bNt@o zb{AKJh4r_Ioc$PAbBMfwoumf}jPp|+&H*@@ZKUasD)R*`Cq-wL?(Pfbzj;MYdI0eM zEy1|qNE|Q$IUFOI^iw3DYtMxJWaL!xniF&vuVDI+R2d|-QC1@?k|kXNFaSY} zKeXKf-;z2XWP&X?9Gk*Oxi(`~m=vJ@S1W3)j$rUR&D6mk5_3z$Hkx~x)<ZlC=n z^vS@+Yk@Gb)&7r-mGsbx;Kk)ldkZJH*UFXj>&PKAa^_$HsJw@Frb_UQaqhv6c!N8} zkLXt%;4{MWH6b-Mr?Qa&8KDd1)x+1@4klGe6-%3^iG-bvE>kR7V+;TJNFKNlphz_Q_%>>}Zx3yQUmv|)HbZLFmytZr}!_B7CblcFUSdJJv4U$)> zAKZxQ4|9hb^|m#$zjfYu6WUAaVZ<6cxa`1?B??+M9i0#X2qg9GzMTZ$@t;~Q;$^7E zn)n0xS{!@GxB9K4A%2su8c(JGWMZ=4(BVN%!HHDdQv{4Rl0N%fjnUg% z5xRQU5+})vQ#k5vT4n$pk7D6{6Xii5_tjTdd>A8lEn=oqvPs+W$)+%LU%J6J?3-Pt z+hbma=mHQZI}IfO^O*J^6IUEwrFk}z8U;-RFpu{qbC1jBjeNZVT;_d2S>-BDNf3 zGs}5c1QL%_15-yb{fe;xn^gB(Lv zDDX{aKax5}ei`oy394ql_y3qKe|Ddt>`weHQ@29!jrZm^z#nHB@PQ)zh3Y%V9LP<9 zy8D>nSV;ce2IxcVwwk*d9mZb5XD01wsooodlz=qv+sjk4aQA{CcX}=^j!{jynoJ#B zzPfO6=A!t;S{^7h^xMtjMIA512}TfChjZwb85(Xu;bZ zJZgy=Z%YJ~r$XvQZU!S>nMnSH1JjU%q@k*RuD|Lp*WZ`x@Bj4rYcCYVCrh^f=IBHX z=>*@EUXm{Gmp&FPoLqo!^e#oZZd&3M%8JJ4Q-cQWZPk^)ONoW;yBwe+qEy#ram{M* z>X?SlOP@9E1uds_RYvoa*`~o9SIl9A?f-pxuN zPTG^sPs*GD3PwFmetOi&c8~ul+Xfje|rUJfzP%dTxqfR znOr;!xo1=jzuX0dm1)#m?&G>V|efz~WVFVM0;3p{d7^ z=@N7Lz}xEI{j%K|34=EFsnaPs)2|$xtBFne)Y05_aKG3sM*7;Rt2UxJZ&{8^sWq{q zjG(mvU6rnbN^pnuLg!PJ12Amzm>8YdPU@++iZq$5+kr6u1B#<1sq_K@+@jtA{#j z7TyfLF6}Q2M2bw5&;HFR6y+I{mPb!$*5Z4}sK#kYWlq)7v~IxZ$yiOx+u(sMBpUTP zY$cJOcg7(t6>4A;uGzwDvvJZ%Dhz-1F#XzyS*nBRqM}bRu&skJvLJJ8s8`J_Z%U1S z2oCSvJrARf+?&q{+0jgLUrV?MGQT&vTx^R;ooVYsCL*S~%_!4`au65dm_cc2+j_GG zzO&0UKTjELR7oHG$#sk!+w6(K{MrmM#{qk%e!kav*Mx`M2(am=G%)?U#kM446;$zZ zE*4NUoUd>LaA@B^d(w4Tj)^yCUB(*KRybEKI_Z8b!zMzPtCfTR82PN4@FVY}1TZx0 zv<|FxzeHd7TXZ638!TW!lzUnN(9nJw@fVJJNDNNwB{yx)KPTfAKr_C!gr(HebMGjD zQV8X8Vi`2?l*LjVU$pn-dFZ3F2#=W}&(MQ^ZBF@oV;r)f)NEtmy&!;%oR) z&B`l=+zAa7|G{8TnhzL-U+ZEvhw|aAaxCwV_g%M1wa|y{oNt!BF1FXMm9!4N0236C z@}jWYfEVK9gB`gytG%`9E7RjM0P3qpWt#wfeZ71CbB0NDjK&Lm>qhHz(MRF zmGNV)gvqswEBc9#Us4#X)d%)QZ??C25Ra~V{!~U4FME_!>%nl+H!xIS8TI?*Zv&nL z1vc1grIm#K)dNPU5*#%r9M<$!gCB)>83+5n$JTlqkJzTI&W3DgEKamG0|#wEOKch9 zisgNTJ6c$5+><7CfI#!Y|{0Y#qAbOQT;I-kP=&Z5M)C zo{)`IjDOyGr)qzBr+#^-{vW+lKX@G+h_%IOb^^^Ale8MiO}uL7!YPRHYFV>}c6ALD zyBan=J|%6QX@x|!m3==%8fZl%%drOFSsSZ0gzB{s`}TNZb!h1tZ&QF5C;&&X_|s9e zu9L?m(!K%C?nx!I32gKc{$p%gx~#yA--nc||5|$6 z#smKAm&VSQ#?F6VW2ekdD7T3#pPLPk?s?N?`BI5&eA5`a5#KClxq(?-jrGyeZZmdU zGo1r1Ly8@v*jbJ08(mJ4wur&%EJ$_*8N02@@@F`RR4T_J!3ZT-qncJ;(dOihn=8a5 z1=+&|wn7q*SKKSEHYb0KB1j|VkFDNZFcP1qB)9xx#&)h|?_Qz{n9btN<<%vhjUK`H zYOH=UT;fW6=_Can*NtJKXO0p&_Q5dtsF4e#onX*YdodtlDK{|HxaU!Q;b>! z)MV9)LDyY}35jsd8*S(rWSiMF-8!f{fD0#ijF>HWtU;aR$meW`h8_ui#l3_dLi545 zr!@`Ya{{9(97}q#+YYCL2TEq8S;1YZ)sorg1mZ-wwnP_LP;a>!y4bYG^9_9uSPY2C zZqhR9A3f^y{Al7%s=M|81D>cbTYq>Dvilsvnuc)%^^kK7}u(ZSN zCuqX{#xQG_@(;mt4nl?W!yd{i22I~ocQ?Ag@A6GN00M9scNzG&&n;g5vt;4o2UoZJ z5q8%e?}>tG#Jkz-2BP6|$6ZAWOOMCQiutIyIBc8+wLX{Rw`e809OLXU!>S2>uK^?U zHa$B~mTs>`@->-lRuDqlYe36-@3adq z*Y^5aj3=4%V~4fayJmMfu$Ugd%>v<6{g#;iVKE2Vaa9Hhr&+5kcGIpnP)-E$Yx^Vc zC?^2V#pL_|QS)iPl})>7pez{NZc7fSTwCLBR;{h1Z&Io5gH9(i$(DnV2VnhznMKlS zspSY~;obmx=3&|4&(-E@(t~Qv$)17gkOeoam_5`yY+I9+Op+#PoVL6r{AT&c6C?oU z!0#WM^=D|RkJb}oyVD(HZSUcD#Qmb6WaJdVjWCIPktTd40F4fBRhWLl2ZPN@sR)+Dt)66_TO2*3xn8HK{qDJ< zHijjOjL66Dge-Sg`Ew2ySP|_!g8$q#itK8ig*ru==3jfGp|)t{h&5m`mzq>U&xFio z=G1jWz4u5ovs78dm|J2GP0^5x+3w8KMNLV&;#a4V)fm>15db&OuDl8m1;TFx_^iAb zeJ|G&5}217Pd(7E_dO;LmP^zilsD~OL<%(>-d9!^Oczja=IVPTV@=ix5uzR=z5jpMd()^Uvu$luMa2%Ir2>M0RhFVcKvDW8S~jQ%h)5e+5fMW| zPk_*fl%gV_B0=e*B8@-@5J>175fDNTAwVD?5CVkICy<1Y`=Yha+2@XX_SyB_JMQ?# zz5e4zSXp`BHP@W;d7e3Eh7@GH{X(pjhA#Gi9i#LN!D8G@i~S2Ou(d|N?}%nJ7V9ls zXiQmJvQkjEJP?iW^lv&?vOK0DEi2o-a3Pi!UDKF!h^%R{1L6iE1iNr2`s|fr z>{s7aJfp_Mcd57apPq~x><`~5fuB$2c4=%BTxvOHodPNjmXg=eWdM*+@#J>5N~a=H zundI3*s7%ffu;UGc0mn**f z23edPf!G|}FLy1FKghZEzF{?QV4LU)>vVxBXMP~UR7~d<@_1DOH-L>m%}yfimNVU*+k)vN%(C4%N?V;hOw9f(xZ6oE3pOzs=^<>N6#Dm8A+4)B4Y-L%{#BsKm9 zE%#O#g|P>7ujyHloy!u8&5aN(|AF;{tL{z?mvUYYU7xQ^rG66`!yn4#t*98N!rJCu zQ*`=7badLoN8eX2Th`i>20(Uk;=A<#0Uu=~dTP2%c~L)U>5+atDd6d+V{i1uh$HRZ zVnLI^Q5XhuI4*taw2PQ`bWdr_7><18dhiy;O>*>UVm3jGtm)K!p$r`?7v~;WYk|=% znC&>Ue5ooOs5G{k1la|IMHTwjjM@Q{GGN7LSKejN()M9Iq5`|EM^mqFTTTeM%ivn; z+;{#>_uGS*sixYJO0-4KO6RVwF!vox1y?&WU9etTS0_X8vF~%l_Ld zGTYY-Nhiam9NOhAQa4K6vm^7dILu?r&lZ>!_A zN~R+eY4=!fyyyIq?AGCWbV>my_{z#I?12GPU`@+_nP3N6m%MU1LN=lK^Q0?wPK%P9 zU!j8Q{1op`_TH`6B-`le22bY48*@Hpv{_r79`W;utTk=@S|K0bH#heVEtjz5x65dJ zEVK3P)QNUpVE4WV-DekulU0My4&R%!SOmIL`g(N$CC1zRv-DxbWh(ey($`qcxw_cL zmG?KTx4sXU2v(i~W|H64m`ZK4S^}C=?n<8yB0qaJ^pa(EXiMM}jb-7u1XLK`te%`A zQIlpYe5d=} zE5Va>0nK$fValZKbL-yAC6Ty9EjQGHghV4=$*JmV2%cH6hf%b6MnVTqt>W?-4(mIv zQ!zWhoI|X${}?XArs5Sfnd1&$BF*_MMh9+c9o+*tTehH=!uQD1jF{R@w>SgA(crVX zt4r_RhQRm}9rNShYZQd3J;lhltshDw3<+lfJ=6iTXYURXsgMl8uBC~NM&L6;(A5pDDEIG>-5S8=jWm4ymduOE zyl_)wJ=Fj2!PcO!1FAD{zH85S6AYI7Pv8c*`nv6cJBT;IS_6Qa@Vh+hTwh-z=l%nL zZRB8jRymTm$mT;*cElndWXy~rNKRH6IZJZ|ZS8y9-mGIhyfbJM>x^Rw)vl36YYZ(c z=TBgYh%16b7Sj%Ol*oah_zRC$OKE4N&-Fxct&9Gs*rhXpYz?YrH91bc%MuwI{<O0{|R?!Wl5Q^#}2vT>eEB>`Q^G_Ig1UUr9mr8 zD3W{|+x#QM+AbxyupA-0zuXFKP!pL2$o6$J1CqUzb10`&4w!C-DrMn{BB-*mLsrq$ zW${W>%i>$$1H&ZWO}v2+-V%BIK+Mt(>+Fuu0h=_pYQQg^%m@yMQ$rCa<7g2*-w_%) zE#aQEb#PTq1sR2+h9nflF!Yk{5B-x9l!4I20l2AH_nu!>g&D6^w52sPGKVN1%vD}cs-?O(2!Xcu`g%)|bB@~(xk>#j2RDZr@mE^sNb%G;~>{sAGikFe` z5ui0klF*aS#>Rhj1C`pY_9a-ZF$@@(APL=X7unvMR!RTBU`}aePHm`ZTqhkj;#8zo zgV!@Y$j^-LXU6xxmhm-yn8IE$t0L39mM)=Qup~(McsV6G2)|}wtt+%*bz~A#NE0Q^ z58~9P8Z{-V{>kd9Ih&Vct^lkCf^RU0D-@2~Pa)dw<^qW6q>;no=s1)_0+5b2DwGGO zrQcF7nUp{>As@u&E@cCx?#?hUhyM0Xak(Mx+Y8;W@5-FzLnv_ny6M@&L>^5L1ZQur zqn>qs%L{&kzKr4qMo}fJVw6&VUh|-iJF2Q${DCV^7iD80sG{0diD%5*4)eu7W&^BZkiT ztN54Q6xPkaX0BB{Um4RBen|jGe%_AM3nZLYz>Dr5!ng?B^Q|duUO7{vwTk2%-C9$- z#XF$6xpScC2p-KzEEMbw@i(*9SOMBh*+*(;;b$wGX6n7FGLJdMK9FQ!rd>af+dp-S@!SN&vgQQes+<(F59WNW z)b}2c5F`Ne3GSvr{OMcNI!Cs|pnxV*Io~>m!&3s|jeVpM(|fbrfYGhp+X zaZi{26w%9405N#hc2=Xt^)Z55s*(vNeqis(t4HK;lP6++3+~;iXU3AcYi@Psn+ha2 zcGUm=yhoI`%}%6*-Ta(r_KcXliVf#oe_M3XVuAYSH|ND;id@+9A3+vY8)?}gj||Ky z6tlrN3*4vh^B9|e9gFRD>%$3V)23?Lp1Z_-<4up%d{VJ-tn|y}J?nU`x=ZYk^CtVL zu>!dQ|I{L<)*7m3AfWv)vkq+PU;g#mnL=}q*~u;H-WF^HOU|v)hC_k(RCZ=$6n$pe zAnQ3z<<~OoM$FnYSB|58Z^$q5ow3*Ji%rpkIoCa*c7S&qYaUrnvAJ7Y8*UwPuM=p= z@isP9%Oxx09Fu8ce28;=cNnr~spCOvntcl}0J*2}5-^xRe)y9t_S;NT^KIoL#^b8wpXK%k{#^||p0P~N}yeU{TQ#cu-Pq6UZKk*4gw13nA%q1|` zn31h)-_>B^=x-)_FYS~6aP+qmV*XR#epj+PQ06~8U8`HH%+Q#DdAI^U2SCk1j@K5bZ&4^NIEf(w*gi1cF*9sUNyt9aJ^x|Vs>xfYlLE7VAn?*BW1)gtvg$rC`&v)>hcIdIXk( zF`v_ZTe3rCFO71{CliUrYP$jLQN(~<5%DBh;Z}5IPNTjzd-ij5KlMEghI2r5k592o zlm#ZAbHnyw3fY`LEBP3ZUDli*Rs<55pV$|U?wUmK3fd{#b z-}!?`NcU*9&kgd%hq3Dn!gS~RFvdEn+3bwI-;?s~1TLUJ)ZhP|Xv2lz+5E><=n}c| zli))^z+_Kcoea4TX+IvLF}XA5dHmupriQ0tq!4xQ8B!~qd?`p9rAEP!?9?hXehBL; z*Jz)u|Ax1tH7!fV31I>E&GN3#jPL{V^-c~gJ;v#w?hK`B&P0Y7ipVM9JLSq3Hc7kA zKWwM~=6d#cxXzt7t}u|-`zFQCEUMRkyJtpK(A>IM2GcP~d z5RxUetL1nZx@76&%NWYiYyFpc(_1iEeqv{`bKZKq#Z)$W>J<4G*K6iJD%*+kUkNu` zeyn^@33Y?z($F8!C+*mLII^K1&-3q$$j;d?YgYC7Xf~6XHPe($>8^QaoU8LF;2y43 zG@P+~lRfNGk8kn__FEXfbujmoy|zVg-MxCL$6KRS!jyfz`ao9Y9sQ>n!z_)8^(+Id z>&)W6m^)~#P`teKFtH??cR&%9HSe@r_w3t8U0v4Sd~>y(P|kK~rpohKj6*@MbzhD4 z_G>LGW2UbfV~PrHe_>6CM`R?uL>VjLzkNFohMb*bNhUQnnk1hgo4#YS|M#eelAr}9 z3YiD`Xh~HvK>gDw17a64Ki!62mJ3C3C%8mu03A_2I$H#(h6v+lUbX(n-o87y@O|yb zWE4x;a|jMl4fGHoq~v-~hd-{@Ma3^}UTTk!ooT;-!1dR{Ggyu<@OVy72zL3dcgbqk zQvBk6p6&d;l{A!MV!UM8PT_ordYN2to9?Zuw&!~p>soL9GrL(s1kCvCy1y%pzm}15 z>Gk8)DKOi>);@xEUqbg*I#IuhDti`S?-C}--Ac5(OAk_C#>>(mF#E10UqdVV(N$(Y z*Bz&RrVer+zvPezsJ<`wjsU-5j;;~LVFm<{5p+Yo@7m15L=8~)wRRr$VhJ|ym&S7& zlc>aLZegnocg+G>Tw>*Cn;kN@I7)k4cS3H=FL%7J8Bzs+6i)TefbwTR`S%0LlWQde z!8d+i-y-K4d{!Ca>VAn=8?(k;7+Jc?7YVB9ug{lmVgG|QXx?Y3yD^y9VLufjutODN z1;hYy`V_S{i?n$iPg%K{bdEnjQP_;B2&pK)=g!Qq(CHNUE%5lA#nGj@F4@&2>%k&m zjyls;t8(Q9y{*4!fvxA=3$pQ_;!CA4zLdFCY0V}u3x}LzS96e)?hn87>V}+e{Zvlu z@;a6ogvqh+S)H1$dTjdO)EOOT#~n$-oEfr$2KS`XfFoKmsI`WZP_b=MbK+Yd&5IiI zYodj5S2$ds<;ZUlxyy3I8#;7k*XBNlq58`cpeTQ$03EQXYQ#0-Bb|69`k)Ti@t{0b z-e~f)ed~HP)TCF?60twKSRmlMpoaGKRMGS^;AA zkaHyRtY~UDcK04&IPp1Exj${Sevs;zlIEt8+^{l0>Z(LGB|a2JxkaTRfODOL!0!#+?vK<*7LEKFx4Mo|0Z z+SKDT&a9VF{N)s9_O*vAG_aKYs(NVXCDtPG=pZ)XyCki$Ti#>MX?i>^+9#FO(8)>A z7ofSPIi#Qse!{@Rm)+r+7BT&+KCLkfN{KM4X5(i-!~K9<)4k5B>-n#o^Pq-E;lG2L zq+A%&urEY#NNy6VOwEoR)D`Mdxj16eh{dN2(SiMm79KDdJ#vVHoT#_Z#bjH2>~8o& z0?X^=SkB%Z&p5MOFOAs>)MyF5>sKaLTj(s&&^#UgITQdG4Y^_VVsY{i7ev}zG|kz4TYhqPKe@ZV&E2(WvW)xHg)k7Y zLJL){gW{g&&q|QmFst(m_y!>qRm_So^dVL}B9%#}XgB|}FVx;xak%R$D(yA0AL<#* zUhDAkTDx{aLb<*0SW54@&$Q?5>(z1iY`fs3$i|)P5eW%2sO{pIV-tyPy6~9Vxh)G? zjQ4W0ppK&urtzYa$9g$0v8av8>8kv$P8mF+MHfd>m-|OKI~)V^SQD9o*pD0ma`Bc~ z1cSYr#5?aM_eU8yyyGQb{=J?Ye1_X?PytPbv;Z)wqtQ8c3*K#fV(jP;t^64^RWuY= zk?@VmiXB7n4{3y|5?dIN!LQu*lhq3n&d7NzDr+RxcAYm9E#Al)5pA-_`VZ&T@w0gF zXYt_QE*?Z25}a9RsX8^g8iNsBLTPupD?!%A5`n%J5LkvsmC1N^5%<%7hL(r?Hrd17 zuky$!eUb@3(obNk-G(?cuG06HVACt5dc0xY50;_KhY~8a$l27wt&ko$FKWaTAj13= z52Dl7MVRmL`m2EXBz>1yqR_dQLY?!7Xi-p1d@M(IdF0nd?{fUO?+;iM)3&`lWUTG8T5gtP@dujGbM9@4**_^Ciy>1(23tgKcN}1s-(JYZ6{fNh)7cczPdSQ4DHod~Xc_A*gj8w*|;dE%#F&FtMkV?JB@re9CtvNj1Z76R&@%(9j(;N)y&E zaDMbHO6D|}E?eUS>ED_zAjs+}!S9#87sbTQ^7tY8^CD!&nbZrlqF>i>JU#!P!Pd`U z>+c0yMzzZQEb`%gp6){mVLY4{X*`IM9er)!u1zC@J;^R z?73N)A=}DMpy8JSv4wb4cXe0B?e(|_V7A+#hEwn)3{aO=?jH~Z&_@yuAu~gaZLt`( zo-BnvupVgnF25)RP&wgug<%DOCJ@zUeIt~yYD2z?>b2a}{b6Qp+sz zVt}X$r2=z)LmY@Y%(--9XjSP0FL1p0$q$!N7dkY1Jmj5LbFdH4x1^*#KdVhY-YRI% zw^x6$Ni*598nS&N7NHh->g!}u`A;(GCzM2?P4=Bom14rf!vQIP@vAsx7_o3aNnG(3*Zcye>l; z@=%ai04!vF-9nVqO4!{IyqelkKxg=FwG;nqYw}-T9u#IY+_LaNFdDzyuVB2^x-dfx zEgXPwm-}ao`a^-RD){uRTSH%~wM2f%Xjy!jI?yfA%9!0i4JFVCnk^8q@U#^nj%+tj zQVsG9ipe@aa~gcfhVd+{H8k=iJpWc}JKvC1079Uwt8IQ#uK%BSM{vbOP2Bk$gG%APPjdyCcS%J|&t}JMbUr zy4$0l>H5!f{coh}g|zevdU>FrP`8&;LD!cH_U6tv2+J$1sV4gdTtnaauZccU!u*F1 zc_Z%;wXQ>m0L+Np1fMMwM)xm&;38QRjjt!xmE?fbTsw@yT0Q{CzqwsqA+kJf2&P?P zG`M8JAf$)iT(0z8ZGbC_=pH0sR+oYL#8DJHNPtS$X1({SxHNecRoAV)80H0eU$UNX z495=x(N#cb0KZ1q4pc^A6an>4TCgn)H^#Y)v#}07(j{^2N4F`>oZza|m9VK(fM5Wq zJ_Lp`>dEQ+lzsn{egFHi?|5BWAoJd$ge-2T+)^)SfdMp@T7$#`6^Hi%cnf@1+<@M_ zGB*$rZkLbM3Mbj&zn9YgKw4q))kqD%ZY-z@UxVm06XEWz%DUz%n7ww%)0Q7jC1?{s z?alYO?WyFxK(;SGcBdMLf42bjjurQ!*)n}r%>oK&SPB4Cra;ke$T{!tDTZ?G_VR$m zAk9*~G)aI8MFucf!az+;UKHo(BAE`cE-T)PI@^g0s3I<9Rg*y{tx~`ae9qwV8J0#vfM>Z-;lP!LKeugldKfAK{(jLl#}nU+uZ_;P-RA zTivSb)p{kRXW`|`FN&6Vp;btpbxgFjmAJ~Q3C1rz$hO7c`U>~ekRIJqyuTq)&$=oV z==f2zfQ`%dk1QfQWJ5zNZP5~DJyQi5RCJzylq=YtWT|UT>uEDH8ijk2?j>NE1>{uk z#Ir-T#HHbZDDQaH)*fGkX`WGJ{%R&WPiw#uX~o=;3l*plc{vbACfddM!#KhUM(Hek z-ZPpDO=wL`chK#T$d-2-1UtbWw-gyh7IDJaTb%}09jvlz!K3xX&R~uW*U{6wiv9?m zNQQYw7U@lt!dyrQn^WMEZT)#A^?e1}6rb#_POv#c%c`%j39psnE4p&I|^Th~O>H3-<`w4^<`tmRy;;lL>j>%6oLD$2PbpHYRd937 zn6xu}vXtz?vP_8E-l{s(>0>32)GeOYKPxQcd~R~JJ_S*1iOLW3nK7!7RL2$39fU&TO1*WGlBg5*y5;kF>K)Hg*&?@mMgkPt6Q8Mtm5HQi zfSo2w5wUfD(#z&+G!$kzm%0WtBDc4KFLz;s^1ucZNz%?%urUKsp3B@XKFc^O?3PT< zDaZ0Ztr@rAm+~~!?F}rS+n3VY9CQ)6<5sqgzLr+tec~=$L<;$nvm(TjcKab$N+Yux#0fi<2RQ#?zr(_)BY99O{Wh!B&SHm z*ae2`iZ^5sf)x$L(>H86KD_hn*K>}u2h!q#F1b#eelMK%6rR{G)g65?n<#VXNMvDJ zE8$DA*p>3i4`+?^kfx@;y!;)vm9cNY=CG3KgH40_=j^Xa#ag_sKXQa6zH|kn5Wj4> zsJb@&c;ZoK^3sKKpE>*Y_s@PF7)Yn*WyA7*!zG;S%kv7`;sM3f;8M#8a1%FR)XwqAQp27UEU@mhy67ugp@_DOC&>NePd_Y>S~q5J6eUcQwO z2Zzsaj^xlB2E}ocJ^D=KEp0@Fd1aA`xO;w&d0q$!lucUr&}3~Z?n3=V9CsQ^haJpr zXrl5;nq12b5eE(NzP5xwA4KeU851p=ROSinw6C-kzN5$WG+M4m);vO*sRXmF@y#9@ zH^;C6D_zLB-aP<@v8)r&9f1SB23-N&`*Rw2x7mMU%bass@=6G<`8^?dG>7Mja*8nD zV&?%#VoqI(0z|QOiddcp#|Od@`8}exNS0e))XwxvbSr5!iU!n=k$~{EF0GrgktZ!v zRx#o*Z$sbs+8)6xIl)0im%V7jVxE?2TXG=|QBJo?Dg!&ZipwQIlO4SyeW|b3S&B#=43ADI*Pp40=Ko8Rh zzYyYR=jMSCxzbUZtjF9GalS9Lp7r7d#oq^w?Qy8txpANGmyQ z9@9E_LUMGxh;V4Ss%PKzt_3uLq(wP#vZoE+O4LXe&2ShB&+j4BS;-J`*;a2I1`#QB zn;A8dwjjbMS1l_mq~=LOr<@omr&zL#4bexzi3@C~w!h0VvWxDJ6SqCG!#`2ch?0s1 zu0C%ViT8_HMv>FJRED#nEd^fiCND@`Ptt`xSa~l&+U0ajN!`8DI1s^kQpzcyri4B@ z5JmA#{yZW`8plYb#>NqSA!OmF0JN+)V;r_Ua^8TrdN8M*K__!yu~XuwVo!0E5;+19a>4BdX-4}CZ_hkPqMuhFNA3J zW?5Ov{lk>+*`5=182f5U^f9XgjOz0-?fR>Y?r#_N5U0|k@`q|lsNREch=>m%?j!n>@ zo)3dQOc13|3*aWsA3CwEd8>J6BSEduNHNk*gPlEnR!jz!xENK{PCYPf>>>DrIF!PJ zH0lwGu!Q;|7Ze2Xwsi)IqPiPsMs+lD(Y;KRzH2B2%(i*3#INks1TiCvTmsZ6KFGciy;hx^%Dh4jp<}PF??o9Fs|pP>;G3K_nUu?bAo?fC- zZo*b#k+s;F6X(8P*Nmg@+z-b^)PIeo-u`N6bP+V$c)G=`Sk9N=<{jk~kA0m!`BAtZ zxfni)c&@~}BMc&X%?!k7AS)0uh-7m;OP4$hA_)wAPGop0MV8Y2QD30U+jq zpPxM7YwIV^G__1fl&~TA6A^}Z9+);Rj`KFeH%7UGTNZo}&I5&cTHv7tYi2go-4dfZ zWC-eU^)2%zK9|N#&g{=27P0WWqH-{_oDBH;eCI^{G}lr?L=NE3jS$*1rST^q59w!h z6&7*F*SrB+5l4OliL-O~a)44T`QC;Q3rFF1UBLd)oCeadcGY1g7Z}r7& zD;X_Ny`}aHN8JqRCvIMk9csG2QBZ-_3&ZB;ThsJj{1!e?|J8H=@yE5!ZC1vy+hF;w z9Xr&`B#E=vUtZKWZw-UWGhLyh5JS%zI4GCs3{7pim!HakunRqPT;crUZNO~*$OW-f&Xrx)c1MPY5@HETX& zJo%2x`b!j+OShM$HX?^kRBahi9@EKD?n$Bd*>nv$NAfim^LU>-`>B`pyUBZf3yDJO zTrf+&?qXVK(ps@|>J((ihiIfk-0uM%q@zt*VDP7|(Fo_Op<nx0svGvd7}B3o zB@_&V1|}{S(bfbG-muR-zB5KVZA0}oTjZ!u--x0hh=NUO8C)U@|e>Q1qdu0Au^&X&&I}o=cfES7gKx#_Pj+c;XGyo?)QEKQ&%?=PB1st%Iu6cbF zaqwqN6VozoclY~iMx?jB+-nXh46qCWza_JlmNLEy*mA#*xO;N#>X1;X4c> zoA8#2P~cKDWN4MJcqc-x-%3e`%81JWQOjsO@=HNcM?b-G$Y%z@ENLnhcvC%NC=N0; z8pP;KXN6QQ@SJA}`<`#ljUbPr-C-3q8kE+Bhj40X3s~tstw#ea2Uwyw8J#$T_KqKv zgc4SV2NqJtrEsw&eWhtzn0Vh7WPCUikpe_Lvauo0glA6n+#Xm!i>nbeNO*Vwd+}{q zaDf*hp~#u~@iYQul3!B_gmw5;hv3rnj0I~;LNd1*;Dbo`fK#>f)53V~JyD#X6`*vT3Vq;8g&dc7^eK&VQaDk>p=%PsRQ zA&E0v2fYxbU}%7?I+XalEax-<2vY+}52;#}WCp1ZM)}68*4t8?6Q@_a8EA>5GT+UM zZn`Jy`_G<eQn8D!QB}f zbZT&_&?md2$*M9@_BviCQIuJ*loxPITMEYB%y48|mbVs#nqQ{0sXnUP+Vzl$NXF8) zjQR|&S}RDPGhEdk!JRA*M!JLBfZ>F!Ka0NA_xjzlwiF z+%l3Qy>_9tGbd+!atslkC?1P^6?h>FT&*Iwy?XVBQ$O;K(wWZ8)GIL*EuGxbTk)m8 zz?}LT8%Z0(iv9v8kBg)HWSh6;V#IWWkG#!&TOXMB7Z#|wA6+Uh_+zT;_hcIsl>1ub+$MPp z$QS>OFZ!oV{rt}V@xA^8Kdxc_;k56Mo(a|H5hh zjKTg#1No;9{NMH~p|`Q>YHGLnxv?64ANF5;diqPy zJkqG8t(s!!`q~E~FX^qOar->8y})|6A*tp@WWEoiXEriX!j0O3FTeuO#Ee(o^F)S{ zC;(7NrZUw^QUEF~(sQx4^P%&AzdEjhR8tAlb#yfkg*HQ}(GJ`mYJt>cRafjX(aO>b@?>_Ga>x+veuoGI#{9oW*=*m9M3IoXu zhGBK#2B_QoPhfZ%^_L>un!s@9{(_lhMV-zCH|p6YLd`YH>x+RaYwbZ*DdX$3V=8!& zBYBw&qcUXi=yd1RrSTHP)kWGa9GNFUXfe-d#U?vQW3ha?HRn9DL&e0DMIW!Ob>Dj6XM7R>n~zktHS9Nx^p}5kYg7o=gBi z<ad*c(7H<{g~jGlch~4py1IP2R1Qz+1N8 zIzp%k6lzZ#{)F2ozO1c08$TN zBC-dvC#_>;o^O5 zD0xZ-phW$m)O>T}#d0Ey9`+_^0QA-TEwbtRKM zq6XfK1Q)h-lD4|3I=Fbi`Z*QNwjdFE(#ZgHCIevLhQvl(nP%sdJ9c+f5NR~GWNUUG z23p#aQ9(#S(#Gl`Z{BbNH)R_vl~!tYRUcSQsYeWv8` zfY&@zZ-qi6KwB5UEpX$m4^39(+7OGJapr!4GQiOmdzMZwXQySd2gjutM&=pmRu${i z-Sd_~AKTsaMD#3S?{qBiB(V$|QjJy)963YmTd>@zkm0&!GKNO@b#xCCc+S>nFMf{m zLuSIbQHXH0wDvZ5sHr%3TfHa+`@AKbO8{W~t^k0c7r|aO22O;J9P1}FH_LHlLALkt;@i7YSrhHC?7-yLgvS`be19o#UcLBC_^6>0+(8@ei>T( z_WLfG&V6LEuWg8S@A-d~E&r3_|MBOa+gC&eq+Z4z6&bjxSq*N^)K2$&07VYKSQGf& z9;l^H?3D#4zUN|l`bNY7_C##*ld8ZgTZ_e7=^KcC#Rc2GM(c}X=0C5sM>=$uTqZ+F{eU$U^Z{SDoDmEP&?y)P$wT%W= zH-3MZ((&qz2wRT~pL6lR9z^z(T{r-&D#Q7Of8}4I4*&Hzw%cvo?E%BtP?Q>g)lfno z%UNKx+T&Jx|IXu)*bl&HO2wvH?+k!FY;5Gmau2sbw7AG3 z7ZyLdftXtns+EHTR&#uv^W^V5+@0%Spv1rlnf9Z=9yWZLxv@pG*f*l$i{8z@0rC}E z0B5&ffl@>QUJZo?k?GL}Ry%dg{NmqvxLdXW4|C_t>)jK-0DIVQ8=3hKc;mHpx8?rg zQ~xc{v0njr)2ujVKOI;NHjCNKlmS+gJgV>)XY_BK;faUqhi(h?mjoY+YDG0*=sO;@q6D0}|Lv|9iJ%8in?oZBhoz+1UNw`ZM?Cz7)J9B;U~LGAJ7r39r zAgZD~VS$)ubmPvDRiSb!JlLBa+bOL2vuNJh!_QuG9-Hn8O6u*=@*$)c4{J?uMq?2a zxUt)k5NpJc9=h*rtFbukN0|4Y{G9kX_g@^W>MeUTP{tQ#k6ffES0Om*i_cuM%8FDv zzywGJI2azvvdz0Az3f;PIMdBSyOZ>a1j7JfhcK{xPygLyHf;Rv(Ia5h)Bn{wDi3T> z=l&iU*(luiVvllUlvpM%`@#k389Abhw&i&2{&x4@=ARt>vL`Y=aY)QJ6X*Wts&Lw& z-nc+rW)Lll&$ldhdoPP;XHvpBn+#jvsvq9lwSruko79kDgoosi`_{#p*)qvSWC?#0w*|`{b}J9szMNYl_KPwfj6P0rKGAC#qg4{3+7zd#q&Lno z6&ymm=+(j&7m*SUiOze;JdcSl*?d2AiXIt)625QmzgryO>FG6S_`;8Uw~Ldvpeqw!=^@l6+~VY9sN?rH##EY7S###J-{nA7&P2ujc-w|5c5@yzgIFQV|p`1WWc)AXIT|6{25eUl%UE%WMFI@ z<;1;uD`ns*mQT8otSc#^EcI0H#JT&|^&~&!TEnN+Yqbo{LB_Mv<~L0b^hXR`pD_CMeX7RIxUf}|(GCbiqU5Q{ z@uLN^dlSEmDIGp+-#Ie+^00_Q`|*a?htAN>eNbx0tNEVC^^q@SD)c^Lp(0IQbxL12 z_WZKl&0Vews%8E497eS{o+?@(wExY{t@V4X;GAHG)d_`o0Z6b=`tY`ZnHEDVTU zRFv|`Zg%ue#q?LBLlO<)X1b?+nr|%40v!!!*>d_VvGr3CP*tPpzDF1M#_u%HF^*0V zAKWoEzc-f9R4PmE5Uo3%^3N0SZjfjh%_l7VsTTt-I$M`X4b?WGJGp(`Sk7^6ga6hm z4?o=Yg={{0{i>?pf$k%!>SDnKu^k487}a(8!1KmgvO!Z;{_MpA_q)2<4N}mmhwJ3# z?o`2gL_fVoTa3;<-LYT(<6(8(jp4D(yyaUmO}9@kG2N|W+ zB_lzXXF*KeS5x<=^^S&a!@Pd7vBLDluZ=u69A^kqe0WLb<|o?j_K4s2Cn?oFeRjF~ z_hU|1LR1RIXeJ-rJj#ex%}d|5tD31ESNin1d1}wxb2Cs zk2~?Nh_!mW#?Oj5bKrvT%g4(x6NW@9XoNc-uW; z`=Wo~>Q+CQu;R@nFYO<$Jcj$TEremB!ea;2g%d+_65goWpEn%jnWJPevN8m-{=2$a zO$s+m<>it-9lY|g2DTu45q6t*;&^zBRF;X|F%g+Ns8?q?=@)Koz4i4td+Wh_UP~-t zO(#a6x)w-9&X>8&e)c(d=cUaN%m*2by2ki|$NkrmtOXiq!MO4q!#H%eaJ6a3Y3)x( zN%T!-uxFk!Ql?iiyY#^(Pfsn&0`WNK1NUAie|y^a>B>vx#n$EAoxQvUoR-qB2gU06 zH}VC0SC^J3diaFp5qaE>cJ&TYp5|!Fp zg-bol9^|hZB~!Z3N|FY5MBz?c8qL3Cxv&sAvN+UKKPVK)tt`-MPiu{y?O9uZ`L8CD zH8^D4NQONovNB&pW3|Rh$Vvc=htdt8p3J z)2B}}PwIt@l7#z|*QST&E5_W1tAt#IH>$<*Tfah1DmT9~ELl57em~KxRL&oT)E^Oo z!`W*K1}oXP=7#F)lkvL_!-njyP4>x)5TvqAOze&fY2R_c*v&fc!7RVlZq%z>xSF$C zcVQ(qzA{W-VlbSP9&_8rW+3-EU)Iq!GyWA=}JQoW=>&XCWQ zO^H$nlt0|~^y=%O3OPOV=kY_z)hTuXZz#%J;xo*KAF&VgCcJ(KWqhr@^6?yD39KQR z1s?Qu^6|KpJTR7-8z&m|725O*{c;%Rl4!;Ibg8(yqyG1U#hUP@p0(YFmg4Q-W=zf2 z4PMhbO7cpSGE>1U2uXi%U2lGwJo zqiQAKm&d^@_c`ucO-U;5%+}&Y(|{4W>t(S=mWvCKy+McfmQV)5HAQZAC|}rmb1UX} zhRBlCjvMy*dv{{`9vsOxc@w%!mV9$)@iLOq*diF6)eA#nP+Nt*JhfFOg!ZH{Rn%{F zgZjZM?KkAZr~RrP7m?84D2b0pQXm!kVx4aogp}_($BtuF{!EDxaGyI#c_wu(Q}7}pV}+d@-OIxD~GTV&%3G~09n9J zMW&I)B=7~zS^GM0D{ldA5-dHs#XUP~1jSi{$qDt+rL1+n0ONARG@V{TUX{V{924Ua=-j6M6t z_P%*RS(04wV?D_&&Y#}*F9Ntii^C=}&a%2D&*CX5HEYdo%?DpS+9LSHx!rPc1CjUY z=Ct0eC-Q#gBM$eEA*5eMW$SaQHN}58S zS*TmwHul<)n?T!FOEg6~i%A?csMD%8Ou1rl zLJ%Ahsq^)N{<8t^#>*Jv`3>p;yC3Y@AB!4^a6WAHtH()AnVpZ*J`l?vE1%!`vWQ{+ zVE6u<_!<{gl^Y(cN)^Qu8!qo^ssA(Os@H7U?njTDd;K$|P*eL(2mc{^jQ;xvoX+u& zbs=%KCi2TRC$pG0P8!qNb;^Vv*f6`k$=}M6e{8KvOCRN2wVH?*zmT=W4chwK6bDGU zP;G0u&~;d5rgE}9#kO}Nf?B>20pZR|Yk1T_hVht^EnU_JhsEW?LvE|wv6QoQl~54) z!(Le2Rh`&pGj=~!IGHLxdQ|C{h5f9_Ys23Hf4%=Y5zkghxHvjy6@L>`u5v@ElNXJc z4Q?~^RsWiLS^D=}lbI~$B^$e*W5O4=zR%zh4)qw;ZgD769^Pm0sD!{{6_ z?tMxj6(Vq!{?s%L0G%FlwahHTTo8mGzN{%dM<*c*iQ9 zAXbW9*i5Xq^{}x|$y{;X?h3aTz$k#8&#LH)Lp=0nW$+B4+ihwz*jufg{HR|Pd z3EszmyUzRMZw~m7pm;5mec(gO+U*lDr^st{u5Y&ngFo#muGLdqos5}VNZ9y>H%Ia8 zdg8OI_1?KSou~Su60QO6%fF}pTFKis6)N5% zjfhztA!@bw+}7e?rucQ4GkZQQgiRZl3Rf$q))wVMg_HRTcUsqCNA)>)A`V>m=}(FO zgR!%Gi-L>RzKDQGDT08MgmiZ!^3WySLkmcEw{&-R=MYK`-9zWlJ=D-c4h$T>ydU3l zop0+8*!$Y+zVF{!y8RAVCnJE&l-?>XXxim@#F7Vs? z;m|Z71o9E=RdUcIW--Nl?8WEMeNg1ozW&;ynPPpi4C!_o>6r+LPowk3_J+{#UU+X_ zt!(9PI@?X}VqHecDv8A=hcE6N7$M#%Z$2~BwVyE=%(PH2UfwtZWY?WLr%&C14jY68 zl>rmO>T}9hKWEGG;NE@-u|gdkr7}2;ojA_+^ZdEo2rHxQMB>rp{6>0^*+}&e83c;Zm8DqVN}hF8HsreQv!4x=AX5Rx6YometeKhu{qm~$l6D-e|ho_@V)d2h#g})j{k5qz_Uswy72^;SWQjr zaQn)@#3Es0jjHB-D`l@Nw8N}y0_WcB9RrTMYEd{Fc=2*<7x^Rtcs{Q9_B^8%7q-Xp z0Lu_DAGHzZR>M+tb*7;RxHmb;d{W5>7@p9XrW{E@In>l7tY8ui4K8BR;3)yqKZrVSdc}??V&I-&st}-PzX}?_Jhao}rUj-wjNec5IZ3FR#Bp-5xlYm>hk* zk9P2Fn_S)HTBH3!*e~`HV3fm90bh(i3E0V_Xv~9plD)d)<^I#IQ5#YXL z2G+_1la0)giLw96u+yT`$xm|ws5a$X^SutLC~7uJ$RXM!FhN#K=O>s^%-<)Oto!4G z9E0u~&0%lk4e-dBjNfq0b``lhx9Pslzu`r_sc`KR=4zy@eJ=lHl?vic(ql-UzrErZ zd?I=0`(A4FPTWCNI|}~+!%9LG2fxXOhMSvQH0ck#kv+Rk#$H!N9w^iPGDUHR&}H4! zbaip-_Bu!nn3&E2oxg3IdYbZ6+Wy~c)^({bR1$!%US-%e{P_dmDjw|9{7_PvvZC-c z$`qFKI~aXDfibKXA7uC`zMqiOfU6#ZjWR#9>q@rH^#P}QBe8~+sV^?X!t?kW&A#GM zsPzNp2s7(YpHk{ldQub`SC3tZ$dN)AQBJ2((cRo+7vK-3;(6h+AJ5C(0m8>B5^idt z>o1d=r4b*(^)F*>ryh_#F#Gj_t(f4Ee+)c_K{4$KOD*n^Wxq7;WCt}rHcjjM=jK&) zV?)|+Jk}>CF<~L;wGwL54%SwK-uV?!Q69PE|2hNePFMDBjKJ2yd|t@A=HBz}03&6v z7qpZDbKViz*}35`-GJ*IuNdX&W`p!r>Fod(So~qL(Rg?4_xl%#EFHT@a(VS=$cNb- zXkJW!ip;Q<)mOdryWbsU%{(*b-RZ2A6UiGLz_ju{@^$**fg@=$#nB$ter^s1Zj{Q# z7MrT7dMA$$8-i-l*NL4_ieK-BMtqE+pJb!uTIAeZM}i>!$&nj0EX=^Z{nPULN;b{2 zYRm2RAh|0&%{K1O6~$7aRLtOluC}Z8c^d~W^j-h3q)X&F-a>POckdD^erlN0wcRU5^c9j3#R{l7cxvQ&^#n-BvpTLcr zg|S9lx`YoaqgPaEw5WMIUzHuqA>ePcew})?2J6=W-ph+91d)tf-xzeIBVavwE6y5P z3x$o!8xy%T!2FbG%UE9n@R!hmKRmRhBe6$S_#}lalm)S~$~m~ERte?))_&f-%1My2 zqfn)Nq2uqsB1`(tP1DPf&ra;ukWMpbWU=|>X| zoAOPSNWW6%Y`l^nG5^5|1GulB5=5r+o}WvlvgBUU?%T;0fUyL%xA=*_iJ}D&n%-f&iS;k_XYZA_!}=y6!bJ!NPml=o=M5 zL&seTsouyS89fQ(B%}s&NXjqsX^A3YTCja$Y&xWT(bMSrPU$%g*V6YXb@Fjyc2vG= z5!sk(iB#XCi+D{@mA%9UXOZ%e=ewb_g$g&ps?YeP^s!0%!`^3V@f53!jLu}>@Mf~M zjRtK^)kyS8apjoZ<5DA`S6|sM8)zTCGXX1Oc)@}1$?vI)cRSf-m9m|0MdUt;j}-hp zewP9kq{@&@gDZA<@cB{AnRVi>#N~0zg1=Q^XUQoiz#EIc-&)tUh~_o@`^@l}wp`vz zLM|d1X{b&$+?0}T#-iFq4lDQ&z>(~$n+6G@lQjT=ZZ$FfTNF5`2Z&#fMN;S^aAdle zMu}L~jTWw;vIc)8rv96RXml=)G<$ax8sy2c4BHfcKAINo28aVDzk11AR1K6LHaWS8 zYn}H$<7sa8(s`R-&}m{z$9mW@4+*}#T$MkHT%I2Njo$!G_el>Rg2f{ zJj*55p&KsBD)$~P@+Z+YYpVk{s2j3EJgvvMQ~Zx_=|_!pN@!tXX|QmE)he4mYJx3u z=HF5?4vB80+tOfS)fEdiE!f`jX>gU}zc!YopuAQ#<+@a7+>$Y)^n3bh_QU*q&5D`? zB?8OI#eR&aJHnweAsV9#si{ahjfI3} zTz2)?bUKUC9zE>gn5Qi6`PM9S|4vkw6Q@_(ThXKmnQi_yp2zrC~+&T*dgkin`#Ha_6#l%ie7dqNsi^fmkua&zWU$-CnnY~V+q&HxQBLaQ+U=Mg8` z1A|&yK#uQz$%v(wBGB+^SyhXPzKaZoz^g=msHQ&8s(6%LQJzQAKvX*Ujsb8wU8@uu z3Ab$&0>As$fO{l5DBYJ)>}7g_I4dzqq-~%6MpkAUgWb4Or1$hu*rCS=2_?+n^H1>T zyn`i(9ec4sd>+T=1NM%2I{2$ci^E*XL2lc`{2N91j$U48y^j!hRN2 zB0C_(c;2?jQ6s6+QIrhY;pjXfZ>wXE!e7XoWRx{;yD?dnly%n2W43(1Gq*1ibyK6> ztm)mxbLX_Yv*A})dIRR-hk+n(-Mct1L23NIwY0sdW}W};9q>e4lpN$g+LpmG>>cF~ zIC3-SYB}_vL9!(u8it%UO$w$zMHdpJ!~ctWq!m5ug#YK>jlEW#1Yd?H_>s^c|t^>EsKDT=6B}UQ@yPll~-^0+lCqL#*?99=EZB}0WRrl z;)#!}P0}}kBI4i9Hb=g2RO<(X10SW17sX9gW*?`Lw*C#pD$f#i2Ix|C8$pc1Vc$4A z1Ke-BTGwpklKwmGHut(yaVtoDrUKm>oj)SFn;||{_{>fl_irOBE0P{jSDK$D0eP!C z>pqJ?{x{B>oqB$ICRB`9!gsXG{LVh#5DSOvFyP|m%@~peXn0hk-R-XVY?JWllXSWs zqMZ0haJfQ6;_;*K?(wVEBhc^aj9WG-u4GQ^t3ufA=DPdn)ezB%xFb5oXLAt=WxR24 zG?miv!l_Ekg4ttud4sQq;5)?4(BCV*X1O-!JKlRfK06sEci1h(EzRA5@~4#TLAS3J z=gF~^jd=8>quGB-3_H`^#gfBZ0#_d*+~Rfq1x^%?M`m|w?6SGSJxc5<&Z^0(b7&aN zCabGcX3#KEoeo$lcJw6bZ1^r%-(jd`d5)8s8CNvP20CPmf?KN}cT=5ac7#9*=(6yq zCL_$|{|IKdAX!^=@_e~Dq|k%Ny-};R&xg2SbB=QhatvaAZyiLtF@0LVW>_qx#}p%urM( zelbr=9RHX5PuOk0h~<^@d%8UMcQq`?yr+<4WpU)8g3H+r4iNOG+fuuVlpwcQ!8s0> z4Fdz0eim%-#JBdf!?;nK!?<&U@CgOLKu0#7G5k5XLT*G_KHi_$W0^IB+l=XF{Ae1U z{|NK@JF|u4cw?2>H$2xAF&jQc{av{V4bAp!jdUB4;$7AvW!MVeVns47`yZ<>j+qsl z3R)@3q2!PUngipd`D#b_lPWPckG7b_b@exRi3+qbkv=N-;ey<^{?-q4c}thWQky6f zSZ1~qW5eM;xzOr;^(tm0y_cJJ^>Wc=YP%s|GgKnLQ`{NLqtN}1+EySj;@zI{4isVr zw$R>9GPxS0k+Dx7YfdNE3m1ibGP{hbU1~oNn4BL`dKlk06!%A|%it$ZpCk@uA+c3s zf7}{hp})AAkbfQM9ZP!a9?uT{` zTnjV9%p4)*cqO10SQ&8fo~`Q^cbt?3$UHG$KDJQoe7CyPerzq$=!msw%lw~n^Hb@! z7cqf`CU&vMSYeKrA%(>2Uhbu~3pwAHp0BNUJ9@Oc1ZluE`t!H(l4liY#Qbh-_J$nz zk_ZbLWo!#svbeML7(yV+0D>H&9vN|6DI=EjXc$at-;SL=P7phU<^>ImVXy*0Yt@A#-K7Q)z{oB(LV#R};7tbdzYu$dwz(C9>pYr7Jil}E#Q z$mKP-mEegTZ4~mAxp}MB4Uw!JT0*OMc-o4~&Li|MX*I9!3EKYMV_yhnmn znhtz>CJ=`67@e5KOCU%zG0X~486Iau-2*aKIXU*r*W90;JN~?){L;_XZovO0(=FU-D*_nI8@Q!M79$XN8@A}UkeKlt}F%&#DT;#DvMR4kg z*^OA2&yCsnf4czOHI%wY;lM2Vb1{c+cn^*0^r(O&{5UgsRjKDgBx^TRWX;z8}u{fM-yyNVbBH0?&gHvdQSS#^)-A0Hdgl{JaGgZKC zhhfpz@w28=TZZ41rNx(>FMDTxXdTU<_;kLJ=w%B>z*%cHhsPO32iPX}R-OF-||46}Hju!d}zU@XpKCUWx`0m&bgtm)d&N_<@*LKn7t6Ar@r68S{|* z@GkCTAgg7g2Lr}G_RRdBoi85kfl&-Iu#*g4mlM}})#aVD5{;@55C;vva?+WER9Xwy zKW=@f*-&SKq_ddEcTqs(Po8u`64+k8L@cBgG+ez}9BpXXgF+gR=Df-ad!}1~*bmIv z-Zj2YU)T`4k4|GD9)CThDsiRl7({7@A>TobHE*(^mwnvy^JY`-ZT7Xo5y$@>DNJe@ zxWIi4_#BwL#~Lyy=1{Vr0#y?ls3{}Sk;iCC@_O|ED@?x5mbdYp*gq z1s2Qv(c$|leG69*5k%>_&v8Ds$SfQ_eHN=j_2|=I7vk*yi6(6kE3&QFaS#V$vR_k4 z%!vBICjNY2kr1oFdzY>BQn$Fr5&d`C*lR6J$bb6D!2Jl@z{yFxZDZ^U%foP?GUo$^?(z}M5*v`gu)U3bw%jo8 z(VikcPgHq(>G|*dsmcZ_`i(^VlLnb?+h-X(@?H`zFMH=nM+5(Z^$bog7PcgtSc6}n z-f%?x8rbjL^v&0MQIR&S$wqz zuP4S3*9pSg@cl5>lG~T~U9guM9c(${$h;bG=8ulL2FNRj~ zh&@l&Ta})J!~~4c8Nef5ZyttSd!J92E*|r@YR#HBE{_!)$DSlAL|GnfCrm-@=2*9R z4Bwsn@b<1rLPsHMkzVRDX0xwI>WNmvbF(2^{NjLkD*mZ!^zY{ZHx?&rf6%QV0a)C1 zAT)klW@+T8k|#1Vz1|7(;Y37}F(1<}VZ{>H9%MnWKmIug@Hcy}$(w}Yah($zIZiox zoXWndSg9rIZZ=9zHqufbtS>EL2^@d; zKV2*LC186=l|6Aj+~(5PBdo}AE%vuI5=mMsWKfwb0#~c`tLioF%~UA!SnkfCr~2hp zs!XV@Nl-jUIreeTzb8qFmCKPy>gAQ;v+-lkrJAj?T4|O-fMfoV8atoJo}dPcI@_)l81-Rb4o?J*ij`ec2wpnd5hI_xvPjs051SUS7ge zt{8YPmhCY<#dyxi>+jFZwf?yvLpeEO;R1}IG10%zSMUF|6IE*~*JrRJzu!?wTr3;f z@y;Z#IYE{*w_~EMG|u^5T4(PE_5e_xqnCl_e;zL0##W6U$q#pgE2F#Y3uMeaO@SLH z@=9;&gh%mnQsm6leY>ldz{D($lmKmjh?uV@TiK}JIhl2bT3)c@z77f>S$Y?LiAk@3 zpJ|rJw{K^iv;zyKkRbe;HT}>(+g=%K%xG6(I_H4DVu}UQ6kCqhTa2~|+9`Q*qXV@x z{{R_^HT5qcBY<`KJAJjl=gipqAI-?$BKx(<6kUn54%FFH!VU(MUII~T(Q^mQt!87c zo_Tl8g3DTV{iFtmGl#EQglso-14}!Ye+ZYvgESckchR+woIYR5P}uAlJ^v0!w80 z($fZd&C)UkoU)Y?s|y)?!-)UBxV4-iEGC(!=zw{o+2*RZ$nYJ>|Gqub>1pT1O1J6A&6fMsFO}0CF;9GMB6TH^oS+l3ll)l!@ORT> zy^tUUiql`RomsKm@$Qk|w!i8c=GZNAYP)!!cjetutMk00a6cuEU`;xIMpaBe`9OnV zPQ_kI_PFVTO1jDV9SZWfY!hbhEh)SjDCJ&l@Pe9x8eEy(e}a2T<&c~L`gzhGrl?w7 z0iV$_x$CzO%$y$I#rGD;`WpCOP~xAq1aQ|7U!NxOH-1Z8xz@)BkQ`D2Wekzm0lS&q zOMy56S9kX_hN7Gd3V<^e$eDDW9M<6~u{0eZpa>%8~4zeRXu2wC8lDUn45 zA@|G>OTzb#V_G5su5=U#uxP9Ktnq`wZ~UCKE_|DGw!ywqD6t0&O3Wvq-({6EP{t1# zAqu`EcDY%&8d(QiX$+VrbIKD(EjF=`oZQjiA?o3t_>iGX$^IZ&+g6R(*= ze{go);8TNOgm@!5X?{+8K5NH28EJ#y4$JtyX_QP^JCU%RVw;P#YKud+Bl6a>ECmji z3XqHc+^Q#{tE2wsK4l>tD@JkBal$GyNn1aAZx2;5r{y$B&PK~;VD~-K;@ytwSjdr;2HX}RAM_!?me9>c7A&wSq zA{zrdus)xA>|VBQ`eLMCS4rPSwlo|LLh9+gxDZNNVGUkR6)WAU=r^YWmxV1m$JLgm z-~@sJckxhuzyo>L6H;;Q<^VEQ(9nCBtrb#)Gqv3h&Ra?s!ADMMm@W-SjKH#E!e|^! zZ&tpa9C1?K`JG8Cl4OOBuY43}J!7r$G~?Bx9O;SC-!~0>;*~Yq{s4NJ)f-UhLYZUF z4^C7qK3D-mXV1ED72~xX0OX16Ote?f-Q2jl09zJ@kl;4lW>WRlDIt3?*WXmSfPr%^+X z?JyFqgtBK2cQK@;r}y@UCy@uCCur(Nj$buA z71@fr1AR#xKp^z&Y7DbD>=QCtKdDQJ6J0nRz{i}D4G|vh^oZ)wOtwX*()5dAB|3^c zey4$cbI2or`;F04wgRX1_?PR+lx};*Rc2HS?QO^7Qm(^8J_BAV%1%=>fi@Sk4c#Z9 zMKV|rC{x?im(q(`r%>e59*R!}?k3>|W>7tHW5@uIm}yV4)vEZY09tN}#KsoNVo0C~QeE8+%{0xRa&mfnFlB!$EEiHn@QDxn8t(K-25e zkn+(l6=Zw#sm80YDH9dwf7qa7x-~bb4)!R!#Nd&~#n`!Ml!LflY{!cpphNVR0OFvG zT1zufG}=ErH?%*|Ep)($S>@YADt%4v(y<@FPLNuqn2Z;l2+Chz74HjR)r(Kk#oLMd zw~Q?SGsV&MgBGjbhx`YGguzQ-MjUB$ZznXvP9(+<1{tw5!}&)LzOwHyO(GkUi(uCa zD+P*#`B0)ipDa^u;gZ<$^U$HL<+=aE8?5;drQ|~m4x{R%w&GFMg7%ULnXrsE9xr14--g69B<8yZc>xe|2GuF5#;^8 z5fMAER_Qk*nYUE|9GqvA$g9xuH5FeJM@T*GgwxEx&c&l0e4T{6E#?fx!ENj>UuwntUQs^nYYT9l_!~H%`WlE=cN@T<)+Wxikbs=|R5F>~jhm&* z4Y;S-%2)XcMQ^__OcFsRD*B0K0GTJ`YeEQbd5s4>dP z7bdLJWFC2^%YU3U#_9V*#e9JX-19884i!Gvc#3XnUZP;fp2_YP>#t3o+SRiXm#N0 zd{E%p@GQT_yms1dZEUCxAS^CuTZ_Oq3XrOvMhv7`d$%GcNsmMKjF(a<7RmMF zSM<}&wIR(c2a^m%43&zakH@Zc4NHvV8L+Vpn%d!HMbDrze$CFvn7ZiF#iGY`a(sCyL zlYJ95!Y0B5@x|+Hw1_E-`kC&+2x%&xoH%T6!oqB?kVqYh!YOLLlzmqPK}{7fpbS?$ zntMgkS_W)lVgU9tw&im+hmVb{x;NX22U$G+ zs+ZiTaew?Hq6k)y=n{KZpa-Dp=pdLPPk2Njy6Yp5qh!D{pXv2P2&tY<1>wb;E{_V3 zDNPM&)0-ElD55u!vkw9Jw6{yvS~96sbYb*&OLK$WYJlD5?FyX{RNo=I@xBt4hL7cC zt0I>166bE!jr%z6$@<@frYC&*$6hSYS$e94=KlH(uVZ532X}PXIC+%+`SYWIfT6UN zAbocBH7i;afrm%S7Cx>=X$Wm#g%j9 zx{9etIxUG1$vZ;ky|ScmUU_1q!mkM+@B$LRS@P-Ae&!po*sT@#e-s_9b2Wim-3Isx z=EFJU6E~6B!8-V=FL)Yx}12 z&gaPTp*nJ7+oKqWbfxQxPT@a3 zzookd${?e-fP+TRotfGg#DxzwS1WdXph22j=So7b>eKt6 zE-xmZ=CuRo!658_?$io1c4yuHJ`#Fr)sIZEtpAEUuLlyZFtCT(0$j{5S#H_a#+w$4 ztrifXRRlL_$iaUyOC^UJ6*Iv3H&BLU&%IO*`*1n9c>$iN5U7z+kmDEKwe@51ZB>h{ za`#G|0OKS(&FZT4p~gq^HlN6sO4xv4I;}%xQlmQNi8pk(Q++Ix?*tvHUH9HfC+uCb z$Hi(#bXy2+@>&^X2u5?EGW7dilfqu?i^-&eeoqRe$i4Zn!ExHv7f9#VlNIlbBPYX* zJ171ujqBcF-49iT9&Mh+tfT?nLv4DJI--BjEkt%O#X0kFvWwouwAZWgv} zJ{l;RvQgFRNo=$7+`Ys-QN&srDwWhHIn~ar#6nk9cZ^ey2`npR&JdbPU!3#i`qP1} zo)=Z^C*w-Mv;G7e)k$VW{3m!Uiwu1U#2kxuaJJ_Pk4iw61e?RaNKkNsX&Eh%ZEae7c>fAXQzR=+i;G;dB9sjGRM+OW5> z(sr`RdQmKA*>$4*iPC{+wzxk6)SA=pxb6rI9j|t9lkC$Os;A# zNNJE?C3gHp2$vc9aXM`BCxM)8D%$Rz93a`fE_EbsON{)SQfN@8v4hIzh0{pxBkhSiUlNaHP8S|wwuO?NdW!4wAEDp#-d$t+ zjZ7F~Ej3Ps?yc04z@2!<^K*A6%kXqt{|XGs#FqB^xK-+oU=Cl0zgb@%zT55oQgDXr z-E1wrniPz}O7Z@B>%EJNU0@!T)g}n#2Gry@-*$I3>c$s;Iu%#3{fA;Ht!n};Q3o?E zDvp`~jE-lB-3~Lo*B%6-v>s`%WDA3<0tTR41_ZS_dH86Cj-$S#e?wr)Jgf2R3;!gH zIgY&dz@^o&hPxg9f7;$+em<@r4btLY$8pl4<(uBM5Bhr4F~wrU8-H6+v@Nb{us6rJ z{pu%Its*qrri=EjRsNXRH(lR{sKM*@D}Go^*_}*)nIreBmJCZ;v6T@zWX)*MDe-JM zMki@X!G8b+6nhoH&Ig%Awg}o17`?A>!JD?GJg1uj|C(ie+$j{w>6Rwb05@(ElAFMC z|7x8FBnWt!S(D}X45IIBtp#z3mbq?McBbC8&SDslkoik9D=BYEBt60)) zW!|};>FhOR>eOO(oMFXZG%pMq{i6?{8leX?`B~;UaDPB%^dPEl2?|pUAzrG@D=@?( z8G6$t+OG1))?*)lHfr+_!>^L>eB}OFOw;Cv!8aE+tlmT!ZRd*v(V7yh=&m!#!M+vN z?Sth%=3jR|?H7$@*khjutjWD0N_N#TV6s9e1WQ4T9I~2YN)%1LG&}fEVzO(rfjfD%936%V(p6%W#sL?+! z7kcYhmgZx%VzF#;1cs%SSuAS<_toj9+k^4C_5)B`ElAgbF}*wk2j?Ik0hZKuXuXRI zN~Ubl!@tFZ!F_V#AN3rB$X8klOeo$&jMfw0g#9M1UTQHc(A2^jii0V6Ijk3Uf=27w z%$A%Ag$Ns`@~a5a8kj{-K0GfU#0y9Al5#!o_K9?RMog?jE*viuhi)sSS!eS0FB|Wq zeuCfq3Xe}O=GhVa@MkE)ilN6$l2^t)qo;ZI!O3neZ@ZIe_vk82J6@&1weP!s>vGx@ z{hv~wRe6GW`QktPc)XKJAK%vqZiSrrirtHXatS^#>z4;jkX+{LHUQ;1A3l;o00(~@ zh@|6Aq%l!i*fOI$7pm&E#yVQtJNdEVx@DH1B@d_n>oJkTv)z62qFs8(o`FXm2mHR% zpD**8Q4F4}Ik-QbuywqT2sPp<^vxqEV)yUQ;w@iF_uw$XJ(iw$9oJeijDLGVXk7mNgj4nqOft`8 z90@6Qc(6DXjPt~q3E}Fq?K%nBn)p8PX0Z1S!_zS|@_q+v3%Q1578U(1`z7d{$z9 zJl4S;a_EnLt;vtSWI>ycea0lPq3vk$y1}Cv6Y&(ODy+cubI|iR^`f-EqUzXm?IMe! z>|F+vaaCaD>;Fp;@cgb~7^tI?vf&DKCoT_J(4WfBt_wYV(^`s8&Aqh!gPDa;eYvZo zlfdNPoJnHO8H4^xx=U$JIkmKzncxoP*o`ZxpY)j=FA;N)E?0&WmSe}qvB)=AU?TVO zp!iM}+fT12)mkaOWH4)dC}REnxphNE#Ho4Di zd&}igSPDb{_ZdahW*7FeBlj5dvp1cLpxweH`3wozNleBJySYM$dmLe?LLLDC9Mu2uYD zjDWvC`)zSKG88ISN|x}JO_=WXx1!fG)u>K~PI7eu{ol@0#=1Swz=iCnn3`a&xnv6y z8$rtQgtB7br6A~13@2nYy662<-^AO$9)$tc7|u4Ep_T60$X!fl#{w-*{$mBb?NU4W z7?r&pCBNJJ3cdZyf^c)}v*5d!w~GPy94om9)5Z;-5e2)cY!-mN@N{EM@*ZEBe7idG zWt$&{CEcyz)RI}rb+H}~)v(gylhrkJG(dS^BZz^AQw)8|e$^tb(Jp?&pZTx2IeVD0 zTYJ&(QA$n>-T7vL6a<-4`AlL}9nU6HO`!es6dZ9(Wl`MbgiMi{4F0Jm$m9r>hQ1q# zqK(eRE-c!e|I(tSn5(Ep#gEz580^sH6$+=%pKT~DdIX&94<+7UuO`RG)5oi+3y9-) zSoh$&u^tPEa%O1{6Sj5XP#y-0^L!&Qx?54sy0>u!#rds=f_DfMJt-uCD+bX>Y@rzTd#P|tGlL}q@y|LEx>4j(4(aal5Dx^GQ} ztqI^7UH2Axk&2zE;&>npwmFv1xsStc=YmqlK|j*jKV6qQi~T!aQx@=j2Ef8Sc~9-k z`yqE$Ry5m2MMrutIrc9zsfv^VmKs>AZd-x7GET8yg9e} z`3RaD2BfZiv$RNm=NN@=PEN4k+6`+5Gcu)K4N5%ruTZDZx0q{_3de`z1pEsO40y&p zLhY&{jqJ_jwU0N&nyMIA9ePQ0!urw|oOOAE;A@;ZU#=EPO@;d;g@%&l_?8c)FK-=J zL9*Yr=CpW@A>nLL@=GU`X}9^0xG$iH({T9qdNF^$9)h8722iysYj5|M79#wnZ~k!b zT4KRb&X?BFnMM4JUFN1R*POS8&LvLcAIg<0ofNpD!K??iPLYZj31q!^=!Ad^rg+W}Sn}?FZkM z(zkB(H>JAkraAz?(1U3C!`Ir>tqgmOY56zVBL@b0{Mks$ci(nD`7ZZIP6syG=G4bx zDA94&Na}tb*^w%noT`ER_r}QN<`3a-&Cl|uVZn>|9*z$gfod=Bu(P=`KBHYFh%?J4 zW*!K78DqI#ShCV}fPYm@&&L7Lh*xXRW z`ms7`DVpkiCuU?f&tCBg?KB~La5eBS2!8TxGed8h;Lv>uTnL_zzFVvfg9H{6CdpDxnnAw!5ovJgVhFa zqc4E|s`(qv;l&~8uv*K3&CL-+J|VqcjW8wl*|QOjJ^I$IBaMxA-d2$c-Ud;<-i%bW zglm67THZj2B(q?b>P(6k;sQC+7iH}?8OBb(qwV-v)FS5i#~3Q9LVsha=W^@n$&)p! zf8y%`#BD+1oLk@7iOKkVI!~5(@~2c$#-H0$dAu@ho>#9!d2!F%G&1VQH|L0rK1X8+ zx4B#K8$DyRJl0BR`}P$C+fLYnRCevlPpCyxkf{ z@T0Ws&rcK+D(c2#;);NGtZm-ba)-LV=7nL6xHh)XNnKWqK35CWOYRzKDGbHJBuVI{ zEX7x*ijJy1)g9o6B-Nf1^mLrS*J*FERbKW7dBuhu?N3`ymQyA4#>9L#Dv8l7P{!xIOzAjoz(4Dc#3ww z`B9f_EYJK$T`TF|c~7=NisbhDq2VV%aqfdv7yl{rwIsCG!G@ck_zh>cJT+U=A9N=T z=8Ki&)B{w$En7(F1vRtz8c456*pihyNPXN(jP~|M>H(yu8x4%TC$CR%_Atc zX~*dFGAW1+Znyb#hti_6xT!cK{l;)ztxg{AwTxXrk(yPWIOg{E--0vBE0C`iUEKc( z1jr{ev3KPpj4Ni|E`QNS{o%hS|e z1%m{|@6GVCO*vAcYhuaoSjK$&%rvA^%~3J_g`AM%-xQ;RO#X#p-s#n)F!$SACP0Y{`B@&ZAQi6;Aa9qDo6Q5r(I2@$z2kJh1kFc%N(~1#qc`TBdt;Sp4bX&PWCjuC~lB%ph7hr_ql4o&k1{$#{``6Ze$X&#YPom zqaXH%J*K+&l{jkB4DAO$7>CDgjB)RV>E8Kl%x4R%UFxEBwF~{Mp0ay=h2`cJYB4`y zF83egA`6H70T`{A?>LhO$3>J9gMmgLuBm^^TKuvs%-|pFJA3s1$d-Rn;F$$t14ghH^Cgu*bT!$VckPeO)izB!=O*I*OM_o+Z1O%^WK*c+)`!?uweqo|AZBlb!|Y1ObJ zA+eZYag;SazwQVmRj$=+3p=@jZt^B;;!^9ExZ3-)PRn;m)e4khT?dt(f*7>~5zvh~ z2LTXofpjlaNDAl4P1eALKQBRHW;%=N)Bb*YV3c3TW|i*AifN=S1P}w$4+G`Jm3)QiG&Iv7 z7kIz3v6!A|_j(3=ozqp2NR3hfIhoUQYiEvq=MPFNWw}&NBjc zVI($mtvnWa&ZY4~mO}nu&MV)3>5Z9egkN7>p-X*6Yjj$y%?ytXy>>jM@y5D*OvW>& z=9On6z3BHZbDGL$n?u2xX*_uXd5fi;jL@_a=4E3x%H`hnBYxRK@mv*f7nRXI#m`A` z@F|GgTDR%-*IWWjh9xFZUR)OmqG5i(u1PPOFQ?6yHX{J7>#*%l1KZIE;0mTAbL8Kc zKt3*DXlHx>r0%Xjo?u28dG=gKUG=M$@Bp;dzaO@=hM7NN)ILW&{0oSl{5UziJHbdqUms_5=Kz}ha z-g4GT6rszCx>`dzJ6fyV1~kH}8W;P_h{%I<@T=tz>^1A}CVlOO)AawiG!Lf0;t8Us z@B77k6mvsetaTNPV~dDbv56V>(HK?uFag37rBAsJjw9meYyP_apI`7h55;AtX3%QF zC-XIQ8(v$83b$Pf=;wOZyDC!DsE6oGTi~}u-IPnL?`W`_*4lwNYb-3fcJ8ktMQ(Cc znw}}AYdvWrgUWTeOffJ0(q|irOwCW@;bUQMP08%6mS;l^tIti1${1ON_y}v7Qw{#TEo2IagtFIu zLMc2nE#LA9DywR_kxjk1nZ*=8o~pfEtJMvLk5(U!Z&n|ecrCl4@Me8)+}^nP=lwVK zbAj=*_c!=s20g)mAh5o%KPhmoLU# z`U^^r(yf%XKUS+!nH}F&Sm1a!YHRGd0%LSJ?Ydt7S}6VH)T+d=(%=bvIFN9T5Y2`H zHXO;y-)%g|&&MQVSAz+j7_w|#`4zGt{ z^cJ$7({NQ6FUx8UwD3?AHqJ6yi||Bv_K ztFG$m$FA;E`>egzI%}`ZrI{*S!2qv7;cxhmpa$aH*M53M%J%Z3a^aUVQMpmBZ>!A> z5kgz?W83Lp@0Bk1)Oxa0I*<|V6pI0Jf$0e=h^@X`JaTb2MSet`UNVDZTp;S{NRkZy z%fSp6_ii=ZOu-oPnNc{4`erZ{8NK4R+idk-5ofbTlLE?B<;KMJ&TDn5&Oc(kjtOQB=Ju+W(a5(4-)g4Z+^*!}pLHMY+iX+BO!-hwW+d?iRe#Y9>$RliR-h$$myV`#xV4bh+&F{NVm z$fKBfoW7#NDTnKtd*gf4#aO)NJ}ywcZEcB;Mpcnkzi`C@OQ+_C`N%_^=sv)dV8<2N z73IV!b0^S6#t73x*!oF!hIfv)Dtmb}l99cH&kU`SnGt8X=QZpRaLE5S`d{F*|BvNv z&b2v;%=ezw{S0^ILGjLbt7Tfw#Gky)J+TUn&Rzbq=4VBkPXLl24AB+Vz1HR z2A^^S6nFTh9&lf-{d--7N_#eC)nj{q2G?6JTJaK-`t3E$WSOgK6SL*>Y=jJohj<80 zl*E&@!`_%`~9&C_>*L&B0D2L+_?cK!onyrC|{GC0hlv%{NDDrGxxyX&B8vl#T93 zrk_q;fza%%Dy+so)DT|?5k6}TiZs?2d=-;n8mhBIitrjV@|N`1yLW%KFBSSjhFf2E zx~w7;+X7{-^sRIx;3>IUq4FcXUwZk=>t~PF9g{B)*6ySJZaq)cNFe#>4>RUmZO!gq z&=e4rJPc$(W7Ppm*iu{|^UHZQ+-O z%^KHnz6zXrl1}G^revrv)W)=Kl`couA%XqXQ4bIjh}oi!#Z_QBbPHTzk3Za}xDmg^ z19!FgL>B7=Bbdu78tnesShQ9iUb)1PWslO#?Pu`=8Pu40@5U2K#hd&6e(tSZDFgp2 zhiN-YV%>ZY)z;VwyN(kRd+E!G!yh=%V7f16A2>}pS;6v(P?oQIbv9r48G_4=(VTs& zYk}!==IWTV4~y8K<>v9(mQUtyA|W-AG@qnv!wzCpoW>a8{0#D&DA!FjmK5Twko<{a zqp9jSGk+g_4UQhYscEQC;+h~1&`YMf z7_sb!xmyqzjnowFG!8BXWF#O#D^U=J!~sh(;S2;LYb6mm?zmudP1JuE)o(%m$cQI` zAU&M5E3%-B%D12)#pj4Fps+l(5QnXrEmJZ}K-5PGvV-s0FQggQ6Z1nkdy%|`C8-ys z$?%x7!b+TUsM}W3Wp*$dnCDY@HWw%jAh>au9%I9$L@ONRg(e{4uaKM#mL~Lg&%WOx!XoD@}k2WYWK1CcQdIY+=-QPdZ zkPyCfRePp@OLDg($Ih~E?rHOKn1K!-74eHqz7M@^R~nez3bfDOyy_)#vC&GInybbT zp?{S>_A}*ZdkXrsRa2XM>%jBc@km7SsyIEdp`(8p5}LN`N{yk2zL7BhTO>SbG#YuV zZe~2WR>5ntl^3-TpHZ@@FiT&cIp!7xA@*Wh(bV){bmEDx_{)rfXoMIyphoq_6u6T7 zbUNmOou&_?gv^b$%TC=-6RXPw==F(7$r!Hb%Zc^Agxj3q7Fy~XV~Fui3&bax##E0* z*#OB*i9Di-gm*aZzdDO$!Ly|sMzcGASA60*oQO2EM~3b^_pZ_1 zd?RdCh+_QQvDTHPr+?O>pz@u=o!yYWK!t3m@$hSkS1$wOWew-Ow(iLVSa4rex8e@z*tB0-gVA^ID-E;UJtLW3aEKO+(}zszD^) zDiTQDS)w61jnN|sD48dBS@J?P&EztZ&l0Ga=!*ytxLtBqE7MqKomAxg|^{Qqn&aNHJTu8 zh;RbCCds)5Z+I*28r?_dAu)TgOwsV>U=3zwNG378~k zYmMg}$S_eaTZjAL8lfL6D4^%gH47xrHVUF1+lalbd+%@S44aWk>_W@AOik{`t_pl% z%tSVsq`4@@ja-=GPe=;8{?2imw}=<%pUv~?fo1Q{tSjZ!#Pas~4NQG3-cPq}VN>n_ zOCp9d4~E;lcl8Wq8I0aX2LoE4m-V~&ewOyP3Ul~)q^u$%KtpSDr&Pp26jfDqAS>h;jCwtm%G1TMG|7SV! z_!}RegwFRw8=?oNr@3x33|gtJQ-vLEIm2Qdm4!z*{&XCm<=1@rwqLiD0DF@o;do^H zjyKY{O#T92I$K^PuR{emEI;-i@6e4D6KkLb9F)v@R*Lh0bgXGJv$S}v`^zU9rQg<8 zvvE|Pc(H^&e&4wRlxnH$1ZCTd$o5_9=+NQa-eDm7Sz>scB?@03e>l_a_n$OuU2VdM zvL)!|J|exwPY`lN6p(k05@AYJ0B&PKJ+*JSy{`7Z11z}_EWGB{-ztC`9zKse!gQl+ z>a`?qk2HSv0U-Ypx_~EQ%ZSFq(UR!kf1{h!9J&D+ZymM9k4^gOQ`B?BvNT_+vm-^k zD3AH7`hIm$=zph^{y#0XGp7k<5u5d=^r@qWC+;vD-8wO0cG&O??K$A{P;ye~sElel zb*CLZ838F}KcF{F%+*Chc`4FoG7bTC%ab%D(#40$9 zX#6RT_}`6M@A=Q#RpWLaU(tXrAxT{Zw{s`Y0>`aLOw5y)vy6tt_!sYY+LaG$(d#A zQb8%WK~|s#>&g(fn)KTFImp&Od1_3)0@Z?Mb*7DAy|ZuBAp5nJ+jowXBJo$1Hrq&` zP$>7Qx@ySyeIzOB`P%slFJ8Qg0(#+Q8eYgh{+|C7k(?)@P9WN_8or=VE5{ZVU7cH9 zXMW?3a$VOdYPM6THw`2Q>=O)yPdQ7=?#+j41{Djl;Po z77Ro6N20-5&!&h_Q<&^Q#3VrX9qBw9eNYDOrHw*x`kT5+DQU$^`P|69=R?v1tknM1 zovomR3LW2&l%@<-s2@;K-}BThj+K3vMck+TS8B5OM7xeB3F0;E#r-%v&W9h@RcYVY zH5&Q%t@Griy9Z@Wj$lr8pW{E9p|A<}W$|A*zr4R{nNWKM6=b#S<6D}1o~!+s3jNE(l*?7=M9c?gzL&K#v_*_~;#_Og z30N9sirAg({Fb|l%Ez+Wqchy-ai_|6SujE9=5*rbVj*6P-3BcyQ zggiM)?yaIDqA?wom^)ducEsLV?_V;n5q|7E`nQUTC{y#7ytfO=2>SAYjFtAgQuy{< zGU}nhV|Zuta;k70mvuP9vbd{AC@Rc%Y8eU9T6Z1ObWt?5uin8S)^;rsHl#13(w{+mX`V^HX%j1 zH!?2hV&{cvgbTJ}}d>N7w z{Eq3_J7B4TEPOPh&$x?9Y@0sqbnBB{b4;EF#0v$Y24N4J!u~iZfbN0{*aflTtCFny zhb^@ba$K7_hdeR|WGsH8xDLJXLJ*F4G33{mQp*7}AsX1+E|b8bO=g3lUY9OV+MeTU z1M$8sU*QE(m7nd?_bSCUB&{#*qy+l4F%Lh|aW=}oXH`+;zwt{J);xAckZA+*>_cG*pwzQ6qM6Y-%Vua)CT( zsX0g4@id1R;YZ}K1LFHUy5&@$X9muXG z9P^GmP%&#Si~C=<*xA20Bq%)C2??t3Gt`>B>fipu^+*P;+>`aD^=dw;6yCVgV~lj7 z1sUQ6s~BN8l&9dS>M9c|(bVzN(kXB(?RP{oxW=+7##K7gk$074jOA=!mgdfW;R@+k zP7&ORsb%U{a437b*8CIqB9-pDa_wrZiL$4I9Yv@cI-XwfD_?Ptykq5eFH61q9WhrKBd;romx2y zu{+iM(`@NDUNcvaLi|wDQ(1T_d*#nbzw!e4OoGrd>14T%M5WEt0kN~*74b`^Q=rsk z`W2tDhsOc&st=4LB2RpxNkVWL*6|8a=U=f+X{M3ja-_=(Uj2>bJ5a9Yz0h>|)_%xW zF5;^4brNQ7TU*R;Be6m_0#$d>B5xB&&zw@B!5T6Rad#)(=A=ofG|3oMX|2`#X&^c_ z^eFp=8%Q1xmfcS!nId&Zc86hKN6D zU+-%yN;>m6tv#KzTjw9N9o!AeNj8PqiXnGjOP?{Y_b#820|kzD_Bi9doEH zE{hSpCFr$IPW?V0FO@s=e&^`ud-(>=OGBtf;GbTs&sO$=C|?$`|24PuW{~?Pjc-9Q zn4b7C8g^sOCLXzMQpD?t?)Zl86{V#F=5XvFmRz01x==l0ex8UNW5jaN)W4snb! zv5IQsoc4y{Y*6~)IgR&u$i!uN6_2sl`fVbkW*uN34xYH=;l7DlYv9oLTAKui9~K3` z5we!(KWyc@EA>8&T}K=3qdwdW`17aVNa*er0E#SxrQ!Ci{`%V$4GNi{p4=n662lqP z7G~##rgK59b9WPM|6V`B3w1X4GB!0sTn8sSnYo-by``rLswH*8Ru{D@R@2Ay^UQ(g zPd(`FDRQ$I*CP%9yL)HT9o;!Qj{e4Jq&|0M*0xHXYLjqDeQ@ehOVpm2_K9A*7FAcG zZ1PoIz@X&SRUs$Kw-@+t_`E~#BvK+88zX-BT>_A1Ye-N7=pyU5)L*DQq9R4S?L3n1 z4ZZ;B{3@dTCeY|5h|b=uRUQT)5(nTnn3Wb0u> zC8xwk@%_AHCMY5mbI(MnfHO@|@_OPdQSVN@@jlRV1(0c#Q zTOvN~WfVk|I*X+U;aJl|!@J~hHwT|<%68uydlV3NRl>pvvzYIA^w-AgMFAbOc75NH zyz^o}@55hLNT1qdtt{uKU($oxDF9{4N|dlR@7K>1M$f|m85zOUawk;AV*@#|y9}^G zSs>|OrA}$bVOf-=4_|3&oi4itQ!?1r)G#{0H|s#i?qw7^#65bu%`542&P^M$9xo7l zC+P?%9*!9bWbqNHfmXxwPZL z9|O~(5ieXSUzr@YaG#2`=mZT+RSEYu0uOi@9Zixx&*OWKs#-(4FATvOv$vd!eeM5o zvm*vxC|em+*rmzfLi%4Wto82rcMBA}VNR79lVDZHv+oc)dKxo1pU{;XuzZ6;UB%6qdjq~l`T4RXbAHO#quoI#=~N|o!yHQ|T_@;?KMR8uf# zGPyS(=Qydc1*IMwn{3)g*9(IymdEVM{xemlwfhT@e&EJ!X3g05&s@70lY6=pW?ORb zU|M~+dnzg)6~xKKmMLj0=7%QvdJ4aT&C>YDi%B=tUizR@@kwhZ!PN*#I#zE7O_`3W~*uNEZlNkg8~Km zvo|;5jz)BmM~fA5T~VogMpxH50Ce70MR*3qSa@hNpR3I{KD~Qa<8kNJeV|YXT-u%? zSlhOE3Y%Achn4yCvvcTtcdCd{vGs$ai|c1W!Ji7xN#t;IihzvSa9Ay6xJSzGk2RHVOsR%8@qSBnW^m5Xp%1_6#^A0|7OXOKDh?4 z&K6Dhl*%}Lr#jU`0v*W|n0yxOJVO1=pIqnpXpOUd&_7@z%E;t__-57~tSK36usGO2 z;s4g*-c3@JiNKvkP>yp&7RO7J|IBj{kA3-OlXWh^WxV5YrnD6bb zrjc_b7O1f~`oj&`sn9Q&I>iYn`){LvH@A*{$CLL95i!ibYN=-aMwX;bP6)&Bx~7Zi zRL~x!vDT}Li2T%0q57TIBz!byV#z!0V`t@lg=hHtQ7Mdby+ge#(Iusw;y(e`d$TpL z#vYR4dhH|lxey`r-{`{pjLs$RkqtpnqM6kTeQ4Q{L@oDR-gQK=rfIg#qMLM@`|FaK zQuO!dSvLMAUxJ=WVIa7^BZJG?#^P@IzgL<#G}e^0keMUiuKenEK9d%R`M?!c)6mnq z98B4JIGa(g79K4$8JInVTHh-p>G)v%;XZKsG#Lg~@Ki3t>}JX{=YM52q`>Rd{{jp< zY#s2{t{ipHGr8hVTdG#VqL{ZZVP}SZy;_*M5m8~AS3w-neG6&~Igppp5Qv!+o|hz) z>i&fCNFv@BKC?m9NcLYAsr(0(htY2laJ(e_1$ z5q`i)O&}&HPo4U%)R%THFsJZ{!(68BQ1C01H(HLS1@C=d5Q9{?+}~4?!4S=0iV}kb zN-|_G%umBV`y&-+8=v}-`6WEi@{*I10PMQ9NAVa*aQc3~YA3VPmA&OUpnX^*JiFY7H~&Trhji z3Y{$FluCSZXS&&WFnsxfI|%mY)5^OXRK)Rz(!R4Pf_}mM=@dU;hKla{KnPD^-&ztl zQjVG4{!kKi36+XwZ3CI_Zc!C1qgTda9s!Wx$LNX*&TUdJ6K(?$ObZA5^XP>>&e;1eW=1?rh1SqG{5&5lAhm|a4NG-C|6Ui?W%K2RI zG2Bl)G@I8)GHqDVhHx-yvt{vO%Z<`CYjD7gHc9o7FaKi0Z;X|q2Rdk$%6})ik8y#4 zhwpgxPYkD(O)l$Lv_x}8FTo2R_u3py*jvNV;nI4xfnM=KADZ|DhxH*a3pt9B*4V+} zz&#)%*5W5;^4(%w9fD%1CL8Y^=9)$U&Jh`5m%Pq438%e>?+H^i>+ptd4G(XGka6*1 z&jOKPKnB&%ltzx7(AQ-?lQGS_!*TT7X*2Wlo*n@7@(#Vw+1LaZYqjL-w?RwoStH~w zZx5=d&Lqa+>MX}U4dghGi*X!m&RGMQUH%3khikA}(c?|YDjkS|nl=Kodf4jAHwsuB ze_GpDIi5|(;vmk!av5V6R@$l5pwrKOuAzb!%dt43@HnmXnTPDEzh{@!SKVH0_Dh|a6IDLqZLCRtWU5~Gbc)mLlQOK7Gy|a{_a8^B2cDdXydrFC8F-Au(XgquA+SD z9^9c0r=4hbIi+3kQbDB}-Dt(c;(ToSozb~fC{}lqO_8i((vsFA&e1H-=~?uc@hz6( zA-vwU4iQm=ADaV$$a02Q=3`KEW;G?PbCICy4|Vj}yL~}c>>1iyC@3eUl>av1(tK2y zH09f0bop(+KT@atS{3aYdpTdNZ}^&(UDaKK3V6HU_PL&BI57s3PV!rAdUJHEOa z>=NLIJKY%|NMC^Yl`4u@<^80=KebuYx)uOtwgMLQ-KFQ;BP@H5IVS$3?b8JbPq^mR zncC2|WJ+YpQ+5zjqdSeByC`*=4ZY1UsWyBXO}Hyk)jkkrU6Eg+mh_?5dHunTncn@# z*y{^#-za5S62Zz#wUbQ|thLADPSKq(z55JL9{rYf7&fJaA_=Xv7$Mj|A2&8XKuNrM zvoqIjB;dA-I(|M=XqEyGr*-T4L=%#l0`(xSa7HvRU?1R9EAmM`vreZv6;YUNyToGG zUMz)8S$#EHvADm88wl$2&dL}T+o4V{wvBr-Jt`>xN(q^Re zC0sr^^wm565k25UPxcvaUm{>wDtehzPN3>ySwW3w?+BVFY^;JQ?O{yso~iOn4L*r> z0!7PHDA(m`pWYH9XoT~5QpRfQBk?JzZqx8OtPWksI?qlO8TXS%Y&(n=I-a?%v-W>f zYd8-bP%n>uo$QZOCRiqk2zEDNnyLE2R=Hn0{yqTD^C!gt^z8N!2-6}Pn`!!1qEVEp zne#ao*X7rNrRJ3Pg`Y`hxR>GN?<-*We%~Jj6H-}A8T=6TCXyW1 zM2*T4f+`dQAKO!~Csvl#gOqSHltt!~@=y7=7(ply&$0>@UktRpyDs}}F!PGiE^Bm% zdDeOcLdi--ILk+RKFfPd&bM7oY*Q86HI!P7uj+OFhpstNDR(gJ>B3GwI=p$0BLaJ( z$vxcl;M*YBxx#)JQx}}y0@-!W6s%7wjmTRjmx|PU>BT{y^uDSiYf0Y2vBaMZFI*D( z{SD~M=_}btk=Z@r%sJoulV5K}3Xyh)G3U;n#4MVtb>Zf0L+rM?)K_6tmYvbN^Am}O>5k?)gH(h{p+mJpqR^z%C_F|&Et-g;RMdz({-TzY}rt!~3RdTN& zfrXSWddGEss#NinE`9>ey@BLjRL(-()rZhCH^9Zt@{>@$x@tq(>8C=G#ld6Xy$+G? zPtdF8^@664IS`7b2!fC6eUu=e!N4!!th8#_D!lIZ3z^Y4rz(_#dZBoeIK5&t-Q@hL zd9Hq^cM+Rh?+I&|BBaJt;TscS-KVEp+A1+V`aWuY0(s9hE6OThdso#~|3IR3z3OuK z45NAJtmWdhn-{e2Tc7YKo({=W+{sFJv_!%Us`43*PTvgQtaYV`JJzTc2?qQr_MChX zs{Aj5AC;`JK+4k|6E>(qO2rh*7NA{@^0!Jq;jAeK*Gai{yi&_d4A9WGdB)>m>o6Ss ziYScO^O=17+lI%HN{HGm!httI^#t7aOradcJQ=bbZdqmQo3*3me!A6vU2?gJ0-s~a zFIjdt&ROU!r6?B6(bVaiDoSMB_-&^9dVCDHIkmU++5=kXEiN@kH0zP|5Du~3hS;VM zkQ}XA+U>m1>xOZhj`Rub9ukjK9eEm`7>NCU%{FWLXw-W*N>zoAF>Zc)^Lt<6-GA>T z?^ORO?ug3L028L8`|17es~}$D2%a!{S>k}AyuGat0e$I=$|V`9KL+ve49b0iJM|)A zY6uvDM}hyS`6-5i(q_YgK9)EjgK*;HO1T>ek6`*n~S*T^sl8@$w*Pr(&ca#?iXz2lWd`DdSp<|gi!m(l9U8wX5wnUYZ}lZu8Opkv5+iIFNN2vq zWh~|Zp3xkZd}w6R_|ZwV?p~@dzdq*R$Ic-nMCQLbIU1hN=?UZ0zo+k6H#Y;S&-jl< z>y1SPgNixR7KF>Avm4=lj!1(a1b+3`9JG(vpU$bz2Hr$-Ro{N+iA~B>`g_1pB^F_6 zpD3v0iP+N|_-WJBu)FLbes_6%isOKV`L>UJB=WttmKZ+zdJ@nfBJS@e)cda}$3qXa z`8=G0Nm|OQ4oc(x1z}U~E}Z?zRGDzt$MJd{ zf3Cf8V)u(^CrtWu{a}rPc)C6uUiGDaE(p-urJ$~2Gaf8+Wf3kN{l_2;QZ!dWTPy0K zzgna@ySRz&i_$%H{6^+z@)G6HoS5*mp6MOO#GOHX&f_USU@f(!dr9D{tiWo&YvjWk?rieIp8z;&$+j612v=W}nnrH?1SVuB>fFpwRi637EpuV|yhTtH zif*<+2(jq%<|#ia7!=90oFCtSnlbiMS)2+;Hwq~h{?5a|x8hEv!``2)kn?LrjQ+;< z9LN)F)A3c+d@+fVEOrs`)AM$%MsF{^_EAe*E0fn3@C`RgKBQThj!;k2s{k-{^NC}( zT<3u#(={+QFO)f78=+LHrs{+DyT&eHtOf!c zhYT=tN|yf=-#K)-BduOCN=a2BeV4`DYBbL6IqyFMe$i>mQ@D#Jk!|CnC}o5jICv+f(l{RAcYjv%UN431j8anT6c$)9)XEQhj$@u{-WL289ya8Nsw0nz$Bln2sYk9tM zkbgPC6!|KG4&r5i;nPk&u%Nl3>uRk0Re=Wz9WlOs@XiEXGTQdf^cZ~nyR1mF;KRy4 zZ#Gi0O`H3PDQ;duLc1lYw@pHP#a<_>nV{9N4mZ(d?~Sn7@nE1Fnf8^cB7E*@ESiCr z&Ry}8`j-2**YSA4IoX2yKCTQ%GFCphC=zDOh2@fO(I)KzGSI0>WybLWB~y#Dvi|rT zgSl~0XI+unkwpaDt~1uP-)i^XNCx~F4ez8^js5W+xgY9$bz_n^7TUu00rJ{QaGNkp zrvgK?Wd`iTNpF{JxAw0H?BfI$j7ag7sC-!YJ0A9#c`xuwX3_-(pm&1Rc~4D@3Lt9E zJiWCQ?0cZ|(B+s<&jxT>>Yic9WF+Q_)$=PB{CK`{g~*)7@c#7g zhg<98!F3&LAt@^A>{S-uul!rl0U-#czrX*LICsy|V*Eh=BtB>^t*o-;pP>#rrmbsl zwHtjFsdSeXJuQTv3-iXeKYkN0?2!3;HK)jKbVysz z+p;>5QFrKPf_PSMr6ZA$|D5u_bY991URbH$?`y5IX+(~orXQ10^q~x`&b|n5Rq@c5 z>wlf^$PHnEf-4DvLTwmZ^04ylYS%;ZKgye1*)8EYbN3L{5O7ju1yD+Ns#Xywp(^$K z&f6V@R>xr3@nLT6zFpm(dwTk9F7?}P24l%UhSU;RUTz6FuBxeIwCu?5-;T1>7=wbj zvXR?i0z+>;vEg!la9{gK?SS@L6)nUh`MByo*9x?3f9#}vf1eR8(xka-{-*Mk0{3O| z^Zi50b@LPScy+(Q&dJjSPH5qM6l!!wbU)v*Vsf47n&f+6|2)x1IScrWib`lnRgdoH zR^Yp<_-rh!+zzk0o1Q+*oNfuUpJTaQGxXU@0fVJjV+0$P+?Kstd@mtOM_sC5o#+yO z&3Qcww}iISeCR?cyGDxvY>BdM$KrmMmS6XlgkD$Pww!lXU3({vVD4I_`teML;A*Ve zZ^qCmv9D)D`S5PsXY}d3Os4V(sK+WkW9dxO#s|J~KB=O-?_6zLHhen!aYTF>v)?4j zcQY}1mBj8p?&ia6rf1}8x9$hdT|L|He%#l{xhL}u4ur-~!Y19G)`Zcd%CEWb=iTU{FTy*h4|A|%He}JXUm~2W+!|OD2k~G z_dLp3y3}G@m=In8X!)(FAC&DuXR6yx{GYR9v`@(FYp_->NLkrS{ff3cx%Wif=C#Ct z&y@j{)fe`VJFChz`7O`WS{eBHm4Bb##ijiMfSYImTT9=npYf)}(F9R9eSi2fXC?p1 zxnWsc!?LG&i{MT<_--5(b6aTA(D7?9_Vbxii*LW>VgEf|a{8!F!@gVV_+jC-p+#|d zOcr$zDPV+!ZIOgs{v~0>u;n^E;t)%V0$AyP%XdE@#jaK~nRw)X<9!ulX=L-R{Z_hV zH;Nq!$$`8CGF~rwivfk76uY3JClF@wGdI@Yii?@M;DJ|A(S)42X?woNSy+*A9xcRR7UAzLcv|O=8*vr8; z>^fNIGR=AQl%Nr-r)t7af(DwlO&^my_Sj>)*bhjt&`)41eszyAhf`!Rby(G^?^h$B zaEz#@qtD|tWyWiWNU-~|&GoWh0eq5%kEht>*h`w>N63`jrQ_AU^H}4w;T5$vXu6>B zd53?|DD#pt!gmA5`#O!ih8w?=oaK=*y7!?1d->U5$@5_TXn2*XQBVpYbv{j6o>8%# zh;`Jem2FoH1lE-;<}CU`4eaebb`0E}h^iZ$l?3~g)N}VY4#m9xw&%bV=k1_52TQK^ zgw%JzVkVE?8&`GLhF0vNn{S1;!q7xp7`@9-us50ERpa$jf5R0V+j&m(0`-1|AgAsG*ajE#c*;0Ta++nGro#336o7>C z=Hvfy`=#9paU4}1hdUU-L3gv6q9sUBEqi%57C~p>LRt5aa5`=zla(!JPD2Y7as7!{ zQ70QKWKY7d|MM^lp}FU@B{rxo#e7Vi} zYV&)WL1V*MGxK@!{^$bmt_9sfLE?ua^E9~~gsXd&{><&(L0^_yJ$q;NHFJLywle(j zUCct(UgnW*7<{`KbEzyzH(D#C7R34oZ0cpF_x_>2B+}XYBKTDAim61w`S*FcvND5! zZS7FX*UDO;!BArnd*i*FX_w{m@QatL0IzYAl9p}K^VwJr0#t3)%v#A9->R5Td9Ap0 zwDa4`yJG{Vxd9G89BIAW7wOo|X}qtWQddIPQ$vZzqzx{yt*9dcsuVS88j%cgw*Y{q zYRGo(jLFn`CjCI`T4%l_oeZuK0B>j$53h;4I2TCkWOS*vzhOxyT}CtP>-!W{uAn0J zHRgW~Vz&2g*GrY(aD5ruyH<+N>JK7rgBXwe$6L1r_75XBNh@WjXW=Wa5I7>~b$TKB z$z@d#`FcsaIynrtKnxOEE)}|t--9Ig>!Q{zZAQa$m=HO~HyX`X;edImSrhehiN!m# zmYY;k;bu1b>lJY;@j(XJfDe{2LQN_7XH)bvz;)fHUYc*-uU%D?^sV~fDr*H~NK2z;o7)+7G2hE8U&-QGMrH-|t#D~ep!r8|#zrc@mQPPcudRXKrnK^7 zK)3u!!YroC-Ve?CnLyfj8SAEMQrpr~t6D)a*~_Ibt1#9XySgzxR`fFbil=n){f70Y z#3(jiy_TVcMa^<&>)YjZ!6c(oqz1i1fF~Kbfbesvymr*oU4o zTv$VWv%APjcif*2OpQZX@F@zx?s8)f77xgm(+!r7xVJ->zIM5 z3tfM(D!>l9sLMX4?{ShX%-fSB_1MoygsT7+B5bKe_=Jmu9o%dFn97X8>a@W?6$uZ( zWfCS~=43lJX3!*8>8V_~t&*;-rPlirt@Xue^_ZqX2{QR%7fBNMwkVRsUcUIEg_Mx?m1_mFv6Sq3Zq#+B{;LB&#%8{?S?Yw2Y2-hsgDbCW2j^!w3_b@Z} z=$`;PbTrn2_YSzaQr}v5U0w9l-f_=vu)p8CDQZm0QNL~YytP&`x*vs51M@c84mL&s z34bK#pRPxOoi7_}Wq_r%bEZRF_|uBMrs}|xTI3AoRbxfWz{L{v62~URm?$e&_a;Tp z$F0k?yfsz>Jt-h$mLIC)oe*fiv_X4W$XA%*;b)fvo|V40WUd6t$29Cp(B%ORu8t^G zYK+@v8|@pb`d}#Eox;6x>SnUr_=F5VwbHB+3x?JWUdDraChX3}P%r_HfL5G(BLs)_ zomYqG#pSytB75;ZxW9i!)~$C20ckaQMsHaDMp9FC-n3ABRPxMO;GN;mC~Ry7D`v3Y zgh?e(afq*2!FYwE6|zsD>LBMwXExo_mORz7no7yyRMzqJ*=~xLuCg4`Rpx{25o37i zJA?0xIYqM4vJ@iI;Hv=v3fTnBG778fFWuxlA~WSof6Lxy6BRL~`GGZT_NzTur6{q< zhU_S-a;_p5y8FjZeoyc1w{tl&@4vWn`UU_E`60FxvPSjQSTKI8`m$?b1203TlwmfH zz;f|g_D>S2N2)yVs{@wOh69?R_Egz-@GsA~iX(*ZIW=|p2T%WU`yc+cs{R_C8G&`u zKQQky%WLOemT$IQO)5Nm{(8iv?~YP5mxBhtVPg#iiTb1*Aba~+OmVe&13m1f=mDBeO^w3$-I-0l;Gc zgzv!CzD%*#RCnyhPpa%aplMMz--U~=?^e9xwV3HEOpAKB=E1SGR+;IgPJ^q|b&2vz zDx3yB<5bNeU&DOa$w6~58i3m_Xg@}$Awmj_QB|b@xAHXuczN{YZ#B&M{IOtVtlSEi zB@EP^g@JSlIfe7ydU#D_GuqcRQlc*2@sY|CCM7xN`^SK%@%V6UYqLjXZRdKR=;?}H z{*>hP7lnR;lTn>`Z)99qSDy6}Sd(YC+5uhzQMc>@Lr#3KYt9CYsMDm%#wL1eY*&pk zTUKV0xYK{RM@zyMSX)_hb8~iN3E=^=uj?1h|bxmM*oaJyq$7-c1MHDP9fJZ_~^@X2|(^d3-d2)xyaua zDBC`H0lSR;TdBDyzq7Lglv{m!_GQAOsSkx!VzEK>sIuFCGDGX{cxZLH>rH?v9LhCD+ZHeCKZ-DGoQBN%NI`q zIrX&n=Zq5E*Hgq?$Xv4Bi?b%vDQg&GUDn;!l_y7c*Iyo=^+%ia@6)=AS*^a154cnQ z5pfK}?8{EDY-R_4>HbQ^eOdcmVU@#1%iCTRDKB~9;$GQA|El(*4c5MR0XlvsFYR!1 zA#hI<$^14_F^Vzb;MinX6IkC@$i+W*Kt#KoaCTRu1#+pTAfDp>rav4+*)+J%gO*hO z2|t9*{#7#-o8n^ZknnI&3pKp(x+=^jtdhC{K#} zWGd{Ha}@i9Tvip}bWztoFuUas+BqpzTh#APi*yaj`@$unHmzA@k7~F56i@4f$}4_k zF~S;DJ3h*^E>qlL-Zkx;XuIZe3h*YVg!Hq{!7D~=?xZ-Zy8M)9I{cnT-oDfB=rii* zzu`EzzVOhA;@#KPT}tGw^!bY1Q>T{eTId*o!kbairYWk3jwy0s$03|v7gt}m7sV`W z%YjpV>@r?uvp+>VZ#U?*+)~%WSFscN=+#)NPB=5Sjb^Lq+ndzBe6Lo<57=x*AMw0c zbZVPxaAVljIgp^PgKaS-+w{+KW=MKhTL~~DLnp=T*1_t zUtBSs0cqRmq%T=!miFOP=V&<^wm2R<+_nYWcNOglI<5Pg>GIJwl(J-ZXm>th)$DoK zj1$8#(^L6^oTC(svbz5kUj{Qq0_sm-+pByw(bEb0Bjfw>&p&iVop(Q`+lE;^Rj8?2 zYTQM7ni>KaV)R0}GLx*8sLPwCFh+mISRGATE6z*tKI>>zSD5HxD@5dp9yh$8!US%i z#%&v);{oyQ7^e1*s;Z#T1`GiEv`EW|YHF-Do4?YIN|8X4c=ea6WQ)qwf;wAF)tm!c zHf3bvf^_Hf-^r*t^ER$W5qA}SO7pRkH&EAse>YBSnfE1r^{YnvKstPtQHk zSS%vqc~{|e&j0A_SG}^fMK)IjP4`P`w6Hk9dF-^2jGqgVk?)FkaXw* zc7}TK=D-3GOrwkkXY+rzLO%s9rK^POe|!xKE)&Xb?-l_fgT&IAiMxY*K9D-_Xi|`` zX|eUA^S!f}Fg_`0010qn&v9aVcv)_3?J=eB+->m~qwD0jAb!<7-xS)fg9i_d%`Yy% zr1-8qgSKmW7XfUjo_`9`Ve_LL)n+%?CR^ag0@9kzu7Hw{Xv*#+BSkhGSGg!jv{mO; z__L4dJ4Vr8*p93BJW(ZX>db_SP%3w5%tIS z0oh~=q=xviba(2i*z1HJn2Fhi^0SiVK{{jD8!4=+w|e;`-0y=Y;rQ0pSb6&ylYXsF zcEiZQ=HUK(H79#a5WjYHM)wsn;FNExUr$V4GU4)g=W+x1sfbKp;c`oH)JT4%Q9UFR zN0;T>Iz^Hikd>hW9x?CM1y}%Ip=*`mk36C6B3~r#Z__sgD`k(1&q^MC1@gGuYf`YkCb2^?efF*<>-d6- z;j!#Z;YIk-=p{eMmOZ5k_%}}&IM1IndK~iOutGW0cBk#w9QBk%SLEN1v}HYdXJK~D zk>R|9vyU^GaGA0D%}?z1WD@tYw+}*EhJH~i;;yZxd__suD3-GkC%H#XIt^6SF-h1L zJ#rn_#%K%->Sm?y zJAIedk{H2We)aCJ_y118?-4J#JxHo>%fJq8&_M4M`RqdSWvxT+g3j(_lK4xIppSavp3=JV!@b1sba zPQ6rhd?RNvR?tMhv%eA1Z1d{t$$c)ZGCS@-;1IR~S#B>6$mH*WzfcrT$riIMW@ct)IMs8fyZ7FwXQt2d-7osI zYORXOi1-6mW=6(C3(CyvmD~C0aP{;%U8edgk6C`ueqzZPvv-BjGs3{eZpTja+V;!t zF6;nLwYGEKU`lC?>}4l%r|VbTTbH7?8@5A`jl$}w+KtO|w~TA|*<0FqXF!Q1e{>A+ z{8_094F7$2RkuqH!NV1j1wAs=<*T-9Q`}C-T~$p!ga-{2jl=fAdotVlwHQ?dRo{8P zdElXEVAhH*Wh_1fP=Qi0+0&Pe?al9jA3!Z_$JfMOISTvtP5(vc`ru~=bI_}keSPr= z?bTO3o&lRpb391#!>D^Dv1#6PfGcA6)fx!+6Z=!1-Z>goNw1#Vr`y*U-djeGuQ;AQ?{%G>yZd)ckNX>MFni|ymXu@6 zXloZ=%QhVE;~gI_U#~qn*9^SX&MQ5$s_s2)Mt_|Q+k384JYdLSqYd#!>{7YAYx-Y3 zci7~gwzF_G{A~Tv{xfOz`Dxp}I>6+*{MDJ^v;g1hjj#GqN`GrEEW)R_(_3g!s?vK^ zG5hEGGu28moQ=FF-ODn{2F4qgRszb?2hUOG`=$Qn`z1>c7)`r@FIQSd)P{ua$|83Y+0O&MvD-|D0jHFo6Qr{MbzXQZxz+ z0+v+trc>2hF1l-)D92W$L={%~O(}4pH1-d0JqU*k=%o$F?E) z`DT|XVAs5Hr`&GTqJ#&-X*~ zt)hG)%6}5pKQlMrIT}!Q+&s-S=c2ya3zlY4KgE5QaReQ({*`_F54wH|Fi0C1KP@z! zbD`|CSvQ|JK7iO9=Vwup{q-c`|247LwF!;1;o@dvxE}GLxn_O>Cn@GbGpqj&<6q7} z{$F4J0GbOFI$h#y-H{OTMw3O)t^Ehkl{s-rnGFJTSs!UyC4D!%tGnEgwVfl5H7E2#Y{g9XB_40?VL1gHwaTM?@N1lZp>K#&I#=yimB z)&p8vd+=O|Cy)bV(h$MlANUWVfGPwkJ+~rR6*K%pvnpy;%txe+CcdLECBR=yBmWgw zcv(OKA^RA2?Lahpz*j0h0y!X&KnVEv=>Ov`k`xH&ijXE3+0ZRP6g`QDHJfR;bKs75uYv|4hgCQoRLX7#*4t2EG=(adiA%h>!^ z()XJHPC#R%m*o)srEUBb+J5`25U8&tiwowz>81XGGyyZ9uY{FVRY3ZiuH_%&^-}^u zON#XY`>#g-uRbGU`3+A+)Ra*FPXjCkno%LnOXMGh@i*)b3FkN4QAYpI@%6vzHRm_% zDZzV-{ar-;_8e5yZ+@Z_2FCyYWq=CQK>u0_!B6rxnEB(8Kr!I>CRD(||E>@F2P!Gi zfn^dZ0oi}oasERhLL|WPnU(qb|0}HhB`_0#aZ|0Vd;BkN{wqqkzzm0uMO9GnzpCOt zYC!6L&FY`>`rWLu-u!84cWAT6`Clov;QqY|Hc>-GDk^AgYRy9 zl+1ofbpK9w2lQp#&_LYl?v&N_-BqA}H}$Q^so4$(Ma@+}sI)qz-+_ zu@@L<^}Vr|@e!-@MboiK6qT;R5!49{PEIn^#X3AQOUtCkHwVbH52yy9GQQA^Amm+O zssHlAn=I$CO5z$nEXn&##}OfQ-K1b1Z0fjf_0# zTCg?Wx{P<`PaYr-|qb60Ew!R%^eC5p$F3i`GI`AgHchY-c*AT@qjZcjN#Zm76%!&dv@AF%^FFo!a|XKW(ja zG<2E;A$|RO{M=uopZ}2N8x2_EPtd-BVj+^`=Ffi1KK-=sE%>x{&x26wQ7}?~mP0ek z-r>ooRWp|6`2VDU|4$qnl}NEP4snT@k7H0Pncpf5%}UNS6JAko zFqjQqcjd{#H*g!1!Q{?mRE(BadIG-Tf1~9;WbVf#>kIta(vKC+KV+Jd`T=(3=bnOr zpY~#dWvO0mS0x$>-@gORpX3~bf#h}vW>yq`C%2pa8?~ZG%?&lSQ>`*}T05GcK*T@! z_&1QuSwRAhq4g81YvMnpCeTXW1=?I^?v2rsB>O%22px7sig@$mzoGFb;3?U`G&a<1 zWJd8#{;4^ID(IT7N~`p2paiC?3f=obo0TLU{-tUB!R2oj^b;NkuOwV$NAcecE71}Z z$Xmvq>HmuDze(!9UHq@u{ugck&cObEW275C0z`zI@hW|R{Nl;cBo&$86sLzDX;YDU{^{@j zU6gz0197HS0uc6I53%yll|);}rsp{uW2)4!2FFFu9cMGBC{QuQUhIH?p7VBngQ8P8 z=YyidnH9pfeDXhsZ*K3X%gYDGH(oB!=s)5aCCzXCRgL!1f?s3fjyi_vnE~h_HK!d0 z|CkGekCJ<3DBO#mZly7TL(GtO5x5r8*^Kc;=OT%#xs$+oNHH(R^hgo%Q-F>%H zNODZg!=!kN@EI>M}&s0QL2%Km`(-9dds{@XgvDg4;G1!AhyQn)yeDxTop{ zvTPib2!rM9edg^8Ns%RAq2$E_RVyn7N5}%nab_ zsJi$==L2Ka6F5ljPd~0hJ_4Rd5rHOroZA!MBQ>!acYE-6rEmdnG!znHyWKA+GB_?m z_|0V{CYQER`sj7>0OS*ARKr6IJ1Z4Jx|LOfQuvqA3h2VNYY)gkt*{YB!azO*(by4; z#wFK4Z4+FMw~UDHbJhd8%wMCSf<{C5D=`v6A`PHoa;y_I;_Ne(1_;mZ;4{q=kX8PF zXzafrq>G;{XY5x9EiWu0ssnOX7NRw44gm5SQBX`(7QM_!q{8Ab+ALnwX3jmsBk>IQ zkopc0rIvq9fzD76y;a##9!O!D6RV;8CV!*-VyAxa$b!NOuUBk`G;~07pi*L6+Mb=+`;l#OKQa9afz9eo|EhQla^@i%?EKurMZlPuUNs6{kZq+rGtvG8 zEmCLo#}8Y+8NU1`FVw8E#9(D^?cb(aF)=gzVQhda=helwac5{JG(vJPXh?@A4tA#Q zQy??+3Qk?uX{7`GuOuo*rnt)+`m^Wtp!rIVP#IOh!zI{N?k1s>zF4w61@Y-hwdv z)dpgAxChtU3`(9o;0mC(Sp>}v{8@50DRNU;g!tTfF6>5ANnM>3`eId*MbKaRaj+IJ zg|A=v4Z+pavF7gDRZL`zgs0UNCp)UspIVyD$Zk-~%=q0FdgX&TKvbT)6E|zpd1I=H z?8&thn)!*=ZCP%2{#K(zHC9|F`2F;mgFp}DBgL&~?@?0?-6O60s_gr$@e$7y*Lr{D z_29+uiQA0+6&bm6Rao*)*M84mrSmyIkSTM9%+qRz7w#3pKI1aOnOlZfxN9-0l@cZG z14serYdD)}jJ?mNrxOLB&>L&iq*wd{#hZ1uD4;SY6CFk9ZQrqae6ud;+wj+@ajH%j zkS2D(hlL#`ta)y@BAD;%V`HiPqO`eNSWf*7buDtrIKwytc6slR9sB|%8QSq%j#64qhDIkcEQK;`OeZT zc6=X_arUenUyJHmukdEbsx#oRC}G02UfT){4z*v~bM_cqLq*7;dN)PDeAyF^=NWzSYb#N?n zKhFEI8?NU*W{c2ynO$u;j?3_dN!IvUIhg1)rh4;K@sV%M9ZFYn%+kI*IwzFZ6+hvT}T zT3lfCT(i3^-be-T9YvD3P)tVe?;X1DwD zYE%J@8)mBA&9D79l^N=!!w8_omMuPdOx zXK6m|^TgOxi9EH7+6q1Fa25XJ}{&3H#Hz7@5{A?{=qv0-&58gNM(| z!KK;TCveX?MF3JL1S;vyRlq5Q!iOecmQ`5z@uRYPav^$!>>(c+Gzls8(8!n{KpniX zNPCHEg1y!syK#6eN~G)oVyaZ9(U+FoXBf20rt#DUI#pTA;)-JdvI(GxpN+{elI`*? z-f-Fz6n1k3lKpq!>L3^Ar@E0bo)X;!w2iUQNr#7HhhTGN>V2s%C<*jAgKYtAhW$U( zO7<;cJk8~Dp=7kPMd-yaYU-JTsG?$egv`aScNT|a#{FrVLoq{BlB0=7Dk==EEfGjq z!< z_0^P2q~<>v` z=qnZ~VhQ#u{D?<;fFr98w#Z2VpO&^Lp?uJj=T9;c1@E1ZrP@n_2onZ&$g=KmHLFlI z%(T=tF~{l`6h&51DGTeG2~+4_Me-~e$~h_>^~zG)3^!6?_{AI^7j=nPgQ+A*NuspV zJk4Qe`ejze&|24`I*!cBYG{s}fveh_@|B7b4;Q;sY3F!(g7r(yoD7O=E@u*nthiAT zjMg4oO+#%k_^rIQbdEq;KxCiD(9GTp4(mywsomj?iRagGbbVTUX!b2D;*{y|JWc+R z^P;^Pmz+j{>d)-?Uph>tJb(EH?sa~#G23h0(;CIAYbdZ+S+~m?2WAQ5lu+R25)6S4a1f?Naa?Lf`iqt*puIUnIFMkGRe%0hLZ#_*n^_b z{)lzFBN(3!16|2}<%u4pnl8&yeFGC`k5@29utG|G`H2rAtHNQ(%^4N%NN|{-I#IMIWZXhVGlx(D87@84`aV1gpx%N!j_=e&`%6(M2stTaGdF3 zC>w>1>fpY*H;^x(d{iZ0`~;~f#hbdMHJLddKtG$WGJzET!S7`2&mS4J+m1f zMyjBE@rMB|n9o#+EX}uO@Js>9qS~ob^xA@o^2}zkNfS#M#en3`U+8p6u%_B^rqL{Gf-5#n@;EV&F9Akm)3hc!OA+|@TNKsE z!L^#Q3XE3sVLcZ~#+?1ADdwn`HBK|c7q*(324B|2tE5LwH_Z3`zsQ!(nf#_e*|||# z;<7hIiye@zS@3bIO?pZc$!A%leAQLFimnp&X1}7)h+F>|m^qf!1nLAc$oiCPI&({7Q@ zq1j=`pGZT(yu%o3FCJgip+Q(5QI&gNFE`eNSAL*|rZ(UmEG-L$oRG&z2P`ds%;Gi* z0JHvyCUaGlyxL1P7}%9H2+^v5Ki)qds!@TNq0cICH=Y-8Ho;?Mt@Znxm!CFr{L2i5 zL`yw5ZYO_8OV+wkU(T5sF=s#xF88M|)u`l^j}WgJDx$owPXKM~nBsdcJBR1-7JR%I zSV8lW4IONlRf`9+0W7D(DT1@vNW-FVp)U`T6>oc#TTA1;A%qA5xZ$6RkPFNL)oU@? zHg4X;IV}0na68Vz(h>GL!wF$BR7vS2;cf@N^)B0u-BaD^#{}y3mkp^e8*fCKAFQ>~ zwav1I$hl()*(g8tM!4GV{a`>z{30PWDcCt)y2{ICY``q;P9-1A(vORaktxuS3m=3~ z?H{P!5elD|GNGd!ILN)7aK4u(o-${)C!u&G6@)O=ARfISzIMTRg(~+rppcPgc&35Q zC6+W{yF`0qp%1BR$usyZ0`pR}Gos}Ck+4~@sPK^&5+X_>RJhB)#G>(p>kj0B#xD%? zQ5I(u*s|*}NyN;{u)vgc%kbh{i0 zQ~P-v5;g#wB9r51%lWRpe#eP+Yh@N-U~5~_914XF+^=eHaiKv{M};-0BoW34Ly9*- zl|&INs%S&A#JKO9iG$Ax{~pst16lL@Ap8(CAY3F3idz5EjN69m$<-=6+U85Ay~Pd* z>l3mZeP-~-#e`30R_ZcGx~&)Kpyr^Y_sxd;P3;_;EQs|*F`|Po5H;*Xaj`?b_ix#D zR{}73+_GI9y_O2aI=!BqPgrwAxWPvnnLm&syEdRWT+*WE@ShFtO2|v}hwIEzGN`dH zbMNi#fjtc_5PPVyO&RN}{oU&2G%ouYZ%$WHSSe+#MtY?+Ui$SOo(G82z!DKif4CDk zVUnbrilzt(Pv)2LS+RZ>98L?^IllPbgow&7FM1!fZlqDJWp)R^^hcA@q(rb?@a+W| zy^+**XnTM|hWf$j1Itty){Fif1r_%KU;vZ{@QS}{Qn%|U{gAHwjB-QM68 z^6qnV7; zX`miFtvSNMl;d@-Oh?T3=4!*|BH>V?O{LHNV5&GS0^s-EsZ4=*4Dfic_^zU7Re4{r z+>ha+X*FV)qc9A2ABqm9TA*U7H$n1jtb67o2)aI>xneDLGOtKRSeE1m@?2xndp~o^ z4cvXwa~&NVA8lOQ*LZH#K>2 zw(ScJA<{C8W+{Z_)04tmVi!jBphICq=e}aeVI}|`0rc_VCPBI;^_oQN#wrQ{%_4%u zL4|VHPLQ)v zwqQ2GT&zNtvf)$ypGgB(dlz+|H+E5dw`1xz%#4HJ6yfvv2*SqN+w!fQr5EDr(S^b# zvSBay8gV_m3U=_wyFY~yGb>BDrNl*_`0tg>G%z<2qyt&3k@|E+a&$2iTQDwXxV@ABWzGl>6qeX^YA;l~=ZD_*^zGu)gvs>1 z0Bb?|DWU4#_W{lmuAQjR1vH-UpTYqMUK36SB9Ui0gr^qmcqz3HAZhZkPiBa7XT#zU zoN3%_(|Ml=qdnL`iKm;zTGW(jpWR8_oh(5{PdVjZFAg?@tmLtSEigFEzU)OAXBF2R zA3Z-9c=LNQcj8(oZ9AfTwBKEz(&2D{NZD@4(IyHi6XL%)S%uFZa0S5v>X}0t_a9|6+Y*3#KQV477xABK_@Kk%iH9kt+p~)WB8)P#%X!=H3$hw2 z8q&jQAkfn>q+D({CXb0JYAsVKWX!t7#rK$oqm$1sXHDo^bw#tB z9*m+ zM7LEM85f4J{?d+@8TMWB>kz%lcTr2|(X2uRdV>>a{VFWuQFU97P`ez?uSM-XyJDLAjwlGQh$6~q3 z?~CQ{G=8`+b-5DI-KDa)_VlTMS*PRRJ@Y}NR~bZLH)_MziY7Ca+02fS@xBCHQ@h&- zRUOZ>NWBD)ToC9=+C(a-?`~M$F%HDGVt^z>kGw3-Q?+moUlT`HK;1G-Bq1}@sl-EG zSWW?QOMj+r1Sw606XPr>F=Z`FrGZ}8yk&Q9B^0xF1Iv_;VMgh z81{scTCBPHg&=Kn`BrwM{@=Yf@UoVgg;ya|DalG;N}KODi(D}Pt4{`31>R;`qyZAG z(YE{614f9_k=iqa?Og1F@Z!Qxd)Z(#9!(o^QpPO^2N9RAD;p1h8KpQ)n5&&3xQ@UK zO!=*nPBv=92c*+uj@+_OqNU+(z9Q}S26~OuT=U_9)%&8rR{}bxwkW|ELEXtbZxa>f z1frWclgxE=7|nZo(j|uw57}_5La3ng-Q|{zG|=zS-zFyd!NkHfRu&u4I~Gqb)?)Rr zW}Er&;80^xoYAGltGngdagDBy)(+-6h|3la0Q`qkKU}Q>tJ^SFLhiak(EQ{XHtB_` zv%8Y>sadcW;bn2vL&zj(9o~6fVr=>-njsBdlP3=*D?rPL&|Ir@yEcy(hb)<(dec?? zBP7Y0vSVX=LtMbs&cio_x$~P?Pg!P8z-Z~~`WV4pnLcXY#SdBR*^PXgfEhz$lZv~7 zi@6^k9OE3UZC^(5WbD(-I)juSZ0)w6UY^Xt)yj`cHPRqUTqv)1 zfAiZCQe`m0fOsV(N}M-n7GFo;M}ESf;yTDDZ^qO>X)d(xQJ5!;yCCG18`x(d1ZZbK zk5{#UWAWrgh8azchMDZeV-`RhK^z zYR0Eu@OqwsBnLo)gOD?CdjQS9{#!1KJnhr1J8Eb267PnC)(IS~MtMf$0P0@{bV zv8$!KQPPackA)ry@{TvyW!vvyt)6#DWisfK=qd^5jW{e-41JI7@nGuy^{0*pZz2fS z3UFnv1dN>^Zf>rvU*}Yu=M}vRcYLD0p5v*2B*nn`7VZTZ(C^=!=kwL?ld+8KAiSH$ z^7gH$+MQlYGG$zC_}J&H;ZsUpRCN+ygTE&19NthY6Bal= zCVMe@>`xxxZlH3mRYMg9A#oZaAv}fZbCUT9hk`EI@aAC+Ykd}53~fzj=L_-uq9ope zJ(>qIm(c*bvVuOgTwDG2LgPB(*GfK-YmBIg1wq`_Nj|8%&ftK}sspC@J+EI)H!u!p;or-xbc!d};^)Z1UPa20 zulMdvy2cu0V#A^&Tq3V6ziksmmC9ld<<92f=PkwYGI!T+G5!gw%?YUpz7n>5A>!hG zB^U!Weqt-1_@TsAS!*26AorWEY0S&TujYG0UJHa^XUk9o8;1TI68kTLKjBwe9gqU} zWd{4E%Rdz)(cqxdtn5G=hH^B6(XeUc-I)>^zD#_nfmxI8>9#&_$t8)#|0ZZe0jaS& zxVcukeF2|S5>Q1qS(W=SvJQacY=Viv?;<>1E6iBq>Znq5I)cV=GarvEw{426X5A5V z4p`c#zr>%Ylyz2V$XlH@m$$dsCtgWmFTTxV7`Q1DJl_4tv+@Zm!xMKSz7KjEmpj)e z0H(&pNi+yXb#rY7q!l{1#m9;PA$wS~5aiorhq4#Pu_Th$I3jyYNRIE^bN6XkPFy~o zea!gwRH?GYu|E1XA7Kmzy7_)p8o~(8lHd~$Qm!e&#)KxiPKdMMa+C8$iL?=0CwGf8 z7s>%24B<^#jQicAn~M{tTsBwO*BEWX&vZEavJxD}T2Uf~vlH=i<`mbSfx29v^>Px3W@joLY&kw48;7P04PU z2)C#FggLxIL?+?Ww*vU8YG!4{rs_YOtX-oeJ;ji0I?FcH_yl`onc6+Lfx>V_3S>XA zl~@3TEmSz_M%G9a_27S~$90$iXCA7zQ+=tA3;& zhbR&hc!0JfLf1d(rVDqV15!Ecvmcul{PDito?JEOt7tf!d?^Mk+^vCm4q~%K;;2AU zL>~oJOPT=ZM@omU%$UX;v9<#7^x}4Kq6y8lg4aKb%;a$KP0+gOE+iqw_~Y|((m$rF zGYT3@|70t3X_85M-p+j1FlXDA67Twbr3T;W7E( zhLs$)yYpUUE}zGa>!qPA!e$&!tscc@saBUif|!;DQZz5Rh$?3i{#0fY##YQ!xK0+jp;4L1FcFJ% zu3a?r_2V!+t{op+A))W&Gw&6BPAl*vhS`k5Ug9JyM1nctbtVO+H$(^6QA3cWVg7@= zqhMDF1Vl6Upm&oH3kNKm&b+64tH{FO zz*$9xMCIB#FCMIX545cPQ|o5c!N_-^N3lm+Z#Im#y4c%AoZ(Puss|%B7AT3meh7MU z7PMnEz7@2@0z{hXE{t+VMls?jlEcnJ5YbnQ2vGzRiy1l(R4&&o;wU08NlTEk*=#A& z$GM2;AxuLnw(84nOab)NYJr0^fl}Yd;i;z#!#EOU3cr^F-|3VaX3s*ujqaT$oGVTE!}O@W{6uSuvG~)dZI*!qZeC!VodD(d4P#JYND5wx-}9 z{UCnzO+sEWJSE`UNoA%@%c@v3Yr64DV#259fy6Fw8~^vfP1uvX-Q3G0Hr5HD=tb4w}2OmU~pN-c(ZTKLsFNk zfx6To4PF*@((@3{grRe9q9zj&S-VEruYwFKHZKF{0Tdt3-=$>Axg};E9_paNr{O@c z8{bP7?!LNCTHndl?x!J{B#Ri?3ZKFD>$#tp-|B@K$Xk^nwC7}zqjY=; z9NhBDyPu#lx&&{Ph(pt@P}`00FBb2gz3mklZF21IC=LS@6&UvOvtE;4?0+??)n--n zc(JihfUt@iz829Es>?yk7s^!${hTdpG=Gu|dYTfd?};K}bjgF-n!9y2Y1?-Y+}@9g zY1AK3JT5YjPuO=d1}_p3;|dewk;X7k6AKaX%Mv02ny?DF{!TPZ1;>#gt{I&hT>fH50_#XloCgZCPsQA46rKz%TVhm*}G-IqG&)$bqh*26%j zJ_PE6Y^v^pTyh=v;PyS`B07H3EH_UM2?TR4;?OxAI*4fX68tz0Q6PtN?5@^Jo zGU(Ye2Mocq9DtrW#|UhU>|(;Jiv6vzWc#h{z3u*%T})B1TU};|Yo@G-LGFRj$B%mv zX&LPzkxBr9^#wBT6L7<2*MNt|CuTw6mXaY7(S=!ABOAxiFOKqIx~^M6N{<>ktK8~v z4%rk%1QMv5k_=HT91NFk>tLHU{6bbOsDPf* z02(?=Ov-Qq@}Hb$(d{z^L=;g~0Nht~EiISAlUTBS{>p|u>`a26`8CMZVr-~!#+T{F z$Q83;EXR=Qo-NJST+m6>@X(sgYp3y2MENmH`K?LZo3zQiIWUw|Y%7XezB`86HJ%d% z+x!5~^Cw|8Gs_nQ>Z2V$r$P5teeb(-oa}e3EjbizmqZ#r^9Tj6Top-Ss0!V_m-=Fm z6$;x%+XP=p=Pt)bi?Ax0>tR0X-JtH~Ju9tp_(LPpU1~d{OlhAY%pm)?=XlBMl9E1T zPLTSiTii~)kmp>t!i|2Nex`&%Lw}emi6N(V!owPkUIChO)|osK zA`c&`g5oq6O|7ahib6G^w^jsL7>3Ia?rXqlkSNrpj*<5L!=*BK# zpGayrLN*?%DJXOJlF+!a$U2((90Ep^b_FWGe#BG-k5Jz?qggube$!kBO&_Z?EI+NhYtzC0 z)-IK&LzJ#wak&k4$UZgH@N!bD=(QZ5Yk1Z5`?g_i7LQxn- z2e6*BE;v!j$Z%tmjft9u`MQO<;Up0I1LFI;f64c;4+8q6s#Pv2l_fiV^5jZLAbmg3 zb=Y7qH0uAxvMJ2B0oE$@dB=jM_z}QHF8R{JFEG-cN+c(~-+pmhvbzY_5e$5IQmI(D zWYm^`$)ytYwDQ-umiEO|9jZ(vciPEp6o#!ojDQJB7zckQ)rmxBtrU60yU9$;U1XljgZC z?;Z96N-Qafs?HP8HyDx?VGV+ErI^%EFF^Sj2AM=PY{V*PNJ0Yb_zpa*b$`3Bm2?)? zr)DSt_Fda>Ygu}7>lrC17M-%cK2)Q2Z96yBg;RAU$1;L984&XFbC}7(BR8RKhx6qc z9n>O8VK`n?r%Tk{doaalE>+R!VPn&1Xad>jV4~LOYOB4cmsy2Jy69Y4#dds=IAK4u zc;`G}SnqXjE2-%f@{Ks|XMg>WNL+&QR^&4xOL)egRTw{*!5kc~`|J0^05s(nxXrFb zt1A=h6kW(GZ*e>qtF4bd7~Qe~A_)kJTQMHZa>iPngqw&`k1e+35D1697Eiu{dT^py zoDuLeP2JzGKqCow;o7M!r^h%)N1YgqsAQKoJ=wRA;)~xyTdjS+V9Zm3@7ardA0G&f zd-X}kyYa~6#PW4?5x!Ve=k-p=O9cFs6tc7HS8@Y$5-qP4zLaDLZ!3g;zx!TDxs-_1 zisnd-)I5gQp9fxQ)?vds(126|_)&Y7Kz7ljADK&d^AViVpDM^teP3y(?wQ-p=v~!n z4})UB-H}t&N-zS??ymC-swrd-)hQc?kcQ4 zEdioyxzmogelDe|H1gsZg(qVU3B(Kpi{jACVyVKzd*~|vdPwmv1<%LFXS?VQzZT|< zi{Ui))E`!8q6}r=;@@;g-3SLqU&Vo~eLt{O9{FjpNj-RRV|&QW`yJm1rZNWus1#eg zrSc@{e)Z=ka8u%&G5T|RhL1n1ihPp_f?zmPfH-yd5$(0iQ^Q^Mk?|unqz~#x{ zvf!89p`>DsOs4&X6u6ZZKO8(>Vyt^rpZxc0qH|8LX$mLb3+_lr51;Oy1-}RT)ej9N zyKv#9;$$Cd4V!C?k3b(-)Z|zqPd8)3TMX4@RSVO|}4c zA#aJEXmp|uItCl`CDtBDe_WJHNWNher3(`h+pw`(vLlGW_3^jghRCl^0L2z$udy6M zd0=}+P!4X(@mNK}TW=xYmY?@uE~tHINWrI8`20OS9_uLTS2^E6(L-8la}M8A<7|H% zYq{Nxy(tSmJC3rJB1}*`TA^a`rt=paUmq-V%88-P?M=g=(wCOxUAje3?=ANzH3m3eRRNX(dVDq!mqE z4jQ%hVzikXJdmft|E3QnCoLdz0B?o&4o~2`6cqLiZ?ZWL^X`-@#JG+gi#I6`MvXmy zPSj4irC9PiPG|wfx$(=4pqW8I(2rDum8VT(tGnZXwfZMRCBtwf`3L=*t_9ZM)UP|z zPUafuv#h7Z@p5rPp6v1iV()@j9N#g?;mWiV#aa%WHrLI^&$h>sH5X2nalQ6$dk_4a zsjk*h!@qnb_(lFLpdWMHSfrRMQA`+oH~(Xc_X`pEs=42}Pdb=uI-;mOnlv?S)`dio z6QS$H^whb%A}d6|KvdU;mV1r&R~u6crNpy=aM8CR+*fEmoLSUFUa$d{Io3%*$FuX` z{Wy|`7jsC@PHTuVO3K2!wKR>(0Nf>8{D^zVCf_fM^qGrCJmFVg1M;8=x*8fS;9imk ze73{Q1P<+CBUs?5aw%#Kj*CkeotYr+%_GY`QP=_ZMvYulL_Z$y=R3-3t4!wA0$a<6}?EjH9hP~KWjKzrVrupD`P0@pPko#U#HpOSgrc8H48_+bYn z%Em$!nW^E{4#1N%q^SM;#vpOn8mBbmB77eXD(2qcuDqo0+@qPvA#$w#*^5?#8^q<4 zD^h0+09x-j>~S4lsCteySFi}4iYWoK_CDgVrR1He?bh5s4E}s`Ac*84af%{Fr{#n2 zv3B?EuB7se(T+mmY>wl)(H^zw51-F$Pflh6+4Z1p!1~N_DUtYn95)>YfiJ7>4;GOi zKN$47*-3;IcYi5j@#c_e%~V2hrwc7P@&4E1&fm)fDKo%;Wt8}^@!cef(CXnlVg$ly zvBzZsmEgSL1#^9~Fr!pI-SA;`Q!yqyJS-sYR+9lEGidEp)L)I=bDJrlJ*pFlBb5?t zZsWT9+W}k(GmQ{rd?4tn8B~5DF`y2X$~WfLAJwhNjPjLg*J<#7x~mSc8~G&%$?2o# z0TZjx&^YZn6{pY&fS6$vmwv`X^!{W9 zQ=rr*UT7%&L7}w@UG%sal+4YSTu>NfmMTKJZ`RBYa_P%M-zwUo%6`=MQnwt-F!GsT zwOJX3xEEmvJk3||Y4+E=_+q8Kgz}c7+Yb~~;=$aDERN+RW|Mdxw=0(KqVp*$xviVyD_2YIERgzT(#P_= zFHx+Q(7zXf%51QMariIW`X={&U?k_a9Py{sb(NXyBQ0-RMn0GDYo#R!R9tvzIoe_X z&b}JmC(gFa8Ip9IRfWun8%u~^fy&w#xWX0Kty4OL(|WylK{{J z5*tOH55Qswp3BM~+-lW05%(vf7c`fopUEDLrYW+w>vpA%qzNN!iazG|phYt@hl0V8 z+I^P-ZBCNDo-kWfLTOpdk*k#w#&^b*uYU6_g^il@Kn#QAW*1T&Jq=eOxVP!(?A*WHSMN}?rg@rT_LSg7#LxfzC zXuMeAWpf_+W$1$oL6m)+~hH@6RmoTWr91=YT&$lEjMSSM2(sfQxgn|5X+NKvkESEsiBVVr zu;M^Qf#L`IT{ZLyu(0aIN$TVAaS-Zvd4Pl_^qy*2UY52j$M+v0YO>VvP*F;7FD(!h zd!7-;xj6X4>tEke{syEa`<`Cmir%){wrbqqBH zs34r3sKEX3!nbr`uS}GdEU;lmu0{8ba3P|oBith*q zf9_Xa+_qucxiZqBA)7DsKV=V&5@H%l{$x4P&_ahV8?G_Db6sd2#A&2p7sOTf!a6vN z-)2U1Z=<^4u1&@ZR%Y~kbda&B@{M{S597xqu6V>iIddK$Vt3ex%aNp`xLj(_me_H| z4XJ=In(RST9G{Avy6sSzVTpDm+4$P^k>4t@>v8%qby)=z_7UIn(;Jr6UiE;ljq|3> zV`|l65LtQT#6boFV}g>!3@t{rg+)SfKat&i@xs>{rjx;jUJ6v|?(+v?x0f7$I_Q-z zE)UP3>?x|tpK@~Hain=`OrI6;Sg@lsvm=GMxpk!=HK$UnNcpaNJ2;u`R=#kOM_EP3 zRXQWNJaSZJ<=qq}R}K|HFpkPo44Tmv&<9M0O})4jvh?rmkd8$n1ds2rL#@o=7|q31 zPXzrRy52e}j_BDI#sa|u1Q|5AdvFWx?he6yAhL_%`|kU` zzq;3~HEVU9Q>UtW*RI`4KU%*EFzh@UJ=kUVpSOGDZKiJ|bAkk^{nA)osnK6KjMfJ< zil2NU>`7a@*dC$$tMI$)v&t`yCVx$JD2h6Oun^be;y0vwAt8KGLG3Rq^^^|`c9GVA~IyJJ(BK737m!-h> zQge7SQcTI#+w2THQEKnkYTz&S4&D|(?-QGN7*9sV1G`yIJ0c z#n{I~s57F}i2fp7Lph@o&5AIlq8lo1cXtIPn!OXa@ao+MBpKaVxbVWxkhNlQkk1(t zik@81SPS|Z)wn}KSi1_TFMNS;b{uqG1k{ox4{vP{NrnuC3E_ zxh!10?Z;Rs)%=-2|1eY&y3y{B6b#f(+74HIVgscLLU(89JlQ>Rsm0i1DQ_B!I9C=M z_B%lZbF6qdw&`4HR+Snz3sQ^W0-uMt_-2JEiXDixYXp%tZ{2zuZM;ZJEO+Mj3)_zW zo{D}j`cP?jHWEAki%AFcz^=ICSb6Eh2JMm3Od*QzD|{t6wySn@*G96a3S}1C3+g(h z``OCa2b%801WAT{vMmEv>`mKOwISi`*gp@%Uvr|*dKgt;E&L$MD{c&}|3qB0E&@4PAhpJ{ z{6lg5(muR|3OA|gl>{m0vu!UpHZOb27{Jh3)w8AlP*s6|kTF9SXm-~h2>dXDPfRK41v!kqxVU9RjzzmiD z#75B+Avem7fRE%>Vd&OEA_)jN|FbPQ2_ZlfIQx0c`Dxp_-;fOW3~`?BAgT6Jgf!QH)(|4M@&}W-$Zya*|Z#aBP(+s|_t;t#p&KpaDTT; z?uvE0kF8;2%?dP8biLXl4t-R*_|E%f8coqPdl7M#!b!Lc_U`j$1FW70!;X8!+e6nn zN@Ah=5b1Q*w~%!Hpa<64YQG%T_WIG@9K1%{V>w)s(F$U2wh9Dc^gMISKLnC<#a6|r z^n7rf+^V9ZiSvfi;K?Kc#^zerhjWcU*66iAO6}C9DxASxuGkN0Y=a|`3$ABAh=f*^ zy(ZfSQz)INM>Vsb&zoUp-4_Mxq?#3i2uRSV;nzs0{a06xfG+GI$~E*qUngU_Y^W0p z<@)c)8OVTfMmr}BoOp-+seEbKL3OEtJWwN0vG^88m|=@__@!M76>On^S;>=M7-ban zg66ZbU%Mln#ak3%IKqroak@`8*iSb1bm@S2np#_GIHwG#@^*xN2l64+s&@DtwwRxI z0?d;46p^#4Jc-s*xq7v{h_LTY`mWe0%q5_jGzm7o0eOBvHPzTKy9k*)5b}JE9tR8g zt(K#x)f?3%oA<~DuC0ZK*6raqUwzDxx6=T5grJ(3tI$9(61ORKIbEm4^A0iu$5E)O z$D}ts#5!CKkoPo>qBeNCODVX5t4oBcU=Gm?OB5hGEsK!53X^A3o8VUC00b+FPf%r~ zUgXw(rxQ)b{ZZswojxOQ_V?^nTzk#0b#|TUuWB5s*HW!M72FqFlqCnkZ#>38U z$_ff*#-r-m=PtH?&q0uB`aS0P^x18>b$NL?<@`i@C$=Lk?IEWp&dFbjc#dYqz=s+}po|#t_|z z*>oyh)J=*sMno=4a-m$QfRrl{!OrHPVONh5+RSKW2l@jYEy7Hf<7X`9=Wpu1+H1^# zgel>dStoslo6l1fs$Oe*f2ak6ufDcIWo(f-lt9?0?+)@u>Yk1*Tyn2MyKg;mkDBm2$15 znHtwU;29LcfcniLZK*%sPD8DYJpnnF}6RQ0>s~XeF#~ zk?xps9UXBJB?kWa3@D496mhj=V3BgmwI#Q6EZt`?GP*0QLF0-`i`X+A6;3iNy5F9v zyw#{BM_Od@nyLgCD2+F`4lbFm$4Sm`;2OE90kouMC}*b;GQd9^gP`ximVcw z^0>aM_f~`lz2?{~l21uEIOd|)cUV=Y@LF@ZbRmhYa-Xz}LuY#=A8Yf69u||BWbX5;_wCmtDb| zQCPu}nh_I7>*GxhX)9hc;PaWE);M(LQyhO!diI3*GE`CU z;k4bQnhI>_=#x*BnIwMNwpM=ux166B&x>qE$$Hau_Mk5v@2&FThpwnd>F?Yv-;sS+ z8yTxDFDYJXb@xqT<8bcV3EQ_@3;{At zb^Qby5wBKQf7`!3nyeel+fWBVRtl$i7A!o| z>!3~<1`_9&DEiLHMw~6@y)lNdIjA*U&(NaarmjEFCqT=+DvjGcYdZRO96j$wxRrHn zXw3CrK&M&8T9G57F2YC@`Rm=m{f1}^~(iv9YgT2cZ*1^V7mDOTXzg*Z3q_>H|Jj)QcywT8IX>Z7>n zWWqNRJ-{l?>ni8Z%Q^XK&gu`E-5pM*-2sEV@W>SmSBgS6ZH;Imm6vVGM=3mBYUZAX z3kbaS*#8?c*&*DMy*XX*i$`UR8(#e0^jq;ZlZ z`nynoT#igGpJn?C*3*VAR)cO_jF&T7;-q$1Xb=p@=GoRC1{66E5uLh~30_Wq9VlBm z?d=$gMi*D$1kWawLYd{YBPg6LbDUGj~qOS6hz@fZepco0xSm zVT}!Mxe_FW%)O)Y7{YuzEoQEzjCj)aoBrBt`}v+UJJSRD9I4p9wJf;WOZGXOgRU^0F-y(G8 zQDAc5Ufq3bI_cxoXt5}GyrS(}T?L*ydtT4MeYSqb$i!1Xe#J}g{!6s~^Rfi?ka-{e zCb7tK)auyLGVQM2#GQCkH})$nE9jKk8n(#?cPm&%6P6SS&&)GGHErgLlMm5%&MQQv z^;D9E_0JKfnkbN0kBT2z$K*5c`N=G0yGn>%XM&--NuRO%Tr%VGArE@G(@l2nBJO-J zU-!Y#-_xa#*WXV*g31%N3H6Tn70o7eMh~Rzv7)__l9m#joWWY{e8%FLIfp&l;fCN+ zpd-?E{*m9x$)CKK`o3-zBB!TyZ2w{EeCO4G)J21ziE>KmX8adv(IZj4svn(?1<@@KE2aQiwtq6id82fW&d_pD9j5` zD@R`*9!P7K-Yq*o{1Kchco=sS3h_oppxXkV@VAu>Zlhnk$0ZWxh5lXyz<`$L+uVFt zm(;El95m?EPD2M&HFN7b=@eH+de94+B_%(1q6Zueo+=dSS=^ZK+8}HU6Scps;?YR^ zuQR}j|J*r3O8>I~nC>TXGNIe(F}C;7R+AjNSgg$tsdiLmO5Y>yOJ}i}s#twJ+$iB6 z8F8qWD~xGG62af}>#DG-zEZ&N$^E;f-2`3AaqQnsuq&vSLU5iqAWQd+rAt;^GS;_Y zR^z5${o&#j|GV3@q34s9whDFJ``4<>((A)~b8Xh(EpmQwkxV8Te`wGr73emNQO{!+x+9 z5?UPCq;wI(A5pbvv6Y9xLR&Pq_RlM&?(dqG-TPm9o#IrqP9Sfe)1X!EY2-_%H_ufm zNm#F=i%OSv!spvuJc=z{f5@(Qs%C`3t6MDYm!gWZtKEvdm3OSChU(?=yVuu%AD>um zuXFGd;wu|8OVaB_5*n>iQ=dH<=dI_|EsaESTNHWK3kE)wohlP4Os=mB-+EewuDBB` z*2|ccMOgWPUAL$kC=X*tM%MBg>AZBEY%j{)oiqcv32jG=pD3UIqByw^0Oz^3;BVK@ z;=me05i6`VAoq$#iQB`zNE$L`9>!m$@d%nviK$C9mEfC^CQBRZU@4_V6`3LHTgyc) z%dWt2%WmcZmfEY@12WOl{BexA8?<)SNe;6z-B2zX`qy-XO#xLtXMN~-+pRco5PVi~ zG^LzU9EDdd|LY6S?djy`TqR-+Sjw@!rR9=<&0@}A{_mrv<@m5`!kvawZ~Uiu%#* z`tzQLR=3M%UmxitTW*|c(-RrJUM&l;SKt^<@os1{6!2#^DDjAe!C8~qDs%?5wI)7H0E(q9i(?cvd?2A@_++u3NZN+cNADxG- z>sFdK!@oMBefVF)954T{UJ( zZ#BCcaJhT?MO~_o1h^8Tlr90^T_=OjNsgd3K6i$-if9T^xjBWJ=DJ6x;i}clSf#27 zjG%ryz<4}|a3pgYTVm!?+OE7(Iw+2uv;#diWY(#G$3R(ZUJ*D(mf-XkyWuc{ADkJ& zuO?kdF+}jX=uDF7j=ZL3U=-fbr5B6k6oGFRY@K$c#NL81<_ZYv=HyAO%0_T1J60&O zn7JHYjf&J6*%UIC-~4bD$|`VK-;-A`GfNzlL)5Z z4EZ#tcXDkGLKW_Lk>F+9+9%WDVcv7vjuAIa{iPF@yYJqsR+38&$t6E)e( zFFQd*oJ%bUP{}y6E6$P^D=|>+Z}6!s?Gh*|V?J}5n}WY$1-nKZ)y1jXKial9Ykh*% zi$C8}Nl3)4nwaoWmOXpU#^tpQ<;I}R>g?2_szO(Nnb&o&+pK~`P0gmLdol-@`LcYJ7I#GbqeBX$z^+ zl+L{&PUGU#rmJ*!Ps3vFKYyr6QP*UkG`DH4PTbkvSpl7{pd|2uOFS;;lShNWC_E;9 zQYFh6?5)F$(R_pQ>U`E_TkZh=ih9G@Ey(?3uLPVFX*ORX(VR4PwOQ)m5O%ZKZ$-nU z*{N-NJNC}5FZ4641;{K@P;f;0qu)y@Kn?B}gR! z2d{vnDyZ!DkVXQPk4Ce7`l;G+v6sQm`5K$fk{UMfkn2m8<+$z6=9Fy%{{DaPp=>6< zn;RJ?VosU`vRSnz1O=_t0?o+vFg|_}DE7TBOodN3GIdn?&G4JQ0r%rEZ_Tsxd9$F>>?FtYH28!)kVh6mw( zijaDR&WIS}zd(k2>jhFO1smQj%5QHt=yAv>X2iurfH010R82onO}Jt%N0_rJZ9oVo@%Sf~BQw*aQJa_cT>)Uj{;6`uP!ILVm-6H)&vF*DrV^tVgMT6W+kD)%^ zqCV;^o>H(*Ck&qG^!&}w;^j_THOpD;M2}_jS=^zQ|8SlRqG3<6D}Byf=QDRSSrLTF z@f0Sq3HTLHjcUA;^$%Xes9@T~rLg?=pmM`yUwo+R{xW2-`UqsEMNF*{`z!a?`$beH*+Ir@$?dC>(+9!C?>f_# z1aBNydPsILp~w<@>KF_!bpxtT(*(^KW)Ba@ z2zrQEO%3*cx~%|*fH$}Df(_iNTZ(mPr3tl3Dc~E}LyuF|KYnFqE=I%00Zb+)l)P7? z;jXT(;wnj@Eo-}%+yK8HGmod7^(LS8tJ+{Xy-BCr4B6&x#(wlH-*S3hkg@02cWuFi zWE<@u6#q^2WyL%AJ4xPJLwBYZ;ns+02?P2@dB!4lvL3;vKN4Z@{d&3G(=@G@NL5j; zE_&CzT=JW<4TX|{awqo}{Tlr!bo@v&T~^k5^1T^K=^c)5W-XmT#+ow7)f{7gVl(tl zDfHA^W-3cS2AyyUX0+9TFpyj)M=8nMoP@%A8N1r5AH94z-IvxR^>24(gNeImN(LP{ zmbyH?P`ozj!$K=+2H1V%s@-(bl_q7F=9uj6r5Py?PNqxIT+HsL0i))d3L(%bj3=}# z#B4j@zR+OcO#I>@Fy!(sxv?0$2Md?dzp`y|j7%>IE2Oxm6A@%b2B z&k4G|TybdJ>-soaslnP0E*L(q2-I9vmoH4Yd`VSHTJBh5jY;|9uUw=Yv#*DF`t-ZV zh3qe*T^AfGZ*VWcTOTXxUDwnTLgkgCovj1X%$-kU%4TK1iwRNhO(^N~(jfAau?noM zTS{nPahwL5J$^@4Vj#_qes?(Ikk`opOw~(7iF(x5O{D;n&o;kt11^K~m+!$cwm}iJ z9>AvyXF6_mINcCb@x??Zg-uH695^+j>z<&8Z3)r{TzYA&x%&WNDVzzSW%?r@gQusk zW-*Ze^~b8U7^b!ZNw=c{>*wpnBwqVr%1 zWT-8xq~Fp!i{F5DOhT4-i2zoQ>>9e>ZCtm{cuA){cLX`bQ?a+AlY1i0_QQCIi1r@L5T1+CzwD33W1?=v7(f9B+FrTQ9pi+8q&+U5 z*NlFbZRnfw9s9r0zxs_n+g}t7UVueX=z)*IuK7O7=98ZLUQqStpDgSozC~5){wBAY z*&>&YX|&k{q z<)8oE;rd1VO(#Os$F!$YS$b`=rGw6p_})_IGfAb`ma!I}l3MG_JCmhqFx4Hon&>3lYPPAUo$EdY$=is1diZ6?uOHAi zM>@j%EqFlS0PErHsKl5q>1N0&I5jh|DXB4qBT&XKWgu2;C@;Lh;5 zr#bmr90fP(#7~VL{H=>zHdBb-zib)>Xvc$dx`*a=epBbbI60X5deyGBLx==cf_^J7 zPC0(~9GHnDB$IMitksIUq88Ov1ASosV9Z^*PRZInER$%l%@T0v{|Hj36i9Wk2#2H} z?Y?C<`!cW6toWa9&A)*p-&=&;{KAp)%k76-1@>Iym;3Fgw_@tik16**8*ShZoy+j3 ze#X^Uw7<#-!X~`U9rmys!&$NM{(rWpPCi4==;#9Pbt^Ai8bgen*<)vF?a3E0T@vhj z`SvpQ?#(sBZhn$^uaX&+xs0Aqu!y=HzZl-7M>zJ04j5gheAh{g8KH4;%Wf%O+O|kS zbbG+S#(?OoJuAlEg4Iv4c)h4`mEp@_D%TgSr#goP9JO@}6D1mt(GU*$$5lT{p}aul z(`oWI_(#AEDgXH`q4;~$NhB{-4>YQ18sCByP}P_Z)!;c*<)k?mLyQOT{!Xum>q!EG z$3UBYdDE+1;i<4dOt5I2GSg5r^M(4fLUCBwG||OZ*_7h%tOFYO#KO|bsmU6KAiS^p zP^Yh@b@b$+HZ`d1E1gk~eQ1h=qkT|P7F_D{GAS23rdd_tx8-qBHFNtP)CmE*<|!#O z-H?)*nTM;@UunXEEI4=EX>D#qO{*j9PkN%Wss?JPTvTk=v1HTO#8;m!vs0_e`T@%h ztUF(v_P?PJ{MnOgBIpZ}pq%r%kxhB+VAfKPHE}G^wsqM-vTa#9o!BajJQ{r^zzEu{ z$KU1l=$f3A9*EjI*VP>UjT9*&Rf%}A&b!SZjb@f#K*CI_&OlM7#|i2h??vp`8|hN! zr<5y9h_Gb|NQ*cqq7)q+^BR^=B?R8n1ccT0)r9N9vcwso0pbF8=VTrwENQKldN&kl zJHJXLT?Q1Tks_qsDB69b-+y-fAho}2A=#4GB>}e7Se_exl)VW+t@%gW_V(DH8~QDd zx*j(>hIQi8BWCo(XJy=jUXMFBYoMom`u0&_iE!*ifBN9E3vzg9~rRCl0 z9Qb8Y(g-pttNAs{BJ=k4B~~}%&+#TYa;d7=B<%L*4lM+;`F7X$@w4KibCWy7x;tqR z1fl5j-Y72C>g_|5ashYD$^u$R6?F(${%53?db{8#)g60kAf6cnjd2O;O}mwloOF!tFYmlu+|G*C0B`gEz;8=C*omB0Z!=U-OG zQ96Gid^=!b@4e~I{WL#}3Y3l#19uZ$KA#vZ z>69RD;H+XxuBsCsF6w@^erC}-(ubC%IS}{R6(PNu`{eMS8;nL!in! zl6V$&>j-UJaYfKuQaMzi#7~3!7yE|CB(l?{D-?$KoEQP%_q0D>kMme})F(uyTP-3_ z?h+!cxsqg}Ev%3!)>h`{Tlgj215#e@8*e0w?cn%XylQ=@fesBIe5mcl1+_MyL(jxs ze_Vr%tl3Bz$R|U%i6L7y><((4=4^CFTX?_1_2$w86ix8_U8dfdHu@n@U$%=xWHUF^ zgXQ%0&Dom|wlgrYCtH!=5*Q5*_E1K29*#Fi%HyoQQ7>Qhf(mcc4J?b!dT{`UqM!=+ zMd^~67mB*YGm_^}U5(a-A@^U`22u~xjY$EjU;9Jd+Uwi_M z@mx4m50u zp-8;+zH^-1*~tY3d(Te4e0*x%c2s9veGU~>nHmzA=3=lAj0n5}3d`ieX`vEEeW=v^ zG*273@=APnlje*>6gPqYd;Zqd=!M?3tNCefR7L3CZ@y2)aPh_fDV-1Hlx(XgvHl^r zrlLNN)5RQf!_5tkCNjg{k05o+JG8%6Ip(u~7fzYkWN#y1?bvlF=flIpxBeQ~;0WBP z3BJ}GFI_v=KK-tvJ&cP{Q+NvSvTov|4T1nXxIW2yOg6f^#HrJ8yh@vS)$Ox))&dbG zfe{e6QulDAz~Km3hm%JshAS$=0~)OJwp~;pWttfNrrQL>MAJg|Y5vcg_$4oY!_B0~Q39qL}M|Afj9kJDeNc{Fpm^r@^!}EGr zmTd}p&6_LovHR$7qxS0roL*luLHC9E46HY@$9Df9Pmc0xYT=LlzUybS`U~g}Rw;h_ zJI5E)8(V9wr@p0Y1xc1JhHleQb%XWVJq<4*e|B;Mrqu!{-1SYgduIY)K?2-tNne=u zpz^+_J?V?H1xwerIQ8ioF@Vanc;FrnGx=YnMh4wrCt5Y5dHcsGN1#aKFSqX&i=XbL zn7|5}E4j``jyhV*n4?&FVg{#vIPdOFcu7?AxTUpZhu@JX?`;Q1vV3}?>S~sJ_)!W* z*2o2tpr%ZxNDrrL3Sc4_OHl1 zzPV>pW`Yl)T@K9q(ggxBe1UB1B zzYoqbqKH~)+G=$qRx#$;fW_a0|97v>rOmfPX%h>sILR>f{E-+{t~w8QuYM;&N(A@V z&VkWQJgrgB2fKVroA(RZuAZq}Iyo&Z(kjRPbK93_di9xa7@fqU8<2X0l~np0h^JO= zY5s$}aXa=JiBuW(VmU6+2<8;1Q0i1uJP4te!<@gEv051mw#>^TdY2`c;_^sG66k}1 z6WXUc3MrvZW@GTNLI6A;ZDibn>2^`T+;^A{UW^w&TNsm}<@s;_K8rU+xApSO#x=Id z2?Zyb2MKEo&8e!~MDgxq!rD~@(KbDjJoXE(=q9C#xFz<4$%SqNhHcS&0S z30Q>lzH~qfRKUlCfQ8YvS-(c}FTkNjgF`$@ZIgQz=zh@OT<{En0}ju{d9uAm8&}{ooQ=7 zD(LP&@^cTq4(YL9?-{dK(EroPUg-DdbUOIz*l_p60Nx8qKV@{LuZh29JQzV9&w_*+ zam$yxFo2<~o(5NNy-J6sS1*h;55#dQsyArP^V&9d$@VB)_#KAj| zcIs|D;?{rBzv8zy9CJ%+y7|-4Lt02){+4MBD61lBYc~llC>J5?3pZ10nOoNr(mUCr zf<~CIl^c?q49;lRNVpcKE}{cuONfZL#=-~e$U+j_U9DEf0#Y3IhO>+N@Qp`& zqqD{=8?D}~#{g)*Zx{u-JbJ;>e=_(<(1NP7Ba`1=gf%ujo5x@lF{2xSAgbJOns8a6YV_VIrXWO?ZKJ>8Pj1A+wrIG+=BtQSep3-6IT_iztw;3c^ zU&;!~7(<~e?REg~{W`1g)@17fsEx@)h^ZCF9Cjro-e)cxl8Ops)Q5yxZoJBQMN^Kp zNKX?yrln02q{GD>enS0Ju9dxyb7ow!y3Y(BLoYaqiP;NeQIezPK<3k?pom+3*?p59 zPxN43M42FDX;rkSaj6scd!V0A;=-`Ee;0ds=mh*GVn!C``7U+IYadTSUcQJRc;fXjv;mrk4wdQu*zi)$cUGE zs@1>EvMcLxG&6ebvhLH|*C*25O2$6*NqQNRD-D-<1rzM*&7K)OzPP&$AIvK0Tk*3P z=?UTgHA3Ix=^-faYTrISO?+P-_uWSa5N{&SWL5rEkSl!oHD`-UKP7LfHis0uOL$4c zclVXXU?73g)KL32W3jv;&^tn?BsQK@p3!t!nrFoYfk-|*^0$-3A!T|Q8)+*pb?v8=-rW7c=I9;^fsyo zFwOq?LVKS#M=AXLHhJy=N2v}1dGu;O%Zyae9=nYm(0;lET+O*GJ5cR0?CCMe@FQNi zMJ73X_`?X(`l18;DPgQb{W%qpU2`XaiP+rIXL!qmEU&0cDp~=`_57H{aOQcbvL9G8 zyFASNa!?n$-gB7{^CL6-vlC}}7gXd~7>``>wDPHxqb{CpH|o^-k8gjn1l)|5StK(3 z4=*(GN3#&?vnt*S_73XX^Q|_IudeCHW%-S?JQ|)C^*V}pcRNvcdHRJr1_|~`oZVnB z;o+}-$#jesa4mK!pAckh?~@DQ?L|XnUe&wB-fcp`Qx~2S#AUp6cXccJm%NficUjau z+W)7Y@*f1pFP1#p!5E2+6r-l(il-UI-EDL$_>QOca`6FAi>{1v*VKfVh8laB1$eBg zH9$eXmjqX%Y^=ke`Ibc?Xi=yiV&d7SH=wFZmMyKF(lz`23q_~CbS8+*O=3*eTOi?* z8PLdT&GJUJLp#iJmq-^dy22FBK4Hd4Tgo}|P|aSZL~WB!$Ac(Yviw^*$)2|)u4oL$ z?C5?8-=fO7oeVH4mE>+A?0B_WA0avfN^`cMo)q;?nuxIyBOf+sjEHt~3k{u}RB zn4L9g`w?7gjMR^2A}#4{V=Xl^yL*3aOwGZj98r&zJb-STE;*o3f7goNlDSRbxc<0DM!DWGQeT(oAuqLvCnAjW3zQ z%g&K;rZ8fEcdgU-q-^1U@s;JP(jnI)90H$rSp(h6Oi*I>r}zT>*p$8n`oZ6JFPBG* zj5*3XVZ}O39Tih7ww%CKC(tQ|Eog1C^U-CLvHm8_vG53Ano>*Z`5AU2d52=Lo!Mxk zb?icyv&M=)(~AvRxUe(An?+cU9-uO{^OZhB+0&wFV@rEH1>Fn2Tia*wN){bLM-bM` z{ks?dFyyGnf|Gmb*40~oo)`kVI! zdIRuCSxYI?dq~-mSMt@?{^EuGJkCdL5YO^{GK}i1?rK$6V;n)cvj(>*@p$0ZL)5=H z?*CoVUu?p^P@&Rhhd3Tg zWOy7q7Kv<^ST}?fV(-hQKtM;sVA3 z^E|l$)3P-r9i3}vb~>&IReoWnqXu?!9EFxYU-))XJay4wD$g{-)_<98uRa*M-Xm+S z+@6IMQkuQ5Uo844%9+ZINw)dw9xv=fZ(wTe+#V`qX&8n@-n?SU66dC$ngp*5Kdai}B7uvrHJf|9#$UqZ=*!UqcE1-mtDt z;w}gd-3C|aH7wbbh$?}~z``u#!4P?NAH^V%?Wwu3 zFrbWBh^7>InLfM7&3+DH{OSB2H&1>OEG)P7KzmYmBjX~7hhghT1;EwIyZwny1CHGt zU)UPQW=}pE@^pux#Vo?-6$GNS|Dr)Ce)tK8dwjgh$D&j7J#w5H_^xh3TmrYDYUA}< z=vuL9rG+e|&G(0RUsq(DR?vS%P1Jrbl?gpl9;uH1xlO)2fu_0gO*IilMrJ~!C4jD3 zqcNVYKr6S$+q#JHT~K-!BR3}g+vxBJOJs+4!PcogEov0goKHzFdbAfur`cywr{fknEYAF%dT_qG-E z9}E5k`TiHZ<6;s9XRELk)5mv}L%B5jh_aVy8=k)Fw2FEA5Q7J}bx_278SXJV~*?YnxEVRd=D1y@t@@x#*v}t&R1;w;Vq4f(0dvdDBnP zz=ANp8A5$}(}sLgd)#!_o}FL1Uzo#dQp9#%voT<%{m&f3zX9xjS<^-E?ZZRb)z0n>bELI8Qn_MXD_ zk?|i|yKd<`fIz<1yT6Aq!Wzwv*if+1{k{jr&LE0C#nt;@<%i&Z#X^I)e}s^f^@)EZ zo~ln;{SZx1WHSHDLH_4_&_9nNJLx}Gx$G9AiSe@g`G-(Qsn>tB0P30uyUpzCg?)*c zWG73`S(S`xo{RqPP@3Q*12m?5UGu97&c)NJRyVz;{oujWWFkeF4e1VxOZ{hF~@D-qQT~ zcU-L2{8-I|u}ZUlIMgCk#ZO;tNOX$-8gcsX@c(}qmi9sTP1~4v_g!6l*nRyv=jp~t z(KdykN)sPEG8D{W66bSzVtBBHFsZ~aBpcpe3Fyb)x_kInH6RNPvb}#I-Rm(udDy|0 zd4Hih(NFn(;32)Gy*>jRmlgYIP4YMP>)Ol9_VFIftW^H8c#YNLxvR$^8d=9Xa|fXw zYQ=Hl4Bqg6fCJNidQofUzk!1=NZU^m$^X~m{@3yS?_aIO{*l4d58yzu&nTO1F1Qn@ z$X$oT$co*Q7&Nq$j9s#OQouAsg;I3z9384plgi19BGj55Hv=n(PZtQ=B>8b-ih3^u z{Qzr?J6lzgntHh^h`=&t6srLju}QUr0tW!d)0Ol?ED&vTtjurYn!@16{qxk)DT&-U z-|q&zJjEJmj_-B~@Cm$1Xg;RM3-6bB9ZQ}`ZRMV>uRk2SA27N}!jlPAJ+}=lHIWuHIrtF{932k} zX*ZKirOBNhOr5S{GhHVX z7H?fIw&cc$bNsxg)MWkHG`K?`5ZqyJ+}(BK?yzy!cjcUubI*P5y>*_d z@2h%$y!RKyuC;oto;~LnW6ti?t-$T&i|%_5^$GQJJoZ4-PUTQ5t5e?r-IF(Y4)R=u zG_vti(|QdodVfTsxhCMQG-YSM<{W`inWrztKjHbm>VU=%09k$D)a~XmFzl}9*mA5jDy-U{#UTUAW?)6!->eenX1 zkny~EY;5x5cGs6*>nh$Q129w8@6PbC0C38;O#&;fLXCZMAS|mRujFgRt~=GVkpO1 z&$Gr}&ohuw2ji86kA-eJ1$QuKZmw>u6CaU=-HgE2?C)x}HM%X`;fWP3*RDrr?WMIvCGv^EK2#4!C!mN62!nhV-t&?ly$~_EuNlh-ekV#SGgQ+FcfMa0_%uz>{(?d@~7`V}#c~*n>=LBDF+qoVYgZ$;CfgXQ6=oqEO9rZ0XEXxGcs@15mMAQ zPa0-gR3TsE&psPv67!+gOt7$yWykf%_0r{rZ23yt%}wBhDZhU$D`svRHq^s5t~gNi zBYvIxY%py5qM|O7>jvsBH=p=}bbuEa?@GJSOfK2=jn(aolhcj8iaPMSO;=|5X>g2` z060ZamUI62@Wf5O!;*VeF!jJqAIA36Ns2u5*S9w>L98w3AeRCQNwb@Z-MHB0wX@I| zDOOpRf>bkiW+B}H%i8h2!;cqzyoT;ahHHBvP9a4VuI*=2W^Ro6;7jY}xms*PffLtu zLFa@@SdpnPgWnzCN2z(K zmMMj?IX|{(w$?X0LN?b-FWKEJLF0YHST&&zp`g$U5UV0EDrTlyH^*E;1AV74hY3I8 z8(=*n!xiv7xpKiZCoD#l0W(mRd%eSqGN~m*uz<{hQ$(>LG}CM)+1kv4Jtjj>YB~`j z%c?SP^a;i-GOv7dBDmHO4C4R|#JQK*_D;XmAZb6u>@lnjJ*YU)5z?LC?l?Z10!;_Q zx$Ak!qddSddLrsQdFvwsBWHe@+v_GS1!S@p$6QBs4x#n4J8|q`r&>it?xF58(1uBN z!+KIZGa6%~bt*;qdA<| zb^5p1rGaZ@RU80`6-Y`>W+JNyrDl2ak^H7n>knAneGACz*&LxyN6ws$@HJsUng5`u z|0?FLr2t613QKb$`TbW>48q^?J&oV;B%{2)s=R*>s#YBsz?bTw+Z<|ff8;KzKT$e& zm%g$a5K$BKnz;WqC;Vp(q4W@VdBRs=>wm}x`kyM)3FkKz#;E=3Z+qe;pa9_ZC!N@m z=0B859$@N3RePxtRewZqn`D>w-*-jSD;*tpBE7R<>@TVJ(+n=ZF@oOY^S>JI-*6dV zpBZbQ?={QS!GwR*N;IMYO_-l6@TGtQ;29p7M=$@jD~Om6Uja{iHMCsyOLYA-!yNK& zlDu2(Z~a7RA(Q~9eUQV9^4b2#esh1SGu7EQ=F$3|+9hvFss6qzN@?^!Ul_ko3}pTq zDnJ$Xl!9S?E8v^eGAG`!1Bl(C?2zsu~TDpXP0a8suRk&wL4qK>ho!cp|;} z`N8L#V@H->Ui8xpXF$t6QE#m@m((^UQRP}>Ml z5#~`$pZ~rq59z-EPyCYJVf#l{9{w~#EgH}O$5nJe`Y#Lp$Cet&=>U%wDD2VD|J`7o zszBKEiM|2)qV`ZIMfR5$0cKbe`YmHCGAI0Hq5s^{F5gd# zu-0wIRQX+|=gR=DrZz_2rbYt9A1Mvi-**K8^~=wKc>2bH&abimX@)(ZWuQd#zl4kp zL@*-Z&BD@>UB_7JuV7JHxKpR%WF-Bjp0T*Cf|*$-bnC&`l1G&I)As*scNs*QNlzzG z`c}(2GpiGxn1{)rAPc!lGz3^KxcQJYh&{!Sp#c=*5b7{br8C<%_i<=4ew8WgUf9 z^{v+YJX2AM-t;z%VMp-D=GgY+2veXibK5D{XuGJQu72~P9FR#)38x?tbrFElMwpX} zR!5FDT$Zb*%$84%4X5Umo!Yr%SL0!0aUH{Eh6x8#?JzA03(oP8VW*fw({(`h7!ilf z=9|mHhWp2O>s*g26DeWyL?>D?{gAg(vZl`DUtEevO;)!~I6-aZ*I^T4bLO*z>MU0*GOKqR!BX`7o37wHheb3pQsxOWa@ z%e&_+?~(r=Xq7lnA|gg`@kr35q|hd&r-|mW6L0!-L_W-z(U9Dw=xKDd+cK@fLbnrt zj*-L82cwOP5FZANN8MGl4Mzbj#iyi>?URv?w-H52ieO zEEv-d8wp-dY^Z#j<(^W{3zG0C*gFxtoDsFMir*R9&=@i2p!K3QOM;gu+awA1%^{_*eM4H&z zXHIuo-9N~OMk-+K9KjvIfIj8$C`vY-IX>*0E?gf9+ujRuW|m#o&dtc=s(a8@$6NWP zDD~j-()uRO!R=`Ik{x)G^Hv8lyyDuK|FTL;*n(4WK=x)^@941nS-UMW`Q7%;v`c1e zW~$LGNU>pZ&N1{u?01=h&b_Rg(gOVLSPAXncK!AVJ-${OOe zUwmMIx8onp&3+UH{Fi^~LoiXNEW`O8d}VClmTrAx-A1n#>2BqgUgkb#4M>0URaK0` zZi6cL&9=S3I#I=aUV*z09pKE+S3>iSAxlg>8oM3`mk!$?joaqo6P||-IJGvGS3d;vOu zYim3-1b*StfA++QV9!cmro-+j((}uvwzjShQ-4-2=#>PK;yGNjH^xlPyYVwKt6rKO zq-lvU0HVfQ;T_?BZu1`;1Z*3Tr!hoS$kI>!?N4fe(1d@D_sfGBEc_laHOvBL{k;gh zX1nC$A^(v${=A)s+DfRg0N5R+iled5zdA+!4_ba0Br55T0`+5WEYM&p$i@Y@?TvBq z^Z(2NzdBHC1R(aL&0ZP&_iMehU1;Xkf{1emczU4!m_Va7B7n$3$xCg1;lttk7? z!Wl7pK{ow=-vb!a|Jvif{_)o+n)q+L{8FyJQP6+w@y|*1f9>&Kd;H1x|AxZ<@A=2R z$4)X@(%Z3<4i6QGdd!>)D-vdQ8dnL`>6~G(WXMq5H8*X^OM(#Y!1nAC!@!cD`TJ0lNp>|Mo8_I`&oZ)J?Fej=<_tpY@}SzfBd;dAyjIF z)A4OM_x$=<^#1cSPwo3(G{X{<8w)7z`#ZcMR6>1=s4Duu`E$;|nC3aH=yZHCr~1b& zUK#45h>#3ev2Z2Oup1d6Jn|ne@XxRFZ~ogScnjQ}x{$WbocHV1xwAcyz})m7gg(k3 zLY%pXrwIRdFZWwF7JlRdcZ;kJ!CcgTbt@Evh&mGrYPp>7MgpH$zb#k%WsSes>bIA( znqk2G5GLE*JP}XQyqnL~4W)cQ{t03|W5*}gRL3qVQ;N)-DDd^`mT!mK@hpx_FXoq) ziD*J`F)?DqhT!~`@#33_de&FHC6iMFlL>qag>@-);YqRYFY(;Sx@JGQ*#Zm2A(p3k zAA45fFNZqTYR%={CV6in-6GSEaK>Xs*;n&E=H*^*O>y32f7I5U-8zI@OkG)QkvneN z2;h>UaalgMg(0$rh4J_~Ry9X-&h+)fR`onu4JqaA;_fZEaUQyv(f(Fi%V5?mUGFv@ zRkW4Vm6sb@SGyz20sBHmemyqIYcGGZag-%*J6HZVXZ?^bJZVMrh*shI;ZZA`>!Jfp zijMMT@u+1F=V>PnO+b~OA&jQ36c|ymADEpm&yh{fj%D#+Sc}E|>yo!L?&YOil~8)nm=K*cJ^qq#<#wS_Yt;17*%)c_TO*OWcw!SJb8&-+G%Oqyquwah$xOW9JH#51@m4i2 z4@pEH^)-}VSHTgZvaPL+ie((D2-X)CeR+eH3%K1Pe;%apSD!~ckuafSo}W*OF;Hi= z7Sl{(f0^ljM%%)(|JV1W|lBHCQDeG$vfLJvec$xI$+=^@Z0^ zy=8K+a|tY{yYzv)8$X+f#?8K3-74xA2;Tu-V0YjS&2ow75yG| zuPd3P(@AeRDo@~ca?eRUTh7ioUhF5${kL&iu}v|K&adIr+j$|!Cp)iKWX-to~` z!x524y6KJUjY_x?{FfsKf#=Fhx9`zd+NWpRC%b(k8+=63?%aOIoZ;2;B(x2@VyN=u%t0$z1q54ly`Vz zC`9meGA&6iuE=Mbqc2LzTA{72e60kMc=T<-hRF`ES+jt#yDyH2IN8eh-Lvdfn^6oM zBv`V`Dl)flAUqN9Y=g^9`9GbwL+&T8#2;5U>!Z$mR0Ub+{3i@`$HdH^5iOEFKCdv> zC0@U8zxdwyVbALv!xu|GsO(0CE|D59nZ;Z=Xgqh)+5B;=7RztJ-*FZAXI}o0)+pxi z#27(#+$qD=%0wbT0X?Ny+=0V=-ec32?P<{tnA3FBHx#`eb3uE~xK0!A{*qG4Ca)o; z&aF&ORhxECX^Q&WcxJjS7zv?GD|0l>H&Y?4W)2h@;%Hbt2U~MpC z#p{1en?`216@OS!bKizaR<`?%j+VYIJvTpM$#MDHfn=t!Li(v{0Dwm0knm5TX=$zA zv-nGfU&C?D#K7DRUXQ`A5h0Hsy-ig41^4a-nDh(dY-l=&5P$wcXZ2jsXv|I-rR|0l zNpr^!Dn=JR$>nmc(GJ4wygUo?pZuDxtP8BJEy#r;8gKVzn404E|21 zF3iTgl2|BpR_X1z2(v|=DCQ2nvOG?AifjqMVszE7z5a?5rilF{TA#elC9>ts#eOZN z-Lv)H^Qp5}xVGk%r?#bfx}~tP*yy8(9asgWcDyUU(oOE6{NzSuWwY>qdA1hVb>l2o(okSlhD!VbYM}Ch8Gh{>p9ASw$64CGFn3t1JK>_>Jc!*Qdjb z^djo?zH*|ubDzlTs)$_HnvNv#GAB6qt{0|K?0u*T;Ba7<~fuj4f-A1XjPa?Mm86g%GtrY@W?+^?>XUZ_zCmJ zdW)w=1&0C&dZR42C7Wv=Vb^^ZDv80)4S(9384woQ%vi3$3F?h-VvM3#Rn#plFWl7h zRt?s?X(LtV@I2qu8PEcp?FBWCwgG*#>JEOpSaWkLo3CW>I@{x+^j}T=h10pHP}@B= zTD-@e2%hH=`%Q-qK^2}YoK853fNl-3wYWuGUuV}o4fd$rZK+E|u@?77^zBuQI87yA zP2#WI>j_CTEUQS3yxEEXXgnXF@rJ^iiSCsiuPyax%Wg>svynVV^`w`-jQeDD;&@=C zi|2(%wS|kO3$U4G?(>G~)AVTwrMfz#8i2$VjZ2Fy)rR{4ylL^s19#&=rxwIz z$80L$@5Y1n)D|ia#EvbSyRSBQC|*;_akxbq*3=K(aIG4d9X_bE?4IsPusyY~tH04W zrJ1}UN(Bw_cqRa}S%+?;J7AI<_ zc0OQ9U(5ZMp!88*7`wYHHjqG9oFO$6qT|j^6i@(vSR6(GyG(`QP=ttWKil`F@th`L zRa>|{6DJ;gO0^81CLcAT(RZ)aw{k8@*vDU`A$~4BtD(Yc9NDW#jmrrw%nO93*NqIqb-fl@z*L zIie)Q^N|m(Sr-z$7ISlp*8h#_F`>t-Jr$vhDZ*MTnQv>{E^yuWNYDEzX{O`)72?cI z66Kz-I1X3}6I!>@a&t#R{j!lcqBpXLKc>v4pKSUJ{{Q1BZbEWCnM}VznNgr!0QM>a z&LUt$gcN4sltxp#v2`8Ghr%x<&qktR3%Ud*>KQCq&H5)HLl>upld8DZ4Ly1-9SZTYi zZ5_|*%0eCiyoYDC{f^@OnJ|2++Q6f^a!(fTH*Tw>eE>BpGG?V-ryJTz?McldLX66`|LpW z_Dv(4kC+;s{@jWW^EJBi!4&OXn^|Hb*q|dX&-m%KbM5!Y@Wg|)M?}lTp*ZWp<@x_6 z(d~!?LWcZmNV!qIz0p$$?JsSv;K93ld)zmAr^55+dKZ^n#?r#aLBH6>~4t+F{b}l~XRYvTb$bqQW7vKPLT1;#wxK&Bo zO#_-(-sSW*?x%`Uho#hkkKOI<^Lii<9Xh+ThJt#_a1n;GN-w9pJYVis|yi={n@ z`$D6(2D|3D_-AXrg-_7%m=w=l@)5RdU`Gw=>imW|SDMU;k{SfyP?F{?K}ugsTLO?R zEls-1_CxHw1mE^Wo0Z+p4&%I_;u1E5*r1Diau^pOUAb)2=kXHXg$KtFbqljB_&+Km zMSu~wi%i{2-XKCQ*)XTjRMY$)(m$C|dkqD?1M3cmGrZw@8fN3F;0;6mPV=I`;{I$d zPsTq`;+IAety2cdE`}mxn9wfb&dBqoe8f}NGFENrQ)gP%2-|%Jphm#6W8YV=^Q_t; z5>TZ=E*^3z<{3wMW&xkQJwsQdrVwo!vTfEqxvpWCm{rR_ znq1`huU`6q&n^5fsRYq9-da&Qa{@JFPcl&UUZc7aR^uWN^$; zCoeQAs&G|Gg@^}h@DymE~|w zV&2vMWeim#I?C$}cKj4;i=SvbPE9xYewE=DZS7|St#KFN zFh5^Vqm&f80!kg3NcfN53RVI~dA+67rJ!~Y5#;4%uR~R6HbcSp ze`i>=-wZ4G%dqZAX`p+oukmH5a47Uz`Mi;BBF>noWyaa-WASXzy{E97653QK&ZP4-;2=?) z&&bLa+amIFXvtR>CRUuZRw8lbQUa0unZT|fo057{S)D0?`#-oo`M6`?zSl?_MhIWX zl!8>>Oa<8~>-||X)cWauTKK2Lym_9}>=X!fwa=9ZFi|idgwg&_C}vz;iF3Z9;a#-^ zmzm5JTvYdGYNpEw z;)SU+7J%)>^RkgDay>;Y_)(u&eftr88owI4UurHI+`eQXztjKZaYUPhPC3cGk~Z&J zv#$o)#Y2Tqagu6mJWu4)ng+sJ(_SWxm#H+tk-!W_FUM|8&e zi2ozXu^fKY)BS|1!`oMVn$1?d^eYDS+`}x}_UWI_-y5T32i3~-ZPa&H`Os||#4T6y zg}o!{C~Bl# zQ0Zt)eAFBWHPv`l{;a%RMAjq9dv$dpS=Be56tl$c6aS(2gYUE*8B!fwNrNviW(hE= zx;{0~{)vKKz&L0llXPZJD>X99gr|-_xf^`2^2~NxVP_`V$D4z)&I7gTx!Ntl`jlKO zX-Qy6c)}1FeCh*LG$TLLwqBRo&P+XdUL_jtbSdvtg^8~kgMEgMll}wDvz0W#lKU+v ztfAxE7RrXdu-ODP+tHD0TD!Iit@=cGTIg5CrjoX|lRtSoC^`=Lx= zYh~)CN<3)NguXT$pZtoS@cN>Rn~wDcuI1bAYoVDId%Yi{Sx^&0r)Tc-N}&@Nik+e} z_B&|X!lm8A$cR>#6sJh(`#f=$M{p%-)Yk&7lQ-=lOLV|_+mP$3!cz@@ohQbU&Uh41 z66oMP9;_cNSuHJ-Fsv3Nh<*_4Tlx4?7S>ITt#GN1`6|x$tbE722$h~#6n5*6=!sQ& z;sS_$$g0%irO#i4_sJL^+r4WIWLe=n9?$iA!u0$bk&Ch~$hztS4TJe9qoVb*$x__n z;<$@)$~K#%rA*=?(lokb5i_DY(qO1UcvWXl=XP!!@)eGP zby@+2hL<4BkdZ~%H2WBp)A(ueS$*I|yH{?TZuESebKMHqXMZ)IB&B*lw~0Mt*J)HJ zrCD-!bS6>PH@BahX&xjz{881=RLiQgNc&tfzVBi@viO-t3j{GU>uve14X9tbRBwQ+ zXM6>@gL#1#bnY!2#ZIQ{m%1m@!U?IlQ{%pk3H8klVH{#ex~YKcr4FT;~;Bh)|m z;#ymZ!DlRIhHbj@DyX|5@B8{vlSOxVU))A zJXh)5Ybg{m>SS24$9i7;41zQ*UScvNNRm-Q_f0c+#9%rvKcDVTc3S?eu3LsE(7OA4 z!QrzwH`L%8f-B8r=WN}*BU;6F*j}CArwb`-vC)u9iUY=AAzLmMQWt#ZPanV7@iI%- zG_?1!QZyAOt}PuCsV&~J&$8F*zHNIf5*6T$%K_`___A3RJ_~<-ygQ5}lsJ0s7g}?V z(ZrmEB~w36Qrc^_)x`B>;0X$7c~ta`8alA`@Ifl8xQ3j>;a&1lE2^$3LdF|e(TZo% z&GODBqA|FcOI`A(-2Vn#2bCW3;WsktJd$i{#|7OqhE1bO&01xWe!_9cFgBbn(ojV& zcaug?5y4rQ3Vd?CB+OgLKN%7knfz!_<<&uIZ%#GJ%psQ719CEAw`9_11WBC>e8Rl^ zpXp%!gQ-|Gr)Z|FS=QM&+rQVH9n!;|RbA=9lFBUM@Wh+vQ|Vrf@}Bg5`|9`P#V%GG zABek&VCuEyx(n}H8qINf92&gTxx0>QI$P*C7KedFwhFf@&ve`B>5OQk_2lX# zrYW!*nO_euvyc8joozne71sa`MkP-W7!pU|ZT3Wh5-JrlYfEU9_=it-<38HOeAbS{ zw<_FM*HtgAn#}1``o|OmWmu+ah%L=)ZDqQ4UD+RQAIa-3;ZKrQzXlo+7C%=X=Y>l` zO#2f{hb}tU7uqo>3+craKqQAU-o7I`Z{{&Gb4hTarku!KYY}yfdR)X5A=`ZyFg}dmm!0i240T4Z-X1_U{P}kql4`>0M;u4RU2QM(TlOa$4(~^ zE)$_1ds5exjIdZ4Qp2uqimC?1x4MbT+K5?@EPXior%L8R0N&3G!AGNw8A#jx=tTlm zoO()}hu+p+w?pEN`qw809UfkW@S*zDKty}ESZ8jL-dpH+XWGtp)No#%T<6c4fRf-$6R_W4i3HtEr1C$uUciC5 zuze3A4UW?|IZDQf6C4U40%0woAz`lH&G^}(Ra+ZGAc5^MpoF+FALskM7S*fRlfX?J zJOKxLrig-N!ojzJhwoWLzzKAASMK(lx1vU?wbU+&e=S#z@!;H`1SF)cv^MfQz-F+2 z*XEDwu86RM!lJ<`RIC+M$|bo&y>R*v5mKM5OP`F__&i2WT=B^6sR2#SvpdeRmWhb2 z!NPp0Tl2fh{D{M5x!cGY-Fz-^8nU5(bxFYfLMe$D6H}Htk28J{yT~BLLdx0T$fC4F z67fq`3zqR&c~*-N(=&SNg|&3~r!gX2^NxjBBq)w*?xd}yaD66ycNwG9Oti6W5(Yx2 ziWhylRVtGr#}>Ls;3W@vXNUk6-zGMlf=HjA>=YE&06H6Aj%M)#d~t1VgZDmY5$(+# z3ro4hN+To{b$@k~%E7iCOPly$nfA;?ajhP{zH{}vcz!rbJGS!P8ee8+kk}FIiB&g| z8hc)KajjK9e~Og(bxLG>b}sA2+2*zbCI}XSVl1pN0+jC+fgt3SMfWu3Wo|wz_a{?^ zMXTmj+UxdD?~2nO`q^a?TRDa&J?c1nI3J5LgK2}gct(wHCHw9e8*v7taWV93FMwwB z!EHrTcLs6mgZ=h4jk%-mLO;_Jt80ee$_MeTTT=)SFF1Rp8`9;$-h+#1*|f6Z2%DYW z=Z)zV7jdawW#oyA!-ZYMGoum@`9I$``(${yq{F1x-8fk{%$_fg-TA#mUE{Orwk?}` zASE-(=k4S#pniNNt%ML*Z0tAFfk%80GtA2$7~PM=9UL$!2~omlp5hgLp-Q^mlUEca zxRqSSL{lmT3POjNy*P9WS$H8sUI(44FA{#0_`LknfCTZr{zDH}98BnqM&vzr{~lIk zehr~*Ti26zg7d!ZOz7oTDYnbjl#MwqjIO|v&nIkxrk!D!)h}2&=lo`pggOt8#UT{Q zY-xsMWRDh3Uli8S5zvWTvR+@8vy35thuSmT@G1F>_2S)J5=(5xr5sH*Q26wm2|lGv zKK9Yx>$%CdL+QxFZe51~(fY z(OV-OpH~{Yp;O9XES$1>Gqn_Z^V*0FBLH=w-0FKXQx%3Aa>!7NT$C9e|Do8%QCk1! z_rEep2R<8pwP$P>fwu_WaLeWNcpJRRdF||M$QpSR;aKP-ct@~==NsI>pY99l9=FUdm=sA+QCc1R**{sMpY<=ICLqq93#N7o zA9PmxBhI8aH3m^wBu|{wQ%0gk-WXyDGz#y^3-&JD@cv+VGS?$hMPY$bhe3~_@eFJE z`_RdbHsW3x@)fP80;BUgGbvU>Bkb7tWQ>*Kh9{3=_A_cG_Jn+e3;NOH+OKvxujFa3 zD;-sd)j_MRRqBpPFIYblTB06cThI^xNb$urLIgp^zp};h3!Kjxq@F4@*lb0#2w&zn zy(p^CzWCg0r5qI0YqT&g~iGeDnQ9d&#Fmou#$IF%=PS{Xo){CFgB z&ei#XZY8ddR8P$DO=k|ps136I0A_sRXajS{bBX3e8!{u1(GjN^T}264y*(h|(+cZ) z7n%B3$q2_OMmnXc(AE62KslynBs!E3-|C2@F~pE6l>(~ktruq8$R^7>e;txlC$W^_(ze_{yTsu_SAOddXk8c7mu#v^jM0~GUIL8 zZuN>5W28J9KPQ4);1E4;6&LQw?MlZx;bEn>AWwW_{1CnC7Ih}O_~Qkhi;z0cY55lVXpSUn(QsMe(~STfWH@x_j1k5^I%e7aVkNy$)?CL-ergnnaGtb?_gb z0w)9|O6Z@?!^K<;$RwuGIm=UAat7u_uj(ERj@F!S+3dvVC8K8&T|ma#=FlB$hSm$5`w~`Z&?u_75doyR%sTD zrwLlooKdDv7qh58uB7|>k=4wiWPi!gc4-!65FF6$$#AAcER^@HL7}t8CzDym`3C0) zx8*|uj1ma2WxkudA606$slg)ViJ}Tau;QTQQl$E7ovB4DF!=f8RSngZ(#x7Ap4)nv z4u$tc=yL}hW0ifAbmAZv^r9-wO1yR5d)%z=?i@AHQ zK0Yc%k2bP#Ehy2~!(KS$LWHEilO}HT5jd+HcP(pLHu|j}@k#o>xnv+{>^TVgL7R-; z59L>nA;@B+#iki56K9&JK;82>;h2Pw&7}ssDF41*sQfWLwj(u|0U_^+-(q!wa*O0B zTZ*k{%;H*}sH z3f|Wd z&TOd0b<;BT3=(^mW5Rd{^YDX+#09955WPE(H`afPR`?>2K_bnHKq5t2PC<>HC7$bw=jlayJZx!8zNcB88i8$8_n;lqa9t~3P|T}aOmh~ zWrqiMcRwSufNHozeEnp7;`(v@Nr^v{ejW%Xfs<`a22qqc-kk2_QHvnvjP0!ZRw3?C zp{q6;U*kThMERx$B}C8bZ~_PKtX9@?!k=1~hg&FoGp0XCAzX5+NK-FZ{842sPD+>X zO3WRPJ=a}m+;jS91nKGuj0Xw z+71@xyA5qbs+8ewCmhLV?!I@wz`uXfog>sADHhXhpMz4ZR z-_BdnfsZ%n&V+}W^_o~{mnmDVd@Rb_)5Cs_52X3UI^{>tRVoFd7gfrnO;>T1UCtGp z&)&IU-EK=MqoFCJ!5VLmA4A;{uXqK}&lry9+6SX%M=lJX>wmZDk2LR(WyW&S1sz!< zS=RBZAx)Ds$_qm6>2M)FDHZkcc+E$Naa|WuXivU3qKgmJFRZ$n%(rV59JGH$w-1OJ;kYH#eO#~ki=>Zez1O7;gdw{ zR!xeWZ9y=;?EK37`iY5C)}8m!MQsU7lEU75avC|Jrd*pT!S2b}J!91UwpcMH{bU#L zQ5w4h*!?VlvMk1bVZmj4bdije1?hOd{s=wU!D8zr=>bPabr641LkfPYTxfygsN$MS zg*-1>A?XfnoYY{Xi13ensgJkd`)Kke>{0Kyua0BaZ#3H2@hzR(BehYM7x~9?WE%@S z9lpoxoY6EKFHpNTelNgSB=>iBvqD|RuglUr6*=ve*-2TD(HH;95z3Dw>|nD17WYBA za%;S>TGTuQt)^>i9qhUY*B)D=i}_cEz;_!%=#Ff^=V39F$MU0h8y(v2j#wg}`)UPb zyTsYn;E71xv#AgJaO_FpD)RjRc4Ffm%Cz9vaBPaJJu&}&Eo{j#6(-dl*_d?vsy!<8 z)#SFgV@UWumTWU|YyAo7TI+-`%kg3@u9-1=hs{kl)!dp;y}Sk|zBu&omI+(-v=5DW z&~1%;a0hP}k~Ix;I7wf9vUVRo8vI_{Ctfejha1G?4@+|LBbKKny$AhAN6 z6l&HZjJ#6#uuZ+@Yi_zM8oZ@dsI<$^JUeatr-~o{Ucucv!0Yi@f%x37je7p{^u1Vv zt2N$^eUFFxF8qr2OVq=2*ucOD0y)dRo{<+i)%pii>!o6%*94Anjm56FS_+g;JwW>c z$sW9=;Y^S5()p?2)-@1*&=`$Hm&c>PU7xyv>Y`sW(qxvv(ijI|W7Kaa>WC1Dk({Qe z?%8sbqtu26cTP4WGhrT{q=oh9KdkIOL}+flnN3zhgwAs0V%_6qZkY;8X+?{j4-?_K z6LDobVM&_GAxTI$#T?fkD2?48)Ky%XtY=+Lh3E#EIlF|vtwqc;_VC7;PYp3@da&Wt zjj@rmB{f;dJkd^!YntKVuMb}yoGiJ=s6NoP!l1Xn|Cmoe?-VNuR>bh+1?zLNzQH;d z0Xy?(&r)*P5`%u;bDL)Bd>N9!l-cQYDHWpYc-dle%?B~4&dW;q^-}6j~%YKv5jBS!=H(BGP7o(LBzmGFLA&$0^%A9aci>9Qy;tb zGy68~GrUAM+R}37|G3`h^b8}N%eJY-)-3Dt;GS4!&Kw(<3U@4qN(IRS{`^Vn@kuvs z1V)uETelAgCBy)I4PA#fo~p|M>46Y>Xe&O;r1)nO%sPEtyHL`W>Z-vnY*R8wqMYg| zB?<3F7<^R|@HQA|m3Y5;j@@m9Z1#>ML7n*)dBmksc5t%@&M#BgWM!o2oN+6y@g1k? zqvyKNJ?}r==P1`kDHVv4nsY{k_GM9IB%NOr)tSgS{)oe!QoCphADARTNmWL-z5uA; zCOq+QiHQMI8l=9?Zl^4}S84ezJ zOX}DUzNU0!5Fy$(*%0EJ^a#_nbvsqK)el6rP26m(N!D_riLF>A?3=kW|Gq!c?tIdCh1dk>vPEaP0MMr)r9YLYD$dcT`uCs;rX5-Q~Ak%U&jCq?8g zV`A=rZmWf~9_FwpC~kA$yDz+Q@rj?P2-@mrR&;E@xIVr@gcK(>Q7H5zO9eyWKtoj8V?t8CP=FX0d z-Qome&xDew2)zpM$cX5!1pP!GAtP#}Y!KwQsDv(qD{r3Gjk?Lqf=M@mxD(&w!H)7?_CoWtzn7|ht)k<;9sZjABDHu5{)^Kq3$gds;F$e8-#v+m32b6p zZvx|rke5-NG{jOVBi@*8bA)ra?ZcGBFJh0FE|L=)Mi%g)LGI)tkI{4PXItl&>L&PM9+`ME9-C&TXC?QJ7` zpIac*45h>nF6eq#6SQA6aJiTc^8n5aArGl6UmTosHOawjgnvK+OC-b?wyX~<9~s|y z$JTyYELjIPFPzFZq2qsj3&pEqoNwk-yhA0Js+Tdm&V<&6p&8}`>9u4L#DU zB8d$n_3kgXQ{9>Sd_RxZQ1PRO-NpoFGO-O34RG|;Hm}tfGe7bE`O!I?gqc0OT`}_7 zXj0>9bL9LuWc?r@&SigwndsfIbh1Wl=cP@B5+=a@T zJk7M=ori&40<9`TK1*H|6I{&cpgj3@;K!0Az4rzQx(YTRmJ|mIpxgumzRIdc73Z7|*m0XxE6YA#QJ=?rz53&_7;my)S`|YV9?7H<#V$;;ZbhyVTC@ zTlN?O<<)jue7F}meu5$&oorr|A)1=j*7DF`iAL{k(4fJkj|kIP*Eunm2N44 zVd#OOW03AHLBXKAVaQQhP;!8Q5eB5Y;T!M!x~}_qzUO_{`>yqU|IIqrnltv^$8X2+ z+xs{XRJm5CuoosJG4m)v?62{eI$mlwlxtaZSs0kSp+4ThCxn{-Eb;0uvhvPZJu zp2{`{cF%XOy>UdT&waOY#B`dwL!hoFMZiK471bP!@-CWvG-7O>j&HlEFAUe;+OQ2SKa(&6l6G`i}Icp>*lgzdxd zMv_H2Iik`AoX+OaI2!DvTTd$zNzzx!_jf$sv6hfomAnoWTfS01y^G(ZG$5n<9@t4o zkisqXh7l73;ok$3Z*s5z)0VvK%Q)|UlcQ6g-e|EHKd`jtn{^?xp;HPG=HZw27Q)Ej ze%Q+05Oo3AkmC+OMLm}G2ivA)5*Aj>0haPza7mCi`j@vz9aq~KkCMmy1ub-fO}0EO zY?rSpZ)`Et%L?h6LS|sL(zoh(c<)3D=O#&qCjZUw$s?v7L*-+I(6`8fy-vwJjvf$R_jD*hBA7F%3G$Ab*+*5> zPU9_kNrbMCh=3x@EB%e^7kh`2s=dcl(3tS|v_TGc`tVART{ZwJ*-C@MHD#hcsQ)ncOY{g8j zt1@-Ci|&UL)$S}Hwa&ciPKb}P&JLt?Cj7qZj}zt41|t)7$fgCZGsmtE)1VJGpfy`; z&EA6(yg`a--lgbvzM{^B9Cs>TE~QYOQ1ZUNLh;lv{jRC0kU9@dW=df48xQxR3dhOV$bS)j|6+mur2Cr$f{oj+|Lo#j zF{fm&C1F{&h0AUej|3X7#E5t1z3}rhWm!7eZX`_uRvb~BR@v<2;y(#cliSkBz$2cf zB3;Te!H-MB8>8KeGK#@`3(W)>c|U3DL?ynb)r@K!L=lT5kbx=)9$W*4&g~Q{Zho>I z-VCaMF>BmdD+$svUw8LfJd@xtT41f z3Tirn02+EIbo5nU`85gZ5d|oWq)Coshs2qi;^Q%;>j6n}z$4UqhhUmc#??no&o!J# zn%Z^Vad%Mkki-|$3wGbLW==%xM6sXkGWIx>e9uY4adUZ|8_st6LFXbw=W+=E=RqGeCyu&9PKGs2{+sAu;u4e9PeTOon@u=L3axpPi8-5+{SoN>UXaB zxyrM>0A^H8At;s$VDmgP_-Cu@X;nC%4x`2nm=R#|_-lE~ivk?r9x6SN%(=w=P?UtC zUH9!qSs;0AYx-Sw#J49qzOK)1GN!`C%UbaRM!c75Jo${NWuf~AIQe|Lr()`p*U9;N zuV`ScS;l>oBD3m{GIe4Yr&7wwx>=<_ND=XRh|||T5Mb5R=p>5$faJ|pf_d$8Qlae+ ztC-x)-aZ5BA&g>FQbdo*vSUf%A6Fv9#F7zbo`gZ$}KqFB&-;Qxl)?!4i zEoN%e?uLxe|2Hei5n z6_cR6XGckFYh2rXZ}itVw$4W#a+dBqecxQt4vEDC2w5)#grh||GQljWJw~n)LZYMe zHJ`MW4LdMwad=3zLowN90KHBr_+2U+8GAlcFU61Up0f50eBz^%KkKPZ^0EJ;UNLsC86EFMA+HBozSiHv?0Mv`8zhG?H`^^Nxsa||-#J*S!mhT^9o;FFPwmzA?Fg?JU3Exeo-C{ZI z^ELM@=Hn#QJzJAhmg2OOgylC8QK`|uxF6gXPN^EJP$Gbl0Fz#JGvR4zdc2(ydyNj@ zQgTpFbiCbFGSxv*MAiQMYS~outG>}u#7X8pDJ~Gta9cmOY3l)SmZmNF#e;XYh;7Q6 zwLJ|r3%hNA4QY>jg){zTEDGuCKeE^$6}+<+;vyfC!Qsg$YV}-`lq8^2Db}v7U@3gB zrMA+9asTieU%>SELWq8goZE8`Jl!_z20u0Yw~3lb)}aV6mu<1X-jhRpE$hwm09>TV z2Vx*DvWkW7QK-(%O~XHgnnr5CW0IE>e!KyAQC9{OT(;sZ zj&K|Hg0rdTz4ae#P_;^guVNSo%h;adbDdYkH9;*!C06DQE`we2Y`;}f%Ock`DsnZsz#H0wU> z31IgPKD`Z|JNdElJ4wg%zHUT-#M*j0<+LgV%%W;L>_-W^3$f-Wgc4>4A6fD|awc3h zhjLOe&q|nB%(OTMo>kC70HKIERX+23!f?jzOgD$qxP{jg_c2o1`*ZL?OoqmgDo&&R z8e!SnlM4-)&b$^$tUetnK=eXPJ=<XV#g{iJ<$|3k<^y1R6M+{+fsg-orka}<#(u!mVY+)W|7?4gVcvvczk$GGGJT&7- zVSLbn19$%64p@t%H=th})SWnxQ8O>1%@~-P_^yDrhel4t&TUE(V} zQa%W0KT{O3Do`Z29p3VO*H~42Dz>5%@_gGE>;?c=0w($>CUk+AsQt{|f(>mXfJ{>J}Tf5j% zk$kXj2*W8%0u``gP)Zfz@GS{bWKZ0WeV6I#Ll0PrA&jEa5X;bV__Q@e!POtX^ky_< zZLv^18~7A;&wURi!&*zyWM)B&dNn}#iCMXS@#c(>EwCA{M`UvtOk+B~Nv=+ZofEzs z9T&nUa=S43PHfw?B7kX}(B-MU)pmyK5~g!Vy%Le%KmUH#^4SHuW@76SwCr?MSj)VD z$RePTP(jV?yDJJOSLxU@SLz*~yo}C+r)?LR5U}6}j%Rm)q`Z#mrfzwH z`(GujC^$aVGDIJ8`aR?t3@IOiUhZ5#!DQ4`GisG@$QWR*l1kiI3e-FJ?W~-huZ0F5 zO2TIdz)oAU#7)J=9?K;jO0OW#9SsyMwCUh30);GoN-cT!jZKmTeF+|=?`3PQtqYpm z7YOC(J8VdO@{Xsp6u*;mj59bV0X2ZvGF-O%ZAYmr%*+5iyW^x4G7v7)raBa2JTPV6g z%JhxJTb7)NU9Rq6dx_rVEP`Rb@!lnF2bp}PP93-lzd(Kbd$Xn_k>k0&vuiiM9W0{w zfm)xJeT=o0v}~$-z*-CVDESgk9#)h$K=N_ zPbC-LaXxnNb9YdY;jwn!A>?SfQ8l(BZ$*wxfsxniI+SwZSFY2;wTCb0;KEZ7uuTpf z>Je&h`)4FcQ@{go6wc!N@QrhKq|m3B+nRIaG4V9`MC!KV3UidO8pSOk`jM^WNAj2r zQ@_lM^x4Zi@C){lsE3;fCHhS)PPH?^O&cU5y)-5c=I_3d$~JG62UkRp7Q0x>PBn-B z;+1&4$~`iCQ4tLR#}FaE&awOmoBMnyWl$p@d%=k3%@tBb&|#na`KDlp3O*bn2XK^6 z0so{swp#lvVmk9Zg6@Z6iVPFIY6a`zvr}pH36Xhq{#d_~7QljC8P|m?Hep5c->FI{ zCwXE%RMo`yT{)$JH@uN?^@tjw_B{dSrk&TMhh5{CKt@b8J1;7WqyIV3Uuat zR~K28;_oTEtQdrv0>!eZu8Afbq@h!v?7WdUPW~`Y@VhRI?b^=0j2=8RZY(>NQ{Wo6 z;t`CVetX6d$l!H%GyN+?70~=MT#!AyEV0iUKD>{z!vO|%U}Nbk*pbis-~zpexj@_8 zn@O)T&VsNfn<$Cy?8*-2`{L@U$;_ZcHl+K$KS1wkj-X509`~!hv*Mu!F~oPj8#hWw zG(J?8<0-{vm+)iDa_$7Ih2|@Nb|~|Y|4R6)s3vKnMG>IE6#06j0Q^wSow4XgQYyB4 z9iaCG+rh<;?cnvk}@(88%(9 zjG4dV9jld3r5#| zesuTzd(2$@p^jAY?xRWwsfPnTQpA19Si3B57(Sacg(PN6N=}FWF<+yNe`EO7;h+ zhEOpS*iU3bGtW^?)duFeDGS?WR_dtdczZ+)>tg8}tLO9bv7x5F(k`Iw_g9Pf{KKDY zsm1CC1UahcpqpT4OVE(dfdf3&!2=y8)~B!`3Bb@i-}2k2M;B@$2qXkNh(c!R!nYa; zkmv4!#x^~BRb|5dXGz3BX4GVYSSBI16+fSFdJIBEKECk^Z};Ow-YKKHKWLD=Fi~s) z^-4r5dmXV-NyJ!@8q9n_b-QWU$^=ilc)TJ}EpL2XuUvdkW__)fC%_b}pYri$t4A{& z85qQ+{`M7&KktdFpXAJ+p#48u5}Qn|&zzR@pT>ZXtH z{%T6XnI#C#fAwj0pf&wWe?a`+uM121o~Mcr7`A)8b+qyr;r@Qf=oh{Dvc%iU*lMN& zg?~oy+#CTimq7Y9YBC~#ngT>!R7atnDq^Fu*fJ4z9qw%3vDIS@TN>un;sIx*O_vBY z38B1dNq&-|__-|2wKn?X5IHsYa7s7j$K|d#zo*HR z#kPcJ{3QL|eI!hbPr@?=F$ph&FX)~lQgk$MXp3#X4vM^l4^wMc{1f{4w14>z`1~mU z!(b|3@bZ$z0@KrVKleP#C7EAke)OVBH$vMt-YlT&iL}$cv#al|4_UsLi_t&Gv@}TK zih6WQ)Zk{k2s>fr13Ny5xf8-xaD%?tb=|>-EJv7#HEG+t&b$zr85kpXUHZ(&j)*MJ z@2RY8W})|9{cXyW!zu9gz8kss)_|IuFX`k^LHuXk#h9RmK&l<251k0pB;EqjG4twZ zqiK5^4}hf%BIUja6E#X7N$SX;x9SaOws0~CiaLK)Qh_=gsHo)Nd|y=tJU!j8KfKy9a)c7W!+rT zE^V?C&b{|uukn+VwPM=KN$Usl$=oLbDr`-ki~zz}MgZx(pFwB%LTyNv*6z(j5Y;^t_H5Rd(Rg(q4f zlx>S7>TAzj?5ICvqxCLJSZLKWX~B0(?GITYh^fS37{0^|XiVbGzgwh_Jw z!I|`NhH$qB>19OOtj8r{*!>40={xyQ-Z^9$HQS((L8D5-U2fYaB_TzO0)iM-wNy5& z*-5K+$uv(#Rb!xQz6ns14`%DyE+dC` zdB^5VDnoP>Jz3RLw^xzS#9(Fw7PSc5Ft`L5*jT(&a)D&dTEK2w#wqT7R}gk;9uor+ zo1F=&!XYrol~Pai@%yQUAgY=RvyhdL${19_7&WiB1eATb| zC$p0Vz~f?~bEv^+S@y9@@9AI@Y_)!HNe3J2#>-5-)o7x$c}hGOEzB>o7Og5D*Iu1V z1Es0t@_ta5Yc_)8Z)@(lJ{Px+;dJ zm$qQM!p22THcWvM?{ONF4pEb3chqoZ6EW1&FPD2*F0Vgt`cT>2Qv2)zy{p|?mN z^XS!qYvv3_80o)K-1JG%fX1)+OVxDbJ3%^eH*>I6VVZYEW~}Z`D|JvdL@@vK@Hvxg zD`%ml{Hm5enSn(!O?$rYEuXmG!B%F$(KtPUy{T}68eE$E3kCDD_cTvVOrtMcncl{i zk2~&u=!z(OiEpa6c0fo;(&}4I(7QJqpNzFpVge+j)2c#5$li=;-mH4B3{xfrE$<2y zT|^X&X2oiEUPxYhxwz&|#z+~m@)JcDMQB8ivIF%wKoM~2?uDqA2 zBOY`ls+3ma2xb44@Zh=6I!NuEHymn@bUWA7Ion}*Ius!Mxv(QB&C6DPPs`SiVqipm80j4x+XDI<#sg6}cOja5X3<)cXL_nIZ3MwIN-inIMy z;XRQpV+!-6`_BBF+_kY*MD5{Ae&Uy}iFU%`tG;M^VdKDLN8KvB)0YI-r@1+*4x4A6 zaTV34e|J;qT;?u(u&!P26TJ6e-Dql7E%iBiip1^q)@CpST&tEUQC9>3L(|Fd*yV;J z=13T}QJEbV(k?VCfhy}Y`mVA*^e@X_9-`Io?RwoJomsyyl-u$hshYde-5Mh`Y-k@{JB8~!V~r~*LG{R8q^|^S6>qq{AORa1`b4pSw$>F7GR(zrx(5?``UxsjcvoSXclN8> zpGHGH-HMioyK{^fS@BCx;K&;_-I!eb+SB}@B^DtblGWv$kv_^2K2P@|;l&(_piRU^ zZP?n=gy5hKWxOV(LCRup3XrN_q#zH0ub(L2_FaHU|H-}qf%%|=Ymw3L8_6_udf&4W zCmD}G%A)qDt&?Ts1xmqh8hyc$RzO_XK#u%+-acKqS9vOS%_Rcg`gSrC1sI0nwd>bd z&`fXNg4NJcBx%Y5X)=MA1bibpZq`8D*-C?5CHMv4;9x>HM%cG1@8Hd3wiq&*gJ%4> zTEk?>CJM`SzgI?C>^MvSR>1Pc$VHie#ltBDowyx^e>xQpxH)CSaX;4)$}{-?;LD#n zPUXP1Yc4?iz-Uu%U*x2kk-;atGv5_{uBNpou^RrdWahKseI1*XB!=LRf+BR)+jlRq z1MF0wC%AVtd^6*2W&+z!^mokgNICHF!f}|1W64C^kk$%O)i-XJeFEOjeAm}eG<@;s zr`9RGgg%IV+R!9ie4=okA9||orazAYO*%1o?W!K7?Y#2~Tjlw<^V>SUn7qZI&G`}K zgAQ##6Kz%C+05^vAM(Es)$#QI44D4m=j1}27)-!@7nf8k0b9D8KwXyf}4DYF*NX43;xjznQTX`Xpdg`ljuN^mKfB3yo~cjqm2dR4}WD zO0aGxny792+#NC#nHGIqoUGgm$-Z03kAxZ#df9~R$*-pO5h=_NYm#QA$$NRU|LZs-L zeg!j!nOazVU7K>&{++UOU?V_7a!jp~m!L>Lrg z3FjS+d#}(l-JkeVmrdF4~8 zRho)DeSC3z@En(l<-2f>dgq4ABOjo|W&dcdu2}d9Ne^EngGfvE%4_k*X$VTKcQF$T zcl>C=9#*cHfmHmY!u0`G?fc&Bbi3zjxGFahvKE*b{xD@LML1pmf^Q{zW#*2moa?0g z(Af70z^qdD{X4akliqgKSuMFnAY^@1d2;!2XgjC1B0JYd3Djg)@LVXN2=bg9M(V++ z{44NM!i4o=Q(v!b$s0y=6ADCQlNI1h8jrfPigncnIZ;#Kj+t^R?S|I`H zgEz^-hFR&`p~z7|`j#rUcIGLGp@w%qTnNY10G`shG1h!}jT6_5L^0$(csFMW%4Ooh zP1QfkwwwvK1JmVP`B8QfDjX$AHAa9v{j1xVyV1WlyphMrmM6!KrM0;yPRn|%SlX={Eq1)XQI+nO%co)GQ{h3Rjk z@4@b~m3AsnR=2E5Pbn3(rKS#VeOjplrnP<_yt?_gNQRc`vETv3^|>-~#~0HCOv&$(hDUs5SQ9X|baXb9OFw6;Dt_Tlqa8aVu!ZO<3k>xNNiuB53t3yUwI@MT;L( z?2sBFdN4Owuh^#SnSYQFu$!_n}<;1yAs`9{B;H)Csd`FYx&p;ZHE9;+UUjqhl+ z?LYzh+rqSys6Z4sk-*HpF}Zq5m{4aF;#{C%xiL|-;kO(}@v{DI;1T!^#&Pyrj@Zp= zJs?fu)TqzvxN4>ON@#=FxqdeXxmantyT=6c28y>eXC9X@4~q>t+c|kaA>^0oAa zR7P<+A^sqb5yOLtQQ=U3PfB+2~Sr!4*Nl%^v8%t9B+Ip~?q5qNjaCvu>c9 zT8Dv7#+b^^+deMMbU@R360%Z%F!1_TXTTbJ^;!EUD!r1em(RSJ1vt8rHh4WD+k$qx z++9=&W0z^a#SAix7cRX;2`a_(B^-R(*?=dg?7h4bi0a&nSMg_Fs87#G8rg>L{(4yS z_bh-Eic5tC=^>cUu_EmI{?e8lEQ5T~%HY7X?R?7>Ud~Ks?HJLVIv@Uiu5qa~=uF4| zyzvCp(t6-_aBeI`i;M;?Hjo3$`0syOA&IXdPq_Rw2icvb{!wB0HZCTH5$vQf5yb^? zUg5mySAoxMH{F^N9tkbQJW;$xVXBVu_^K`?JK+X9<_`06SNkAI+(rjha>XO&%hQg6 zBFFDXnZQo!`eqJK)*x!Aue4O1gW$p?th~uDkZJ(J;UP~%HfF6%Juzkz9I69<|H=S`cQjUUbU*cJcYx2WOtx3eFZ_FD8lI6%6Z&;d+ zPfY|@34%@{v!5uwj7?bEavk}ZB%9IHBTWqQvTw4D(a>?}GES&7rI3E2CMCxVc#Usk()QW#jwu7_-xxg;ED z?UG`7W%8Pzf)xY5mBn+8zF2SA{B)KZfPfD(dtMMBL!Cc=N-RjqaPhQ}#t$IGSk;4% z)nQo;BX)xz0Qjt#orxiP7E$#>9Ok{6-ddF%(mk`fTBk3r*he{O-T=1kerr2u+7z+! z5`aU|LD@IqFq&Psa=s@Moh}yxbKUtpgq;((L#_K9($%WDL0Z%PKJ<}-v))E7Y0%y@reul2V)#gW6MG_L>sqSI z@7-HKV}>ffq>x6mkZ9#(#1V2t8lbe|rarIet+sjWDXQ+DATCS$OZ<)T@@S!poC$;f zZP&>hghZHP#Yv8cfp$|gU8Rjrb_8-HO!oo!?FE<2R0OTyyx|DiKloxFA+^2iJMhKG z>iblCGVTk|92L=`F$3ycsX@6RZA!jlI31v}e}a5BgB+{9JedMr(qhL=h=6T^h5OrY zG@L&tPB{-4iP~2QvsGo!(jk{Or0T(i1>0=|;rnMI$f`_)gxO$oWo@%7m!i(>Oz1Bv zb3Q-!Ab>EkO~xV?Q5a)JTbpB*Uwd=WsaH2%QgDG}A-7Y}V33K;I>~v8s-Ojx6=3Wr z$fbVm&nxn2k@<<%JZz_Dnu%ts1ezgo1Pt8ff0|C3!klbJ@op>f9{BpN?&ZqCU!l#H z1J_DCC>HG-%Ip~umbwVb?B9CH_M_L=(c+3d6{$`T^5JED|k-4^+>g1wBhX(l1bdd1dR4|*u5a0jv-te#+M5;Z$&p#EtbUuN$9bVc?5b0 zCqYFO5caH?lELpN_+3tr%3{n6HP52Q5T&G9oJ6@I!)rljWX5I;{WT60ZK?0FdKvr^ zN@SAF^6T7JqwI71I%oIrf|`F@>EsZ`O`HU=%|&$H4L&ncQ9&das)|&q;!!`2!s5Ar z)yu-aBl-_n*b9yg>b#%jvA9nCD^`eCCKz?5K3#94;=QRHdVb7ym|Y?3o7BBE3=>Tp zZPf-^pUsxKUClmCC4lsW&W;9qzv$L%Oi#zdQ3Q<_W-_sM(EMyu-{h_eKo(?ho5 zj+=@LLkj29n+DsQ$SN^*K5PihxdQlc0HXSWKMaho zXC6MPwzqj?7;r>{47^~1eXcRzj{bn&#AOM*R8@qQ5sJzjb`_`)Khy+uJ2jN`)(;Mp z#mL~7^MTzFm3u=A`qR)hDy1;J2flpP-g?5Tq82fwpe8n_)r|M|A`Ot|$5vCdx=X}2 za|zuWiy;cYNn?5qw24jN{(w;#*^$OEI)X1BzCaTvyD%0X;()WTX+2~PC99Zk%BP>Y zr-x#0sexK82|)WdMi@{Jzk$pNHZc(j=92llmK6$Fi8<>fT|xzABp$$aM^$+EeA&he zv|)@=0cqpP9++fTlm7PK3iu11CA3l48AKUxErUi{di(Ti8N!TM5uB$YCW#7Nbo1Ew zjDlVgY-`LyCUIX6L5J{`v~WT9qXlj}2rJ@&$C&-{^nWAwH5n^0;) zkZ~E>{x_~UXnGKQhrz$p>Twm4)#h!O70bv}|NRlhgX+xk$nsT;4GmlzSRQfa8>o^Y zNiUOmrA}(X-$2?xC33h1{J))QxKb zeuP}~WLqZAJe~62PEjj)CfjAqQ0rn`N)x!8w7>Ulr8 zr4I}&AvQr8k4!dAJLEN6Ti>>Og4P?A*f5bD5OTg%bBob$gxKj5o{7M(lu<|WKkg>Fc-M{HY@9rHTKC#ZhswCQ_hK&%e_ zIK;y?0+qgLZssWY!dq1v6QZa;vS}<|W!nT4vD&a{OL8T?2nc`)vq*3e*ukECeP=pM z4Wx4qY7~Q?7&Z7!_0di24?m5>?X%F;AOn@KO;%Xb68UO>&NpjqnE1h9s4zv4Go*~E zZpr0<3uQwD#J{dzWG_#=l6>rFhu*G@9n#f*qv+IU6MONok0rs5JqsI*O0Ec7Hxnwd z&F6OJ9k5`k9cZm@S%*k_0*`PvY7-Hkem-U2SYPfu0L0|mm8RNtX4%Y1`8G!%V7DsC zCB+bIVs6tc^me{I3U#c-rr7zSjY4b;cAoxK1z7`qk&JT>KeyxhrDC&uF&GvQY;YWF z{>~y9Ij~jUN1OdIGHSSuF^?efGBHW#o3y zX^#?~C}nXl{gPq+qLPD%QdCny|I$Au$8kjrEzFSR}eo6?`f0b%LTE3sPCQ&Hj@p7_nuD@IX zSDVI)#kz!i3Bt-bsWrKF+JKW{v%H57 zTK`RNMd^4mLXz*FKmWMqr}zQsSRH47!U)OU0m^H0cK7_qT*y|_n9#19n*zHe(GOve ztzj=bWne*&_PYVaT5}V63dlS>dpMTy)=xlyIY#rK^JrAa>6Tc6-MUzqoU(CylJLg> z%g^-0(^o4;H&oqkh}uj|qngjHp2lRjl*3ag*;$UNHHJYf4)h{}S2`t1w$CcAJX4rm_w3_)4rN-iRr<>ak@L)}DKmBv#V!Kv^|>^{mwIa3mpXOL^bgFQ0cIn_Vhq9VV^D?;Y%#%Cm%X2(v<~m$|iG z`<`Z1g_bwGG^okZ?ucJ3l4*|Yt|LGu6WMKkio1$JK4-x6@57XjMK|m;?Kh^cRt0As zZf3RcchpD@yed0oyjiJBxcW9{9%*)IxZ$qTSimPZm@kv>zO^#k7Ih?!rvAv6?y~Ae zeth|DK;nQ$hrLwMekN)ZVSK#2Uh>M$S*5ZwwVD|_yv?*J9k=mK!>|53IrRxG)9!Nu z-doLAuK^U;Fi_frNwP~=;Xa*cmx!ZZ3qNZ|<>po$d!EjS8<$ce#z&_SA;(VhQNbby zW5?jwiTFr<<0y(fVnMV(c0pu<%{9YX)Lz$KFkn;d=mz<_pHGG1KCbIz?f}PEGAQP^ ziQea5Y@Hs7txb%|u`NaUW~7j4Ct5at(LL9@DmUG8mqjORu3K}wrar;^Kusbk22 zgQ#mh9~l9Uj;_$05Qb&*EG5l$RWn!lmG4LmO+iBa=GO`BEj6Sr>!$f}?2N8IhzB^# zxfwk%>_7fodDU?K>+A}5kX9r%I=vXFU~gPn>5>C|z#I>atRKr_Y?eJSP6tQ;*Vf7D zk0q5Y?5QGKD>R5X+gbG1^Uamb^;=Cd5`Q38;?EgmI+0W!0$Km1a;-l{3mLC#EW{<(PCG`#dL~~m3;U1F%i;i!K^`!>u z|F2l0@96UFl${Sh-AD2iU`*hGsHmsYwAeVjPXQ4a<`%3}`M&yNqJq*LG&(%q7ID+vS0pH?))pst^QM{xTzRy3Z4^t zexcuZ^+b8EUa6MRb<`%oLs|ag+$dJ}y0sbF{w@i?gya2H-x@DI9rkh|d*5#ZPh|qi z_J<_6ZrcbeOnTZk+nGyd`ppf-?dahG(W{4&l?X}MfUPr{t6|86VGX7c(+lvv(CcH}bxPEQRlY=#NyR0Nwbvmn4ORcG7C8JjR z)=K}$r{EknkMpc4G-GbZ@nzJtU0Z?Y6HNzUg_oz2QEoFRuKXT`?b?AjPNy?8p}b=#Yi zk0BS|jXJIrjf{@#UJuToH#MNX2eTCgO2dl0f0n&m+&HN@h9rU~{LgoJ$R_BU*j0M(bu* zS7|0_Ka;jO{#T2@N({_%%YW-al|`1V&t5sZc=XYPC(b64x&K0ixjR9H6~37r6?C7K zA$Cd9g0*+?`fl_QpsDY@C_S+yEE1ATXs2b^j}@uEP;SzyGjNw*l}66i zgckq82aYI@D0ENP!=j5C@Xj6lJ*nBP8iUuFF z*qn>4wnyTD2DS2Xy}jEv_l~hr9CB*yurr5(+{c5Mgsz91s|_GOz# z*Zar$Nq2tMTcW75jylwB9;ZZkP z6P{1cYX;abe-VsH${DOM9QR!Ny{)dPN&n`HW@1`j>xT3{#jy}lEC|csmN80|;(;U` z>_30`Z%gjq*7@NhypavC>=RjZ+Dbw2%=k5@AXCY6c-^z>UJnlc<5nx=O*M|)OABN8 z7TF?TnM)-O_2v1tx)UEc1-!TM8)LGYGEjeO>iE5fssH--Ao&cB5y$?VF6Ej(vNkvD zyprGh+j^z2rt`PYnmdvl-QxHI$yv64oK~9ix#7yp(c@#;$r>ANpY-*z#&+a%LUksY z7r>yR(tD|c;zB%Vq_`gCeRD#*ckNnD*yyg$H`_jBKjq}$|9r96j~A3-mZ?;bwe1fY zEpX0N5}uJ5Im6oS^hR_i)78gz?74L9{>y(ryv^)OyQzOmGnJ>027rBLxnJWZ6Sq+j zYtPp|l!<1x)B_d|BwYO-Ao{Q2tdy7HeO;qMZ21fEKeV)%_OZ|IckvE_lh=m3NJgqRl|)I1tx zFdFIBzyV9RDP(`SLPODXo5<#LR#*M>vXb*F)7!@9+wQmji2CdQR@4>$zlb`F173jc zmc~{rrxh+UJxI$bveVBy4+igEFJY*Dk@qr;)Zu6Ah#nv_kv%5VELS8&l+4tC5 z**w#~V6dJd69(i#l-Pc)*m9W&(-qU17Hgtz-4U}mJU+Z_X?geU`0`~Ph*4X($t;BU zlZ?^7orhS|A4KJ}W1=k%HeuQVynOiIoys2z56Kb$ue~NnxDpA)Si~;Z1DfZn7QzOS zqaw@fRws2W%C%+J#J1RxbdTu6lp4)6p+o@D;+5iO4AWk+u@=|7p+OL_&}`~=p|^9I z%IDVrEwbtoBbffKKo=ExL>%HHoVDO!qY=a6#O^t>4{)h1rKRE^c-! zHTss@G=2bo*z&G$Iz8aW2l4(o+ts)74@H1D)Qt}qvTbyt!_2T+Npr}ZFYdtZ#xD@Y=3 zRYomFcgrSKp(ewOID0Zp%gO!W!{%3ChY9HZ1uspexCcD08uk?3S`RVRPUEHx3#&&u zZ9m5b%Mp+a1Gr1u^K9L}bP@6zt0W%%tTQw=&ON($X7XRw#os^SQe=k`re14?1Qs`X z3~a|jK9X4aX9kpV7nj$+$ZDUk%^c;aen)rHstT-o$Hx@i#cI;dFAVNMIMT3c0Y93x zi*F*?`x^rpRh3%rId8{zg|97(XGW!eI^#(+g|q15R+2pg6w!)3I4comL;8i$V@DO9 z$^{mMk*a&0AgVBy;lj-kZdii8_B{NqdXBiHUe6~yJBt^;@NNBf0_RHGo3`JG-kMSR zY#%K-U}un(Xaa>c(s~Zs;_xWUQK&4A)v;^LM`ZKklE!jcs?}IEP|l3Ln)CA`E;~uZ z0=OVDedNrD5cz24b2j&1umI1*$|dfJ6qo%oxXYt$nU}`@3*+^qSzC`;nx5g$pJDFe z5`92v4d?C-e$qx*uLz&Gh)*xaxO zhH6be>ehNrd@} ze{bS7Ru08C$}Oo(*wYXM-WWgnpK`z@6&adlg$GJWjxrus|kTL&tK4hQd%}%Fc2y_+lnRjrS}X# zHfw&Wu9AyD#mXtO-??}=-N^&AKGfO>TaA0t^A!&epB0dl;dC4UH8uumzG?<@hgym` z*SFkR${AlF@<}OIM`M9SP#u2B25vQb72|^2DO%pjta)n{FdEvY`Ux3Kq^U8}eLKa2D+TtLhNA0!TX zL~>iZUDmUOzRM60_ML%K4>O6I^p=^Yo-nf~$OAukQQE)7{BQ3K_QgKPEZ?F^%_2&OV(;-WEl0a;70^UI62WUeqp%nX5 zL*2r)wbdnK5n?9plKR7xG0mtGXkyyRLpl>zeSDA`{ncL;46XG4hrPE9s%u-?MsW!c zf;j}ds%n$}3laSnAODB7#-ogvf^2HV zbI|4o%UcJT5kd&*K0X2&W<=ntvqSfe8Ld5J8K+GqxF8+(SrpC@ zcVHeuEtF!%h1crf(2YYDf^ZNT%n}sgYuL(mVBGcawPU7;Zds^^A#!y_paPqoe{xA@ z`r$e0%EY|}N-Kp3*7RSL8p;2WVE!KL0@FsL*=&F|uB&V2-Rf74BWt3*<_-jq0I}1B zbG4xqVr5oxT>lb-hwg_fm)osk`T7rPsUeYR5NWaX8~e?lu6B2~N@MDn+;cE$2Hf}p zm7dnVLFp(T6C0uAmet`4`nKU!U=?aKdVvLd;6ph(EMZcM!pFrW!L0*G6+g)L&? zs>>T8wAJ>=W|w2WGuGJYqOqa0C}?KIVabd*7`tMd)#w=zR5q7D!^bvmFSS6a z^)_tMr4ox*{@Pf+2|voZ4qPgQJ-=A1rR$734)Z)nPuoR5g2W_98TnEv$9Fa&-iGOz zZ=?3McIlh8fVNE8AgaOm6M9Y!o-0u6jLe;UZNzMwW8w{R1x;}5jhxS=Im(Z0)mZ$h z(w^f&p&uo%-l&;C|G7t|G9LH^r)R7+T&;9($3|C(Pf7Ua_ljvdy?H)3!i43@)(EZn zo*r|{Mm9eT<11S6dEdHkmJBeJ?(P~gh}bvV{Hkccp(-EmEx)jtW!m7FT}*F3_(w$#55*;Klb zRTU$xzpCn4o3qGeB*>=mSO%Zd zO>wq`gw194L_mlq;Ot)QXzxj1@L*t=eFxyHik5U2&^@mPPKyk#B8bfMk;OXE(+z4D}R{yacO20Gnt$d5iz{GozjNW15e=?o_U&HZR{e&WpUInbILEB&*M_{{{v(gWA za69u+fZ#+)6=9s9sI(Mej6lAJtWBMeR~N{x3WSZ$nbZrd{kK^V@uV`_XP) zb!Mg}CY+)gZgq8dxl9XS=W(pjaf2zqRP4j9LmMS1EVSh<=+%Ssjpq7T)MZU=F>L4B zOh{Gc?Z$0oNmtC#Hy6Xo#~tjI(WD>lN~9M5AVvbI!FNg8N;enVn1V$HuR-k(l>DEj zBAVj2#(qpczg~Ci;xEP>k%3A9&T0fpRpGXtT-~)HVB#29+97E2XWo(a8m*C=0(?dA z=BsJtUq>vf5n>5#yYgFk9rE0;*J|jHWNIJIGWF-TO{AzfDl2-*hII@&j(56YKyEA> zjkay{0PsDmZa(eclL|Xa5je*u0<#O7TX-E$T;N|!&0+945)BV)p;R2(D3{}QALKx< zhi)bn<$W=AEYLue>&0GjXrLKVtj#&spZ zNq%V<46RtKDkT5jDx>4d8Wh2UZjNkwn*0`m@~$t>N}HQC)ca0^WN`}T#alPdSyI4R zX^o+7pj#70s1fOkfR#6mYuFy#8`up{c5$b+Kp9nJ06i)bxJ=RhH4k!cSlR&v+O8=9 z5O3RXhrLiPxH=f1eF#2=HC{I%4UmQ>y#FiOU2$3Ect3CUEr5MzqoD}436`5FGc7G( zWl5RvZUKi>!(PilTQ9&WmJ_mx0-S(30|UMebfbv95Ws^JesjI~Sp?^1{(8$q=H1u_ z&IjjO$IACx+~G_C+ON3`Lsw>Z zt3u{UWB=H+tAfaU`1fqh2ZL|$R_HobUwhML>-m9$8+GfJk1i8|6R>0!s?EtWQ~q_CB1Cnv@wh6S#F;<>H@Fzn?h$*@#T z0q1hm(W;>RJ0;z)K&w6xWpVuHBxUlP}P99b)eq*-i(5jSmX=MBhR}j1vM-8y)H;65kn0utQ}fN^6?Y z{@@Uh5MR2QPcT$cowDO{1TMp<%XX%P2BgN*7Bx-M`hnlI1!Y|jU92DEW22K2W+ji@ zuItO?)rb*C{42!Wk=#yCcj!cR8?wn)V%fpp`0a_N{+IM6F=}suh88M*=UT$ode$#7 z>BA0(k;1bMZD7l!3;(h`<@S^5qx<#+X?e`mmZ&$3IsB@I)~-kgXK3S%9$#}OVRxxg zd8YmsYZ=g)CjAWg($f3CfTCm|7@<-N$p(>PImiTM=Ft3S75^`1yGe|E`}LC4sOqOQK32tFGJJG3&E=*exu)252JZzvu~%n#Md>OvuY=hON* zw&TeC|R=?YjmL z1crk(-$EcG|8%Gh+>xDGm#r%RA70L714qJps@F%K3Oz`WHXvhK7}VSbVO+-WWBgxWhdx*{yRMi(cG1NzOAu+eYL}S1xqK5* zMz0p$9HB2ApE6DfMAiLaKEd^Exb<#d=H-wek>3kcD{{j1)oLpXe(8X?h^kc_ zV)%sN{SqDAYjL2=r`$0JgDUd)AN&r>o85*M3eCht&G#?sz|LAR=<7Ct~VL_UU z_KngMC8WG2&hVK`=AYQG3Imqh1jmtL8Ve-jS*Sgk*&%sQf^YIaxLj4gtbTyObBMag zF7YOz3>bzYj)bxcSrK1(PNVq8FsaeNF>CVj8NDCi!i^3jmH)-qCA$ztK>^yoZn7iB zW!-5l4iv&>5z9>ep;HDw{`OHU?e!M1VL=QU`>B5f>3{HWnPPr>)MOoM^#5#p5aRbY z3@9mPtax4=5H{ZDa{f+kKc`#}8Tdx0aKmPB0{JS<|`u|@(OqPF0vPCK|MW-0| z>csAO(fr+3ieG{nKaFT3;`9-)*Rrbyo91S173#lCb~Jcj+729*BC4uDHX%BWjix?6 zz)dcK0yXGfrutzARuUZ2Q+bselKv;S3f>7ASh&(nsbN(3;#72lpTs<;L}gOH-D5eV zqnlNT{?kgv|Bi*5?pCUH(X-wjR#*HwIFJxg=8cTH023V|Tm+v!qHn|F`b9gEe_S1< z#NVTOY|LNG_z;NhuqT^F=Zk8pJxl1RwbU8IF%ke5YP*{5uF-wMZsdv(-dvalx z{u$5AfvD`9`QUY?`FVVAyX0PUkJB`^akNm*d47(emoIHo=_W!~ye)X@&}QQMkz?(! zl$u+u?cO&(Sus>bUfCI(&VjtL$XuagQYM z`4Cy@-D{zDWkdItRptf2sd*zt)@8nYS$td1J+{5ez6v zy>YK&7FoRUJ+egZEKhMQ4#&1SI`E_S)0?if59IjCr7g>cwZyaD#Q7-al;^iG z!Fhnmj6~VC#pTLKs>Ghp_};kZz$Hj;-j85{<$z;C(p8?|)aTeoVCq<^vD`W1vYDFq zyusNwU$$-!e}eC(ZQGa4G_70UbgN3ds*Ha^MS!Pi^`39eRZ>TN%ewBxWLvy6nZN3p zYud*+rYX6J7-O#qxB?C$Vd$sdkH&it^Z^I_W1HyqScbCVRL3=Dz9(7^#JD&2-J|RC zj=0M?3%HN7uDMb&fRh6>cO_@U-=FGmoZnlFM03#BWPn4BwL?T>Z5aGXM^5Mq&fHZ% z?Olz_7&j>zyfY)>%sg4Sj<<~&Ubv@RQwLBr zDi@Bw01r2nakN%iz~q~vvaXloy(JU)zB0B&#L_SSG!6!EV7`wd$bF4U6-;GfW_(UH zfwGg`<5d_zrP0*%3no((?NLneNr(G8R{Q`k2Sy0n zdWxBUsT5WTFx!w?S4E)&zEy@Ik6mQ%_`tL)MmIsNw&bAv2m%hCjMYU(#rAI-lR-Q4 zT8zYhW#?$>9V7Ca{jyR>Wrg?WwP{^&GcM~Q$!daNV>)IlPHzeil9qWBpNUni<$$lx zyTEG2s;c?t@qgEM|IP>oqQNZ6P^Vb;-Y2~+Yn@Ij{f4%iu{LGZZR_>i;P%hAyFTN9 z^-a-f_s?tfF8XE}@t6i^yMD2IWPoXnwbHe0nj)_TKH1-Bw1Ia_n~k`gWLCDv!4rF* zz}}v5_`mW*S$`i>nF?4KsH_A31Apv}n*j#2_yxa}Dn=ZvkIs2j@&CQo|5aNQB=1lG zfsjpa!Lz*6{%0s{pXg_wQth;(aH+~rFvX0V7TXU_ z1B>+*bN!PX@>g8^U!V9(5|k;yeVWy@mi;pgpR>U(z>InJFgut-mR@C})&_5)CA8Ae zKTZ94@ISZ)DHLEtR)nZm_GcCheg`npl}@O&Q^Dn5;{3j};H=U_Hj~>2!;r`9s_M zl~QQ+9Lk?YQf*l(x=~In3Gvp`WIpU(P0Su7hM)zEyf?<>&{NIhDtKPE4ckb=}%MtjSzHw z{>@Dlop8@-|K-RAM*Pk`L90k*tpba-xxTKGES5v72@n0>NfV1OSPZF`V``|rbThR) z^z5UGzl(5e?{oL&Lx5=;9J?W18CjUZeRzbMB!nR)A|AfvKWos75oy&v>asj z^QVVm{Ba;q#d3O~0P3$jcknyu+v_N7s4@gRBKow@9k5J>@`|bctxQt=mPvy!c(}>g z*}(O-*$BdGXbaPTm;(+>>^-CYBVnB;07O(&+u)l}hok-(kMi!A#vY|Me_sLVS`fHj zFG(B(f>WWd0^dXE44ep>5|4c0#xPwkjKa~EigTudHq<5uzA5vBYEq`JQ>?B6s+?562 z3MWT|y~8YxjhuJxLp<&lyjj7}^9@~4I{!mk{VQhUocE-bN+hbCq%M*jFt%x{thmnM zP_-Xm>X@bFAak6XGyRWMHAwrtsdowE^X9lEgduB+*BI`2eBf0b)s(NGk~>CN;=+Bdm!4qc4pP^WnHm(-^G_7*7+S;iv4 zJ8jHOlBP62VC7C#_esw9~omE6##npiFszps-4qF{EPV^p@+@LUdev~ojiSGqNgpF2I~}zcTCy)qYd1C z^V{TDID(r8eAy7$W{Cmd=yQilt0#8qdSVO3LHv~R<%`veAJ~uufDM_es+3lqi|cJ} zVIdOx9QokzMX@R2chzAS5b0j}`C^A1XknvY+pcs#wysW*SGX$w6C6nHBO*YI)Udwk zX2V38IJW6+9wVmMD2|Y)CIj~P5HN#}@gnR2Cni+b!v1g|%C((q0Z&*zSU1kghl*yT zx2;r%j`p^9ZaLKWC~tP@OFH6eKitFAA}D5WBKWJmazKCGrNSXB-)6 zg}mmOuc8atr0Bq63N9DgUirQoq{~Ji{EKB>dsomI&A?~GngJaA7!@nfVEdx+ zG1wp&$9z@q?)j;&WP50+U=JN&5_rdry~~YF>i$`-HCN9B=osvgAo^}HJ2j7Na2-zR8XbkLNf3i#I zB@-ammWjr}3v{ABk%n)(66xl`_g9apb=l$qe|8$+6z(4mAcd`*wFmhM$)a&gjQ20s zLOkiAI@Puf?%u)#=0a#*1f(ND`#y6yloLLt!#TJyMMCLa9UVoH?xPyq^eBP&!nzxv zigxo1+1Oo-)`#TyR)}`j2Zc%|d{8%q>q$_NtdOcr^*EjgZMppFvGfgb3Y&CwztBfH zeVsT_#Ghz1T&R(IDy0pOrImK*{o(_b&(|Lc5&zhlOekP=E(`sDS*`@usX|#Ns$iX* z#s6*_%Pc-V!F=wbfA5lIe9s4Ta*5S_QV3?a3)ZVRJ5c zteyM8k(=`<{(e2PE(R4Wa;BmHUovIDE#Go0*?z=sZY?P)HzcEuRiM>p!7&m@nSccu zov(hua4l1dYzXpl0+Az8?;I{4IL#;RKNC`d$J5XJPE5oX-><0(QGOQQk>zK zCMUz-m#PLV`P1XRUV0*(rjqxZDsW6Aa%-}%-{=3rWs^ z$$m|+=Qbo)Kw_)p)fT;1C0`ocB-CPV89n`!8;>t&a^S3{ zbtfaNJ`2%hE?-p$9h0fuekL zDZSui4})}E(`K1@o#S2$UwMg(;b|oW0fJd>e8uQ$4GGTNQriFzJD=8H_JU;RH?qp` z&{6|yruu66V`)m>ja?&>Q5fV=~b& zfe<{xL>?l(XFn4^RJCE(4I{-*@b*-wWxAr-eu1yzM)xQOc#KXi>zFX(kjXYxNyVWN zsoOc*oNq)D%VcnFN~RmY7P+|5dKhbAB3$P;wG+vX*;-g2T`nS$?hZjx$VxZ=ISZhc zmdRR;dpOeR>+!Z*>`$h`hWTM7+OFqO<8^|CA$aF^ee0aXO;dxTN^inE}w`kvo>XPJWR(wUUnGH8;-LJn0~L__3e3jJLf#c29=ClqMQzL8w{~l`cX_wjl0QGrS@qA%K|aXK7qiz^Ktb+pTW+V~*l8Y8_8vpl z%F7|+z`AnLwe#UZg6AuNRv4aTCECYFZB9LSXJ5msTg}7FIL<&1D(6+V%=X@$A}Gn% zBXeX(>7GCdxn~9TU$%7~@-2I0Wm_YXad8dWVXfl+^wd*S?M_#S`Z{74F(&(iXM*)E zAf-qaf8n%cs?t)=shuzzA9yeD%|~_jmfe3Z6#o9PHe?kmOTyO}2ZTHXLw1yv!0Eg& zS|R3%s4cK_D&wl2rgJWhXWe<)*yz@^cbU^t`jMWqy{r|Lo?iDy3BxC~BtiN^u1e{e z){UD=$PCK^F=uVYo2;Y$O#xJF9o?t}#$n*J5U#{cW=|FPoQ4`GyS9iR!`Zuc{To6l zy5B>YE&SAPZgUe+*nEuLamzSW4W9FCu8#Nu_q3l7)RMQ?$}SZw(n4fduE4I7+S39x zquPQ8Qxi#O_A!#tQY4Fwre<`arWE!x)n9%!GBz0G!JW1#mV#5gsJK#DET^IE;09XW z?P0b!+%G*yy5Lf2C*CSy3q_?hF-{7|OWWXT3N7qHS zMy)k`BF*@6!DGwG&`vWjq0%=m%+FP z87T!;(PiLd@tEu~vW20~5%x1GS#{^m<<|QI)}q?+dm7XeH9l^t!wg08oM!~ISy5?P zp;ELSv8h@EoTfS}RjJ_Yw7}#ze}`NS%k~z2Dv>Rv#ryCnnwH5V$>DNZ4ZBk z2g(&-N%^bjVcKxZ4;ygVLmfj-wqq{mMy%B-VNA8L{s%nuFNpI&Dc#EhxTO zN;maP@R!!1J={DKRpG|Q(wyHq-)=83e6MibM<#rUw;7Om?@oP67C~FPrk)3laMM`p zTKwJOWDDzS+Z(!+9g*r*tm`LV?u{zZ>m#kv5_<6f9GTGCya=&_Yb+9jSnkVvFuE>T zTiTWV*kdQ0epa?>yZBu{(7lSby8(-VVAUPHv$77_t_YUXZ{l4&vmm66xnL$--P~ z_`;f%#QdJ*0Cy2)jUSpG-&`d_yL-1m+yjdhRb$leLzkr=OXnwf-S`J$>dyS{57VcxX@wNYTWNO)nfle-3o8rUv-Oq4SbRPt1EZ)I%V8$? zfR+=&be%U|bhOvGAK!Hwe0*!54?*G}qioP`Z&`X0*OYCO!1e4tkD%z2pmN`n|IqZpN@Be+arAD-wI~DL<7D@orQ!UMCDRs?wjlzUy zJqP$^;R)uSN%<{}NxD$!C(^F5x>=n`augevF4e8c+a519z7|7zQT?}TztKTy6wIfNS%P7`b zv2u*x=I3?6-Y78#!C!_7e~63IGgwStHFXFgo!5oIc;pW9K%b6OGfxC@=|ClE%Gw$`Rgf@*riv?Dr%?}~NEMl}n`{na0 zZ(-+)=W#6j0N&|Xp6MhkFJ?89lR=-ojXOqu}bc&zKIE?(bfsMeKW- zGx*(b;pI8<8|rY{gADx!c29}yvEK~uN&zH zNv2l|d*_xqai9m|B%`3ij3hI!7XsU0N_7bv*kR1&ctw)6HWvcI(yn%zvZ14nX&STj zzdEmOh|d~O{;}TMDLCQrwaJIQat(mq|FrsUW8HUt4*HTaXO;e7$=Sljd<5&oX*5eY zqE^@s5$9OU{8E#R!#&TG1o*46K6EuP39GtQsiP#F(T-h`1Pe-yBnn=$+){9yU^R*| zE_5T+n{1vTGpwP3FZ`Yo#T%l{;_S}n2{adw1TAl{z}zUQQTryUa=Gth2zSw>jJo6r zV>@rSU6MQTi1ax3ke zR2D_6qqur6ND^mzFEH>suR}&>YhyOjxyO+Rm(6SC<%g)wL+Mg8^mFsx=j~Wvw0v zt2ts-MXBU{Ox{~Gfae+K+;GvQ6c(88EW&O`3>h?)v9p_@SuL~;NJ{Je?OUCWTUS~S z%(SMTRhL1X>S%vCEDM7Ny&R=MVYb3gElx(PXW@$ScH)+m4i4~fbj1^!B^U2`pFwCl zXx~P@(P?MG*X4~h_SS|#oB6V$>e-f*{48M$vN1VZLlJ; za#nZJzsM9;u@|g8HMJP3JEeV=>wVf)X0IJJ4AJ`W;8@7ro3=&a3&^K2cpxX(^{c0_ zwsi+7k-?7&eA%`j49$BgBP450x^VWEden_4n7v5YdvbI5w22HeoNqQQtLl-zxa$-( zzeNep^AAiw?4C5n7V%_MSbwStgX|byO405;k*@P`xO@{N@D$fhwyH-=dTc(~`gjR= zjmqv_e>u^6>Q7z|rszoW4K<9q%c>X^*}Gf=?)_gus=rkLX?S6lik0%Y-#^If1K3zhbbn$hv~SYd=2s? zeqww&4qJ;vDfCNV&B2qta~kM(=3RCpSbaS06 zXdJJp-X_@291KylL8(d8ojW67od=^AL|5~}u2U}0SXIN5Cz^yh83SkYT0DwoEsU^v zbUYFR2K0eNaxMPYV}F8Iz{~30Jj!~X`RkTi+wDBdUFu?F%^_mn!<63>waxksf7@m+ z&|wcK7!=K)->2EXI4fbzIbDl0{c1zSX zf0N7C&`08F3ED^AI}^5rti8WYJP2h~4MMyK^;(&H8cjam_J92-PV zW?X?eVrY{{=?e9ZuOK4uN6z+MC*Hn1@$Z%pe4_9%kbxaWdJ^HZE%;GH!PL_gO6i3h z_qv~c*VjtigLK-7y0TXHma~$2J98QBGP8MYLaDFHh&+A>$}Y6JH;8|K(>&?BclN+# z=e_>Z#P>{x^P-H>3!R@{_x)VZ=C)s9sWdw9?4O@kY8>bIRPIIgSI_DBo>ycCkYXF=H*VZJv6^f<-W={?ku*J0A9+2k*WB9*c8}>VN1%dF zPSf7&d(DaNoC9v4+)cTez~8(si2Lk2(^j9?WeVzAu;iR>oGt9#$WBag zn`TK79sUxe--*c})$&5*WsK_&YYT~{s8i?$_W7~kr8cG?mwYpEUuW&Jqd0r|goE~% zUr_k2S8uoJ_2H%0&lo@rIqwUfba9UCx|Y7%U{%-?+4=8jJFHxnRh#KCSFHvtgfZ@& zIypD6hSN<%d7Lb)_tKs|aoTj8LcC1On*u!bW`Bv9@Dayt5m$XFH)nl+_KcO3)cJJ(=OcKPj%X4RHEAi|0>pasv)GmPe zQI{Sd+fhNyJlqNC)%q}nwbf4A7OK^yuhHB_ozjG)T~SNOJ0E;3!Q%)he}79y+xM_V zrN^S1@U~&&Cf6G2>)7f1TOz9-oVdptM=`_`9o_Jywy+>X9kvXMZk%i+!)|bDvmJGn zHxYl7xtwVAM0%WHTO$lor0qw4KPYL-`q-)jzriobni78f~z==a8CX0X}@a-I)$p;3{ zpJoMb$)6V7vw#?;_T9uFUs^jIoxWD__lo{^o_r4u(9(^d*ovxVyeK@gL*6F>H~-h{ z^Qf+{nw_LMfVD{0b^nei15@iAY!$ClXhjKs)Z@!0w?}0shI_}3+UR!32>~27Lt!Gx z;mM={zSqj3!oTs_P&QWuU?v@0HpvBo`7(2i-vBw8;atK>%ycTc&tvd5=g+?DE zN8Q)M-4HlGgjuGR0IV+uTwxv1>s_e+FBne;I1iip=hC3t9l?QJlo7?lP2KTb=!RzF zWRd+1#_GK(c!yKe`n6(ttpOMEWqJ4r=eaJ>b*~=j89d=`0vAe!csdm@6QusU14|VI;lU&l3eI*RfIB3Kq2dj)*IO_!XFZUQxVY+?(Bo zdb*Snbicz#X6Dc}X0@7#V?rk37Y_7yhI;k2!+5!#sOt4``;K9VBwWHHKQ{KBxpDIF zWG!}`@51-#9>`nske}TL-^kEKi~X?VMPaXptJUl&Pr%nsSe*4jDsX+!K6pRbxjE*( z7HRD{m1-YFZKvB`55YBf+m3zY?S!A@aR<}F*@ow?&xvEbw^Q?>Fu2b#E%QTZEcg_J z4k&@O`bn>coNK&ibJS;uTZy&M_0Am%kk_#jU26Ztb(WtC2f;vYro8bAnMC|;qx^P^ z_Wbs4GxOEyGg{W;5YBl=wth$)$e)p;N-um_fwA+mVA%F!qwxx~elN5jeJ{WM3(1M+ zj2a!{ao5nXU{|)U198&JtNzc^K~;d^d_QEzy#-uJ5l^k4Iuq&qO#5 zl%37?m{sm=p9~7_V0y@~)>_xu>*C`ZKj z%o^<)UZxr>ByF@lY*@sDlhD@(y{`9r&%5oMr|q5N+{9=n?R!~^d-#v7x69V4mfxSh z!)WewWEz+=8chq(QlsZ?4h^bv21QhmmAjalT&UiCjGBM#l$UC$o#=;h8ldEPOK!M# zHtEkV{)!%6Y+q`;Jbk{uy@dBxi*C@2>&;az7#(^*-R=4^KZGZLhJ7)72!ve;*}qH30@FVQy@;jlxGo^IbVYM2w8 z3j29Dm?})*X$i%CI11f)v_EvVGaejer^Eh)Xv%{!SzV9Amsl_cVX2Sm^1|88*%<1j zgh18ugu$%#g%E02UngLN+N1=m`L5)#i1;m&x;-&68Vp0&mDb`QoC!wg!|8_|^kCsm z_Cd;)kGvs%{e09+=a)IQMKEyu9qDVaVc>8gy@rKc(aeRBAlwh!?|WKN=Vy2OoZ%kd z1BLnF7t!C@8TYX`W$o*C#7rCq$}G?}3EkI!gao~a9OqVpV>!g)n`WPx^{n@E3iCNi z-?7&SL; z5&%@&xIkSiVeLeg0+YF+iE&XLO)kt?*Iet*n&|XmeS8;T>pfFkcCA=J-t%HraHdGR z!ovz!EDr^emNeKyL;j+Z(j5^b>^O5`<$c)G$dM*kO2d9JSCeEZykrPzLE>G`4l;`~ zK(%e=i;*2^v09aZoFoXD2w1ItwI1I{&+=PM?!LEg`kSdnCyEG=Fvf=8PfkyLX<_+< z`D7>NRA-YbAsz?%Y+|zep(z}5Qv3m?n_4+RRqIZD@s9Y}k9cF(`4<5NL+kje?W9=` z0rJ6dtXqt2j#xe|LM{HX9t7wMq67Y+NWeQFI+Yx<>ga zaLp+;f8y~7oGPh3l_{}Pv!ubtGXC$Z8ffG}wT%q*gH$=f5o>Qa(jpHTO#O$3hDFV= zcYyVSbUB~83Vw8KsW~p0Ru#MoS|f!!7C~*?2tk0}iZ}u|;p(j;)#m#Z5)(<|ARmrq zfq;!VByG2nE~_4u&-V6FJU2WSjU@I!8%!16geG-Qoo_J;3_HL^nuib{WM9Euk{k0C zI&>%hyiZ?4BvX%dqhp+?si#8MIoNKnhyp~?+Tt*G_DDE+ky4uzisMU^1XRC&RyNYv zN%mxv7IsSW6|VO>S9A2DV?or@?RV1~?p7L9!?2ZS8h`O~G%gLGJX0$Odj47fwTR z1;SF+v7WyYbQrL<1yLEYs?HSqSj!e^mV+$Rx9-E4^`z=KYoPU!I3Zbw@a?^A{&49@zF|llWgAQ5D679xh2$kLtO)c?prS?m znJA;s$GA=Dq`e;KmK7G_$Z6-HQDk9~9 zrqqQhi*<8|2TrCh6*X@z-V6t13KIe9>v4y=DIFfK-bX*)lQ(8jUxtF`d_vfb^InJ~8t5mROEaN<4IVk5LUdJ{TPkz8LpjpHDy$ zsKGYO&#+mizQmu7CPsGdMfqg=1Q$;=0zQSX-TQ4FZY^FApU8lspP)aykYHzQX^DZV zj4-}cvM_vZ_QAmU)Fp5#V)s5))}(rP{3j1v&>^R+u7w4Qc#lRtms~&E&u`V_uyij} zhkO0f1WonVc;A0IdVX%^)pcY!Xfg@(pN1la0L9vL6&%{7bXuaPsWkbM-Vrd% z#~B}%R(NO`6ScwJN~B9mGtDG9hID&KHQT@3%${Cz*7%iZ#0@?>*JK%leSiE3l2<&Z zhN`+Vl3O2P(rv3n-Z1NRqo3!_LyhuNu5o-tcOzoPR*`%kwVmJqnfg5`7$h9aUdl5$ zwWTw7M};AH`tbD$7pBY9l!TTR=bnY%!m>m}JqU-fvT2K8`m{3yRU?-bhl3fqtr!{3&NMI~ zdzB+^8sLC!f8?Deas2_WH08%v?r+Rwg+?Zm>Vp2A5HacR^Hp`BxiE1^BGCJ8g%Ptx z;G#ZZ8Vq~H?Js(!rB#~+N|p`3SCEntAG{PD^(+j9jER}7DaCf--Yo7bB;}$*3CqJ$ zXpe-{il5Dkgq!FWkxc(L!E4~FTFn}?_B8UDcr9WbqtSsyls{Q8jHzJK! zAE*c4nHUI8oc-_|$9rMzkJd7HPc(xvB33N4Qea>kf2RsS6y_sBqzljEQi)^?LSGp?aI>BJ?ec0%zA|ut ziBU122F+9?hT5OTm_&dVI+dDwaFAZKLt`_F3Ln}p4cX@K*MVYI@V6qLsB`9fik~Mi z2n8v?ua1T!e$s15S*m9*}n9=x$}|v8DS4K$hHLM zQlBd?6c~L>lH64@3j+mZVrBZR2!)U-%W-;6 zgDc`noKT`7hwu#?4(iE3DJ1GU0Y@5+*owC}yzIl2z#O3nythz%370eRBSP>Yv?R*x zISJVu^(s<~*$h9Qop5Ijh`%G{qQ=PR|NOC_fQ&x#Goewr zib{~M9CGAZM(;_CdpyVq7cTA?-khj6=OYg6J)Wc#Iai9W+B?~ZoYZKb%FJvKT44_R z>`>BBM`qHy34wv_l0%_XrCBi(*I{}yAvG!DhX)>}`QoP^7Vj<|ANL+KB82K$Na#wR zcYt@K?~`0GUcHgR=dZj2R)Paha3?_!!yz>uSRPms{ue!}t4kJ~<-A^sEvv!Kp){t3 zk&A-gwyATIModB)siR#Je?~kQO+`@GB&B8r_R$H=%tAfzz$%RU29x1)7)_XZ1CaAS z$NHj;vJWvRbdBUx<@bEd@zKizg-9A8#HSn742>H2n{IwG^b}T7l!CS5358*1@{p=P zgk@nhi}FQRR`^jgl7ReNz$ZPWjNK-wh(AoH!L%@Fcu@lpk!muni1S>9zsLjK03oE7s=)TO*+0S4y&QGKRZ1C&y_KA+%Qc>w#$d zQ#EL#m{DB2i1^qF93S7_GTa%}Eik}bzd|C3x8%9CQ}l{g%}WQ_q!5wYc$I zcGw+oA<)8?3>9dZdKEM?Q>##3f{GV-{N_Hjp8i>t`~gkNi^;r48&jcxvX~^Q-1P#6 zDZBVf-Wy+Zk^Ns*LxoVzEHETl#;Na96WLS|vv7{(2d~e0lxE^nDLb^2m@opkRby+G zd3Yu%$1>1;*Pk+Mh9AgDqcdx>LztHnf6C}b20)|4Y!@Q>F1 zVRaxB^b+vK*!iAYb1;W3b$^7#R651dDW?BArRDuI)dLF)Yz@Vz0WxEzwcNnv&m1;A z#%DNJ+Xt+x&A#_ann@F+Ff0}Q;H06f{L;qvniYdKiOCaN6nL{P*BSuH97{I_>Dg$! znVEz~oTFg^h2bvFR7A(Y!6LzeJZM(s2bTn5EMM(AbF62bfV-Wjrq{Y`B!9JN#Mcr^ zI>OsilR&TnUx+IQ{ydar^1n1;E3=acz(>koVlch08I0kEJyjJn*4yGt5%9qcomCDi zgj`! zbXG9(@Te;j=lO;!94QMIML4^l^IJGL(|-FB`wK%G*#I4K`jp6(!3hZ{XQH?~=QE1- zcg>`y{daX}+k-cJ$=@M?EZ7{t0kbW+NEVtEi`+DBJkXsgEcS;Y3iGW8q+O+G7X$nJ zs9#VU1BT*YX_Ul{2k#D{+O9ntNW_gBZoziJ4ma>Gz{YzcfqPmAJ82UK881g-RCn3F z8{P6qqI1HB+am-{d|6yHosYPjxRAz1EJ0D%3Ob9&L1g;Rkuq@DRCAMIT7Dl#3ABZq zt`}0~`|(cZOeDSB@NSlbl@dm7L90?G_T~epvE~z8BSKb*8-Fxlx3}UR`It$ZFKqn|f zZG)X_1pueR$F7)i+1#eH{ar)?9#7O;;&x%l44Tgb);+EpqF2_caVnse$$2XApLIeR z8LwDb@7+Zk-$U{+j+4=Cz0WH3&MmFuE%J{4T1xdEeu1F3PQB`kW`$r^uJSB}?LGaW znizXKI!mSk37G)0{Rwd|cc=EE^BED28=T}@^?*k}jm3N;8BZ&2_pnf6;)GJr!)Zg& z#L?$y%ywu1B3zS*0zpRvvYqVUhIjxzbOCwc5;BkY*0%{F8{AKbEqLE+Twr#xRE!;M z#$EUt&I0njBHCo38#o?PxgE#}hc)WmndV@W;+m0e&7r%FoS zYW?&!-s_-h%OP01t6AO1$$dj8t?{#vKkPNNj;r2~{-p3dN$DcGT?6u_L0P1XHR+Vo zIoB1z8V*Am&E#0Dh}Ep^U1odmGp`R?Zcf-0KyVF{g2^hk$}_6W39Lm z&hPO{1(ZjmRV3^dA8tC!W6tL5YJmA4S~!`p@87{$6$Tud&qH@?j9_Wj$3fb48swR? zdazA>g45)-BT5V64m+OmoYHY|E(>W9C%=jlRrP^`oUL+j8u2>fwnb_EiZL`Op85vK z^e1zm=6hGjPsz8&TS}(U%g_AFv&@02ZX~g`%Q5W|wT3fIto1#oBK_rr>iU;xD#npq_ne{vV>=GAPcj3l_!Q-QAr)aCevB?(V^ZySoI} zV8PvCaCe6R1_u-tjSd(XL5Q~UqaQ+xH=y}ElX9g|5A0+nXh!ZR#{JD!MV&#NGH zv@d`E#--rCp;MWDgTr**#R3_@9LVn6^dF&{{50Y0@fGwxz#2vZRS>kcAxQdRQD|j> zw+$6gaejW?*8(myXgQz|ZzHxck(oXHd2Zs+-$@33--(jrp$kBmHM7?GX_`c znOk1zP!^jv-`&ya1g8Rw8)f?^k)^d55whqWo};u!uz|)k#vRgXT@F+g@&%%gB^i&N zV+rG6URZ5gqa-aMkzJCQIh8@SAT;52uX0D`Nbrzhl6ZfA zw5IXOgG`HGQ$sY4!2V=+tIh`JW;lj4=6fU)eaHXlT{Cw|5wcHV3w|l+V#kXUXQUJ3gcIDgZHWf#d6_R)Rjx4MN+>gd@tEhoi%@6)!@64 zfp>c4mRzSasnlzcgsv~Pb*YAPV4a=wt@80bU~$d^MoG5sW6GKagy?IncXCTyn}yBS zv{7HQBL0aNn)2C%RoW~GzN*!=RZ9)8{yBKVM}eFln1i%-q--|hE6Q`i;02tPdRTg! zcey9cX}t z)vP2VIzHWR{dEgbh+eD_plxtFU!7I>h*2E%UsYivky7QD-5DN2Bw46X9}dv zvqnh|rMF z(!pOhIFZb7FHdDbR-c1%b()hgMDdB)*7*X`t;VwFsSimVX804qIA}fSLa;oIiJHKL zf$u@Y%T6}Z^?{x;ZJxa>WVGz+0NHLFwooQ+wcKXyRu9o9pMP?_6aKI4?I*Y`NZt6w zF8}|5Zt#Dv^TKRcn&2&)C&1^QLj{O-QM<}H-*zzHJ!(l&-H)_Ho&0bo^pqn1Cu*D4 zmaC5(c)`$Zs)cBsnW5I2L#p)1Aei$rJbjo0Xw$S{vlkf7{Rs!HuM^^@>?D@qNE+j?JZEdsbP@@dpcvJs*&AzR_^`73Q%zXW$zrYKjgz1%ndtU$#q*Wce|L z8WDA~ukq_ru(_3YnL6cMST~GMZQgT+7xYiZ&oH$@(D2_bK>41Z3ntglK(7n55u=0A zERJ%*CYM4nP?z3I)gR{Rf=K`h_LUStG6Rcl51;!JOQneyOF-D#gan)rxJ60 z;gHQXtL-|@K#`ZmNyE(7mS5bm57>q~9k{BFk;Q_v8r@xblETa|#o|9*Z$NrNT$c%> zo(?5?R=7ALF9)ZkHhj1T@quC8CE{9iu^GAvGqp9s4NM9RNHjOc|@H^rFn$- zr-(~?C4P%F%*buwTZf>7U+=d|Yf(i4&iHUCw3W4}v`8_Y6Do;fQa6MzS6LCL^+F4t zo4i?Ka13EUj2C}VsKB|F8{hzHD+;Pw*oqI&lgfO%hYaa~6b>zLiE)j&eQlhx(TDJd%}ixo1AA0OI9E zn7$jSs(A1{Ymu!Nu;x&Yw@w*keA%H)lPOg>SuDokB-_|hDvcuL#TaUG_Oow_Gd1OM7mn;@W-P^3kakPHx9@4lsFiByp&T%C2b zQkVEKt_5RwH?pTF-*CZ?^O#?wCQl2kzJ^B47hb62fL`DCXjWAlJl$}NAkd0ikt9pq zqHp7WpoNTQeFOu=G&EX*(Z~+%7I^KJm+%|)*^4cmg*TKbO*RRNZ2ylFF8AYu#8wv! zMD@sC-!+=y4ZB#nG&ahWDXOH_z*%niJPWbrvEk)~DFZndc(@^9tf>6}H=*7R68@)i z!A=0jK1W8dGmSxK89Ak*D7|<&!`JEp&tv^C(k`khrXd*W%~h~Bc{{`xka6H$_DZna ziZspr4dEmp9Qw^ftU}(T#cmrz`2y+YY?JZg@-o6;CaOqx7s-<)0pVgLv@t+ZH=AHk z9xu52Q>XD7PAy1Hv_scctUkE!yxF!=a3u=0eoOlR^@?matQGo-%5#8f`qBvYk>xw) zobS*-pnP6ndCa8IYe{1mrxI=&=JO4~JMfi$F#yGhs z!M1)^2@hn%re%?jyA$*5HuaXmeI0=WoP^-(@@5UkPwe*huldpfvHz9lehW9V@p@B)4yFsoZcY88PX;J+BFYO1-^%QNE6Bz8 z#MAf1HQLb=*7|7<0d_`jw!9FMxN?dPEB8+Rh>5bYBdLebyRJS%h2ow8$^vAUE!={? znIlNBkpS}jy_YW+iAZxcCF##lLf?5x4}WpDK`!hG@4ssmZg#n(?0MD3Jvb~Y zML?OA_)$B1vQ|&JW+$yC-<`v1-b-ZAzWYTmmFgQC8lShiQcZDR*OG)zH{;0tmTZ>^*3gv(V zvVzxad+n`=>lgwK{VFn2fl|)@2WI!PAwZ*)%+*Dg)H#tzjOoqKl;X+oo76`E*~vl) z+?g&jr?oGlH#^Cw^R8~zGx3N-o`UQAr1aU;d55o+{2p4ebm{X|BB>poJ3RiX@h_a zpKyiaM$A0;F$0$_Hw|S5>HmAD|F2~TvOt!DXlK9QQ~dAj40P2Af(0n6dgHnIJNSv1mmOvdh)4)1n>+o*nr9yz8{cF18Xa=EY&)hp3f>Twpbdl-e?c2VyiM5ZC5(KkQuL= z^6X|g3v(f~MsgW+o-`0ZT-xMJnJRe&x*rFXl^x4Yh&03Xdan-ESC5q_Vrv@_e<{lNi#4$3-)MctQyI`sYLwemR7D$B z-QxyX#7Ns4!s5{AVq|OwMMf*EPjZTXXSM(3@0n*}A znXVYj4!<+gFL)}J7lb4KAQZb=hBaUh8Bz962}#DESOM%4zZzlJB$Q2o3(!Ua?Ue4c z)o%x6L*9ERBpc~SBb>%38?F5I`lmyKayo3h8t-S^WPe#@$2v1O+-C?L95v9{GJmVF zDoOo0Am%$4hMt0s9I#OEi@&spT4#oLwHrcoTq2BJ;mRo~Mi!^B^i}8zfZ$Cc1?1`E zH@vI`R;rG+moUdQ`rbQ)W94y~IpTjo`$cg(pyf!w4WVPt7IA!|aIFCO#bUH!iOFTvspDr??2UW8IlF%4+K%4Dx$)|}4c ztk^q18Yt3%8YS}{%sf*8aIm#$BHtKTRU;)zA6if=eSo7Cnrv$l(Wamgg)yi^qJ`XW z`SWpI%0o@#9Lw0OJ1*X>Im(%9(X-yZFGqgK)|<|9qpDw2vw|4Bbzafl;CAN-|GMh8BSOT}KV-j5KWPO2Z1p`5>on4&+59{`1M= z9m^_yLvc0fJ6!vLftUFLZ%jk>QADFV3>t zB`~Ma!A+O{+;f z;l~9co#Ie2KUagNrxss5QRL}|eNhwUvGHrRODbbwS-FbucTeAvhwZTP=|}~Urf)-g z*B{JJwWTTGXoGs8yo<0#6FC_RH_RW`hyl~FyaFd|iyqzdEiY=E;ECG$u|-Df zQWyACkoY0{HF22b<^8T9Du$cHo6MtV0=Zo~pIEX!c1> zAX(^M*ydm-)?xhJ$U4|O)y~_7?`yu91aqrSH4?kHDxs(Se`y1n=w<|0eJtR043rZQyNEA~eX` z?xThr)R=XfFr>oHnFr3L7SuZ}HO$O7aTun`f7QU0eILGi>&w6SC)FT6PMbP~1nOfl zjGs6s6$x-y>;@w$E3!X?Yxf^XIB*SVu?ZLY#OOTqbG)xY8RP8b_%3F#?y8LYHc#H& zmy?+L6@RE&)yks|Th;3V9A>+LlRu^&S-?`;bOK>$v;w`;4qyD#0ckn!NekYjIzG)H z1#>Yry6a5Q8AIO_=`FsZDH@JdbH&e2eC2*@E|>diYhD_@f8*W};6;dxGb`z`FYkC~ zFH=sBCt?Y=_jw5Y(l|zGTPqm3z{;{P4#HKb(TmOBQQ#>2id5RY7QtoVPLv*$6!e4a z=Qy6AUjdcS#6J{{}0M0cYwM}vdW=-sqwO&J{NWCc}rWA_$uga3jg z16ocbm%a1;KBEC() zFNUP1paq}D8#a~NC&^Gn-UqTp%&WR5wI5yN-YSj~L4}dJ59h8P9@S{{8VZ(NUY~b6 zuut{Z99*BWHMxh01v4l&i#GhTjzaJz#}iqCndePJEHd9_rDa~E4F$WQ-L(%(W>u>> zTS8F2YOXD;b4O$|9h@@W$}t`NP*z5T0~>cH4NQX=tstE+^$6n_ zHKq~qn3jdo=R&T%sT!G|St)b#gsi{)p8li@LxQHeJCM8FbFunwj?n%CxHzNme`$`8 z{@VXYj-P)|X#YD6MLVkdVL(q$(PiI#Ls%$SKG$lwlEYl%DDd9fht9rpaL-A)#J z`Rz|=v1^W^SkrW0)JDXLwpM*B8S?u;rj`_4Tpo(l*s-LZB7P)Yy1Et(Ma=VGuS<55N9+~t z^bi~c|1v8^vAIPQ{WGTTH;Y>zJDW1E2NwTbkgZPyZ>KH`CP?S64~i-HMB&ZML3GWV zzT?(EN_Q#HxfS~3)4RJl9aVAtyR8v`=UO3V>c#J!Ju~f1wG5eb#WcJS@I4a}7;5OG zbO~kL5FsqL;(S7WP>JbE($^uZSvc*%<&j8O5(tw(0o+_Rp3w6bXM#g@bbb38yhQ8P z!&Y#}JwGyRFPv#~h2Y|x<4Ar&h3m8zjP|TYlp-z{Tr(1Yk9kL^GfpwCVqne@QozeT zc&APug#hsnN|+q%sm~)t_`A?1hwE=NcT_^|41|;SqT+^s40se@k5G4dVkL?*xRjI< zOsmvKrEUi5$cZ(6eE8}GAIQRjgOv3=k7h(;K0eJFDjk(w5yI{|?HCw1!<*D`TZq39 z83Ct)sk`)Pqf!0Bmyj#W=F(Jbh0C!=pT39kY*qKb=oClSD0jP=U7|Uz5r%p0wg)?~ zI;3O0&}vX3rzfNJw7_h&%TShYW5km$!CF(eYbgAmEC5V=3@2nc>B#5xt=DHom^w;o)Oc)cCO!eSPfod@FvQAhz4-_Z#?zN z7%*l2h|?@eh_b8A+c(AsNj8sB7B44c4SsuZ^J(XtN1CMXC&FYiMm}|^O%7AB{_&OW z{pPhMteV$bC}G|D2RnTUd_CMS>PAr(dnW>w);7`m?MEjqvleQ zsG2PzL6dMV^YK`;= z{n-1T87YfD`1&r3kt4z>Nb>mcy20OS5N0y4t-YcqvqPJXFZNEINL)V89iAfv&~ln< zlRN;x^SX#rU_pxZ^}ufD{kDHKf)Jmh9arR{MM59!oJ1aSl3t#>xj?`}N5o*7Dy@Z= z`1X06wcZJLz7aP+vl6nF6H6cU6ZF#ODpbi2p;*yX+>`)`v^dd+*8m+D6~H0-oAu~} z2MhIb+DuzvR5MX9o85VTW#drSC*iv&w&6nN#A=*F=HAQT+Bn(QWWJ1Ls@wc z$)_v!2r8@|BMJN3-f~^odi7U=-5Emp)hTm^k?qko6Ff5mT@!^6&#~}X%VMRjxZ{eT zkqhZF+Xj2AA6||UCM_65J>|d$7#d^a7z>-YoB49w!0d0xh%j*Ee~)xX-0}v((~0#v zzvmrsY0yX-xv6|XGA04Y?@AJU-@#0i{gLdJrqtFZqh{mBc+Y%y!alrLehqn%^`?vF z`c~Hs$5a(%Iu)9{n|dn;VrDt!j-Ljq?`Q>v*7hF2>8Xtaj7s|S(IA}H_b3F zM;5MqoXqud7t^9!S5j63b)@s5bn)HIV@{-|SA#U5KRa|5O~A63wJiLRJV*IetSQ(s zWNr}(3Y0nHCX9vex;q$1ycBv6&fRm}{ zm}R^aNMb$DO7+9aNw_AarTz{xb)_H8c0>S(qi$LuI%a4AwHu;P9W!8|EkqkKf-5oj zAC<0YPXj`z?ozUIV*iA*jK@zGOZF%JQoXy(H_x#g{9eICoHd{(xrg1i zFWO~r$_1wVcA&_ifM^&X>qNq>@*+<0zd5Sj=5wq0e7|_e!cOs9HToi!W&Jn51UWp)R7l9 z=$diWm4B7CsE0fWo{C203*KY?%Hj6L(&Et;MS6fWD2meKMzWiL9=+u{9*Cwpv$gj}%++=tgPq|d;0qt45u4Rat7gOt`^_Z1w^w_wD{Ky5 z0$)3_>yX!+qMNAcztR+FFIF$MkC z=3pbEVD(@(wco=v-@UDWA>2<)P1lS z4`Nsw%QX2rE9-EFvK?zttJHvJU5YaYac#kJe$mHloE-rRNqSxU|Hmzm%yQG-9t^e# ze98UaS$Gcb{kR4Jl+u-l;0eEof*KIAESj8^;t|K)s4|m_=?OJD_u6Z`d?w&XPEBcb zA20HP-NDZMhX#U!>l-eY^8K|wt|k=tjzt?qVHgq@a7DN|ybhPCVFP zlODqP*TAAyytMsYz=duTszc^6z|7X2+gmfDP2f;dFQL37FT8>`Y42q~;l$UKwTEak zwKzKF2&?XBq97$VJ9_?S<2choXdS;E+q7qKnL>;_WxyClZi%V$lp=i*6;z{q1cRFS zd~fX62fh5?gIzbz&`x*6sh@B8uz~2V=Q6$CY;ZQrmzj(?ap z1TZLQ6qudyU{4zh63h^3Mo?ncGFiGQCZeXbXN-4v{Iah2j!PCLNWVt0;f4r?`;dW0 zz2028;4M{{jtmw04gjgK({wTTU+z!I`iS{LUMo7gl5WG63ZIFEA%gPp`Z^dlRvX6Jpdfi0KQ zW>&kS7tOzLd#l?Al6vyByM(l*uX{GkN0e8_(^P&-SxIA~rx|;1`SpS=tY87GEH4a4pMT;`z}wCH8j2kZ>N!KC1hn*ZoBpjrJ z!XyLLoBGqe@OsA)QNapvs2Q~%faU~4B1vU9n#=iQy#kX~hS5e>6Yx|Y`~GK54%IMp zq@sVMB%hS?SClZ+vkS$62Ft!+((wC$N~OYS&!Etk`WVc%3-W8d^;C#<2?f)LNJ^22 zl@EcVh8CWPlsY(s6;L$G(;mJ8QgSvyLdQA{jWv_R?kr@vj3ts*z(1ct4awBH$A6;8 zJ@Br~Hm=?Fe2}CDn?=fp42D8pnDkd!CBkVK+XCFdX$d0B6AW@bTrRX>$`80I&U#Ts z6^^E&->F7F!8(;vVr`4#N4WG*qNqL8Wm6j#YCvrkN)-DI4T$9EaSLvHL(sJT8$_>0 zfSX7Q9+HFl>e2|xup%OsvG(clLD{tuaPoub=_AT4yMobjVgRN?d6;tMn$uaA>%qZl zM5+|R5ILAwPX^pzUWh9JEyC;Dr={HKiPy1g=?>lr-(GmGoC~70&?k_1W?~?CO+~Re zssj@vBXpQ&9nR)yC%YS>ziTt4cOn%Hf3Ok$xY`IYo2f2IRAC|`H&y@>K z#YK!DUu-tA4_J%qt~AspOh=TKqKN}BdDy?4=$Pa_1l4RR14r1~^SxTMmO|Z;!PWSU zbH|7Z%sOGMwWz=Ow8hKLJk^_1F>4-978ZVj7;d~Y)M(Bf#OY!W<_4~Zjg>adLe2W8 zWmKmu3F!Zt?vc>B3)U442f(+qYe-H^Rr`RrFqu`)s7n)>a|E`;qwc$#;-9k=gI@N& zUGUG7vT=2pZz$=|2=^fEUa#%fOnK{a^swo#a#=}e2g}(SG_7SEjiydyDS4&~^^z1L ze?^|G63~k1?1Vo1S_${2ATZC8Fz5sYY@32~77bA_vGheAO?BgP8#6 zZ>aAO&2ECCsv{psVC^?I?!aHIvkkMy3*POCxkd0+qe7QbnNNM`a}V%YXI{xqb@-d0>vBTd@$Y<`iK ziX)=lS48iL6lPl}+|B~ZRMdr9XxpKv(^C&qQW`QDLaCzXM=-r#h1oWhLTxP`M0+O3 zak~7KGCx2W2fmDcn2L@C$u9OGdxpi-%6VLZ>I-1vdGA3CuTm&9Q^TSZ6Za?T6^zD~ z0taT_*Cg87MiKwE#p?c1s6wcYfL=Q&po88ZgD}jeAMe2lrh>Z{N%(5n=Xhe`K+}5L z&1W&To^wWVsvEA~>cw!34-{||3uH|m7O(U3)_u(vq2(&_HQ`ciOJ*36pp;6k^%nz? zjZGb8Q4s2nAB|ZOk4XFEB*P83L|HxVc>2pVD1xKJ>3T&T|LE2NEv|}RU8WYAIU$|t zSk^V<0cqVo8+_lt_nh^@4xLTTOT7`S*6=0Jdsdj8B#TfKphdzY<8jcHmuDs(d$U{2 zwG{5@`0-n#a!6L6rL5ncea3 zn(o*l|B(WY4G^AVt~w!FaIY+M<2EbQ8yJuRHg#`uDXxU9+btVA0e*nq_#_eR)1v- z_}Z^{)2WAWPlVRcO3U>tjQaOlEwq7#(MdBvT4XHdkxYDtaG{={e^!DC#dP-5tYj`L ztw%fcLwQ_Y&9{Vun(US{eyoB+#ljL@Q6nJhJOdZLx8L|Rmp7(=M8%C2RFa z`+tp$|LH10E>8ckAyy)R|2x;vug>ZrJ2=Ie;2jY#LSAx_Ej|Z&$kJmGm*qPWFPV=l zyZ{g=MEnR`TN*u6Ku4H5(U910+0h~Aqf#pe~Vgn$Vfmg`wPm z6)c!ggeOF|lu0F_@1p7}r^_%ajwohB!$vWtt`?wr3SLsg1@&meq_rZA1P^CN*!_dF6&H`@^fr4*;9lRh)=-eVw|cTXbGa-*mZf)v?Bs> zC)G!&%ZrGBC@=nfS{Ce2 zBzB;48PRHH)a@7yi)UQ{nU=tMDmbPmH!^>Hq9rq4N8QzOXt;gEh&PbkK%;vlUZ4CU z4$JuWu1fnMyN{lneOEqxw!jUiEKIw^WNS3txLk@cE%*zZFf3=T&&!AuJr3u1y;5g) z$C@gFYi=ktqvU*7kU{)~EhD^T<|L#uKLTGH>DUff7WPI8aKeUk{^_=D$3Uk_91R!Q zIgZ+y5Z2s3VAUL9y8yu1W|`Xq4B-1%t`k~}rf4lhgFxvVG~0$BkboJHzeI!e&ST>n zohQvsWCA>uDpm1F97a<7fCLohLkQj__$W-TcboV=U1DMWE1jdPs%a$ag*IG9#wHV&2%H`mAf0Z&6 zep7?#xCEDQb!^VM7#02hw>?O%py{-!N-E7t3#17oNK9OZqA^) z5E@@xp|IDW?G75B+Wxm^&7iy_yU;~@6Q2N$*A`ig`@!D&Z9FCf2SKbtw7kqlE~tjlelyKXnIBa(ktO814*^CnZNMqk z)OCqoH?MC47Ydl@GI9dw%3AHln_iE~U@)K^#mq(;!}PQ^v9hkzNIFp0(ttuZz`TFO z4ZRW-C;4bgjzY&En|O0Ng`Jyy+|ynn`K`2^xoz+lyMnx$LRSSN#4oTM&M{_w2ziP`N|%8Gic7Lp)AECVgk0>xk~%RvK5@60?K+J`a$1;}aewEN&@< zQWw5yHczA4;-sH(@LdRMj%;wXFkH$GjJ06>&n-D5Q1i4kcIrO~!zS{%c3Vgqm@uFR zu>OW8!T{0PxMD-J3qb+D=vs=wwXdvIV}QW2AzoobkoJzyFOyW*K5pc3_f3*}3HGaz zkr`35om?~B9-qoQ)-4I?_$2cL7L(uZ@mTjHV@!=ZxFgVcq6*_j>9~Kwy3?JAy-U#g z9?NSQo2hFQ5X|ZPs=kbIe;x!57Fw|qLb@?YtKOdM*iD}{lXq&Yn*0A0I02Qg**G#` z(jVAqYARxUJg~j%sE&3?vMyNZxqNZsv7{uH7wk;xxrk@^)k(-G7vn4W^hknJMGTmq zL@HO>Jg-EwX2uiwV@1KwhSq5LI+J-SolpbMPb;WFIQTH<%}9a$Fx$#q2pL;VwoO>1|D{CG}p(R`KB}U24GO@1Pz0<38diK z)6$L6#ac~%mf%A=*OiA3u!_%u+N}1G!k;$di=jZ}o;@faZ5IJZ=Uy<0V}$|oLi9s) z?Y_YTTuOZl@*ojF_^=;0EiZ-Ok1T}Kw#3wQ3q(u3x*nC@Rn#R>BkZ54ji;%bd#Y2W zWnSgARUbl1++>0Jb^UGiD=eUvfd7=mK0ZdqLxN19wPO_f!!XH|$`{if5*g`BG7fRr zdI!!Q26qw;8&O`aa6F6DFHi0{^8XoRrvBqBw*Hr`Ft{R<)$BzA{Jk-dTEt?TUvfr@n%m1Sgi`N+QJ0oS;;Z60JCK>|ceh zp?GC6UgCl`Ef;WN;w(~li61dVU(gM9jc$lYoDS0dU%v&IkP|iguQ#BNe;~Y~0vj`j zqMqiA?@VA_nafr+5KGl!9K{m>olf7 zw1c!2IqRT6GEZ%b@oK+%MG_Lu6Nh;FQD6N$B#(b&sBbVNOq239+I=D!vXCV@{|fk* zJiv-9vjoN;!|+pvGL4c4+C(?1iCbxWbJkN;ZCWn&kvuU2*96T zD3T<;L`e0EOIad)*P1ppvyi9bRUpNw;OfAOh^~~fWF#1v&H?c#QfrrTz0kqVF)6(T zeSTU5=Mp`v7sURxRM5CSfZZs=n-z@D^)93wDPhI&AU1ugm|C$Mu9TwXXj>@uN&sR*tH?VN=C zy>J#;I*OKsyP-Fdhw^^sF&%Yr!T1e? zz5n?jfv=FgX`eizKAD9 zYK5;W?mM>;n6w22|K<@W1XDm8@-(93^O-oZ9EvdeP3gtX5>Lw7TEtZvp`5H_jeC31 z@;0d}(H5PxxbY0Q?|y_!NwsXfnJhPRx<%8a4A33h>Ciy7byfgOQ{33X<4CQpUE!r$6MEcge0y$(ka6<`bbsndE;|9e~qjX;N_^xQo!<1B*nB$9UsHT zPLz&C{SyJC&87~PBi3EhC|G5C--1>-r}MC)WtdlsBV|Nd=9B>i(U7*{G3^8Sq=<0G zz;7Y?4E@TG3-}hwx;LmVvjveB;HZN13gXwU+@E29Pa1#|7=wJxUmjjhRt=Hqby!DF z#~$}M0LZ04?kSq;a1jUJUHty=N1Tk4io;)frzvH8jsGlS7M1?MT}STTD(YgbpdbgG zqT>@|pQN%X2WH(_#2ENqtCD3|upNe3B6UUwdXRdf*AC{4{IKl~qU!Q?id0}RR6Cwv z)(snehCMIE3L!OXX9wNI%BS;^LpG-(tXIjHE0)7+2VN#V&0JD47t4KLM-4a9OCnz* zF2N5r1zA9Pb7b&Bkm{g+imqok!;)(^#VEn@Z! zs|+7)4;Y)UUdNk)!dX|C$q;}Jo+8Z|*K``=_D+CSrOjQjXC%P2**^sjLySZPZXB7? zZ)+qYtB-|Hd+Dcz<@pcW%OV9hZiT*n(&=G=>=9wZLL7}*J$1c^15?ZFEQz!jAxGy)5b}63!1dR$G4=U3V!426aZ!ntRUK7R?`_sL!A>f2@!e|mD7&)q|aMVb{pBcx{_H7 z0%U@LI|3LiISjag>VNcrk6TH%=dB{?3?Gug214MLzQJk`spp~-u{6iND0@Q7QNI-$ zzg5Npko;-uQftVjt{|4jqR$4Fxi5Q3A;v7$fhEsd_^eU&5FP42R)+LWp@VZ7Dj8Ud zr+;WeT)mh8Y6ANzd8SbovbBn>=OK1y&w`n>N7bmi8`pOpRqN0<<|0BR{Q2H|CD^`e zqL>|;!gFmZ*7AjYh^AAlIa)UJtw?4e3H(DF0n>oAnR0bBTf^~8wzNQe~Kh|}>B>z=u@Oi)Ir zU-u_c>l#jxSZl8~n2Xm7RKp&gOS>`Iy&32QFU5gJ0S3Zur`G>J(gJpups)a!Q~p=~ zJL|}SEB)}U*pT*3R*ZC%?;{$9A|C{>bXsZ~6PQ|#%0(6W;d$Z5KED5OywqOV)~1L* zA|E7(&y|MZO@?1TMM3skS})FG${ubjGAdP&8MNfofo&H#P9(< z$>OsMl-0-7$>Bmn^Dl53)h%NcnIcnqSv^{p89nccTNp;PCzdlqTYmXS^~p=7Fj*-) zdXB@ThR4T4P5!jU0$RgbNRpl;cPhi6hD-0DJNlbCo{qrdz4U_>-M?gFl$@*7lWtz7 z%}E}FW0ijz7K4_N;GYs@p^0fLcMK9|&RzC<4qW|tN1#zz#y_=_!_()7)|(?BLK)am z$OT__VLE6jo5$4RNfwDB&FF9b0G&M^t3nRl;fi|=JT*C~3@FnM2-C-WvB}~jpaoBe zPKLrSxbG6wL%y{oEJA&m>*^B5CGAof22 z0A#3Y8|mVDU(nP03f=wzLKoxaR-veT=?Ov?p>O}K3!(!me_td7WoJ+SdPb9%JL!Gi z=|;dCZhLB*)YtY}Gtz0VKi}2TX((A2$HBp{`1A!K`97_%kwG%`PmH7ozh;P%~3#pF9>h(Shs z+ahq|#!TT+I@NM@AA+nUAcRzEnuicy_N@C zq2_VIHEryQGS}x%f*vmrAMfmPP+ly|S>=};UbHZj>Pr%l0o9%^?!C8$o+RlI!1Se! zeJBpPa45zkD7Z=k&P;+GQSdiwT3a6}u}yzylF52P@XvoSg4f-cq)uNCxi*kt*Gg?ln%i&IEoO2YX9n_6Kx3i%xaTpDs zw`fSR%SS#X@`lj=w}@B-_|DQL_rkdS^l#`P2`PDD&sylmF@lFOl2n!tMe`K$P>Th< zn(1wbw-OZ=&8K(y1HQ?>zmqV|_1B%K&!1j=bf}3Vdw>6pH2JCX>xL%o-U<8nX+}XLtk6@t>wGz@?yQ=hEl)?~Ydga2>6=g7h{HF%sGOKj%!#Cr z`YOAN7x-m0ecqII(T40V**{-vwx%CDaT6M&rgB?yh(YuR%D0-S-e(A3ls+5&$`)B! z(4*BFh5H8i{xb~81>$SI==jMKeTm2F+7N_dO&zWd)q!k6s~v)$+YQb(E}SIrK_Da7 z427;fKIj#_@<0RzigJ>%LUT2o=2vhWpFMy!i=qi{Qe-yLkETY^_$4cDaGEcCWiy^%OB2Z2GDWTe( zefAD^_;BUydO%+hZAs&W z+K&*o8VPa5JcBHJ8Sc@8 zTp}AT#TF=aDiKA&8WnykVu8Sz+hczpiD5)G85+KVlv{Nih{7uI5Z}RxuaXAQ=~U}V z#OTDi`E2R4_`6}Pe!|pT(8n3e#*ZD8j%?K;{2K7|ho#7kv4d*gD;Vbg)SpM$A=+r-7h|(XeGSzaJj+s`V@l{-`-aYiJ%)j(K zk5PSD^Xv!))_viy{i?E0%}M)zqh6=n^ZR{zc&RMrsA}}MNrV1UVSW4q$B~@k#$Bny z@&yh;xny74E=wK#wrVsvOT^W^yNlqvGUF*>n1gW;BPlVb!la-3Hrbq;W1;@+=8T#owqi&q-0@Xtt9g`0 z4C=q%d@_O>=qP)&95BOmsb8x7Na?!daPQ_g2gl-b=%Smx35odOXYTrwF8YoY+r{y% z@w|IQE`}@-6YJAfuHP#fpPfo?U)*BjUtrW6m$P{PKn%eGHI$XO(Y$VM-2D59&s*)~ zxT7daDLsl*NjtXwEnK>nEA7$Tizo@P5Hhw)HVY-XKc<~v{Dbg4?eb##dKw3jq%5k0 zl01J-yIo|*u$*mT{XpGU#haBgiQ%MPSW*LS8S^4&9t);#iBm}PceW3tTgWl$0|+?R zWM`edXB$R{YKF|xwEn-4baJwFLI=NLs*exnh)`e+sJrbiu);u6Ni2^4es-t7b|^ZE zYDUmR0ICf19Fu~hv$fxog2kPdV9{+u?9Xc0-`$0|SLUN*ZUN zn#}_)d-Tp-3)BNyI0Z)ir9kziQUhR@y(VgMT zBw%bEBrStz8}x1vKmJq_U5R=H8o`2~c#rM6dZr(eoorGug*C%wyQ)+LAJ?jaT+-ZU zTG)jj`53czyIA!wvaf4(Wxq@WamEeN=mod$ZA#cQlwLLq^Jnh^!QI{6 zU4uJ~ySuvvcMER8?Q33}`R;Gtx%Us4MXz3mbNY1euBu)2R6VtKGxGATLm=?2Vq3=f z@3zSFZsD3&yWN6%RF#0eHXiC?{^WqU+!nE2U%}sUo;($L3O?_)G~mqpPK;!oCS!2i z6S!D2>QlvtVlz0tT`n0|&DjnCK&S7CYk%Jb1QQ^{g7s1I*X=eA&YC0m&mmT^vw4gR zERGmwJ=%^GPONhguP{E|MSR7ezGlI};brfIaHNA!5w+HPun1R1^f%2XV>l!P$YCAi zT%|L|L-(Hsvk~(5vuPVUhi|JPT%v4WQ&)j|6sSkgCx0h&8Y};`$b=+rXXS27C6h_f zV`{+u7;zj~cu54Fz;Jnp&D(u(ed3rf$>_$vf2mKog*bxGWnt#?^xl1(S95OVa+oJ4w&#>iaHBBdd zkTi}DVY?=Q9H-nKQgLB2;SI8wFyg+!5JwA~_3H-U{x10|63^}3eeb!K|5iDPH`0_k zDNTxsV#M~d!D5r#NL_cBUlU!EX-b4pKek^U3C7_^XTpU}SR&1O3>gg^&BhN|d{^{i zxQ~2o*Zkygr&!8c-O_pSX8@?A2--!bY{aK4!6{`6R0|40fk%CsXBXzSr&V8He=dD~ z1$ZZ#*apXAvfZ~G(&w8(^k2(jI!Wgme)!3>-8H=+CXBB}4wC4x^uqjY-h^JODn4_? zNGUcun7^$FPxCiFba-vijd8l+2k|oCb*9GnWPgB`rveo>o<_Jo>b<)N-ow2(?v(BA zOCmHuBGUgpsRHtIqrdlum=AabBZ##;47R<3t;LI-MZ&Aw!%x9oR@^Z8wYX^(QJ(Xm z+Ka;%_PRF)*6*wXA;1l^ht@5pfz0+bJoL(K|2c#0Bj(uRZ!WmQIZ)_&H{i_3hfy}6 z9pRs@#=qD}D@b|s#DWLE?b-E}j>V+AOYMnYZ2m?HZzM`=x~c}f#tMoXZ-BT%n^|I5 ztoq=h9GOBBF%yQ-vdw*2=Y@61VT78T6dof37R(EWgq&0-Uq;gtBSON7)M)!6_r>A) zx)ibaB7(wFnp^E$jThEGGjy;OyYQRMLQ)7Cf)!`#0Yy9n@4(y(`*&F%ZxCW#^c1#De=7U&fG7E1EZ^7^Ocux&q&p3OwgPX>iJvsd#9`A2?T{1j7B8; zGr?2>8cssaJT-}l44|Fp(?bbmKW=qmzlCiPaY`r2^|_5YS!lE2M@Q=VTj5Xkpr&RW z|4X<20ri5R%^UqflG~mVYld!;?w!4;(NtV+PW(^V_;XE_JL_LQ46i=LUTkG+*U}G zqP}>q;bp=YzJ!L(!2!W;)F{a&a+CU~eA}twGy4ID)a$cRTkF0$oJINxvOT~8u#r5c z6&(hX%lI0Q$$Gm3qObM|Z>WeR&08t1^M{bo|2 zUAw2hEZf(u!Xhitm0dA#b;F$Pb?L>cwI{U}W_U|o4+MnYFha@Md202~6jwL`Viw6E z4EWSF@F!gp)(gYm3b`1qOg{d$#-KxBM`If=y)sn_fKHulz+{e1%p}c32=5~XTm_o> zG|Gyo&0qqZ?yllid*U@|@{$SnCIieWcUMRmD0Iw+KOS8o&~lqj^1@cBKA>!kEGq?Q zkHC}&?O;aCCGP4ueh9cJXoqe+5^Se-c!CG?unAo-YaJNp-C=ZWy!C+3t@M;2S=oF* z1EV8-)Efhseey|{cjszY!;6(rtGMhI;pNrz7gn&1$ybxvAl1gN(+>9}tBVRMagX87Stp*`FJ^T6Z-=yHvL}JulCo`A1E>+0)1N|v6j1Tj z$>`nq`f4JBtM%5Pe+lgoZj2((KFaiLc7xgUhBSmE&zrjKF^M;ne)PU^7HLvgvPL`C zWKz#eOQWV%Y-CdA(O3d(I(mSz|*- zSYQ6^#dK&U$>rB}Q@K@sXD`qG2+!^CMnMuzAQNv7SL8(3Q**u`+3d}4%TFQkJ<(PQ z0P<_9Ju8GhI8X6fG~_C2DwnBR!&6X9nvA2gC$Zv3pz&MFr@{Vo0#4pAapD06n#2C| zNaOrs)TUnqZ+&GOz$9~gNmePSFY z|H?54&y)i2_0Euq11_^ns*6mP?& z-bJ-)J-c2}5VNmg4~(*#y0hoP=Q7erRD|D@hUCpBY*8)KeDBuzd=p+9x2A)w`Ry-X z_f>yH_3QvH)|{ysU-};y8qFZmWtk&zQUl;KdaDnwEuqetvGVZS&~SGjp;?V{C_G_1 zbX#ETc~ioBjrdSgX`v!4gZFXW^!mmd_2d@7SzuYe^&T)YyfH(|a~|);@zldJjyw9l>X!9(D-!)~bRj0!4h3X ztjXQvdA-d-1NXpl*4mC>g=eD@GBZcISal-F%|nhO+jgV*+j<^cTw;@q{xkFKsAS4r z)<8r%oBjyOh&#VIbUAT2HvD;Clr>*ZSmejc`O+PRfZ*=43jxW`(Kp!aA5gy53!$j9 zXJb?v-=0J+);K}GKAse@XT}Hm>WY^~7M4>FKpX^$m|MXKaiQ9`(aAS|`gtGJTBrj%2dp%^tLBhaFUBO{0VApa6Nu z2S9k8V1bPc@d@uw??$5WcyVldn-TAmZby*iVFsc7CWxdLKUGat9sp(^awq1#Zsls) z28rMK!U4axWJ6Mfiex*Egt!L7w#oJuw*B$ikgs`d0Ci+sV8J zkiM~f+W3JNjn^2}(`&FpnqLC7YN)l%QqjwnHQB9+t+6? zO|qUugPi-D+Ct|ZJyU1-^K2hr+~+!o;w3drbhU^5=g&QmM=p|0LU^6p$%}QPl__qK8&pRO-PDk{mJ$ zB7OPH`_^&HlWoQ%9!c3Iyjf^#*sW0m zoi%=sy7B!}U(;9M5}(Uo*!U(QsSzkqmReDt!i^2i5RhdU76O7baH+2UuF}DgIaAXZ>=)uZFCV3Tx@&>1c;o@L-OQ(2Pq2p zwBGq0jn~BvGAhCi;x76$Vj8!dv`rr}>TD^ZAK%OGle_G<8~xAm!UMTVE8va1F6591 zxISl>z9CnWzKq_~yw8(wRrz{MqU)YqR+g&F!X-+R^(7(^-%Ge`9)lMy@hNp{zgqWN zvfT*PAzn5Yf2gO@0xoD{MD}9W?1^(z4Iqtz{v@1j0zRKo@l#)08RR}4oG!L&5^uGm z>(P3>w-(!d>!HyrvZLG_L0%)VJuRJbm^)%_{JP3;4}I*_jCl-%u%>H1Y8OOt_u;Fc zb@X|N5mTcDBK?GhIh9wO?emH1Mo*GK|Dp<}pA4>M?n)Ek#W-K&)%c2j))kZ0365Ws z*HhJYdcPWrGh+irn8}0=&H6%1-bxo?)6JRfuN2fslhpXK7q^%PL>z z@QB#dtWp&E6&c{NO2Lwpn?I*;StB>GyH^mXat`|z!vKxH3Couu^<~(MH9Y`HnOX%_ z3SHfi(t5N{61a&COhDlMkOU(&j6ICJ7LhCG_W{}0g^@VB@q;-j% z7;qYwnfhPy_zTz)!xrdmo9TFYK?QpeiS#Qx`bmS=425k4cq0l_)Oj>MpYe}mU*Gyi zdlLu(DTDa7nE9djw+FJGIYZax5^y8?&oo%x_m2-mUD5jD<}8Jh&vNrtCuEm23KR{~ z55zQ_TFW8mEoKci(vK3@6x3q^wmB~1)!_)qLr~xl!!SbbB~tn5xy3`^;X>o^fWrJ_ zR%4$51sMABXZQ#~;q11Hm}Fd6bq?g;EQnqL0wHjTtObb}ulvXeVwlTB;X2&c5X78J zaw?FcrJ|D;Sk)AyT50YgoHrKO>@2>AdVh zRO^r#&#SacQ+DT@>$(!wL|F~4;~#umFBI#$O`M9#Yn4!&ApmdfiOa-J>UAV|yTk#V zL2oM)O-K{gizC+=AaT%^v#APjQpueN3w@}i2E?Kr?-h`tN^r4q6uiaVVxjF5pDG7- zmy4C_6ta_?1k|hbP-CR`x%W?6Dgojz6iR7>AtbO98$E6%-h3(=j`(de+fpbJI+jK; za%R^3L0__!O|=&M)vuHm{H1%osA?f}5DiQXhl``FGjtY%i(Y1$Cc|s~9P1^}m-c+w z+Y_>D&TYpcmC2EP)|vLI4vfg8gK{r<*a=NV~u|g5ghiB(6O>Ahk_hi zG+xWQCXSs7xEbO6@R3J7Xfu2|jJQEOZ}zH%pm?*38k5-Pd|o(7jgKx;cKzTiI(v4O z;l{G+NY>L5LzvA6!U4rGCPx~HPd?9;iE`Ejq*r!ys*fP)ARPjPS3PoVw4CF1Yp8_e zx@Q7RM%9vTq#jpjzQr(sR+NbtZ}QVKnKwiViS~xr`c(A-uDw-BiM>XN7@wI2Lf`EK6Y8D>uLwHyFj^=BbSn;#eoKPLXc(+M z4I)?aD5g47%#VILPNe1%Ca8lCTO_b7b1(S>)YxRL_;5#F$aI-!B>8a;Guu3cP_E72 z{OwHLw-})=XQA)HYP2pPdf?uZdQH$H`TkKrEn^IOGvzRWe zr>I!=YAc*sY~U&&tRE#YpFW0HDDuG%lq4eO2xE_8A*X(B@kT3uz zkxq4k@{TdfhX5RMv^H^l^h=PU=XN0LLSE9U5KTcp!)SZ;7~wUj0NNdTIo7$#vv&^7 zJudVdf^X>n{Z7HRW>!0C4RF!n>rC$GU*Gw+AD125huOR58K?(7RUE?|@mdHwsW3`> zC-kvaLlyL3xkzLT7vf$^Mju`j9l-8qirz;)1eni$fxJpS7THJf+w}rA;wq^R#3@qvEyOKvoZh32%`9Y>x1 z)Xw90AM*&hJC@cl1oY4S=_Sg7dZX=ha+%&9bM~ZI2tJz|%FGVxq6Y_y=Od}_9=pwO=`QUqO;KI1d}lINA_BJ7!R=AM z1XN0;4DD$3+s6Zpo{MsjZEosk$}n^5avDDTOa}+r5%7Tp35=B7vlFOIu7%p>bEUlC zR!6q#p(t~utkYzni@5`oTC%fFu4=0E6noxFB<)gNrv34u&-8;WPQxUL++Cw(_1Xav zoUX+x=Zh0kHqB%pUNXlq7(Nvkwa8c_l1Z7a?xV1JiK=@gxK~7q?YqjeM>J4#-4Uf4_fDrc+#l4`F9qM)j&{DBnG+AF2dfG0oYb-6hcce_)Q zc^*-1`_c@F*2awx#%r7YK4VTb7p9srX(EL-4)&`i-W#!vmbg(~SI zSL=o?X}m+!2(OIJ0uYNm3f|-vn%Uogl~!^v)0IE&pKO#?FioIpx=MBe9@!nsq;)Pz zUw<9g=1JVyr%py#0%{b$$JMAtAoS@d*eE-Fsi>1sSLUE9lXvBvpUko(zDcw&vj7Zq znxU4)x0HC~?Lx#d<5|1U$u?+-o^H zi9I=1w{$g$CPrdI$M_T>vU~I8niW6Bg&jB@-pzj!y79jHQFsPj`UY^7ZDNmSz9XH# zQ91_9$Ii45NB>r}hCKvkRZbpF>QFU?J$dxkCd_`>P+^QJwUsV? zKxvknXP-U9@)vVks8tZ@FgrOSJ*X+E2AJQI?cg^z&ASL`XU}b`V^|%{!tr34=kt}M>dYUmmd8<7UfWOG zOe&MeEuBrYEX?n@sa(%jFgouoK1&gjO5RxPq@|a*RTO*hI`EJyts!V1l330+t>3^A zPogo^mMBgt$5|^YBsLy>)SASx6VSHMk(W7WG3MOmP}W|dn=DlzQ`WR1$zBe?a+lv6 zX!w)L1U_#L|AF$475+x~NKNxYari(tcO;fQ0M2L}dn6V){HNplFVCxiJ{sIxh}J4e zz1Nq$GX*ZDlA7Gt(eBec9O#V5`#Pap?4;XtKMgs=eZaXhK0sJyTIv6c{>zDq@grpe z3Dgx3;AztZtoq!pa!7bD0$<$-ei1di%UvR4C3BMbBWammuix%nb0LNK%T4y{=Y8NN zO5^^lUIL$e5H~Sn#(}{dAGCrYdOK-ae?%asT1jx}7+BKB1M~QV+%UfvbX$|T=bv- zQ*lK@% zjgmWibS0EF_85}d0vwb!t)MR434aUuk9hT8)b{7U+&(~s;OPmg`2PLc&0OI7w^9%_ zO7Z)qYo?vfz)1V96kL8Y`zs&(Gb{W*K3}ka0)t_ih&uk?uk~F9ic=--3b4P^Is39Hi6&f=cd#IO#Gi8!tYN4 z6q0dT1}NKPoq41Nu&o8`Bi~h|2og_PYkp!e`XG9slTl1(;wf>)ae~jRD3ZL z@zwl<^Zb9Yg1;|)iUP{y)5LBW!(Vb>5qsA`;S%Nl6Vg9={C`6F+g$z;$$uXFA*9ZT z;S3pa9C(i81=op#vik|i9f-*1Lkaq)wm$w5(IbX>+1Fr+(nN=|I%WFS()e_=jSRWk zvOnMLfRNvJ#kH&H!3yZ^R(%{Pc_FMEbNX2R^Rxczna$>RpR?ScY*%NO|AXb*%PUbr znBcgDb5Cxc`Miu}y;;l@6R2gJ-!wW|{tv2wASo`QbkSVN2!w4G)*qa)fu0ap36CH3 zU6^&jj}lQQa9OFtU?i)Yj6o!N1gBXD!882Zv+a|&Tfx31#s1+={?p58liI+-e)6lV zj4s2H9~Eti{lCoLzb~<%f{vsoT~#Eet3p|4pjR{MFMOYm>^Iuo$3nuuhQ!Bzaa12z zhAmj{O#HS|LG$b`PB*dxI!)GxJGONU8Pjv5p#!P_d~ag76x=F@(D#Z!579Thc0eNb$WhT;vb2&&eq+9& z@{v(>=lnY3+T-b1Bj{*Q^{usHQ1{fKRLYEN1rp7jXJ-S@{o>)8Y5i7D@*tTco*`+e zTFWzE&+90yD*x^7zLCz6lWTk_Yb~#kFS*9;0r2)>A4dIjEOAxlWpUG4StfjA|NCLY zzT?F>>*mD4*jwe$e8t&`S9RyQp7VUZcr@^;tUR;+luH*+*>v*Nv*UMiO(&JCqts0& z;J~)yWqwxa?djyVv3G?8;1+Odcg}n;+DN2&cYmjFY*TVLStz$Ls4L-BUr=tjvGl!S zauS1UBhgD&`DdxeoOQjn6}IZ2%3i^1#i$eIA)u)I)meMOK8J;>vh>vMNT;1<{;gu< zTERPuKKlB!bMCoPRmy? zj>3#i*%-!CM}xig1Y`Z4efjNt{j;OAvl9>9P1DgK;LX#iW8tcnDtVdiU_CDiaC#3= zUyvMsQkVsB&Ns}f^49OYNS*`A>CANJ3zr2gO-nmE<2G&*&zBy4ygUegZ__ZPcbF(W zr`uaq9@IKKm*g>4cDvEERQ42_e+_HDxjXN_YG1s=pdL=d^R9lTKYWtFuxfq~nQ~X$ zbP_)~N>Ed8MQwF5-ioIs19ukhDi-#3fI*T^H`$nLR8Cg`*oJo0{Zu&NlaDA@cS33x z$reh$Lvn(JKj#YFJJdi82r@8R;16ht?V@FCMZ~8Y7B zxc2%Cj5se$KfDiXz@4 z!#>Cm+j4u>=~N|Z+9-irQ8NLZ2|x3e>R)cgMh7^+42(!kZvh~pNw2gDbcSB7f!#E? z2x@Gc*z;SUjB3SwN`L7H~AXu>i&>lp-Q^Z{-FYRjOUd_6=6Hnp*e6y~MXJnzgNvo{Ti?4b$x%6qjW!CYp>X>(b}&d7D3H3Ji|vU22S#9$0zSihrG*w9{;87=#3kY*8&cC60ca!q z0ZJ1`zh!zo__6cucKnOVZ=5uroXd_7XEhr!a4X|riu!Q=GXC{DOD?Ov8Wf|1P`T0V zIU=Gt1nKlZ0~-TA7KAeCt$kr&pRv6LAhOJ*nhyH5* z310=vDmK!B1Kr0>rb#iA;_P;f(_&TWdf3w8BMtnfT0KcxzWzcguPlF)3U357VwC&0hI_);JJNqZ0$uaHvc|OG+8S@N6k-?d`?JW|T-;+Beu^{*M zQo)&eD#W5q8K(Knh;R@2qDUDAwWH}83!MKq qkn8xL@Vb6D~->i5~5>!XEn^sYq zv{RzLdPw@Fe@%%^{J%`Uzb^SwlL5mx8Zoyl#*%hncMCD}bu}oXFa;SZETLKkB}gbJ z-wG|&?=2*u+tLGaob5g=i@FhG!si$58&pE|DS-Ca8l>|(gqF%RDf1-`jhVUFV6XCG z5$B1>C8bAu4#HMbtYB-$fll!beDEI+D*JXRQFJF-JD`x==7A$g+0$de(;{iI&_ER# zFgu>W0w1a{UlxnsgG2TM*>}YpAQ3Z14GA`h-h?YYm`v`#?*MgnObE(GDLX*Pab7`W z7#NmaF8`qg!aSRnjhM6+m3pRqs@8zLrSFL_3ajy&Md^&}-PrGdI6wVqsf>=au&bOd zVU=4tv5QuPyXj%tKRsPDzW<-R^I!GiJ4zlyhPRqP5sJ4;m!*IDRRwC*>2!P`_!zif zB6^?>Bd-ZA)S~d{eu7*oR(Sxy&9#tJ44(doL7I!rN)t1JJ%YyccR5hVFSi0aW_YVG zLcN#RNM;Yo*tYj#@P+60*^cQ@5vQ18hSRp2;NYg`;FOON zsxpmW;f*ELWTC$=i?vlk49DK~fSv%mFAjs-8EaI*gX-b<*~b=JXi@B)(sIm^!o@B9 z`!&-i_6W;axG-Ab_qWDb_*Rz{xwF391b6N#Dq^T;Z=#12o{|a!Iq`^+&x>t*__YxN zO|@T1AjuyH_@nAIP8l>akeO72+fWV{U9&&nCxP#rWg=mwsHF}NnUYi#SLRQzBy^P{ zGJ8=7e2WHl`=Ld!&T}_?#~JT>R>Exq`ogs}|7`l9L0=&VmzQFUf!m0IO>~eDd&(<| zA>NGW%7wk2RU$~9v@muCHNirO)V}~<6W=>@+6V&H7(g4Bi(M9ZfhpNob{YJCA0V{I zfVa}2tcoB25Svcdv;0#5cKR&8^b!$M-H?<@tWR?7t}odL%1mhrSr7ydY#w?vJmh^> z6nXsR=(cO5TWhO_u!1y~KN`rzH3izU=ghiv8&dUm;F4GMqeFEL$fvCKVS}vGp)E9% zqQ_?7Ko%v3G)sy8KtDICw64ijj)sCmW7Gr^der?c!zx}SiB@qDNMD7%gFLGY5LMJkeW<|H=Te>z+s{b z^jC7emCXh0#8!0wLbdeirCZ(2e|Qi*S+a%Ego`!F#0Z_L?3n+_>~JFjCel2<+~nz5JWZY?c&l*Zc~i8@AGcZHa!ZgA ztcYfitCQ9@FsgkW?>29hCixQ#_qT&-57jjH!{shtlSsB1iYVq;a-VBLFzU*rh?)9V zG!F`6n|Rc90bS!}tUJO<(0t#M2|HIo0R4X3$k+`bzbtmUOrY;RJ4AI^=0mN7v~;_Fee^T+rNtj$oB$ zatXRXi0pXern8TH2>-GUIxPHbkIf##cPar zvu)yfx9K&%`s6I2O*gyD=>TndM$*YQT+86 z&bBgAu2PhW&QM#Qd)lwnY+H#Cg_VAx1Yq-=IJnhugYou9%@1iopQoslfIsuD9I{WM znDOlL@t%-rOt)jUM{W;Ydg7o?U0z8kjQGg{N?jj6u_QC)3fPSup(xvU98u{R53 zeF>ROd`wBCJ9*egHhhxsTK0wgt4)=VWO{*3R$$~O2HGy!O}!*Xjh%!I)k1_4QuAJ# z1^ah40$x@`f6b4?OS-V_Yhl03kn>w+5(s5S(vKLj#q$W@kQp^=Do~fU9nT`akebZY z5(%4{L(i8AhHH!!3~{GLJ&=F@s#G=VuQ{>BV!42G>e6>g_L!+kpj{1P=Aje;3969R)R6 z0B_Z1Z3)LwliqBY516tNZxR5v!u6Z9SHp#{lD&lsBBsaSLfHM5LyHsNH>>eB5Oi(m zc6L_dCy2w98SLx@8kZKRXOfOs2ZxHJ&PwcytHY4kN`Xw(VosIrWTMOqQZgfhJ5<^_Y(r7?y!r z71}KgQd2n#Q9~=#szy+DMz&l}T@5nx3^1n6W4HVYLoC>j|Gelq7I01~d?q|scN)p8{xPC(0+lYI9? zyi68oa2g$<1+z;KgQL;6JD+fWZEzs_YlbAZNFZg*nu&<&d>--qba6K;gwtmGCqTYH z1X_V>2;pQYB!rbQ$YmeU^Sb6LtCRl^49MZ#fH-Sga0v;&%7>kD)n1$hAqU(^4A4r0 zkq95UMycSfmh~gMu^`}|)n?ya2*X9+iL|Zx`L`-ou}g=yRY6IiAXw=Wy)x}dF1H6R zT2FT&?gvK+V1*E~CTQXeF)Sk?qWSb;db2Q!EsmRkHX>gpI8hXQu%C7KHMNMLjrGL8 zW7DHVl-ulpf{tqw;#_9}2lQOh`aOlxsVVIneq=9k47}?f$4dh#cx-9#z1PqBHoamo z2{U)U<(nx4m}zp@3H#hm^uXnl_I*P+G8z)eRZ}g}*76YenB!ds z4@plB6E?;krxK7D*zqe3HK^4MoLIqJ#4890&(XG;CVVas!IoiI@WrjEYKcd8g?n^~xCC1BcGqB9pL+SmJfg#v z*JQV9d+1fEYOF zGi6TJ)r@+KwrAf!M9sb@!UKS!Lg^@%O^+o4(b7~O#Y7<0&#@=^r+Scp>bZtu&Qyek zS)CBrcI5*8%bi{$`d)GYGj;!Ki++9N*{p>fkQy6+ zLCd(JN98PdPJeiVrFuUxGh>%hrehP*MLi}Ppo6uiIR+gpEo_B+G)u$hWc#6r#8Kxe zLlh8L84d4c*LJmDsF1bvLuS!}6?2apy%lGN^pMndLKEx(g_RPpzJT4)p@B&XsBV4LxV4pYZWX3*+r2 znk7dIG8KGE?Evw|zwLDNQ3>>wkK;r$Mk#M>hd3nqz|xnFY#4n+!K}*@ln;cPrH{z7 z{9hc=GEb?V zH>m>NXI@ok-2bQS#j*u}oZ&e0xD=3ZTCNu@r?3I|`o9yjVw)Jmn+eRWFW-#K3CQhW zl<5^L34R)V`Rl&_7;6P6aEKM4N=ARWGT;=jSp&ZHX$zxBJ9+?Uqg%hLr;(`d%8e;T zQW&^cHX$NKP&36xN=k^TdlpeOLzeB{51($-9ho|24}CbU!R@ZXIL+q#N#6pz=~267|4Ns zKCV`TDOl#ffuhQ$KUeVfM1@b|gd(aH{9?HidxGMZ47NIj@<)e?eFrrgvqJ|O*K=lW zg;yxn@g}5&)VRD9QM+B^z{B@@AB6iP|Td&21NgA2J8qxF-?F4wf>_-ZohXr zRDZypO2Bu8LyX&cke<|rnhB%Zgi6rVm9k8Q+JcoD2R`@!q+ErVJ`$3%9DaR${o>0# z(G)#m_bVZ?R}9GSQvK~Lk|`T#_GqG)DZA&>9Mi=$VaLevbG~4u>KU=?g{(xE~+FY~IL^YTBTWtT~NmZqQ zQ;J%2=)LRi&qsy9J2)8}X!gsM-*kewSlycfklWbz(1EhH_R{6DGDjKVbWe}<4$(+` zjfGm180)VJ8~PNp=!n;HNJ5g;DeD8Z;)jTh6`WsOXo9qW?AswQWmZp@ldkGHaC|Kn zRfhh)pMVC06>zcT9CXp|3>83#k8+*DgKa5$R>e514zND*q?A<Rb6 zv?n?&Wr6agom13OM}wzsD0sdN)_y%DP=r#O;iUQ_1M9F)00C{84(Bi7gX2AiF8#*V zGc@DUgAsn>0|nE$W-WD?58_2LDnAz_N4Bey2t98;s(rb0Z!>5G=1m5`9JsGv_uozS z53Wqhj{6^8ybJd|e}-3S`OO6ECO8~hJqrPl+Mq0f${ZAK%N@zG12-Rqj|9u{)enIV z6%p1W@$>N4pDIyvBnn~Ao3P>XIH0XUu24Tg$CQj5q8@gHe!2>?->PDtCgFspMbRK6 ztbuN;|NX^5C*;`=*ul}o0n8y%$^;Y4m}Ao$@L`S4gH`MJ+FpF;PWcGgDp7;Tw5Rh8 zynjcJ1T~n@qgU_-DRLN@_#-1CZJ-km+z77Z+YAv7ZM0&2bUy7DH8-zgFcdVF=?)?e z9HOu8Z?M?vM>NGpFLW9nrh^`$gk~#{*{2UdqPAa}yUa{3p+2w*4fY z2}WLU=LEP~wBBB0s|`i3uaT!Ff%lsi`20Mmcy!S5 zx~sufsw~EJevDBGS2Kh2f^3CQZulvdxSjm|9JC;^`I9gfZ&j;sm+#;8miit6rEIt( z{+bSAU9|6dLpN&K6$I*Scxd(92S8}UoS14O5xO!1PXM4$>_Y@G!HM-rsZv8~4kQxe zPJ3{9YQZlXrKs*#IYVwnL&YE{A{g!OS5pZ<+?t}Q_=KF71{J+II+Pmxp7->aq`%p3I-%q9@6vPA?l3)25&yS+&1QBwqw>E*^0bZ6yj z)UARkd)iZh-#Lg;+t9PrjE$V$PoQ8Rc$D;MsE&-t?ANCz`75i1A^7vFPxlvz(KZ|S z7&}|ZcwbFhpeMLL_T&*y*$V3hJgMogw|}5cF6%CxvBG5VAXtU~5vN@tZg4cNgQXK( zDzQ{+zp$r~jr>ToGtD*p@#pVIc5PI@RncCXyL-G}F(fw)hTDrt-_@E;Aar!`BCxGY z!^s$VrxL`n+%~^jtRnkeIptk0ZvX-Oler(-zk!0L{daxslj(u{F9$~S9yy6t%~ODF zLkozn^o~c5s7)mo4pbzEjL=_OZa1+~Mx}|i&BCLGGmt*x?7<8_NX{R-@yL3KdxRLJ?YYyK8W4{)NBwSrT1YuAX}Bk~0ZZ?=Ip#t*S~K+^L(TeoGpBIvliLas7b zf5~N`6kBPB@_rZ(cd=drmvX1_AL#KS=f&9&Un zJ1rA;IXedVb@{A&36O7RWLHO^AB6s~+5k?^cSDlo^oT{jzK*Ntrcvd%K6roMAY1*C zX?#&cKA7!2h#Alo5K$gpb#%ROv1%U4=(s0|xxj@^%c6O46MW6^5PP^?eTuYt3jppI zTk$zg@C9j_0z|(!X05vD?CQ z-h3((4^XvU?FdC@EnwEbfF0VLuFZ7XeB_6!--5;jtN1l)Neq_2fFL~>;d*^ytG z6$v)Hb66$};B+K5Tn$)n9dB9ea|hn{^V0r|)$t&_%N~aK8v&`4-2RielbgODMYnyY zFXd#G!e$Wk=BYaeKDrO&zWMJk-X!f)tlxh5>2=SPxx$R+?d{40d1Dd;rP?R^@k-{T zXGFDVJ8!4a;8(e&2%@UrId4{YDj&(W&7Ekm;yDTygyaZixWlVn_No{6w#N%8)VCw; zRpvryQI@sn%8jhR16>%AjRU+cgI=s0$2M@$#9hvIJWhAKlLx>>_Zx55$*OIW=aGMt zK%b+0h1Eou!RW?djV$_>_LE`T!-DOvc^WvhZZX^;;O{TM>ih`O_T1>nMu&u(8tY!M zw(RzuaF)y<&(#dT7c4M=2Ote5P4vyks%)dYl)ESjCOBF2AQpVuf7BQG2fO?;f&Rh) zFz?d{M#V_tZ}4D~@eV*a8HIT;{DA-z(v8PRRTs3;&YYtLhWTRWb)JsiYAx+ncyyp# zWU&w&dDV>AhUJB!0e^*xP%50Ecuh_fQ&rcq7ivud8{v%D7xL>S5on|L+LNr|`UR2| z{s#6=I+%tuw4Kap--&V2H`}S}ro#rpCTlqc2P}HbTA6Rh>CyW8rDrC0Q;{x@6YxYf z>Cuk(?U4uYvOO!6viuuABjrfH&?WtL=S>N_Q*jV@z94gP(BkcQ{>|l~?uO#^GA4wH zS0o^;{0)_m`a7`^?<2*2e|u=rnVIj(Q~vhx-Fhz|oKtT|QFgPM_cbIDG2fU~6TYk& zz<3;~o)XW7u88N&4{pU9a*OimM=f|dpF8X|p8KcKAU=P-^#!EyZ6SST&8^de$P?fm zey)$6YP05F$jHnX;3^FUo*?h}ocQoMoGD1MDSuz>I4s9DAMtqb88hl6+jZXD0T=!G zu6#zhK=@a<*@W|s%;3M^3H_~+O*-H#dhaFFc<&`-(XmQx=>WGiB2fM`R)t??a*s4`3u*2;;{Ew=y+YAH-$*J@|>X zpE<1olcQwia;dK9LVMG`$@EHYm5UwKtsH8VDcWE*J$lC<-#u>!4CP`D_f!uR!RnYd zE$YB4Erd-cBgE@;CkLlkoIozY5U+P#wrI;=`4nlI84n?HtiNs2yUVN-`*KS0F1NCH zg{V$hk3^~@#I`eq747=v&F|^lDwONdIJE23v#q|3Cy4t2+-trc;gV4KaPN)-lx?qj zoB&AF|9~fE9rME92qAB&+#bwRCguxxIM!<%b>1G7-k}Iyr-$-w#}lmVQm7kq{bW5E zD)O8cf7zuCMyg~EEUD^uAD)YBvbs~Q*R7viZ30_5zhGa;{=3xS-lY!7f+zTo)LGx9 zj;*MzAOMs)iPl+a6Hw}3WpD=;H1~7u71-)zk3v$W)b7BqV3Ro~Q^LVYo~kaV+~Cal zV6-(HUIHb%W`TK=7Bi?Skqs=O?}{Y`N|UmyO?pV9PAih<3X7d9uj0)YBmDlL1^j+4 z^Pt?(d_!(dR&0Adb)RS$E1z7x(w77pTW58-R-3gU2(2A zGD1I(a_Rk2j1KP_??m@ahmq%mwTHFtI+f-2xug;<5%{halu^6U<#$L_e0&R~i-hnnQK&z0?4(IFcf;lXF0{n&@Q6C?8{v~K8t-X6U& z?XY|NJJqWY=z@=rq9BSp&pOU;IwIR)TNW?kr=u@*pz90Z)O0lQ)zsjbnrXsN^ zhngGQ`z^VldYm`55XLs?uKZp=R=#Ai|62{d=I@D#xrGnF!42q!kQa|BSE$jNIQDW{ zo905a2c5q4=F~Tp+!>M#ehK_}9C4g=T+&ie!`^o+E8Y#gn+Uqs0@e2wyjR!Ra^%>C zGbT1Uihf~IG<;EI`=Nr~@5PT4bqmcO0=?nBo@a z$6_J6U~i1`kZtb8YnHt?{}Ev0uGABw3zzL|iO~KK)`~#xeTV21=*k zVmkg-6p}OpffHMY+X3#F+BC2rm+)KL9I0uK+IOYZh1?PJ49RyzS{#c7W}#<$j==f4 zNUhNXI#c#@B%2o>%nPTeP;Rn{#ROBrE=KQXRA|(U0MkK-w#Q`^oRdqaOcxtuH?|pK z{*gTj@%~$g+KU^_^lGX@R;jlqH3z8(c9fucDy~;DkUPRnVbgU=Lt{h2l`>yz3#MEm zK_tiNUwiN+xvPycGqH(@9}QAJsRXwbO#RBa`^2xN1)AFfis(Rga_M#1h0s{YxP z!tS1^##B*Q;*tL{No}FLjRa$fGA?);-qR50TY4X{@Wg@imZmlm6YhJWu4NC}F!K#_ zHj1#e81>=1(-*k1#obgioth7XWf0%;@?tQ(tmMlJ1yM7(16W*xsOmxvwrbA_uRH*; z?tU@=e=>^CjPhG1I8Ii)t3sfel3nlsN(58Nq8L>gyb|KvDT?N5^Vht6MCl41b0ntO znwUgwsM>jWTL;?Y?1+?qxQ=B;-AZ$KF(dpL558I zYTL4e;x{owCCckTB!HMwla$j*2}-CV!ffwB#L4gxR=?aeV9TXpL!;zi`bksGzf(pL ztq5+bbJUXLiqjcm5+E`_z$*OFI(2eO6!eq7&+5s@bxd4b=m`<+ZvjS=B+M}W&Nt(8 zn$6m>b+%V+=Q~VEJr?Y>HK-o`!#D<{9qXs-qTIz0KMF`93S6SKFM14VmJ!vFj?SIc zcP|^~#W|QEd}uBcUsthZf7oXnxMta(*{>}qA4gSG2x|Wj(QqPk6+yGZm%tG^!$o1% zv^dEq**Ol)i(Ha6$ZiQE0`}B3E15)=1F&BmPxj7ei)iSR=jOCVl(3XEdau>vz@%wy ze_srY&*G9p?`U;?0+ht{9sQVdfEiIv008!;ts-K#IvlV1M9ws=$rW9Vbla^-(c`lu zMa`1NDCd<-cV*ZZ2m4kb8#x_q?ri#0GS5{TJJ=o{)~yNzZCV?jbWPj+eE$0DT8r`l zp5$^@BWzmBcySW~SS4>3&K|NSdjwq{$}@?u=E#PFurG0}*+l(+Onp;yWNo)@2OZl^ z$4)x7?T)Rg*fu)0?T&5RR>!t&>*V|X{qM8Kyr>%Mu2zkAu19N5{(G@1^foSh&CqUa z>@maj{`>{-_h>Qd zs2Bw>-0j?t3h~jQ$UmA@s6ipjuUjwtx9=84n?HNe)RtqB4i954B#Ce!5+IH?>5oS$ zuNlTM7$)<>2mKnM_E_#+OR8m~M}t_;dCm$(K{oFs`|Cii>~p ztikTjaYKowUqZYQ3S{Spb6ExLbxDbGIs$5@J( zCSj6%cO5h#V@N4NpeFWX={MCJDNf;B`1lcSI0uR)!0!_<>qku;}Q|LI*BGB>5zH z#xg*G;K2a*^s$hmL(xgCRLQ+k1`Xb0D~vmDe=68WT1dvE?jcxno$DNhWYJds&<-0Qdt8VHvG^5yC0*t}0T|ENvXA!}zN)Z7G1Leb5H2fa*)*f}Y;OpExuZ~2> z8yfml(B&_BT--jxZJuoF@HD+)->f35S!X2LCj*vXxq^6K(Y#(CfwmU%Cmb8NHRYPW zX&5dQ!0%Kv(26b&+n#N%=ZYpwKiB#^Kb58Z+RrPAa;YUq-^axkte_6d3cfXRdb+mrdl8;d+u;&MgaJ7{OcBHRU(#k< z=Cvv5hc?!t!mpiDI3MjG;En`6_-XL=T)y{RM$tzH#0M{5&ljDA(HqYee60|Q2$Rp&hfLny$m;}_nUy8!9OW;c1D**#h<MztJef=YLq$I7VGW`*mCBoOhDX`#abN8Y;-EO?Z}H!q4p5}@uy2b^Uj^X z`T<3Y+-5i2>^)^otoB)!3<{?ykiy@@_Nhh3^JgU{Njg@D4aAKaxE|cu(CJ3F+h?jE z&+^oFSZI0-BkjGdatNN!0hxl*|y~CSzi`s3hZf?ZiM&~m{R43+;8&%M5ukHi%YPG_96V$LHHJ3MuURCX$JaN?osQvvVrKMx&g)$(~a^adLM)o|M9n zO#@2c01F0gb7`jGFzvxwhHPNwGwlT~e=K7KFO*~F2=!Q%a^71nLX@S(@GGHi_x=1- z>JoFn1^n61WG6(U<6SiYB|cT8UtjfvN&G7XN4meAs(cDJ3V8afS5q^*wi$Vz%YP>x zT@GTO64S$aP;a_qR3wlka;}|8!EFYH@nRIU`_CDD=_UEIcxaS*->ePx?Nj3vv<0Dz zbg&N*lvE-b_=i0>OE0_h{@jL+<(mO?Suz1d7#k1wr^cWxzK|DDuD1MD*$?(-mbR|v zjD~dC>hsk|A~4~=U#fBnJJ`+)x)Y2#guMjV-G2phnxTRVl2qps)6`;dTEc-^$+x>% zz>N9}@usMXqqTB+0)$#86#_TOX}ryjsE`>D7JQZr%)$EZ&61SbaPBAf4Jm|GIFqBN zSU6KtU!@kLwJ50Vb0Ere5dJOJur+&I6k8Afm}d9v##bieEZWWrgIAi+~N5U-&vc zjFJG>Vc2M44u89Glgr0)W>=vn?T?7OH7C6zJ2%5)kKc{xm>yY2mx#s1AXFG!z8KN+ z9mp+~0FVCmhjSf>l3wVEKV`Y1oWcX%Nb-)*&iu;AgPGG+tF4w1oRiqdEMI=4&9e@b zviQD_soHT&W{c%PFdH~Rf@YN4q$q7j@)phAFChJbvTh1Wu5I{V`19MZJ2UVf095yK z8oi+U^$1nSzt}qefbm;B0i*eKTza&e8x20r6Of_caeTMXGd)%#HQR)YT^GBbTweWv zI}lPRd#t#4orEFfB$Ob*bn_u~a^oIyyMWy8@K8+DY_wl}Qy-*GgFEQbC1cxWtn!4&Dw>@= zl-i7PK%T;+DB)s-=C{f}hwAcbMuy5y5jqSsQ(j>oV*eRKz5$>x(3X(&W}=89&9gTn z%6>(qy_Q1-CQ>pLpgPcoX~+NIc?W}nt}oSaEvKHKI3HI)3B#*?gw2&@Mudr~-2GeY z;zm-+4h)(nSz64R0VGmtrWx!K!zMVL&e9G;izk=uAZVCie?OPD5p)@(oIkVQIWrKVE;7&!AXPj#~}c2Jy?9uJESr5t@-#dOwRmOZyFo~Zd#S8y%+D3#hsPTSiR(C2agwMN&{QirFBPL zFB&TH(fqriY_hgtLwVyXm>w1MJ&u1e`gMJl5|q#|GeaY?jej&_&l5Kn z#Jlc%%Z7V}IlmJ>n(y+DDC4oM!NB#flMPvI_#Iu;54hj1;jC%L6F0%dbjW1qXvCRK*IWYXM1B+X>)8{be~5Pv$Hd6bSIOaZf-IDnOP)RL4GD*cUIsOv(c?G-zNYmKA5dUa;^+o z7I)aL)KurWt`^|BvYCEG3IWLaK)~h_E_2(c# zSF-#+z-fO&ZKd-61E*M^$&By>}8^pTpgEp9-=jz$bOK?-xr`8Wl7ANWJ&{<+8qb6Qzh zSyB!)sv*v6{OeZz@%Pu6<#{YjBKsq_`&l!x*fog|0x^IW_3Id8Jr{|LY~Z*7N6@yb zy+9`AoXQyI-JmfmDGDlQyz0g&DeSr}SKns@sksg9C*1P6PY^{>GSJKs$2oIJuD-Z} zhwVtx(pv5N)UPJ)KX2qcvbNKzrvqZb)s-Nx_WlvzCSVKvL#uy-=K*FklZ}hvcLjpH z-PJ!yK1b}}HuXMS&QpRul6(rugDkdhDq(ugxdKMZx(I#KvTM^b7HlU*3tq-Ef@BUSs77h zx{5dEa4?RIv~%W7_m;_bA()9A(~3jZsWslilWV5!e;ckX_T*Eii$>cNPQPaV%$J_s zRIrssZY#_43=X@N@w_AIJxSfA4@Y*#b}629 zMy)a7M9ms27`SD)o%71MvvllZI<_I!)5#EUzN5yVRqtD!k9YIgfg*Qt9+-ddd6vFS zS5fR#{ujr59rRf!v`{}=@J-%(^5s50;2-ta2iT`s$g+k!Qki1r<&Gm}RWH3j=Q-t% zTLB~x0(L#@DmOWERwl&cmgemm_ky|cmi-oUa#S`FlGHD0LMSiMt;N#Oi}_iOptZ1& z$%Wn0WJxW{MU!aFEWqN2()-x0U@8#DnJEcTW;~#u0{4WB@6Y`3tro=E;z6iAI1qJt zusV}xjLiMV>WG8(q!wNLB<_@jUutSUis6ig!$ujp+Q-H&)LyLjHsxl=&t!>1$m8i1 zUtK3+jaC-_Tsacgy_y_$l(o4~(jk#LGid_&AcTA~VZ`>z2$Fj;Dl~CAgN-#*QfI88 zzUWY)#=WF4)wzb;5$PYd!$Y2pSIm4jAAT+IVvJmKf;;+)Y|rLBrpTU)s#NpBbOttbOrAIz=?FXd zev=cRuw$I=Oq??O+D8>S<*R_MZ_nLQugK-H18ehni8XOv*mY94zdX5&kXAuKK5ep< zTts?&;62(g8Q)(MQ%EEY0&=teJiS&=n|x0}_7;7@gi*Nf;--Z0NS7peon6MJwea?V zOAVP8vDTWfP?FQX&qjRi^1eUDx|4n%_5nsyIkobFe<6wU?V_`a|7|vZeq3FOeKEB6 zw%5a{1-Y*;8haOi-oF$f<6neY&1QU+&KD79oCgf1Zj5QQu$HSX2>@=B6Np6$qMaW} z^c7GD=W@W*Ypr>iYIxszA$w*9+lL)9MHz zx+uSFoBD@HGwW(hnp2X61sh7h3A#t>$b6k}XUCTn6Cx``2tUD5+M;X@uL5nepgp!9 ztaLy7pFcx&yfe4R-^)r#xmrSYC5;RdRF#MfL1?t3c|^>+WMlAs<&3qRDp-;5$6%#7 z;xV_QVMdJX73bY(@;-Ne_h5c6| z#19pq9yvt3x!yBs{%}F~A^-w-QZ`-6`--XUiK5xwLkPFqJXgb{FV7m=#%|0wDY~?6 zs4ceokg?OD8J!8yEBb!M2NLg%>(FMaQ4ja{c0cKgsBc+<5i^N-h=aya;8k)bt#?(k zy9aX|FITf5HrSSM$WO7iGx*S_qD{(=HkKnwXYdftqew{B6I6Hmj%KP*BSoE*GjYY| zKCJM<<%p;YzGb%Xim^Ez|7}9FT4fb4%+9se^i`D*i_Kj@wR>W*bE9U7V=>vD3D`QQ zI9g{2_{NU=0hN68;Hwg4Yx3gO)lmCYl~bh1;se5s!BWobYN{)`Ed1px4*qf($E#LEGO2sqp)GF246ZF_UbEFRNbc=&a^n0`_3lUT~v#- zcNd(zAgBHx{jRCK#>2$)+n!Ix-mV9z&h_a7TJc)bP5blZrCOp2%O7$=|42iU9R+hL zU+3e$wWW&u4`&No%B<=5Vrk4T$BpLCYDjAsmQUdF;x+_loG*$0xB7ICEjW7Yz8e-A{Q$3DD3Q{gqna{DzteWSH1NdxDAp1 z`|_`iEY!9o%#QFw@%FHadzF&~E8&+azU~Pq>-&DpiQ@K*@MM^f;hC6nw!$oba8=R7 zs&*-H#ZUxx8%WKU<=OEGnX3iG6s^$`*uV^0)KdghR6i?GZ1LJ>6_lsxrIo)Ve<2ud z&0&~fLnYMgYP5rk5|NE_bK})=4s!?nHt4iX_kna?3^Adi$7Tb$cY0pul!>oi;8O8< z60$NxoimYxbf>$A$F5`o&#$l4TK~|NH*D|#4%N(&j{ye_o_jb7y{v&IfD+JESBL(4 z{t%ww^9*bSXc-ziw555E^vUnf8FvEC!O*D+|MvxqP-$B z2ZPyF&(<~grdY(Q;eg2}C==O_wwe(41g=lenplsoz#R-g#~qq*IGMasETK?aV1EuJ zIfekv%pgib5-)ajvCg`Uw0-&cZ%IcLWyfJGa&mvouDfQW$L~&FA?R3e^7tp#v&}nR z-t2{&Cph*q{PW@QroQr(zzdSs=|%_UHJHhGM@LLtRZHTs4S|!F)?Et)!IhkKG_J-X z>&K6^%?5(Xd2B<1&EZXX=6{&waE$mOKuMSqBp>xiGBF*M!mXC9{ z5dP)s$Ve!rE2-~i8cgZ$5Arh>rZz84H^eTto)4c`W8~R24N%tnHbr4^?J_7p`cY<* zq*)VsWP;1dZYq*vf*pC@!?H&iPIHA3-Pdg%Icz6#$1^O5m(-mr2gPPNS-~4oB8%`7 zpfQ&?8(x01wap6L$KODua>$ zj0wYqm#m1i+i!>uHVW~-Jl)t#C9Ii=Z0~BV+J{c_wP6RqUyVvM+mKr&;a_ZK|2q;d~1~ziua`fwdnMiAVE1Wj9qz zXaoJ%5R?Ccl`7&G2SfC28jP!*>CSNtjwE`zw-_e@N?y6UX?UL3BS}rKD?Z^iwwy@y zuC-sKa>yQ*BvbMmKDglQeZ(TzB?`!vUZ?!!4A>*pL$A#4zw&T!%i5pv@ZN0E%6jQE zE|-2+Lp&(&8OEol1THi%%JvriELEe_NpD@C1RGYWQAJL-kp(g7Pck{BsJbyXV1Q`2 z?_Q7)HLxcyIkYckHzVhLxi@k3AoLVnSEYgh{ZF}k11+EkaMF)QW6=adtfBF z+66dlVs_(r6y@{UCxU3Kl8>1aPIQZ^_Z()sF9`G?mNap`k(sig^4W39!dc7&Ip?X) zNho)KTzXrk{b;L(XI7Ole6uAQD6rn1yRbR_Ne9ykzugdC9J>O3j1&q;F%DLz*ymp}v0)4|N1HV0<^sb3hk!st#o>|AEj`!SN1ilGHIM z4~cj?J?LIfxRffcnhXKTtXVXM0TxCX>Bm6J86`to6HYFRDL1L5uz6#h zXUf&6fHt!pVThT3Rvy6CQ} zemPnH$v5(w%?X-CEuONHe3h-g?pzJpI_R}7gjBLy_x^?^K#yZW>{T3VzKxK%$SKF{ z&lsx<4C!&3gt9#U%MXlrdVg%*9Eu&<7ua0$hSrScip^@1bD51uOKD9@BpceS-rv6K zrlgNW=PC`&H0q}f)b%y|wLXhDFXK^(+2Qu&9k&GUkatGo zSkpyzk+m-8Zu%=F9cQmc1{-pzJ!cw#iIs{C{H1uQL>qLFz%A#pkgtf(|7lihlK=ED z?vkbtR~>Y}Rl=c@sP!9XXzO`^!plS>Ltu>2&{ZWOz}lQ1q<%$diytPEs9RM=bA}Ni zGbF$Dnp6|=>2G&6J@xV)BcsU@nuW|Efw1X`ahQ`4+^Wkt(GXjLScS)owk2k{MXm>z zW3C^-vRp84a=Sl=j1(&ns>kZv`g*sRC0c3VR+5L^my=O0(Re)GjNw#66}>YvU}Z^d zCZ4{9;dob*`$JB`cG;O!E9hroYSh_Yoh3ZKj8oya%_CMOvwVsXA;nK zpQy34OG5n93QnY%AakkcEMjdkH9ww*@yX0mgzrO_vH^XKKE!<8^_XBYG)?$9*5*p6s#Aq|?Lj2? z;)%HeXpHpOnzHh?2)aO7Md1okH~PMB*>i-bTi_X#{BA~Gu=)lEb9EGz*cVIGZGKB& zqyG2yzsV#0-4AkL^ZXvopDCC9Y{Oiy1r+LEDL-3_#@nb)C}In`n#4psLOFRH`~Htz zsVckCVii!O)0^RP52yJK^Ulpylp1b8bcb?12+q0&gfh`Y|CNoWioSRsu?I z=mWoP*@Er2!YpB~xRTAuI<9cqDH2r`8u&kTAp&0SwpT!Ax8oW{sow@TG$espLEjrB z*t?7MvXp}@TzwM9TFa?f!uaTU_MSwRyVRQqpUNU~+`tQRHkad8Fnl#q2)) z8Bl~r7pAy9@rO6vu~0+R_-j$x4>JcIIes3pDbe4U$WyZxUWCa*WXM9)BRSq}t88VE z5woUxbDRNY=6osbMSt+YY0Pu?Aq{6e{~HMtH54<&z*;x7kSWy)md|ki zp_L;lV_2F5^t!~L0N0#qFLzz*>8ha4QS*vkuoNvqwSGTSRM_lll0*h?A@NtL2TtLq zyTWmtzm({QHcP)PTfy2p)Eae9g=QXx*18ZijlE<9S5MESnw|D)?8Ppmt=?x+vt-QP z&CdyeKO;ofXWo3-q~PqEi_a&}Ut0$rS`bQgK}iCKI51nH<&!gtMpqD|rP+zxA!a;w z-dV2a^kZ8~g0>nDA^f!bD4Xf@KWc^BYt|Av5n1}zg)HUo(UlVq9nA09w8gsmx{)85 z3vG}(8`WN@_)Y zIt#^c<<^a4Td=N1l2%C+f}umBx!{<@;~ftp!~A*76K2<^Ia^m?B0FA3%$wGq>5%GB zOq1Em#b_UKGUB`&&9fqoqn`g8RHjsHF?|M_J77i!%KeR0G85ydH*RqAfKnd;r) zJA_}i$s3i8h3wn*iNP6^r$sXPhf9Ii%`BbKFV8Ci7XT)O{a$*Uf%e(aw!B&x1S_)QTj!j7vEG0!rs3A zmlC8<@8ixlKYPFqOo)ShkqH>)#VvE+KOrwLwd@&@|3q^>(Lq!5L&L`Xu&a>PZyhwg z*@&kg?N8Zg_ZL=0)wK=ewR2ars2AyI33lnmu97w%&kgM9agF87Z`xmFAhkk9B*VR_ zvXlU6!trXWHP9wU-Yu}%S%TOcvW*=#9~?3Em9+X!M2%Y2wa!iE+dr!-0bE{%a{Jqj zQLdq~PYsHRQf4#qo-fxpom3d}z9oGvRZc$yqk^oIbKmUZ`c~DLeOAb2_;e!$?xp3j0HQCA&R6BDTjp_evE~!) z0987tBUd!@sNqxon{^)Z?z&Q)(N!DxfJQg=2R1g+O+|&bmhzB1 zc;*ZhxXyENO=`*;N%T7f<*}ak1Eec2t-7j`te!fV{^TYUw7uYj(}KrLD`)BB?y&8+n9j-lXu8szw&hCqrXVIYPUP)sNu8bWL1@#loDJ>oSB12-CxOzG zdqzx^i~`M{7|VegZCDnH9zrIv{Esql{oPADq1Ecd^X)0a3aC-RRL725Ie>hxv1bwy9( zcMVvft~uuNkgJkw6r{4;S_$@XMFwOzohstHXAXB1+3fZY?3T+i_N`8$NyjR)b5LMm zr-s_AWl`2)E1Yrp5k+c4IgJ>NJ%FKc)#q!h60jt3ej0se_s2;?9u&*nDjdb|TSeKa zqHdOKY_1T&tfcvxPv0DAcH&=G0HZP>>U_B@o*GXR)d@mMz#C{HV3JmED#$x4-7ks{ zoN6IHdBhTRkcaHQzGI-Gjtpy#P@gQw=viCx6RZf5{fFsr zX;o?Y4nT}^S_9oM!J;JYw5(Q9STZ#YhCx1v)zRR0cFC7O2g3PuxK4NP?`^h#Zm!Q>`gO}BYSp1!gu6>iAWVApCF?I+tFpAmF=?D1QgKY%dETMDa- z$3`jrf0a92z(5m?+l0U0FCG!);Y@(Q>(6x+?TVfi0DWGC%JS76M4AsXcj@l<%|+P@ zl()Rf`l_x=R9P)!$AhTZ%b}i~moR;@@0>1>$Cji=wn{0!^VP!Ht1FGOfF$K{8mu11 zw#)jwa7s`GX)^h856hbPEbK-8Fxxw=b(eucA^Rb5V*stE2_HkUUq!2fhgOZUFMxcoMWz z8h?D4qL7hz33Tez|EE2Qd`RyMkoJi-K{tGe$xH^5hZMqDDQ@CZWb)1Xs zh``c&Pzc^MhEZ_Y)s!kNys^7I@;EDL&q6O=F2dUNGY!?lXRppg*F1&h&&Y$*QNX;b3zYcYXU$2N42&9bmON36;RTW7Y`=uIm=W6bSz^8KZ>*JV|5SdV9 zUAM=Qk5Qcoa~5#$BAtrw3Ujf{{X(zr+fx0&Z=xqL$?9Q?i+BbSLcPq4QHBEF+n%-> zD7n1uVAj*-Th7b@0LgtH)DxE*%dF=Z?ro;o?Ph310yrJR z^2v=&FrMC7GXvhnXzAgmfmh!r)9beLoz1RY1;l808|FVe>+zvthUtF-vH!+mB^TAq zenz-xXPnvE7PGdfcDLmHBXqksKEBtCZqoP27R}l*ZF68U0jq1O(P>KgIF{B#V)xj~ z@=$3;Kmqc!yULxcWCR^YdW#q?7D}n@r$#r{QMydBuyuVJgqKpkY*D$`Y>5wk7uS`5 zR$Fj{_2aER3Z}og!;(xWHcmqeQXl3nMK7o)I2*{I z+GJFW|Ah&q-yX-AJfuLjK@ssz<@QQ%L|YwgMQNv@VD%Rw44F zS_%joqyAav(l;XmirKZipy#boPzmsvv$mJ2gSP#O8NEL!e(K3KyzYZsY{{FWu2pI# zxMS?c6T?_LpiE#duO~)1RaBY0oHm4rL-LYmg4GC zKtLx&Xwoq{13cB47n{`q&q{k-l=p$$>3tTQov!838M(%eQ<`1% z@7wZcp34xDrn`o|w-ucz21Tulo#mrBc{_r9l~-nGtu2ae1&)v{>iimAwpVv<6<#%l zP;WUhpO9_Yy*4^c)6NolJHG`cHm}J~rxhg4(U^TMx~>32>{(CVXCtSBo9CR=z%gQk@d23@mo;Jn0x~jnUoEMNW%;XtZ`DvAe_-7vm zyKDjnjvwk%d4fi)#w`+d;rhQri_9UR$jHe4WNH{3Rh0PtCDJ7BD~HZ&Yq){5FmiJ? ze@*!!XFvGBj-C-$cEHh2ChXF6+E4WR{o~35ys0$YBb3YAFPr|E$yCTD?U_Tb340Dx zU_%aLGIgryIWL6;h|}k{=Uy>@tFqr8+i1h)a9BmuzK+@c^H~sr^{4oaxR1tU)%M>Y zLadI4FQFjoO~-E)^3sOfd&{y=9wslIRDMa^`@1F=cf}lW^N_eId)xLSnch>&mf(-~k5g^eYRSRm#m6i~%)%c}T^uhGq^uHom z%n&ddt;NRKd`dEDF6@JdmBGR9_Z(Gx{IO?Xm&~vC(kVQ*Jn=(!qykWdMa~2U3%(HT zydF>!Z#tC|HT7=Ldl?(!X(SlUF6Tm*){%Be4%%%)%HkX~z^@(Mu~L@|hs>?1*gdUz z<(ghefGz^Zqjlc{XMmaKIb+6DATa&O^9?ftyDJ7$GiheVoUW?f8SOnlLk4F#zVU{( z4R4dJo?PyvF{x?rJa?}p`gv+gzZGIp$}f&C!QO@V-|V%wie|z8vHESX|LIIFy3k() z>*8z?SJSBtoV{cGvh5AlV|yD1Un+FW@sx zsWGr1L>y~lVq)XQTI;Co&(5$GBxz;CZzLos55^oFdNsovWd6_*uwF?P=HJO$w;*78 z;HRbz&@R(Avi4-%S)NI$sqLl(rtYkHdUK^rnsK`j(Nkj-xGa%52CFUV7tk(ux$Pg( zomZos0=Ywf;H>vf9pWQ&TdC?{V9`iXR?R6^*7c9{pwNs&sD8cU(gh0QM3i>+PWx$% zsK)?Tw0QSzfe@C+Qk}3+F2STjyR^X+xL8&mPD}&WarRfyb@C+!?>%@Obza@+5JLOh-dz-rvNuqr6gwX=~BO{QZf zfX!isaMouo3omYeTwB1MOa~!&JF`+Zw}!FIpc1RUA5)yoBNQD9qhe#42l;oVB;xx0WZd$WA^Z8 zAZu>y>-=Go++bP(T9Rpvol}3aW?*AIctZmu!b0+4(aZSxnf5EyuCX$s!7K4#<2A|M z0bjY=UxkmgS*QdfMdv3}zSQjQ0$o(smysTpn3m0X#vFPt3gp$~88azg?W!r}`sAf? zSpSI?30X5$7HEJ%tL>!Zs5?*poOqCQ#2EN%S#lYOx)X9D_R#W8M=`}keeY3csLUmv zK-~`)ymKqVO43*^1)*}@g4aJB(f@e~jHDYiY}7qS-mGSHmWLB>T^0Zwi6<+I!T- z_mu91*4@-kS16~9y(o<2xCq|crRF%fjfTU2Drzx_ern^R^LKdaNg^jy z){`Mo%z@8Xhz1r1D|_pdebcDS8ESnf>IZGV7TQn&T_Wcm*_q*KD|~w$XN(D-carx+ z2b7|H%0-mLn~Ua`d*==Lr|aa@yn<4AR8u^ZV?5+0S1M1~L|rF-lTb;)vOejaT--x4 zuAZgm1gGx4itBkIT1i1y)LMZo5Pj!&-gF*2hLeVpk_KvBzsAW9F*S;@%c}pzpCpX} zVk$M^)EcU+jRlT0ES>b-H9V?)rT@M_#r%Ot3de+qS`oSlYu` z5Uc)eutQ9HV(%N6ygyOv`cz94)X)Xz&!id}XAY3dnXoNG-)r;yR%8Cx(1F~Zb?*oDSyPQv>oCstu-R)d1QkSs!;Q^Ik2|@qMhe#tEE9WX9D~9M zTQV6&15ZP&A)7gqbaY17Qi`sgnkk$mBUa>4)qAj5iblPm4e1q0er1G>C<(wt5{?E< z75L^zoGoJF0ud&9{73T(f$qp+ug^xZIh8jD(!9{0k`-`%a)VP-(!`v;nKEfcy8}Yc z{JW4e%(>OxE+^kz@HEac12ljk&_ICVY-JbILk?!!Kxw(FA`^{-VjIfL(s@w%QCD8z zC?^`YH$F(BXW~dFdYL-U%Xe>-_~c%3jH~xyxrmDc=Up%QaDUBfLp6&s#tJT3$2|<) zEccj~OYh-d8qGGBx{;{`tYRu|rc41WO^$>`D3qn;>BgqUiad;^HDms{L!Uj#Pi0bKFa=Ik@k}klnW-;#qL3!l-u6VbiETh z5-g*77BkM>95T46!ax?F6vXpN3%1Jsr^SDK5x|C8<3XsGX+4~9c#&r%Tty>g?xxK} z!WK5G2N1tH<++cc-EevAtYo^SIcFg)H6qmL>$%TnWao(i`F!N?T4h6Xx-gg8?F*Hi zvF|CSLUf){O!JPL()|b${z@eBv@$<_sii#}+4=F?Z+F{5&czVS+bunC=Q@O|`LcM+ zPaQ~WJg(=j$w$-0jehC2NFu2e{PyUt?3MaG$NEA1oUxU3phnxe<(SeU%e<;k-c;lP z2xkF6Cq9*$p^zriAP@YSD2Jqhp|$tit;TqH_GPBG28#WsEO4D<*7w8(YQjxvs3W7A zdQB2&$iai+x?L*H2hMB;8Pbv=tSr|jKF|U0Zb@a($N~870JOL%f~~PdexT0AH!=AO zqD4Di?K_S9Oz!ct=;Ycm!*5D@*yACuT06w?Wh-xuW6eqN%|2j|YCgS9uVswKJV8Bi zfB)8$6mPDMxRt^TOLugafN?K3@MZ2`yt}$Dh^#!FRLd;)`#ttUEE!Yp7DfX9HAEr8 zXTEzrT_X^$@=eq;`kU?QN7O|ymx<_fQ63j_P*|eR@7RyO^7e%H2_MhS{GlsA`|jID z2$D%u*lb3??JcFBKE=W3me1*{OPolK`qS$GB1-i`3s@*04*12 z1H8bb!h%m3Da*s1sfbOJb>KgcFp$QHz>!Zun#-^#VJ4p1E%mD_e|3k}^UfJ~_9f!s zYec_aFP%2b0uJ4vm+M&vUe+7%JU7R*ty>1(XHLfM>)r0QjgRVb`dHSJ{Gy@gxV$dJLo?vHde9^xCvoJ z^REQIR5mWolU;sTcNS?CBdvWru2;>QQqj;S zNMhH`-8>)@vlb7|p z=&`FxZf`Z*|3m-}7G&_YL{VXZXnZ#3y1#V)W8$vq{OgO9@mDp9eWfHscj!M})sWYi zNOxbqg0S||wPu8Kp?_a0J~+&UXlKpJDC2u-BNA$AYs;Z$);X|}dK$nx%K8yR^4QVI zP%JEEjH(%W0;CebVegqjl9+KIng$D#0M}-^%zqZls7X&nWfS3c_P0{B)C~;i4cQu& zVwG`oSR4CQnG9sivB+v8DQi_q_EG?n0O~L)3=~tAE;gH(Z-KNzY9*!S7&)S;A2+{s zn7CwQCTdtPozOTZBkw!0;aFKKo{8ztK|S(Z05<0WZSMGFNGOhV_!lcvaNtd&ceI_6 z$_~9NNvU4Eraw?2rJs4&s{%+u3-Csj=VjXa;UO~hb*#)JS0SPTUY52@=tzY}%&2MT zDFh{~gPBS>v}k(>QuVP%n8FhC;45_z;7Tdp%PY6`Ml2C9g`z^KdgAOY4a|H?vINX7Z>KZ9?Fl!~1Z``4=w zyqPRIxuL9sHkIJrsD$)YrT_Mfi6=1aZzOH?>8XDGf-@1tIvNRNKdm}_wKcNvUtb}R zPXh3{{4aZVoq=ItWc=Px~Kh4RJGBB^8y{eZ>wEQv5&GsteRBnMlb>@Idio%WyQPb zv9OPCG1#eF;UdjhMq?=JEEiLIB>c&msYc3jUz5W^oHY%6Eo+~co~V!^z3d>b$Rmi? z@%)@WR}@BkTAH`8^;PM#Oy_Z5gO8fN>6f^)o$H|%v2!|U;rDy;d6?^bZj z7F}9~XT_uB*W(6_UYyBZW{vrp915F~bBnXJS0`*i3mq@ar2WX^R@9*sjn&rgj0&z( zIo1yHv?Azy{EH}=4p4cb%cTxu5a3HAH)_2&&J~{VomFhc8!ge;f9vVl$D844ZDskA zCkYHbYp0geEk&goSe@_-Jp9Siz@?R{rhliAj`iX)B% z!~y~VR1{Q%2uQDrf(n9)(n3*?4gnH+iyTLh7Ic)}R1~C3O9FueM?&Zk=_G(8gcbsZ zP!j6*FwUHB<{X{({rO$rB|k#0B>UNG@3r>5?tQPFC#bvpA8Sqcmr+005v5}0UN6+h zM4Nc2fj_qh<;d4W?6bNm_XPfB?@)SeItlr&OIZT*6$zs^4~U5zeVpic@u_onntsO0 z<2HNq3sXU#^NpJJh`oFsvSq8Dkvg=Eyvm`w+Ir5P8@Jp4$x^HdRUCEQ{HYKk+7u#K z=H@J7c))0~w@=*WebC%Bjhkpcubh}eK87W`TFU|y$KxK{@;}^=eColIeNrmb!MpSH zy7seaivl>fqL&W*aN1BrU;oa@i$x>XW2O1=s?qCf8lA1=9lSr^V-Vh4Ob}}GIa)3k z?8z4;UL-G=c1zk}uaG~zbGhGOLh*%)R$Alg$95y?;C_Z&O=I2ztmXQQbUNDga>5lQ z|G9GC&lpifXOkCpc;kwFmn2sh5py9gl4hAwr?;awJU1Bk;!dd)Jju9m2_&ohTWiy! zePEf@dI;skM=RM;^z=4McBA^D7OR7^9=Tvs8mdq9K+n+6?9ToCxNG9<(+)_OT7>6 z98C8bk6Bu8lda0FY4N~kPqWUC5_ST2?w^o~=~$oH+P5oj#`bh@QQvRR6XDth3hal+ zEldPEGw$ub2i>{DRp~W7@mV_LO4LK3}T;y4-WR(EDixQTJ&#djG%fowpUv`$=Su9+;zWUS9Cn>msAW%;R;Y zCwHjskjdO(T=v5BhOrYanoVfnEDwBk1V2NEpUjo5y1T4aZ*!LN^H*Qtji)uqo1IyYar36${hldoda;*O~{8VP& zg;H;qPy08ji!bk)X}EdVBp3!VkbC~>Q`EM+djzY)f+xl4qfb1iW1O!a5J{H0`82EkX`s??ETK;kXWZQGN$B+y-FW zTbfax5cyg?={4r!ez4=s>o4h{VQgtOFN=QcQw^?9XTX@Wmk@%{ec`noJP0DlXk)$=g#T>`zYbY zf$hGB?9WT#8LXswzKYlX+I9CbBM!Lx)c%(A8lEqU{Ku|a$OtMGxT;6*Cq4Z&*(kbs zYt|DdPPdQXPbw+pj)W(v&y9Q|l>Aa7KhH8Bvn9d>CmfBXuihRfJxhfcWm+iRW;jBf zPQ$C!BRJc4jEtZD*{9)EyY2G})}g19Zn96Bx0IXgA8IX3_x3K(Ta#K~!Jb!(G`g2r zWci*-m;k|#9{A;YZ`*qGCraGe{Lz{eANk{shn|^QoiH)Yt9W|KjBf}N)Km`c<1zF+ z`cu^SmDZETaxuTUy*B`l{pv3s(Z$;R`enRQV)KJp{W}Q(Zw==fwIt4aI0;WCYzz-& z=!_?11lS|C*xOyXZ-IGMdvj2>@?MaKVcD4=(|g30KwK(pG}!YgM5VuN47cUTVpt3OyzL^{i|5GY`$a+}I$jB!Avy(4 zT1#&c^kLPGk6u2*{mmA#qhDlBh+w#zaO)n^XL|Y>t5uq$kI>%j+KxaM8QI3dXRX^- zLOf`*_Q(&3;5&=@Cd1b?*NujT*O;Q6OHd*fm)^;+ZC}}#a?vIyw@(sa$E!emIh>He zE{dS6r%eZ9{vJpz{FvQkmv$iy_KA;C0W<@!O&p7dNS)|+rmq!VN#M5n z1TtIgwpV-c6GUb7Q!5d+MAly3IZH#5H%MGtz+`;*nO+h1!j%8s@_1dbp9@Rq@CLZf zNrqh3t+C-}51W!P^TFwO1;O41nAww6>@)sjvuhbaWBs&_jFHI> zi8a^N6@;pYK{)jp%UvhwWzVZVCu4XobveP1wagWjS3)0*k+GCB5O!lu#G9IoZ5U(< zw+dX7vCC=R;IqbpylNMXW5+hoZKEWQy#$g6cL_1!yWZ+Qb!)xVjJwB8PAUemyT)G| zYTV|v8r$2~CD0}o=CeGROP!xgSE7e4c=cQ+PhHWiW8PSBV!d;ch1%4Lfoqfn5#bEo zbhUv)I!W1Q_?A!??Qml0iucFr_|#x5qeqVLsZWq{UVE3b25ulXGDnP%vk})in)}r6q)>^-W3pus!FSSt%TlIc4s6lfvM{a>soIotW z!qg2sT82k7wJE80mq41wcuxf`5CW(Wnc9vZ`;+TLA|E9!I4s6gbAF6aRi)XBWwlMj zynn{S0-KDJe&)9!OYx4)B75LKzTq%aIOo?_Sy*9jjWp8Oc8YRoS=5%T+x(6l`D`XF zX6Yxq4SM^?0;bx0EBZI5Q^P~6>s%pPf{ae{(SN1Ul5`ejd@4393XABpkv*c^QGO}z zliI@&kI-fRP}-Z4F>nHrI{ihFMao=HneZ5#GT05!D&mj{PqeGftdWcrD8Qh$Y`Vc!S$Q11AAYZuO4-XBohuh)-H}M?#mI|I zUVY?|Lmf1S4W!X~R5|x{a1@>oB;Z>uhg}e?k4i1WTE#BTtfm3w0aQn^M_+Buq2AIP zi!;x2`)8mI(DT7nycinT1$$N+6QNJkm9Y64~~UmZGC4C930|YW2|V$jh?F6QM1-&ER(SOnR${cY zMZq}lQ@G(iQ9bU3aj(oqXS^u;`B27%b6MkpOql^oO}(MO)inO380TKzxgZz|dYKi9 z3CyXfu-0^t%iJwAg0q);^XjRka*L9L1u0^84o$+g)in{aOzn!oaTaJ?g{$(vK(zV6 z#+I75ZClu9#!Cr`ObwINn8AR|Bq6C;t>M$Tp0%c^x7l~A0-Np}TW2qgQR5O9Ii6e5 z+qxq+gKxw%9r@?I0Aztc%o>yd9@ds|1p_VjA*}c=?i;RZz(N~m1&$DE+uP=|*jLVK z&2xrVJfUW_X?L$F{b3L<*kl7K{ z@aa4A0ps$Mm71B7iq~4}E4%g7MCwA%6}8s4HN8piQPU%G8=xi|x**Z^mrQc=$m<^a z6C0vR{tm~XgPBoH{RtK=5?^8jQuy|QkS|AYXVUnOh`?UwRQ6*+ix1y8@@i@Hy~Sa% zxF!!;S964Fx>rZ#*n`M^hKhr|+fjpCt-LZ~%#LJ9_j!;uh=&M29$OsB*{A0AzKeaI#|M^6-wk>d`O2U+VG>kak@)Lv7R z$A3C_fDtBY`kZgHa%JBU-TQzKHUs$U6E~YXS_W|ICRbJ>`{$;J98eo}vX*nH2yL@6 zWd|T($2@Dmt^Fb#ejK+jcWc!LIkZ@ir6ZEnoOi_}G2S@#o){1sqYk_wvl7^ytl#3^B-^;hzI<>kMc6$~@d0oaC2KlH zQ7x4m!v494*g9_%N-G(T!>72#yd?6{0(5!~IK$dUscP(ytYhk^{a$v5<7aCW5+zl} zxxHzxWDR`8T4SNTPuDq|Nj(-<@|w?`Q+8Kz@`u2-=}2~VjC|Fvl51!>mo!fxnk?26 zVHS-%dt2n?U$m(>%^lRaBt6hZVT$nsVLr2)lq`2M)g$L(8(&{1a)6vB5&v;#&yJXXCyMxjkojWE)qg0})ZSEzGPwcgk^WrfMYs74w4?-E9868hI+&zQ6 z8W-mLegT{ zIyE2_eZg$4;Z*nLNJWNP{1+=@y6;KS@KAboLEK<8L%1%@rX??J$I2^7yB5aG46+!P zuATp8CpwO}P#`H^nQEewnwp&*$bdQ?6*L!xV^%U%gEdPedEBqLbGM9+EnxiI)%D?4 zS&PWT^Z{v!#!+lwK{?t%0o_))XBTF0Dctn$E9Cd3Qn&WgcFK&`{Mi#`iRRQXZVM|; zMUX~j46=Cf=MIzRN6S0KZkzqm(lf_p-mCGytAJA++Q;O^&ie-7UZi(EwrxIj(K!u5 z>m4b@~TQ&YZr)@JyOfCm4P1e>bJuK8irZ#pAaj1$~KKXtp8uS}z zhz&MGzPnds?L+^osstActM~{UQkBhluloFfn~}9}JU-lAU2c5Bjkuygr3oY5NpP_i zdTvOs!+b;F>X+Y)R@ZLnftviqCmZh!HM^y!S;voMA~{|CdMw`^s{=`bG%K9$TEJ{8 zp~aNp1AC!#P2ot=%lA?J4+BSjvzixUMA;qk#s=6~0NA8kyK5(=+nKZrc);Uk^TjXK z6{)_ziu=iDWQ@#eewaipD)71(5<=8(WCm_D9iA48evrYNU6jWhy8eFF{gznaLDOZ~ z;xi3hl#8)OarFtMhCY7NupQT>XsurkusReaVu+Dhv8b_TiKA1Wf3w-PbsPT?AZK{W zJ4x$PDNEpnTZ}vNS?b~@;_mT@j|j=4SOKpZU$urFMHhdnOL~~*0|()7NNV*VAzL*G zhaw{FV`(;P-Wy&xgxlXMXBV%+_N>F1O2asd5rw(ts_ojW$ej zR`@00ZMh+vm<-X^BX%-&qyNFzB@peWUm&E997jT>YR59hS_gO7mH3 zE(%;5q^qWPCS|IIpInYkQSHgGpTCNd9hTGN_=+p`324cnX_SH_T91dJZhf>k@d3UlLG;WI*unY5)(kG2BN(WQ9nd#%~o+8dv{1^@2TG4=Crh13I)_QOk zVtrYjIcde$^<@nWCEC@f3#$mu1z3B^`kXU37h?ZTF?`O#KwGc<9Ymhsk_iiks^b>T zg=oBwox%jxwMQ9x(jG3E`CpC!yRpKX0`VIjfIDk95MmLiL+A| z$+g+OriYtD8aHZWOe$jwwg9Pc>cb#~l<*|^2d+)Vu$-W>0lXTD$~uI1nXme0;r`;!(rW?_t4^6Uto&@C&>3y|KLsf`ALI=Wg2u zUFa{}d?=a4<{JR`PP$%yldlw)4DTh4=|m4#1!)h7)$T*Xe|honA=jcA(O5#)NuE7U ziB>UbCOPSqCatuDB`^pu`Xa3AZ3)cI60s2An9`OggH9ltK?|(q7V+qzrib*ZO5-(pDNBd2Of_^E*{nWoRwdrj4jx8zwysdBiQ!DZ1n zbPoR*|MUZ&(6@@jyI8hmYLn~vVKs@Q#2v57btDu(P3YC3YH`WVHlHs|L|WhbJqHAFtnlB^-z zECeHoXtsL+DIqmvAuH==*MOyPZ20g@ZAinL(on&bb|xp_z#yxD1d1hzxkpzr zRA@5bHewbD)gTdmR1YGYL-w!0tY!?_qkQax<%^N+genM}JjZL@+d#^ALsNJ5d{RM(Mmr)*8I9g8S;a>3NCac9qz;(DZZMVU(0Vyf!@OrPP&&v{U__Aaq@S0**V&?-vlbo28CnBOfFpnn_Zq88jT!%7Xef_xKes;5%VynlFj$=#kEB+$H%wsM6%cD?t6v6FIEe8O znw=II6sd58V_+u{S1BDybtGvI|EB47ePU1c%ToSf*UXC zt)Im|F%`25Viq0t(h#UMKsFrUQM=>{yqtcX8Wms{AK=8N58v?CMC54jK$Bq6A6cp@ zWC`aiO%O3U$Z$5?Y%JGdYOX5K{grfTwK}be#`UJRv63w&qdO%?aFo(TchKq!8RM8tyaVj-Qf9qjo|pQ-D(8%g}iGhwiSu7x)mThUPppA-3o z<_Or;!UpDUuZ9H1GoJ#Vv&MXW7rn%5s;dR#xOGlGP6|%?&;}#Y0iToc!nSz95?jyc z99%@;q9l)~m++A5K=7HN<{RVCRsvQS_(EuBq{H<(rmfIs=Kjwh|8f=pC;n{z4TtDc zSH03(PF)?gj-FNaB}%OSrkma-gn(0HuvwKLkiGm+Xov#TxRuyAeKT~D{!n$HNs?9N z%uj%$ONdLPHXRA;Ph;wu{(EZXY&+d8-${%1BUowbX0tJKNRm#RFr zcD173D-W<+(V_9dyjkfpzEFAILW^jK1Kfu_aB1ecI?4sS-3Jcu4_Ax)MFP*!x8~>qo9CtU z$(G1HJU%t}wV}WyfB?vh(y{JMM5(z1&d4^+}; zA6)DBMGdz5Oh*Jye319SVM z1}ZDr;PE;E>1C=k{1!^u09wyKoDzqCdunN`Kk0lp)+Nr3p`@F?<=DnO3JnU(E0PYU zrwnm8cW{TpXm@#_hnS7d?^+}!S#%+38mS?TYL1w^7#e=kz%nf*8jOG!+=t+jHL?48 z4V2kz zz?7l}N_`QAGe?$B=zPQn(m3eMM}O<8_AiKlw~W5GM(MRWPnc5f$*{3C)91#vp^C+E zqmah{W1eOePqd7%%;!8m%$aVdh@@HBhlMK$>dQ6A0F7HlK<}B;b^3M8c12|RF6>Us zV0z5%-P@pVGQ9pPjc(nB6#!5@Zb+HvWN{|ZiHg+`iQ16N?be)IWpQfDwOFg~mrhjA zn7sqB)nNS+VUEXhjOU3YP54P|0nz2sw^=(Ven@+rF)oy z(wFkig6jLOxyzJ>yC28R&4sQKJRqy@g?7y9T$;?eMjCLIril(?#SpOCqqr{*53s5t zawb{@D7bV<%-UPo+>>pmbY`#JNIj3WNRB}SdTOpOPr(53A;x4+C6T7)YaK$n5W4cP zgEK~72%J;QrS{JJM1kI`^HkMdYt;>1|2Vc4T|(apEdkC1u(|2j!|y#EqCXJ`$<@G( zJ39*se2Oa-!#7NM9p0*yAOHu-UQ^CdZL5PIy?aa556s%8K1Qse;i8h5u$jrBKq&)n za^Ut%NlcLml89Jc^j-Y|2$nhMh`3E9LUB`xV0^?TN&cb9{WU(~)j#{I72AnLsYqAT zS`Qdd>z@{5v&&@Z2VbbsCm>1oW$cUd{7d7{vkiS@drO9GrRUWCdv=#TaoBiFueWH+N8+P&+Y%K>BPpy2=P{ zdIURVgwy2UDIYj{f*vXy=ySqpuE{mzQO$tjXH=qO$r?f@HEtt)ocjRGN9^SO>a*dd zkB2?3puP))59BQC}oMueZ$ z9_T#C0Mb>O5RH(d=c7zs3UN+-CCiW<_;^l95V3BLys6Rw+L#kUHkj}`X8bhSd@q!( zfu`cEV>x}!Cbt2R+osMl42YwWFviVLJPn|bJWzaC{;5>Ha}CX(uAXZ(u1}h?9?oz_ z+HvQBcMW_PvhBA+qlI;0qnIj}XuWGOKC~%7O~wPi>P3vC3T0}6vKU^m$E+~wIzmZ9 zP5x_VbMG-3$l-OuOVu>^iy05~-Z(|>gH0bSrT{Ug&3GrKY+mOXd3~iS`93*(M$1!L z_YPwB^Q~yZQiU%Tdot7orP;Z&4UZlsXB>`0ud}We@@F9X#%aNQ`N@S1f~RMW_xqbL_Fr`{atk+3{Hfl1Zlb^cD`dMR05f`=-zAZTdFk7(GZsAqX)3Bo@u|<5N8OKy8^Xc zCPB#YOl{DEZP1mKl3#ib{1>lU?E?fUaZjN_*;ZnkJDLU#R~6pC^nncGm+DC%#^X+5 z5JUS(c0B!74jM|ThnPE4CFDvPqT=_A&S!+Nn%e1sOB9z-x`C+=`~_G$q*^B2{-l9V zi|bYAoU-X^7jON(O>NP8Mm7IO|a-)IZwqtEB?iVTH} z1UhQ#dl}W^*RWBTPeTF{A!l+`wJ7N?-&H23B*zF1i^P~GsZ*m&!&nfKAL05VypyvN zRb#joG@R*98t>ZVTh0@OwX!{mx+-S_G;oW}p`q?CPplK1d8tvwV-wcR9X+s%)n4n~ zn(I#0r?gp$(lnJBQnXzZTQN*6VZ4JA zB^_*EyAxvr{6=gX`eFb%xI(G8VV-i;_^0Ybe$ndea<3yuiOD$Jo`+(O7cA^DV`56 zOUGF{`7t9#-k)V}U8^9XBAEKBwDiPs{GNs{QIb9w$;cMFbYv9h%1lF_QLG7g{2eQ( zxbRh8rPcs8*n!ihJHLd|Z&|+CinNUv<>q{@WF>%bvJ#0El?D(91mu9IOo6C*-bDVq)){ zny2<)D=&`0%XiVh9I|JxFVR_{adG;(`{;JzQUw(u^I{W%3Y##ZLQFd5e6np)y*w1I z9m1TAEsvLIK5GsExwlCd30tqcFOXzO1A0JZPH3g-2d|Cki(ae05%~!z?L49jgH?|~ zlOEwmhpNsBfNk5a4_dUhKP5ft?PUu?;o9>|mw1vU5Fm5+%y*27WGh8#LE0zJm)K#1 z?GSMF^|i|Gz?@vQM-rlsv(&o}WHBI7y~84L_&`T>DYgjT*j65~YaO3D_8%~pviDcg z^Ow*O!^4lga(6qnj@GFX$u<#>vkMPDiTjw;YpUeHutzbiG8r;nt@ViNDiP8Gs{VQ= z!_+yLR{nt3-qT-s2&Vw_8zNQg)L3%XwaN90d72e<;^|D_SgFU#Na94xc&nuF=*n1{ z<>Hk6{8&pLv#5VYuT8$IcOQ7PqO?tm$&#_t6d^gL&BkqC`l7|Wyve)X-T)|q2s7D6 z*|5$t>Hf-y_g3`UN5g^3_jSW|ogsc&^@trzMphz+CZ?HDtjw$;Ex%>8(e&c4Q8TcwAO2qvLiuI1-1LjW~}J!_++SqF*E2;=7`g^#N_5 z*E8HDA~tB#k;ZJy;==nDLoYlTsU)jNJA`v}D;5_FOyon?L*TJP%;HLm)RgGSyp-fK z|MFw-zA7rv2wn+RJZ@fd6eCiwyBsJM9q24KEKSdakYd!Hcnw!Nt_08By9k>zK@FHko3ci!B{qTW>B(c?!?ra z{=yJnZMkb_#zV!`4iMiLtNLTK#2L`Xc~Sisn9PHa7H+ZcqeUyLv{ysXee%IJJvq&kf= z0$M1>CLcO(w}*tXYh-{jERp^6-;Sf5$^1FP*AdmDp#{u1;Q@$Mbc-wSt=Xev=Ikp0 zw1|ne$XOm?Sel3p^3fhazRaoU55fwC^FfH1LIEIY)`f41J+oSvpp~B}$^m%=Mcbf$ z-5GL^0E}7ME@%L5h!dsxKy!53wY3ft;cg}p-*D3QogUIhKBF>_VPDm||LLM~^_2w< ztmXNUz{Tl1>7a?TVdGk2yZ=-9+tdO*q=4(DM0*GVscXF#{!6F%Q@IHY1lD&X8h-q%Sb2Q~kZ&r74fs1R059JlI}?HHmGgC4 zf2;4WwKB>5fTVfxUH*wbO3W8@>x!hR?~+810(T;MU1|REK7_dtCAjIIZ$LfJZ8!+% zQ-{xQ9FXfaKcRgFFp1xA`GZ#ceR3pY%|R{gJ~{s3;1wYGe&-rWfXB?>Hm}bA;WBZc zLcu)hwD6zwn43= zKBGiy!(h{`)1j0aB>_F2T48TSpL9`=(RbayC8G8q5P^o*{Qhuo@^UnHoU;e|sUjX~A`F_Y$ zxlrdxy5e5)8z4-aiA=>QK4%9PmJl2G!IiyMvd6v?8$d|($wVxyzPUcuKUdB&u*QaK z%&Ai6NjLjW#ZG_ljVZ1@vJ{GxkSqU<&(fvh?>DAw`m(?J4R zZBy89Eb@soPl&=`bvV;s?#o6qZ)-U&gxCy!=vjF?a08W_h;tvYl6bwB|0XIieJNiy zetEfNxn-6)Q2R`QEQTM%8Qfm-Ux1>$uqY^c_C{CLAlJXztH9s0a_uf-uoyQL*3C#5 zr$Fr-t6)`Sp>$Z)M))v4yw%@N+b9h9Z(9M>MmC$n5y>lVMREL{navKTlh82Am6Rz5 ziLvAqnvG-Z2Gf`& z6tk+DZnb7+TEd_Q#Bx1+SVIkU#x#7mq#d^LAQ2oNa&XuY(mZS6gIwvZdInE&Y@S`| z=AK=Va2(X|B-x_wf*Av@D@*wlV=}H2b_p9@Mi_4gx6Yn1Uk}2sB{&9DuO4BNT{A*% zKnwhtz9E*yt3&zMmdJKN6emX&vRP28SxW-(ww%{(T=2>Vkf{wZ+-7*Pa<+mJ$$Z!8 z&jkJtu1~RVqsoC9p_q|nT5f@L8s&i*Ue?6g;D@Vb(HnQ$@kxF&jy4*#i5cnTfc3K# zGm)pzZ1};AS?lfnJw1RB-m*7N6wy#WYE*%)tiJ)^+vFDFACRIX2ShDRZ2n2x0q>B@ zm^I(N)m8i0SmOq_^)05Ms9*}FTWL^j>U}&pABWgQHY}%FNpxXtL;aT}7yaodviW4i z?JD~aR$h{J-<0~SHJx`O^y8dF;mA5fd=vyp7<5}%Bdt#uhW2@`yd$Aa-gaEafJQ0o%?obun?gW3qLe|Qk#HZn+d=% z7roG4wC#rwz$c?W%wRb$7G^3|jazOjzf;ZObhY5~fMcfXtL(eWv*(NFZ}e;&@zc57 zUt5hc@N4IF9X4(@17<%+ny5XcAmJaPJybc)FHlXb zZq0%h6C6*s9BN4mQ`QJChmk$W`N(Eww`V>DZ8J#6&2i?cTbOBKNsckVl!2GLP$jBP z(w+r{*{~{A+;TY({9%M;GiH7<+Pb7TyARioDqA(iqumXwN;FMwIQwB+6zJUi-WDby zz|zE$=A)57?_ZOE9!5}wKE?x_Zb0YbS)4k}^c0CYryDHltqXjjY-Wd3E z#{v>CJcO5j=9EGLBVoZ@9FmwvvGXXf9nQA~nqi7?GA%+aZy=@C;-+Vkvf5Cdl_h5& z;Ysx9Sr~+66MC8y;@py<0Ab3YlKh_2RmdpIl;*jRQtM0ytotdlS*W=!V-1<-VMh-- zJ=;5_p5Jo2r?eXuWK@d(9pi%XTW*zjnVHa88b#=8>o+!4CCe0gFxMuLJQb2lkEW@} zVEa);?YFCHH&Lxw0YF9kGM0kx4!D8iJcrVQtBR^|u-ZPmD(hO?suBx1?S!S#4B3En zO1_6>&Kw6ub{Yoo)Gp{6efdGCIVw-H7zPO{o=c5ZNEj#Qd-&NnR+Zsk2){5wuwVZi zg&x$hmf+`sDx%oU$lwdmLJYu5SQx}IT$+43zC^p&8eEbKtF<1Q;V_HwsyI~?=Q(|* zuy%t~wm!GA7BUR)n_QfNB`_cv*=0t+Dj%?W4ra*WThveY$}sY+i0e&BkebOIY`Cg5RxK8Ni38 zndRqXT9SqV_%18}!X(EUj0cMMe$XYGAZy1>C^|*9tPOXb4H*ab7T{$V;3Sm-ASlJ{ zYHgulTnjCRUKU1xar1`oHZ}x#M{e8HfXBw#lnlAFe`yU_JG|bkE`>?R6bX6*;$%EvFa=fuM4Q?v<7W zDwgw{nP-bHU#f-Qo&|3ra&gjdH@z8HPmURB2{P#02=m_3!8NlmAlIru& zBzPM%E-udJbDgm>xBp68h`D~9=j@s8i@)=h^;5r}X)4*hd8VoQTid~Z?-5pvb?ZEb z{Ze-PuKY!$0*tyKZ>F!j0bsGhZ=%0Nmj2Cz`{Dp?6*>?4gWCeoH?Fl=@>!e8|EG4- z8UQ~H>va?{`rTN!s{m`ysdgZVNPb2+KR^8sWa^0S9Tk8qV>{qyzEaQ4-j)E07PeSW z@K5dD&2I85nzqfmP3a}t`3aRBDd!L+nBmeQYcL!ew5itmCmYDja(yw#2+1n7$ z?+0LtzoGK~`$~1V0{}Skx$}>e`2%JFm_5k@CB`op7#gy1?)a~HZ0j~1+Xy;6 z0Tb$XZkf-I_qtTeBcOa>0;$z;#t`|V=+Up-J^?g0;@A0Jj%l$O$KXm)| zx7==Ss&Cj!*?+&te;NDlR=Ramwe`<6I&6N6hc=tN1^Byi$@pUNg**THKl}6dkpKVy literal 79391 zcmZ^LcQjnx_x>b8kRS;n${^8uh!VXdqDAjyOa#%1&M-<65xox~dLO+<8?Ok0=)EU8 zqXaX`DD%7WzWJ`tKfk+{Wtq9>+`aeN``ORl=Uky$8cJlObfh2R6 z(1S3}FVuuqE^TClqm857HDlu@JX*zLhZCeG+sIdAbtbK0rs!dVLN)X-sX^}egV3-C zABkvYji1ULZgu~d^_6XvWv7hm7L9*z87IZGw#=~K;PpDL;mKzSFk++KaC|9xSf=3wf$z_AFr# zt*+;>_rN{`cw6ji6;B_%;^U`hN|N8^;=9Dg=PC3>&jP}TsSRNT;ZRRC%DGs?*wU8 zJNYT&UPAV5X23#vjh?u&T@H=UlRuehsHkju61Y+%JT}YHSk*rXDdy$nr93o$`?@bh zUo8C#{Csb5@m1evab4X4jjdTi=Z)6j@bBaTmQkdk8ddj)u8WuZCGBJCr0n5)sg!7NjAWLt`&VOzl#o>erF^>Z$o(zkY2zRa2gIR#6EJ3lC2{ z6X$rIJh)u<^{c|AV$LmC1P-&2b9Qz{H1l^QZ6ME0WxbW481bhe+wmh)JjEWw77<&4 zd|q?pie^v_Upb9;a^Dxs@_zn$XGQ36(&^r_Yr{d2>BeW)Y}9#AJzdH;Zu2U$O3EW^ zjk#7eRaIf<`R2x5bTJbZ+mCeVrn0vM6%`fyC9$~;ZfoN+)gBYjfR+eB4=9#NpmIAa zgfWhaq6`pLwjX=L#D)d3@WhZxr<9Q8)mn#$5MR%cs>$qMth#UgWs2mh$>vKY!T z$LSdcJ@VRlQ3`3QYpZ+eEo}bvS|shGXF7hyjevDW^>49JQB#k>YxU*j<@ay>m1ILu z5`(+ZTRS2qq|by7&K7ZvKiXjD?F~C3-&Y@j=6hyn3}>lzk}*7f>{F;-=QNirHEKmp z%Z=?z?BQOL4)&LZ;QZ|O&6-L~c=Yu;o@Ck=bU7cjuIOZZUY1^Z-T%4h?c2AFD>HY- z#12;biqT+Us~)PpG)cpQwE;sF6&1*F95E~`EKJyK^*O|)gIbl7i_5kmnhL7GzxNoM z6rTFn<<(qks%tx$*!l;0r@~W|zl{i>CN(v6(U&hqI_;oK1iQQfYm5lor#lwLk{3g; z-GPtXPa4`KMZd3icr%*rp*MyrS(fmq)pYO2n8`AS+}JABjgPj&nkZWQMSjTQ`Nx#v zJF3^X;xL0xC~N`WjPuk#e*Q@)PyXej%SDIhdIt*I4zu>9ij_M}HMozJ-?Kxi+N=*| zc~C#^9xsEK8m0;R>@UAgswMbW98ji59Z{Npj@j|Lm`;KFxNXSvG|AG5P#MP(Ovh0^ z*ad(BnuYr>)uLL^L{ZdC@s_XBBhX!4`n#y+=}HKec6&T4NQ+(naEl!78m~l$PNk;^ zhyrs-*T~@vm;CaAI>Kq}54WaLWCKvE{b@6tw^a3rsHvz%vA2;-#Oj|PYg4j6*V5M3 ze#f2ulv?}zAC<7{$_OjlYeXQf)Ol42jQ@24qHR4*4Jb~ z3t<3g0bj3oD)Co-WILSOD5o4Iu#JdXW>ml?C95Ti*dy{aGs-T}yQ8Cn3>o!TZsku+ z`p*2v88WnQ-m*t8X#QH>{*)~`S!DJ*eHljV$+_TT8j&&hY_fa!?;3t}OUjfUIpaZ1ztw~?#}!_-IC zQLld_4;A)sWMyW`8NP4{1~9AEbK68c`Jp^u?xGnP`|*;-8Ft(`6%Ea$y*;kubezdG@S+f4N>3?}%>YX6wl z4ZmnsK1!3$%n^!>N;DEGb2f0a(rR&K>_S9@3eeIN$F=5|Gv{9HIrje}Q+2u~eDnRH z7w^)EdYzALF*(_LSUeEF2c?b_p>aGmq@<+6*8QJ}EV@lh!W;o$w4GZ6tWUQsAad4V z0&C6}p0NI#qyrO@xl2#Hb6&7?Zw(e?I3<-|LDmJTM+TUV&3j$n9F*hK|-`ftU$EUV3XYbO-iezIkiYdzZCdz!DP@*83%QM}K^JB;vC8^b$zyC(6cV8{E)`Dx#NI z$oRC6kDjB0DFCo^cl%!}WFlH~xP3VLl?}`uqZmF5*0#K#Zo6lUU|Yfov5oBoX1{Z{ zVHSS#^XGDwXm@VjT2FCq>gpEmVl*f3v@8^VI?mK_N=(Z#hl#6fy$6H9*qIYvA}LYU09V791Bm_b=@@0!CHFHRYVed8c%6 zTR_H3zh|`tECWbk)efenNCc7_t2W=Y|LnAGhpIdCLhzsMEnr;mkFYZ#yTkPqr0lz+ z8>CL3W`FuxoOyf1fQQGO&s26k+!4I+$B^T=Gw)#VbtAbY4!3e^v_u@rK){_uqW+twt z#oIfrFEYxAMMNC%a9biRYJ;?Nf(HXH$XYe!Pg&TM?To||qK0ym>;ZgiyuhLLU%Z&* zjPb#36tHzrcyf=)$6XSDm9;hdi?b7xdZ#pi+##CP(tvE%dymE9rdrouk8ebbX)bAq z>k!siS~2D7YS4|Zn8&ahUnw{#e`*xZFkPd#4L3rJ9lLD8YZck0qUU<5^oOSm#a=up zE2(lkf5&>63iyZwb@QJOjTY(tagfjA)%?tMD)RC{e-es?4d7(lyu1!yDF3=KEl1`r z+2ba}=i?|*tn|~I4>i@$8=JR?Yuo+=a`|P7*_my)L zdy5@dr`r@km-%>8=*=VReus+BFZR#>PCnS6Fzxm&cKVUemm9PL&d2cWIG26D?l?=+ zz4B{37cGL%IuES;p!;^t=+iwxi^ck)IYXqEtihR}`r?ITChntLVfb?Zly#a@IE(=r zH|NPUPq_{d&0!!@qB{=`4$v2lb`xyRdASU=v@!)PI&FYu@aXMet7H3`g*(dlBK=ns zn;-o*#EwyAAzB7n?2A1D<)O~M?bl|&rvAo}yfX;!_c&K+;~;MurX^ezfpOK=u?*?; zrM5WMDa6@6-KUQ{l486|lj=ve>^%SeS)6u1( zUEVEc6TS37>{y2Sf66JoKDhdHej}@{54Snr4a(C4rQ!X=}aRWIR=VX?5uy86}@zN_nfges5gh zpr{RFTl%X9$mFHfb>Jy2aMn-B9Ifo^y5RUtLIr<~rwGUHev%GnsKBi%H-#z(H560m z0{<B-qByb7z7^#m6*8UJ&PK(qF^1n^Bxn;FtcX={0bg?k--P<=r|lwfzNDOHVQFhP_; z9ba!1)q$U)l;-ULwRvh=QdSDk{Vo;8%{Nhwlz(gU^|6RtWOAxh^NexW0KwWdf+{{9 zAGaPq3q5K#YOGWq&8e`!>S>tbC&_s*Ok?>Yxw#7Ibx}m={~rhXI+WVE1ntaQX4e#Km<6bGW)6OiP9gG|wI2HX)p1ZIVsTsgc}j2NNoS!H z9UJlHYvT9JTqu4Ec>|;S1qWt#%)7J~-YB;*)`+tIXBBsjJ-aLn@;wrQeA}2KxA2D3 z=Vr@uLn0yh8H0*L5oOJ+583Gj%0y@8Wa4!UJQs9=LSZof>Byh|jkhc-T;t-26lG#` zYnao?WtmoMVJs~d?Hxp)2Fv4fIt+Psgx z-IR)HbLiDsc(aD_Kn}zuEc|fwN94}F)G`i|+y5)(TukEXwcNBFvY6X+1BX|?bJkgL z&36A%(|9itZ5ViE14YRTZw<4gm0de8o| z@LZaOF=+ukv3L{%|J_~BPo7$`(2f~Gyf$WxmA+sy8Y^}-R)f61Eg+k z-eMySXss(YloJQ>A^$xx_j@Jp)Qi~{U5LCl|JWL4TBrd2#kF}7c9Je-5$7fU;r^|w zjaMezotT$#sHo@kL?3MpS-~C_)(*`a~@3Wa; z2Fbj;RO>JXHs*F(3q7z~e27;ul8RAa^#p=@P5x(+z#lJ75u{aLdq{}rt_j@lG62?a z`$8DZCU#FRL+j&1;zGsXTQO}Bg4~f$$EG?Ef(wS<4pQLNqMd~g?yCK9{y@gwI$o>m z4B~aAfsVxm>U_A)?~k5o59ofw4qq_P0j_UfeAS^hZY`C+oD?+Zvu{%LPxlSNmGR@W z#$2Ppx%qGv0gURxAlOR`ti z3i81zCo|VD20`0nBHb3!QI5tvq>p=C8I1W@$L8c~(a270a)eUBNAL6p=^Sc%c%>r$ zKY~E)Oemh0jp0JS_gX&Uj*2%C{*iH5WhL=SLRC%T6CN$yn^LP5V@aU_NEctq4`;t z@BhvRBpscY6>jr-Rg=)Y)a*7fn|G)CjL-`AgoVPNW?-Pk^5|jvMyZLZ9arK*&iiTb zEA9eC{l=b$iaVHx1axTqpcpFrlUvy4H&XhGue z6ph?b+~x~=>+8bW*TPNCKqIpNB$ehljwiJIHqw5BVX`H^_*mXWD>Z4kv?bB zfd92vXJJ*mp;MT*S&upOped$DuCQrO-1<-BGIPYE{)Vcgi9JnW=WuexN0&UA!5saL z7m6t)P{1B^p`I$dFBl_>IvsIqS7AAbCW1q)Pt)rq;u->G<^S5d40uf8TJ5x2L4lp) z9g)Sx9+JmZCZFmbb_z>s-^^Sq{Mf1I*w90IZP^GB5s_`y3|BIIFHe$KnT&)O%Fpaz z)q*@ZqO3e7Pn|~(VCRaABrQU>NX6%hA9AlxR`C^&(3k&-;lUaGrxu$@R`ql+jIj2A zy~sDgIPO=1Sd!p4F%d1gPseA3dbH@-yk9!MINoj`@Fn-#ClSRmS(#ToXI2j& z3x+)-l>63#8@$mMie6oiHo`>>C!E#hG6K`G5BW#ktmN1 z1}nAknraWkqv=ncKG|M8Vc(8_F;kTQezQE9zJA)txd{8be7W3m0zYYUE>jh+3h8tm z?)}?s6BGW`6XZvag*?Z_wp$rMJ_7T&R4O13PRn+6)21Ud$lg~GT(P=Npt@a=#RZ^n zajJp1Rd(`jvD6)PE|VLQQLazgo|P|DEOD-$a$BfdUOMl3?JHDyoU$I_FRfICtimLm zkRu3$5lwftlq_m#^_;lDBk`mladSENZO{Fi3LgN(#aUU`rtnJw`HlT+=KD-AbodV* z5BdU`t?CnLHsYRz(KHb#ko=X1WO%p+$$N#U(u$Eckq~BGqp<4;zHX8_vqWmoMts$u zws_!SsCWAF6hn3;_}$>^piH(P;pxH0qHZ;PD(A)y*S|7bHfB23-&=jJ<40D|$aE=l z=9=p{W--nE2)JF0L{h^N-U3SxH6J)eU_btb3{0vkg$$uAA$-h&5avG?sd=Iicq!OIecCA7-?!=+LWr z8nzs>RLH%`PC)QsZOSdDuO76)dBiKd~;nQ8yAohoE{b$ z-EeDddNO)I<UfXb|eVCR4UsfKmDb zlY?$6!EZ@xUAi-8Uoz(-{A^ERq9d5ve$hcS#P< zZc3w+@yW{kiprszh+nHFB?MV!$BgWAE09cGDd_0Y{F*t>B1WZW%=##dL;|aCNE?31 zWCklYxJKK6psPq^>(ik=@N39-o6y^GK*hdFPde z1O|?(ZM&6P826CWwNw@408B|9F_%PzziGAvL%PgGpxZ#1N2Jq5)KWF>v2ufT==u7= z1GXqH_U0rHJ7(67fQ`bn0>4)uM%h#c6&!g5z2E>ztskLx_~T+R{9RQE8Pra~S*u0} z+{IK?i9(8CHUacTe8+#}c1?y`q#S5*v}MOb~e2H9djw(ei_9?&*P!*58^X z%bOX$aiWBwrZ^EG)_CvqeWdv}nebJzV#z}2f-m8vpaaR&RYm-+k)*2%NJjo((4g@P z*;?;uXLG9uN#c`c9CL|C&!p9Xh(SmF&J<{BmAJlO&%dxe_rx>o9Ja5}7eb72S~q)J zH}~qF>!38YO&=ky=R1Z?eb5>v3v7v5hgg0`V8x?7jcJ0D&Rhr^m5N)yA5Uyl{YTYN zqFtxCF_+5`;sl0-SP(H&e)El}_mjV5%1ffH(Xo0X3NPQMv&F-P3p|N}ojB6&2;Z^2 z94_Y-r?E@e<-|ZN!YJ=0cf%9(>A_GzS&?eiCB_SZgSVsDqx!R4(_3DP2s@zam{7Ct;HiPkMBf!M7_3W$ur!EI z36K2219wWm54x>jar*Uxtyy`F-=!Qkl5T<~r6U&Qjf{n-S0DD?%NbVI(-%y7SV(!B z82b>Bds#kw(Fdry!nU&8zX^)BNEqV@_!Qq3CH72I^Hr7`z&!7UR#lOJEHlGwO4Ow{ zdvgTeX7bBj9enp5taM&gZCPLpP8j5%((z=L3;)Ac_wwh|v37-?kVHij=XJ>K zNRb&ThEMlbPXHqNN%&geO@z}}Df+aJe9&I%-b`WAN{4It!{& z$G1CqC(Ry21Gy8Q0nZc}hVQC-1-LU@&ALfbA5>2cZ#xl4&iQLe0FfJSvD#N=VS%m3 zJ!JU{Ie!KRM!lkf?v#~E$Gni8C;t497&J)D`?|U5W{?(9FUjx#2c;F^=LqP3bnZaE zt`e^;&I1L3B(xf-i|>aRWf%YcVO@cM5oOuCI9!SYg7hhey=KGs{5tb}*d}0Z1Z@jZ2niHh(O^^<7X6Pxzq!w>Pxh zEhFN8<^+NM*?Fl#TJgh};Qoxk<3SXH<6rFii0*c7kNASFT`?%SA-Okx|H_QPk0UB< zV?ZJwpn@A5dL>m>_!H-1U8xJlpQ*rHbH!BzcMooYVz>d+0c`c1VcUta#*y%eV}O57 zdU=mg$&+_<07Qr}*!^atcXe1H%A=dmxB5|9?{zeMXie7y(HHYK$65kZWg;lx<)2w? zZm4Y>eIb+ZoW6etgn1Ta1t|0UUcxUR!@n)5_)HFSuC|Z%b=yq@>ceU2cp;MV)th$@ z-~bowZeLg6@A?x9G4}x)BFdL}%OL6RS%9(l%W~riX!8$_O=HCFrU|$-ODJemV6A>v z5d^&^$ay{i&nYo`u;{bT^33>(lKc!}OdV=7mxew?x=1TZA;SLjXx;hL_8u0N_I-I* zS1OYg!<{`eH|=}nySrek4wK_)NSz_7n2ar>uttw=(7K|N{PY7k-5ZnropnWp+7^pJ z_#`4P#)4<_q&syuZqwKPyNlkEXDcu+3DMcRY5rP8HUj+&qvs<0JaO*%1HE^PyhrB9I_ZcMT;84T7Pv)!DQ~+6 z3;9#Ak8&%fG8^z(Qt=TBVidv$_^dA%aK^D+t-`A)d)UR9ST4K~SOX|H(G;m!& z!4G6BDk8SJ6{2?-kIkofu_7?%1896mYK=>mHTT*2__8_Xsv}vzP_0xeysJ-{%kaJD z1nB@~q2phFju8TwZSVVl=olK+)^0zIhnxk8W~}C2wz`w=F{QKKhI2wLMc%&WuN*mz zW2GV(`BjWWT|J$%qj+>L04j9Dpb`YfN8SC`)YFG`GTh^Oa zAJ8T$POwtc|1dJav~73itp5Ud{1jOd0lJUd!YRbPJsgI5z;{ip3?RaE>Wn+0#D9n< z2;`YFj(jrMlItc#V9R^^yX)Jgh0U}9c8a{*+*buMvuA$$4`E+`pimTMk6*m=YMrk0 z9^lG+A0BTYfjWsXvZvILaG5^GZbILfb^3mruHmoYe|HK3=QzLXyp&5iZFY!7TA0R# z=+?Po7li!=H-I?!1;7{3m|1@8x;5JV(w%%DT7a@%@@h)q8qcQ3f@tVh#$ai;CdAtg1VDI*;k5uO0Gxl>b-Yi-o)e7WqpZa%)>K~`& zl$|MWI`#1UA?4Xe>?@fCO`@E;ZcI z=wAQ9D&``I)!}#9ArFC4B!9vN^?(joh;R3DdZ-Sc%sB8vQ=~@Oi|bLb0MVTz4Z0=q z6d0xH_nv3h7by^?uvoI;4k{{^Y+oen8k$Bzk<^6zHGYdFIiWD?Q zK&@bt6cazK_L2KOkbn049R1xJ*}+0O9ALLk=_k#3&wdEPy%*{|I=>4_?0zuR`_$aP zSbab^=eK_^Qg)dWa)5~f3Phb2tyT%Y_ZpA4{G<;*B{fqw#U8au<95E^mM}jqE8h!Y z$d4yyDyY^xZ}fLv;e%DZi9}Ajzm!ZZ*4#Zw(V&yjDS%WP4K4T4-p{595Xx^mfPejc zn=W9TQ(a=86^=$HZRXEp=#Pcvtw^qSvt8{MoJQow+3=<8|u zNOUW(JGr-bH;+CVW)B@a>#)~1t9m9NeF%*$zX}@GA8!lN627ae@1V5*5afQNsBiUh z5oy2ApRz_W(Z*Q4g0;R0RZZ!p%kIDr^+LZ{$DI$e;TGbmUULT^YqH;bLPq8d-Y!^A zzW62&ZXdx#kGnestNoNyZ&hQi6yLnMmU3iVUFjJA+1z@a9xDEn z;5ryNlAl(T#aC`X29jfuL@of4#Gz(i-3jbst*d`Zv+L}q==s@f%StjG{P%9KiQ0o2`l+57JQV~s5Gmm%pp<_`CXHQg z+6aErW-fsq53rqA!;hA;Q&0n#zzoid9YwyIwX$+Wk)526HfES zkhoGbneN^d7z-CjTK^jZw)a!n|;XN zt~Fgj7Qz?wH0W$+aM6{%405(Tz5T;Su(Mce%s!gQW+cjP%IBT1`;Slwi_H#+waFH0 zWPN>;W8TH1HD{AA-oY~Geg$@)Wu`4A%_VS{1NVzy4tpD?a|)+2nU*yv`0hNP1U4PN zj>keXTjvjw!{%|%tqvI_mPdCt!k}=|kX3y<>{oHvab+-U>6{Fyh5Ep-X9aibq{eN2 zmx(O972#-{WsS#uOc!{OB|_gzb>nCxMw?>;W1F_h*tCF`{H+^rAq9o}Q- zr=sRD6UyR|%Gy0-rn|Pe2W6~8KT)yFLCA_LY0934&7WB2^gOtaojV1AJr|8}(->#F z*_b!420Zs(l|`^hiWxR^AIO*$$(-yiU`I#7YZlWyrVVzu?FWiyQw4vqVq!Ll}a?t}mCIYP&DAApg*m&8eP>GA@X}%l6>W?|SCR`5d*P$b=B{K^$ zs)l^ta@HMp?ROk0)@92BavjISal=*=>nJAh__3Grr_yGBxTS5Ao_-!(&M4E!LN14Z z#FOeIQ;AlTa(R`h(1O4DnIXhA0@o!o zQtZYwN;%M6LLtMW&Fjn*nT%0~_^kxfJz_o)Q(Y1#01$C|n`v1ocOOr*vi*iiW-uP& z%dKNjoA)b9?nCuuf51|V5(h9`)UOy|?+Riz7Cpza5?w0ihI~~fwZJKMFGhbiI?OqO z+d@!Ln*R#G)tj_`GDph#K&8+2=n_#TgtU8p|>B^8+ zA-I}naxfhZ!*v>BhKncAWm5}-s5VHwt;y328Hp!`=R0hU9`822ej9<^mgNY!C+x@2 z_`$8OYuNEp{II$;MFLw6((3{Vg?JVqoR1QvkKaV5cqi=7ZsRb0dAOr(0d(ttpL%O! z078Rt_;=0xu@$%fZ&%3v9?`bo#?3To_}e;OxPicr)6%k{?xAuDxX#2}wb`kLgu1nQ zuWrYT!1_rN(+Hole`Zw|Mgp+$k;lOTclkpL!`c7{C^955sgCU%!A!8O0o>CN~i2AeHwhG7({lbK}Js0 zP#ZSt(^Td2fV4f`K1dy;XG-mQBtx-z7HMg~5tw=|pmyHRt6--If0fMf&F9Eh8O?>Q zFZML~AWrreu6Xx;L34e-FGhHXux0?TNtBAmc=a(r=`EG_>sxZ0PyvbQuvS&iotI$P zXgA$#*GN?K{AhTJli+pxRSgyDZs}*eY_UxYg}%)lXE*KdhknDD&}JU2)hsU zFH77_+PJvRKj`lvYxuO7sYyrn+%c=pCXifWj|%S5Dih|&J#K#kUkJrJSMnb(K|M|? zoBY{Tgks5X4kz)AhvTWWmZ>xuH!FCtQx*e<`n{h>;V4+KpE2pKxH4f>?sPQqHvGBn zd3ri(Q^C;)JRA%CRN|a&lyL9zrZ}y1aH=!X?(P1^HM$-eElh?2IeUK*s zI_V6=g&zQ`2m_4yBha^8^l{}?tF!7B`+$-M_-Xt#_usiH)29RWn3Fm-7&a|AN~X&5 zb@QeNANTBiO1c7-f-Nr7xqRc(9XzL*PZ zQ9To=`8^>!5?^drGa()@2oXywYM~5@KMlT%-+utX|JZd$FD<#R1)tVE4h8$586o(l zq#E_pjR@0=!eWkHC{3<6TXD_tRPFTcviDE(9IlMZW0Z$6lSEx+f$oZnW@H9usIZ2IjAhV0kOXPjosOvp(1<0!DT((y78I8)35 zx_sP%hez+>h3cH^se9!2aya|BP$_Jk8{#%|=X?oiFS51a>oNWlk-l>GshI5)ymgf6 zu2X!sqymkZgtiY>)YRCxXU;95zj^Zo{78~gn3dzg4JQd5+q%I&(rVUZNYUb5S0>wH zPMuifujHHv%{RUKB0uNwIm1V$^%7rHvD&VW=D_TMCj8*b2Hhg(1+4LK4YzhWw&{kU zz|J)JXI6S#7tK~zTeU9|SAp7T-L%p>*da|+$ID8?I=ED+RLA^|Y0fc{_2|;Pqm5X@ z)_kbO$0Py8`9`G)e4UnQb@X5d#cZ*y1?Bw@+AESr=z@`*aan(HQzcp7w5a|fI5F2n z^_*Yo)$5vL9!LIaOXLihZ9-l8P$;Px71x1SF9fNgQ`kbGJt%l?xUn{-KZIfT$q#v z6;OjP12s|6RThqoFD>BiQ-yLGf1`;Sl-U)6JI8h3PoE2%UC=?q4!9v= z7Ww{%EzW3Dj`S>^T}XadP#1bpb}sLrHG%5YO2qI<{ag<8g-|8`%{bPk1;G^8{x;V$ zotBg7COh}!cOjdm6HqgOn{l}ni1$be71SE-*sW5lTjf|gk|mk;rGqo}muJkfQ+KP{WV^I-A` z6-uI>*kUq)*4)~3R{izJV1c3^?}c#~6}p(m2en5-Dg{jWfp(bjuL|1_^;SB+v(%|2~=^k9mjbpm1)sRFSpfa zY4Zz;iW1h8%yGS1_lH`{B+(+!)_jv8Ef zwqXSWX8wv9O^B-&nq$ZE>V8ivuWx)CdB($Rn9*9NN3Y|<+p3pwmv1zC?XKMrK!1AT z5~puXL9NY>tk2I+u8Y85;1gtT`ow;``insY)l;7&d|P?SZZli02@j$+irZ7uGkMMG zGmY7_$NfnBJY;RNC{xtM=&2D!=cPqzH_$@#J+8b8oVTYx`Jlt3u0*GE3c3_Er#6&p zVE|dNTX;f|kYfkm-`UJvV9V5|c|KCuT=)FmJ^g-sEIS!f7UhTNL6VTDp$*E`vSMeL zDpP{Q^wM!J_ViT1x#FhT3tz@+arqVM|mJl$wl2&if1FW(Dc_xA8}ad9%x+4M&z{!8cUQVAc$kAwRePs1DeBCpx&Q3{6DJ2?JWXwXjOfp^aF z#Acgh3K~sfMFTuBwN~de`&L{58Sv49A|`dje#lnN3sdgXSMNl9hyB%Mxtgv~Ojr#_ z^_BbI_mr*V)tSfzyyGFx197esnu_QvTuS2c7_{jbH zkuE;jVN9lApSm@%ypO&$M!@vsbi4R1yFzZw6oQpS_tfn~Qq0~yGIll^`}?G8{nzq2 zdJ)66qswwbDHWPT6cKlIZ_I#ArSo2gfuzuwXEA`1`bxd=A%PLpSU6$Y zxTeeo;le>J?$hOd>pJ;YrSuXDoOB+ct@XQY`DyDkqXk^Vt(TSfvA3V-AdmJPuhhQL+Sd)PGUIg{Me}pI*WSnj-+C*F% z*_)U#2E#+J##ad6#g#~by|8nQHqR-g-?FM8K3|;L;}89+3L#Ek_D11K6^SAk-gC@& zG-hK|7QJ**jhU&04)ZNcmk(76Cl+G{GN47WEfr?-floZPimW%kIy05D9Bt)Hs@0># zC<0>K!$l|4x}L`Yr^A5Vny9fFSxBBm3Xftn!^*aojSlwtsipeyr=2E`xXp6pB-nk$ zjR>^v=TuvBL1;QNFG}a1RYXH-EHq}I3Rp{VZkf$D=m)h6WaZjtb^(OS8#q)u+GIVw zOqyv1uvy@bSdRn^x{UJR12v5QFFZzJ{!U^lZ=|F}HjX1;r}Db}*+!20ZWuM}6nNDw zp;bYob0{;E106$DJr#9GCt-v@X(4U6E!W&Pe1C4;}%^%AWIj{4gURo zO3ioMs@G)6{-CpO-(4=}w?f!Pc%_E@eV3cee8QL$K#^WY4bd$&3Hu{H?OdE}~9gSxcy|oxb#>PrtiyV-<}g51^*w_`G?Pqm}(nvv-#E#oXiNhM@vv zTR%C*HYK0>9#!TIt4gC(}4{Hw>>SX+$()pWj zkI^BtUqS`)9xBJ#y_$&wT+xa(@mV%-?yuYF0hKEpY8AV_gYqPy&3q^84_FukVNI^)_BKEsUadg+sN?)$cMv;|m`LfkiH~2zfO#_<`zA%q1(G%U55Z z#emJ?Xyi5r!}MNIjH}4uHx{b87o{c@4{K4h`vxm*BrhFU`4;Pcd6}5qJu`G~fEM;C(~)QWTkGHn zx5Z42dmjO88CwMVo#(u+8N9Z>L(`hgu^^)qZU99Z%AVGmoo`K;R39uLqa0OG;=@{Z zjnky`tfPnavc@#{Q%ZjXOh^yzivJ=H09W)uQ3Z+;_0R0Bw6iJv5>XljZgF;{f zp37XTysb$VFg`5evxVl+Z6Cy07L&9HfMEkw;v86g4WrCfk&60tpC!W${ z@pdFllPkG|;es@rqR6sx2es)>z59mV!ON?;cx|^)o8rvNqPK6g^h%2RUc&AamrfZl&cQ)8FezXuBj}E!G3}D__=Th&<=F zInAbN*KQQ%>-azAW+ml2Yn=P5Odjn_VHm~S3s21zrq;|5=d*Wr{bu*68WR(Xw*uLG zQfvI-eo(J2BFCbrfUTPh7hw2Nu74Fbbm+X*|0xq<;`Ff{H+Iir0^MfFW3|Fmd@vwe zvi&QmIvV9V!kbnZ&2luNrMF8=F{r(N zg0Sl-QNLOt;C$sBtUlL_(~`S(b!x`rfNuaDE-Gupl=i#jhR2)lBPrsoqmFp99HJZ3 z$##z3C+2e=OF6Lex6$V=Qr7EW*SA-&1O33kUS;@`z4FWL8}gcya&DbvdQBcNsWPP` zNNy_?B-bjVeb&+MweF&4yk zt{~R~sD%vbq8=}?V(ld;;D#@-R~BTn*Zh6nQ1+&6$9arKdz?ocVMk_?HX3*e z)+1Y^MhXc|d$}PwUIpi_Lu3LmFSU-KUd&9e};jrB{Um zm-+=%KL~0|aX&thSo#T1H5xB7u!)EgmoOB#3(qg$KTRN?s~9w=#mgVUf>Ww->9~<{^i3$3T=FSl zu_1D9#O3g1n#WQk?8sMkzD zA)O!C#hbJ}Go03u;&gRTqaHHaf9)QqZq)(XdpA?l;?QJ*OghH{{{i5$r9S-V*rp0- zH~#y70rqz1?9h&f!B+Q(uCXjKpFYUmD*M=U+d{aLFZ6a2r_UXcp)Q*{k%B(YU(F^3 z(p|ek6QihiP5#!c_p}Jw*W2kEwT7PG5_mtr{LH@wx-;u{@l_*7TCjz#$=bdfx?MMHPKMO92uF|9P`Qn4(y% zAl)l&xPG?G?vSeGCt)wgJy>P!=IjlR*@E36=XQ-W*gThn5hJV0c$_Y#uG}mqzWgEu zePhruF{o0i_v^ zuA_DP#9-gO87xPD_a}Z>e^uj~7qnbxx^I|5%O8#ReS6NSwq1ZSWIFw435J(l$btsop5Rv9P-U|I z1|}iUL)vqTV_NuzZ|kr=(@8`2;S+ZZ*V<+x^cZF4hdIZEgfEn50A~^i4^wVneie^z z^+Q`2cZTCf$Y`?3wTe`oiZHW7BNyF-%FUFcmZrAawXqLWsO~W+b z2#>B|ZQ`H02D*`6TjZQsc@lHUB0wM`D#YvI>vM8awhQxjl2LXE6SYUJhSCIc-NRqT z%iI(DM#XN7SI@Zbn=_5?Z|!y8x#Pb-$;2JOG25UGyj#KTc!9|K(W%uyxq0K6fcS>9 z$G71}aebhQ%&{YlKl|07K*f&AlE$yhMdLIhhM1$x8LyVStcQi#fZ%B}7Y361^{i^j zMkD?vRkl~LP=a)8N}?-934f0}q-eF656Zk(7_oR>QoIX~CS7r@66V=iICrK)I;n_S zB(x`ePIXARtyC%@2xu36)%U-H2*O$4h3nMha?SwRmlB)6-hX2@?NkD??k#^&^=kC z^8yva?73vwa6gJ8zOS19V>oVmX8`@fBSRVSaB-@5KHtwO9M?<1p++x7YXj}9^Bm$AP}731h)ki7I$|D&SJrX z2X}Z+T2Va|v>-c3CX?d2`YE@X{TXVhE;a0%;S>>7!@i^QCIp{_er z*PD{oNqx{&z28y2-x)p8%q$M$39EShzuG9ARn}N^U;;B;sZ6^e2qV79MqibzXi*BQ zr8dd3pAMwhQ5}-QwrLpCh~jPq1hNMvzG0=k2{nodvaAcL)G?YXXN8rM?Z&c&nqD@V z5rg(%)?GQFwCYrx5yo^**0XP6)iotUO1-f&%#JlBBk>$Ja4D~<28J+B*25%kpHhtR zy~}Kp1Or#KI&jq{g4__t;r?aJ1yJL5S3MO`;5JEh!w|}rWnHdxgEuFO-y?ZA|ArD0 zMK^>|*NDsVH=DhaZ_zOhx}n)^mJ zr>&!pY8k-x{JO*BB)CtNafN@vdcbvN&^bnx8Y-IUou_;l3pu!8i+TR`zXUwFfziP5 zczG3$5vp}cx{s0n<1lCDD7PVu+7beLrI&(qB6Hv7HsY58@Qtw~n}ACdyj;~bU6nlG z98)$zc@mwlO-whd&$jFMb`MC1`YX-~vQ?R=(+bQHlA_}Ce9VT@5yT{`zI`YxS&csl zrcpzyrAMu!=gv3PFdUU|Y$IH1e-t$ctEN)Td-cO8_cSIXv4shXZd zW-6&o|9GVqEX66v-Z0{*PQOW#YrBh=uiOXRy$PH6j>;SPRf~noWGiJvdCyIrMCxH3sPVxB%oV>SxJOMaR}B_KYw-J~Gv-SQJ=G-o zPsj!!lppZEnddy>=a8aK>ovn-Kq66TxCt11xCf|4$yCYpE8uxvt=yV9S~56!gD#$5 zeg4cjQAS8Avq^ZKSo6#O?Fd>pE6tvIXntnYmT%`i$A57?AiJ*YrUS8xqTN-SZ&Tdd zg$GDQ$4#+k^2G9ecEsZs`Umki%7tB3Zr>pGozH^>JcH&K`u35aEwZZ&b@`b7&Bo&PzwL(>Yan(!+)4HIF<3F9o5zZMQ%kn+EoyzD%4=g*r8W>iCM8AWzIfCv@?oo$)`} z30Lq#%f{eaxcjgind(7uX8rjNEA8wL%Aj;THQR5d93KLF0To)ssMQ+>qUEINtd|Ns z`AnbSkg!1?&#%xhY&B@6V0QFonE#)Afipy&akEpUPE_itpah|@!~CkLv{X=l%yO+> z1@0ULo0!_OvTd0$-iGUBdC+`SQeGx{@Wm(7p=xq1>ZDiO6N@j@j!ED5_`kisW&v0> zUw4bsY_hQ583W{oP%r|U;u)Va&ilJx;V5M;?QaVX=X}f{p1J_f+?`u(j-Dj)@vE;Y zNKMOw_Y=+#9Wu4?rna>COESiMO`L4lvCYyw9%sGjtrEW#T0A#PmrhhNFnOrIATXPt zDP?j_ohUY;4B{V#TL!W`ezyQReygQ4m&XgzB28v05TaQfJ|D;=@laak#LNd2m+y+( zt%3|p&owE~SdMx9ok?eQ@UaOfDTS)$Wr$-P@+P4w?Ft#dq0G)ra#GnjiBh&AY)_t(sKslX!S|-~TSoOlHSyAoG03g$XKvdTivRw;TxSq3Y>X zw~iY}a%SQ7#2(}+vH0Ntbv_c{WW7`SElcd%^E~SQ_6b+8nxe)sbG(~$s@ z({syIwvj}%)0NT)sR(II9Tln5j)3|8T_Lgdgm`9YpZ8Pz$sf{p&tSTsy#+05 z^v_lY9QbLdQBdrvh?ij5J$M9cZQ6 zL_k?lN3~HuNy8!lo z`&5AJ%*)!kxr-C$N8^p=DW zrXu~1#R7Rr)N_1tPx1+|`+^6YmKe3P7Y?oMZYRZ^F6}2@M|xOPROTd?a(pf z*2RoK9GN<3RjZtuA`%xi8^cREF3F)5EYfb`m}LL)89I5Cn^n;jeBz);vQi2oJW9Hf z7Xe2I}y^X;~xj@2Vz_T;XnEJ=3mlubsl|C5c9#Wxt%MIJ5m5BCGFD=j^0 zV>w1-EMkpFbJVfZ-k@Q(minyT4w{WBY1~pdWk3h)HBJ9hW^keO>V7#s#|Y0?YfWDj z>EQJu-)SnDVi6A1QqDpXN9Q1Ay{`!<1}cEhrK@7siXP|$7#1k#(roSIEE%y+)Iya^ z9uL(w8lVTd%}> zsIwU1(dZJzuBWSRFS_G8S(Tv#bn!r3UBF~_{nIziP%%o(S<b+-6hp*X z#JBpgepRf#9OLH{ZQ&7eWSCM=Zp?v{w^c99QI*#aJqO)}AZ(*42CPz2BwTUJEbR(61Wyi%F%%TWyJG9E=D2rA@DjS~8eR{agB^RXiBOmQa$2rDI?hJ*kxMNTLBo>*@sk z)ejDpg1)4q8M8{>-q@HYK1t{HR0vmg3l}WZ!*|y@`M{K4%hKx#=+8K|L{t2fIMyf{ z)L_Zd1d4oROcqiN+IN%4fW<;9Bu>#bL-u<&p1Nbm|snoijsD1NO>k?J#6jcin{{1%hiCU+hTIZ8cwmnRFN_8?3 zk~mTfDv)bcd4jS66WPf=dVac_r$UpmTa&W=_CsyLLQYhj7@xcR$;(IuEDXyckMfB8 ztid9_V6ovW>wNChLXzI8i|4Wy=p?U0LE!G5% z3oF%V0Q%dy==W$_#OxYSOpCA0CAr}LSqZFmq6r#QL`2xTXQi*tVtj2>r8n4rk zMtHs?G)SyeOsr(lA_&hdtJCFkhdLD}4tm-ofXYd(y`U4LudMFkYmWyN>D>6@cTq8h8hn#%Gt!onn!P-5(}dU(qefjA{{r-p{p zS^>TQO~(otDD%&woqqf$qo=6Yv9a%#=x>+k!35e`=Ny~B)DMZYK_ z+E+5*(<)^$N8g;euB7>*S}`S?ga20q!l(eW~%an@p6c$??Z;J1d|` z4naPOv??rCN9RFv=1d(TV~)JQ)e5U34=DeFK6rF7@*Qgp>pzP!;J)O0w(NsFcCbD6 z{Sy7n68-Zf`s<~WbsvZTS#fQM9@|{LaV3LR9A$%>I-f&1tVMh(N%);zvG`Ob|L>R0 zdAotb$=4Ds1dM(T-=B%v@M!Lej9MOiM{y3r-pX8`LoVPWrr8^@eYVP%q|GwZ?$UEy z3F!QCpJRU4+7?~n`A9RZuckc1Z){Xn;569(uox5N$4GkBI-9u_@anEx;vFzN?O$DS z_9-^trGkqo?agN3@!C2lQNLgLRlyk`H&P8IBp45cC1b~d}F{R5BPo@{;tF#6e5&ZBm2E08B93B73hVCFPZroqz$1=w6&9|T@q#G9Q!9% zEtUNeG&)vtg4*=12f48&pJrQge%VK6l+K(i=63iDQ-KE1CjX`abXS^~exZa(L=`2d zHP`rhn;farr&t}35$7~w8G2yb+aI4k$8rj8Fl4Un?879-g!5YcK}&&Ou#4;3T1|}0 zK6SRKn=Ksd+BSt4T9W)*o63H*Tv0R)si#@8c3X-$jTuzS<26JKx!_?V?XM9DGYSL7 z9w?^{9=z|d6#STHFkgm zz1yFfVwJvM0tcR$qp6a7f9qL|{19!*6ZM)fclkj&->K}1ESFfkCDAnAR%&^mzXVL_|6nJ6Ix3^m|U%7~k6AInf{qQqR znqgsYZ&8{IE1{HLz5asQWI>sJlQzRO1%E1A_lA?{z@wVT!VDOd*ngw?(I-wo>!9wx zqlA{kV^evOLhfuB5D4GXYiY?l^In+W@@36f$I~2N#-Sn`nFvG6K-q<)8FM?=6Bt~) zb|RR5d!}whks|QRw-SWYa%@LlaJ~yHcKzd5Vdq{Ii$kj2T@NVZ^hHG1aIu3Q`JcUz z!qyuys8MH~4UxIemnUF!P^a5ha1$p6)OimYhTE{7&N0 z_n}+!kc4tBd>!zTHplCL9qnX>;^m=&SbVWeu>)eu&u@!bmJ){$;c=dg35g8}tmG%S zt3pEP48#6bU*aeOgq*|mn{#YZWrOQCiNQhx%qi3&mW-&@A#6#tf?DKQKq;-h2_rr! zt&0~=3CtP50;tvrRpvYGC{f#5A)+YKFNO0DA20xSDmuxfRVI2maX$#*-xgw(fA-dy zfm^c4%bW%k)`tgD6jGZZ6`VA>uIF2W0V`w6B(L>arwU$$J#Aqz1*d_TWB$fm&d45{ zp{`W5MF#{kD2-l>q&()A|5q-`aFzAB*280eMAp>ugi1ttI=@pgZM>%^WV@LhF4dr# zi-VR9Ie#QAlK-$i+VllSKO_&^N~ct%7AOP?gR4PuNV>p?vljJa_+ZYV)>VV2GSmKR zmJ2Y`hxnJlayM6|xN`q&tV-5y#X)9YO=YDxtkjwkqoR{>9w;NM;G$N9bip4zu}k{*gaZ!EtFP=k&YO*6vPlIaDevJE zM|SBJOPAMte}~T9I-auXMqrKllH|4X?9Qu9@2c&XzEG*;G_$hnjU6f@GwhvDZ29_87}3FGICInc3+JQ)$*{$w$QM-898zWZeV|7Z(Le5u(>f^6?fj;oC$|?_uPp z=0mpIT=post<%k<@;c`;PtQ$wh%Bw#bUQA`V|o8PUo zd*;#h->5RnDheCdY+=MDzNl%Z(k*^>qMSrj_U@Mp&(R&J*p*Qknaot(A@nkn4DQ5$)w{;(Rx1%B{ ztY}G#O5+uYc*xf^`2{T)hT7>_Y0?p%<_I`ApH-6rojB!ghR-CQ&DG|^I;}^_zhF!+ z@4QB4QZ||@7lJ2M^1cvcI=C{?Qm3BJH~Vj;KW`cUXCJCnjq;%Q&lKeAHrZ#l+DNL+ ziW2@75ENFkH))?|N8)P8O>A6KwM5%>QwOKFXw>D(lcN0YvZ`RovfFJ`RW2~qhaic5 zX@b%46Xn_oD;;}=vc%aCpmNaa5H0h8t6PO!ue5LruS-KA75pD!*jo~_N=r^(pl(6 zK2iRJ+mO&$HC=@FG{>*H-ToF;(89|2i8soB%4Ji1AFW4A+V~-~-a>iyR%KU{;F>t1zYBb?u2*yJ++g{t(fWsgBO< zJYIGRU+SNnNJe^w5;BWakiz=H0NY@vMokm`h&MV#;P(Z_#K+ii=mnz>-=d!}$8M#|tfbIY2PV*R`CWO3+sw^gkEpc2%ee~8u{~%w7JqTW-0P8|T$O+#~ zK-s|Nh>&&C7R1kJv-dHbB3VncNCmGqf?#f??{XxhI;4}#oVte-&%|X6%{5HaxT?MZ zD=f^}8wWT>fGu760h)paByYFI@Ta&}!2D}qyUicX5EA*`Vh*TV)j#e8#xgdo)h4Kx zJhXS%^RV|${QA6{^4?OL(drta3W1sdr!IXi_1Z~paa4w4M({ucREhJ!q`;}!oa?)_ zdo9>tODUaLSB2|D^6%;cm+UC-#{mVW!SP-#?gk;BiGX@M)P9wx{$HjO`p4h#?F z*#)HI?oK8tbf)9JL$f}g1^at?X=O)^#MFd(6HNVw1t{;XW!z-PjB<-!bCJ%#z2zW4 zHgisQh@%7n)|{(LQ!Z9@5UUh5vhTMduFEHUDW8^cVtgdaTxNd496WBtb25pOC_#N~ z?*S#ODkzE<@l~Z{xp>Lz#TcLN#Gqo;PG znAhHBN6P!3m1vT2-;Mfa9*Gnj)5zsw527AZjm;$-vo275RD(kqsJM<=P0tO0>|CJ9 zi32W-)P;{ckH`ZJjPL5)^g6pYM3e?p*cP-|tgWRplQi8f-3vr52`ckq?;F;MGrtKe znBG<0_nFKmsaMF-r0K{OTI{4KXz-_e)RN!%UOnWhtDAtP1Sq@Be7>ju7nBF%L-EyY-7esN>f4(xj(Ty9(x zXUjL<`o7=sb6KPQN8hNhNJ=s1PQX|_Y&jh$Dp}6)p90Jz(<#AiA$QR4k+w(Sl?fIc zh}T)p{$jy?7i#JmRmO3FIS_oGWZ%>=O@T4zHDrJQtAf@>jd&Qn)LuwUjCMPGG2K5X zLH(r+a_WLNrPUYAWVQ6F93R28K4}KZH;mj__CZhQ-~fyqT3I_fFFIG7VB<`aPFxeS z7e!RT`*5t?^L~Ejjb8kbKjh*=Zv0sE*`Cgxe~fFnrYPt2UZ52uFB(1hz6$5#>I8-w z8p-4!7^B}YiFzm!{cqUOa1d~|-B6cGfN>Z7IFd{1n@&OsnIW-1ix5F}Ip7iWJvR_4 z=i{82>5IyI^zyUq2~^H3#|9A}9HjY-JCmwFOsC%BQCclEMm6&5*fj8hCU&FB)$qMH z7!2L&!R26PMZg+qkHPw^I~olHd7_oAn!v1nwm1Z z6H~@C6+3?Wj63W5OI^;BV4dFx!L%wq0) zoGovzH$y|jlmMh`Pi(tBX~IfMe~?g8A5fk0TpD)KNwU(Z5J1%cst-`c#GEH3Hi6bqsod zSY;+WGdz3n{dso8wJ;TCjt4%q3fr`D3)0zTC!_bt7FOZ{MlV@a7-bHKm!n38$ z1Ly1*Ox7AFM&{goxamu^1N1S&=B^NI$vd>ONJLBfSIQdz-vtN9TjW$JrHHOuaUjma z5H&P#Qge1w%WZi#ZgF5FnMRW0@oS)}*I!UOa$8%wdO{_ipwypMIUhDxcrvM_vxh!b z)KY#PCZldaR6aVqUc@z?$0%cW01i7ff^b?~pbC^ctBTgd8T#63cBmbT5H1$_z5A#S zC2(CE7>|l*joy+k=~PL+e{O=iDWusDy8P(!dr)wgzn#eS``IFkt6BEcubbv^jYGAv zMn&lY=b{CEA``}%tq9IE@wKk~^g5!Js>deSkyV}VPo!8DOl9;32zoT|tM=`Y&ubZn%dN@%OVqoQ&=8=09R2Ac$aG7+{D#$4Wr1eRW8F;L`=IPU0^6%1C5r|0Ot>Uyg- zQ_~MHQ^$_KCoBOtIPabdah+k>?L6j`e18iOEIkR#7w{6wXk@gsEO>7!CM2l3QkecE zDzP>n?cfkASQ9Q%tIE1mGtmuwruA@i_7FaF^=+`p14`x9A;zfcOgFsw`1@n;lP;#; zmLDTSA|ngl-{Y3?ps@P`80=BpZfvClz?7e)4;i&>Wf^AmNI}rem$D z#r+%>)WZWnt)FFNmb>!l)b?;a%Win5Bu5+KsR4eF1UBPz36($7!l85$?z6uhmgSqS z2RFOJdvIg;Q3~`vu)x@R;QNKLT}yJhO-;3`%~AOcOpQdyW8^J2D>g_F6uxZ>`10-P zC&8ho`U}I~KANppvR-wp?;bwdlxyE8HH=1>dM^JppWmY30UWipTv}7;VF0Q5kst=j zk3GQY4HJbcFgEL*fuU05x9g(hYC3kmE_BXO{*)lgCXR$6j^|q1^oU%pf5YZ^m@{zF z{5S9wKwVqt5ks=qqz%6*6;B1n^kclNeAB9v%n*z(lfTwqNXWXk)?cI?oiO0k*46p4 zFPMTO^g+_<2wvOwX#%i4DCtSfM^`>6&{ek}>vmM$s!#iVHlKR& zyErPdlvkggcc#Q$ocYT!B;6%Kc0L2W{B^qns9z1u)^_Ney?f*We6%<-IHu0Hn${7e za4EcJ!}+XH*jH6|){Nh>ua)SePVP15qbL?)iNbHmwvuBjT7t8tPQaH%OwQ^M!R@~e zkYOy!dR#5~gQntz0gVWOEHJE>3vt{v4TBB)ZK2mD#<|LT%0Drq3=ex^m8$Tl)3&1y zGzZOzJXKP1@cXI;6Qy$;OeL8~W}ykP^RiWU+vGT<4nLhE5@;p}7n8*;q^vsAm$%aW+V$@RmIy?+p4^Z;L{^95+0xmP7)+PcR{ZKkd_vHRK{&&KgdcFKf%9gBRE=NDI%Gs4}8x-o8SPP zGifhh;{qpkmuac=e|M8+Wt1DnO0m?XpGuD*U`$R;=qbCo!sk-FMH!rf3I!ttSH8Rw zO}BlT4cl*Ejo9QzBt3IDgMA|0i+*0FdYvCtY$-8|XsYFmdGg=rYU-{6NS1EV(9{5! zo_1%%=ZT2V&&1k2AmEyu5lkI~Cn+V1uPJ!!rl9;<9b&j)Rl1iyo?zl6JDu~u1g;dd zp=VtK6J?d$=V-q~{*-LfBtu|`+56tI^4?*m!}J9l<+M2h@$~B8*L7dSfKON`fk6RA zl0OXj`StkLhhL@+LaR-!=;uQunA3zM7#f#F_BcZSsWFtdzb$qkFSjY&KaufCyWdW% z*%~m#aSu8v(U;U|Pc#X5faJ|tDE2cY03a~Bzx6zY2GEDQgg4De?)RHzhjjmh`)SeZ z3mcWAM3}G(0C_-!hpWjyx+81P?X02HdvCR#}lEve0k4N}w-L6FtcoC5WdJKdyBE6;6#_#sm+6>> zD*A046&!DX#dIfG3@Z{!`riB?w1Gacv(Z8TZe-Ar3F_`qvOU_uvO$;JmqnK#t2MZV zH|p@b=Y$DTo}T1(rv%}&OBemEYFVXD5}CX#$C9TE{CKsV1_V3Vfe2wl`2g{x^OS3w zRb@Aoi)h&+$T<$-c*bpQb)3>+j3l!*wxlUQ76USR>E&5BfKr_(^xfngmMu@Z0RUP9sS2;nq~Tp#^Y4l?qKQkh*a z&(8N{2fB~QzsWlk=VIEFiwc-SrHs=_jeEar)dpkf69+CGJN7H>igOv%W?$R9Eycro zfB<08-&%bl;on*@;?X+H1Pd9Ae{i({uYOQiO^Q_(tnSxKEF% zm~%E@X>U-UZt39l z&~J2^a+rTw*WUg43ji*och)x6xLu0?xKL`4s}aT@4=&{!U;?)7T{{5%#4|p5E6y(z z$%^zA5uBs?DBC3YD%WPnC(-nDM*U`+ak5-Z9R%>Koz6oLD^h#SZy2ak zh$x)43RYDB_V`CuSk7|JSbs_{kATVFusvt?&!Y+7CgI$iUCe>kaGb-?JcD)75)!S46(k6=SUFGi~|7r43bAKwB z{eF}EUr_n?8&1BzEAjh2fck&19bl##|6+r`|C0Lu{C$S_|AB?z;4Gc~L!z^hS?1MqV9nu>LqIAPqyvE`ga2L`w9P_ zBsI#rUqcvs&uLm^Ru)X+sN|@x@*f`3F=oWagvv0@y2Z zwC$JEy(!CfkMZl}TgR5Ggv*~>p-!@+IlnHmzLzTaMS^!kuJ{Or?;LKrwhgisSCkU4 zeu87NiaA6)a_``+5jnbMLw2U+N%^I=+wRl6=w)#TxdvQCa{XtAQ|~lm{zyj6?21pb90ut=Y3X+f72jDus@6FuscbC zNJyjkl6>hr&CYAKBCMuq)hJ0*(SE)(X5}v7VWY9!Yny4Q(McnlbzVN!zR5Xq`NKgx z;zOf-ojo(ntw}8)(&9g5P4GNkDc^4wz&lvQnTCOCU);1ZWy+Eu!2w|Kkw3V&tf z|Dux6EM$6vxWQe(tdhf2fkdUHs)ik-9(Z##Fbi8+vz52 z2eXi7fi36nlnz3@jtZHHuB~lT*=q}eo0B+v$CS$kKlQ?_EYrV zjNfj&ndf>!uTytKXVpiV=NiH!6YJNM`wbdiTRNdK?wg3-!b%|{+0+Pvr48+Lqk{uW4oPuoMdzmDG628&`9IB0j!Y)Ma*dbc_?EV~?kZTzuV zeLh&{uPm~}4Z%^X(YW+IMQ%CBFWf!bwx0@hxcUP2EF&)lAXOli>je9U9g&}k%!@@T znU_zNw4=|uaapFHlioqV*Ha5;y&CC-r(=8uM>m%SI|104cWEv?S`|QrmUYrIiwZsi z+$`@v=En(0LY}dC!7-W&vs5B<>sC+-|f3NHMwu$RWJV8h>ow6KuI!8#+rY6tMoa6|)n={75P^?OhJ`7~u0dE)^+X*(Y2_cmH`Y z)*@fQZ;`7YaN5i^Ry80}bmVvTxpAYJ!*$hjdyk3qK9l>%n?$PkZez^#=DB}`H$2ys zS5)(;|GnM)hV#)(nt^L3Gw-%w%Q{D$rF+o}{g~sd(hrl{=P-`tYzI5y^K0Zs`}+4mg9zhFq;Eqb)=O8#c7DQhajz@zZtml?}AP|@wJ|3g;W z%#XaWvF>dL!O=Z6uQP$0IWv~228%2(ivF3l??y>@f={FT!yCQRfx2BamboGoMPd00 z&z0nJ!)3V}cUk2{_vBWeYmm!wF`?_IM8#xZg}2x={OGFhSl7yKiNif~`5G2^9*3J= ztfBXSEu@OKBe?90clp!X-z!M}{Ced;WE&*%_+?b&UjAluG}g1vv99%T6!X0I(a(68 z#!&9ziSIUr!#HRRR#ZLelc|5XJhp?|)b-+s80vg*e$yG#TF`bo2|6D{QJ4&^XwcOV z(k;?c!4y)D!z#MPeJmMb5fZn^bor)#5$!+0;%)s{Qh%G~wJ^Xk>o4N=<8JRe^jLq0 zZ8n6OUqiKTPuOjs5q5b`;Ctx*D6Y|bZPs`eH0ko)=22F}!`S77V|q{c*j+-Xaed`M zwSxarHRCp@`h3^@KG$!V!y4W5T)}s@Q{}96??PB8acRSK58GllKkE)!f?RWI@%Zhs z<%TH3|M08VF~dsEV|{Mn1?-k*C!$)vkmYgB`hJOUbZUntvv6z?w;%OE(%`Y3!R2_q zaHsi{d1^t#v85IPv6Y(oF`)JKJI}7!*g_G9qKIDd!_LYMVp;^$zpuY#ed+PI?dEQ? z;=7H$Q_^V5FSMH}MfYgFqu-(kE`_uGP=+tq?=JmzQ-e0k>rpt0C*fRt4W4{V8*zT+dhoo8YJSS4r6VzJR@ z(W&%t7K-wM8nD#(pW98Wf;foa2rZ`0Qz3Ci_?<v2pvd zvlOc>SLpN&{6Y$GNE*w0q9TdCjXfQY-;n5dq~x^qRBZ)4ks`;$A=;XZ9K%NSt|eU! zG_&AM`MM#!aUUv`LX>8Xw`adKX^Lb|BhVx=AY z;PR+7gSeF=u6er(jaYfX9&2=`cF5>jC=Q~|6j^_6H%wo=B)PXA` zb9*Bpyx=2ogwUtpC*nlIB7gtY(?CQH)*bHQBl!eDQGYn*bR~bZ)!oDS=FKAS{N?o9 zu;I$_``}Fg2%9t@E?ep5;on<6=JPDA^X8MuRqhE{ug@`>g9}UG`TlGD$1x-~$si=Iz=6L9|Db4yTC=+uo8(Woc-3KOrq;3=y)3Zy z6Vl%A^p||>U_S5yXma@VmNrO-k_r@gUaUgcpTCB>-nT&v!)-hLz_@IP`UD6@xmL!s?|+Hmi8!Q(|`Wc2IIP>{y) z5<{Za<-{W!1xGbUYK0UF`Q1a65BsJHNs*~hA8yyxzK@2mJ|u|>rFHF-x>^4opTeAP zP{SC;k9d_4Pm^UYzgt(~E}J8xMH3dt+1e91qth`RS`iQS$?Xb5SbH-g0bi2A*$eVl ze_8|Dvki7wF&AnGLLQYpSU_0gh``+vJf;(_Lb1b$d6{P%6ojuy!;)VvTvMzQ za?FH00i+$439G)i?7{ueooTdY#E?OVyO}!^imy%m@grldIeSBV+?;8U=Qqb!%XTE9 zs>bHmVY%LlC!?a48f~-m$hO()0-C)W3Ee;yV4Z9t^J&@;?fJ<00@ zS~8a=XM2l>;f#cxbF2}R>!(i=e%`$NJo?Z*aj(Fb^ZDnctv>-SM(-h}WQMsb60AvR zJ%{ZFv((Y6N2xxq>EieNcWYhmy^FbBN(rMee(2;0b5ST(xyMMoL}-soE0HI7eF%T? zi$E1ck)q6=K^7r^s-6IVq&OO0`lXK^45w8ELoS8HZ+( z<2Z5oroO_cAuDl`hzQY?(L81nX@ZR(1zK;^1~Jv3`!->loX523Jy5qnk(jc)qBC71 zURs_Oz8}I-m5nst?ieQBRcyJ<$}`G=D-&Lw@~y;GTUY-D{3vr-8e4q4>qA$&xx{gu z<_pG|B$^v_v&S+m+qM(F19=k`cMN!bb+T@Inmi`~0;~wLqfCza===UMt{fMyGDIqP z#vdvl3ohNe{pVwBN38t8mma33b;*a)F39BSdMI@k$x9cBGk?iQ=6-+PrC0}GT!Vbs_^cJ z-1*libkK!Zr+?A)y5aV?RTZ_$S`^&=wbVvXdE_Tzhd;?}%rS*zyy1T8?8PQy3TnG35 zo9UgUrdMDnXwF4krEGIJ1Be>7uKPU)s(ZU1rav^5znLo0crn{*iN1*?H2R_3&tGDp z=GG9z-$_d7_G%mH+j~{{!+KlPh79ElulGi?sD5(?&vc10c{1#bX>lyi z&`1?kz|5wz(s*Bx5Lti#iY9O7mj|J50po&aOv#Y~K1_2ycSXeZ>u2*d4CXlv1d-E0 z(>sQWx&$xm8H}#)=sb2_jZ)!=5a3+W%srj+Eq>Vu>o+%(v%zfhx zJy-1cHj^qHp0u{@>swUbG0Lg|9td_#guhvV14xPTf+UF(0k;n9mlr zHECO1V#Q90WV2LZ;r4(b{;F#m`4)a~_%XW(Vd} z0XSv8<6FkotfnZY@Uc}{!FNHYqaY<68>BaH_ynIqH7jAL%*llC^DdGM>L_!z$+Z?x zEyu!!4r0(Soq*A+Ylz^7a|&{H(&7bUUWbyWI6-1!5Kexc7mmlgahJ!d6fIv9Vy%_e z`gJCL)Z1F1${;3l+}?WL)!y^UfH{ahG$J+i&iBU^!sT34rwch}&dt3$N%+{$&fYF| z*dO$)yXV8;+wY8f_jZixwr(F97VFm(UL8f7>=0g7(^W$jaX&np9=zD_%D0W~Q_~v2 zd>wV#KOgm-fuyfXw?7BWsA}iL!qkguG|D1gtaXTJ?f`zfjXP-Q&N7yh;Z+HPBb636@qIOWvYRx}wsaovw` z{_@(HNW;-0+N@C_;|EqKt-y9J=ok!Aw*E_R4CZLCi$%PciNU`<`s> zhIxKR`nJs7w}+dAbW>+mhy4)3Llw4k2-Y|0jp+-faOZGDo6P2oH-RC}VT5|KJpNCD zR4!w`_(*7OunYiY@QxhE0(*>~C-3bZkkM$}v~06nwm8$SXZps(P@m^6^^=vjdIaSJ z3nT4;#QbV|SrPy22M_LokG7b;m`$N+ z!lt6Mv|-YNVc}vICZ5&u=8y&KS9CrR6X^qs_+hyuIMTD-clTK#5)Hc`D6L8Y$Rn*h z-mqFs9tleyHLfz^V%D`EGoT~?(@qpCmHEiw_L3-T(}STFKE-NWCSKKxqEo2ShIUc# zw*y#rT_^7^tYhTa=NNIK*mf>q_PE|LnI@ic$bHIaRx-?s9b1i=_;V;B>@_F&=KG&k zi$%&3=;D%Fv7ME8(;!b6afjR;si!}zjnnB1Wj0KGF|Af!c>7k94EvF{t01IVGlnLP zfj#{uhuLo~wflI&&-NqqeM`Y38X`P%qQC35LeKF`uPOaIi3uiy3sI8z)c!Jfduw$J zYWAk6le)(5++=mBTya6G52|}2vES{2g>V`_W!zHwQr{fU?NzX5%ks{+QdmBk21&K* zv}*@^e5z2J5!EOEt`~k*RiU?gU4u+esKnzDd5+aknb*S6ZZHjmqa4?h@X z?=S5ng|(ua@A^5;r991>`h9otXfljcBm3nw1K*Bj2+AOv3SM!hM}B%kWngupGeO#K z@~{EFBGN&i^zlR11ScWa*UaY*8{f|i5<5Sc6dt2A^&VGl3|4`ERmdl!U*oYllavmP z{rHd(SQA|n#L(o1Jc^b{H=E>pUq81U>m=lZ%)PccOK|)FCd2K+pCZ~NoPE;yYHHNS zrX$^Ay7ZEjy_SX|+*exljmU-n_@`EX-P*6Ekc~lc)@|OjA7RaWci3YJwZ6n;LA@gk z#}5+{!x%bJ#W-WH3HBAMQ!7|aRs~ONKW=~@6Ph{ohzyxtDhO8x<+3p&jlen1{JQK)WE8;`#cczQv@_+VRb7Vjh7k4|}xyOloMy&PM zoo0pS3);V&>~!0YO(Lzec4ZcxcHaQMgPT&-z6&as7C?#VUFWyRQC5ZXOD^|hvgdZ- z8!a4Y@GP@_w)u3`@{CPC;&RxXNj(C0q;LFN4rPYoMkH6^wcuQqQP08b^;$_rB^-*` zUjc#&ZSGPIYpb{Q9;zg?%SOLF{h=z>b4X#OBDpe02Ib1Q8xP+ZyC4*pcn zmX~o8+*6(8L_5+`l_4O*G#Q1X)^*JBVqdo|7${CH|9E6t@$Qy+bDqnLF%q51=)(uE z5k#K{kUq=}>^*Yi_H6n{v~&u;na7jD5xw0rQ@qri)&F!;g|PwM)+|QRHIbUu0f;EpsryDVzN2yuG zg8o_)iC!t9GG#@}n-%-R%eq5CKUl1pW@Hv=Yx?Td_h+xs4`^nbyCd63TV?wAaNILZ z5TiG*h{^sBbzd13$I`BgyCk>|Ap{97K?k?s1cC;4f;$8Y?hxE9SP1U!!DVoFcZUH6 zxx?Pycg{ZR{<`a~bI-c13kMwGZg1FFh|9a9q1wb@*UsGI09_ z5~P)Ow{lgZ=7z3lt{-15WDG{=Vhgol!;dc81$$vzb2Px!o2J1C`|B4rDK zt5uM6^mMcNn`;DbC$8KfogDR}EZW(ayB3Zk`NYhIaV*Mz`O&4u1KclS=*y7`luPuL z?!!m-Whb6}XhO~5irg(kZX&|{&2$0+kv}oBdfnG&obRvF!FAYlA`@0h+c0a}y*fR| z7)ppAPF2C0sCczzOB+q@=Ve35YIvRVMBa9^f(u$eN8(=lC~Y#5Lp@>JS^AlYNO&ox z+UgARr`iuh#-}MP$7&~as*^KHnbkiZJLco;Beb%_#Tz|2u^n(7J3G(OEz%u`I^?fb zR6JXRK5TMO=_});IFCt`vNzH@;ey3%w7HDfw-Oyo&AJ3IQ|#C}gSEO7*(!J4R_t4P z8(<@eyhqov+JV>2K!p!!*oe*8dF$0i?%AgpXu$;8a;W9@d1-DlE!;P`!&XPYx1 z&*#p}y;R*c41ZWwBY|&<{`oLJJEj#S;Vn0N)zFZY&@q)yt%sY}uvmN*{B)M-L-D4& znH9GdFb<_LOr?1dp;u5_uoeC@MMniBYiBx`ghPM_AaSrFm5YR!oK$Hcd(!K4%AS(+ zRE}C4#<@{BzPYD%p*(vYdY}MuP&_wnZl+Vp6)KnCQylBbS2w`Sy=KVz0laa}w0I`5 zSMU*)naX+W7CUP^X@{HbBe62*n>+EmlER2uyWsS>fk&Edy*WPv6_vqQ<}~kXnE|`8 zZ}MeJhwnc)MJOw;tl?mlhz^k>ymUw@sVG4@IX&Tgm#21`8xXmv@%gK1y`@XMtOJ@{2jt|>t2y#0+> zr7r(S%No4KDE*tR==?>ny}o6t;$4moO~cXjW|@ed=skSh@WQ|w*p*P(^6N(V*X=g zJjh_n&OV@j$sm*a+$K6JsunU3JEHX?%GOhKkl&U)Z<(LE;bA~M2Vc?a3}Zx;X^T_1 z-`N4ZII;ZCbLJb)$d;M5kiW~r^3mtWvmS4fuTrLRgh`!={2^K*s1JB#$>(ra&K0*~ z6;8}tC&11#B7mr;*RRyothI*W9$!xAKKaoz00UWlm}Sf0amFD$fg&vAFFzG8uO(%mIv){<5QzBcDcTqZ4GG6aTCdP4 zNB9UCw@7O&`tY%c*MXMJS_}?(a%~Mjd&@LL)h@d3sXUpqSr|KKg`VwUFZ93^)Cw7W zMNZZgaz=VLa^YG*WaQx1@^-dZ{yB>U@?2Ox(|q(yRUZ}Z1#ry)|7IS(fAGH2Rjmh_YfHYaV7qFOAqsa|K2M9hg-bNA@bDXg=`3n z`**9iXx?iAyEyi3bIk;(sOp2ixSxPc(NLC+zb5}%wm#85RKkCK{aoU+v2X_Efm zs+a#UA#LqQ^ABFI2yTVHL;lE>iO$g&@@&Km@Zrh0wzmNVLIrZcUEu-6H~&>0G*490 zG^(sHk(U;E5^p)h_~I!$Vm}0j-#Y8DA9U;SoSbcnZgWkU{|Fzdf?m@vU-(+I9#!fJ zQp2Q~MoaL={%(i^tFC>~H+CBNax%rTP3`jZ$Nk%Ayz<`3A@WSwCll=>lEtu}?u8;Bsn-uv-1>3z4K5O&mW)Kb6VtU= z4Ydr2xf2d8_AR-3X;0kV2K)X`E6b?fS1{Q4@SMrC{BpR}Ub9B%+RXKBXiywp%u(BLf zU&k+y6!QID$j=X?6AcRVqBaY}3o;*z7C3E)Br3I^kKF(K88!S&ko@6HE#8J3!Fl>MyK3#Qvuz*LJ;O0X_K4Zab)j52b`X;jHpQ1ECkkS zv&g>MZo)F`U)~qV*&{Y060pRU?&To5Vg+ITl1knwheoW%cTTEKi)XY4MM?YCcZur& zt9SSvf7o{u?5!fd1-;JbcCKg%G!o(m^8qFOLXFY#zO|3HJUfY9EZ1m+298PkyFD*^ zizB)-H`i+S-8hb^#x$pjuWdFey|~&FwMwO(QqQhvt?XeP}%D7m{QPT9huk2Xg!rILFo7DSlKK zWde*?4xO$Qsh{Tm!XKWO_Y`bks2xgNkHS$cnzbgHtkdg&DHAvyuhQTa6iDR76ZF!m zHq>cb3)tOrQ)gu86OtJ^*lx&mllZBHz12ExPeexcFHTi0Ow+;9_$w3Mgshf03$f<$3I+JDs?4&T6@GYhN+CGWjFiO4!9L%@A!$&m zcKbm5gZFptq#nC@EA11awmr4Ppz>#tora7*J^n?XHz)-8(?9v1;L4qR%1qq6$tyqP z8SYYtjAe^jgvI~v6Ug=6cItf$<82P4e?FG)4l|+Cu0e|gWcJ@9_(R6HffE-Nrdcc9 zwBVVyzfE0NM%b16E3e5(R>#A}HKnlgOSbcyruT(*F?#Wb2G66%`F_K>E`3TIj65~l z!bYBe4~cSa(a6Qa9#v>-_-%9@E{^XJ003geg+6D1A@v1XjqgAIS_okVjT+jL{1DT5 zcbeLR4qlR&mihF#Xgo+tP`l5BgBZFhggSKZG-$lh1u=}ERJuEjX z+V0LUv)_(=&`ktmb#+VcLG1gRIZl?|gdg6kwYNmU*f|<2yUKj<^v5KghF@FY^-VN6 z*$y|di8TWknqL#%j=&nv&Q{x%c*kgA>KQM@6YkA75r1G%%N5D8FNxsD%Q9L}+8;R8 zf>---mR5Q6)9)DS3R8cKI5#T^)p%~;sZm%#OR0aY#$fIm+z>n zH%2~OKBus=&lUmK-WFgSiVX!_|N5NMCiT4Z$IPEkrC81)EU8Q+4td4&eEjOh{+KJX z_i3JGqE#zm>a?$nY%+{i%);hnm~|Z)G0NIkx$WDWq%;MeOJNexrf~t*g(iRQv%3>| z?PTd|ir!Bz)eiRCXV^w_SRS$k4KImB4~#Fh?{V^Tl=pGWkh7Z5mI^Ko2vkS09|z#V z=cV%w1t5Ct@wpS~6rOA*FiEEmX)y7gVAzhXj4bO(PMR!u>#oKO=Qqdr9o7_d2o(p^Y*Pf!aa#>;l%a?2txdF8K?6AR3DK_lnG)J73(Sh$b6 zQYt_1VJ^34s(URahKuCUhoirY64xL8NO?S9*ongr9!4~);=LVtTOhL^JbcAd&qj|v z{N1oeuJlP|_~z2aNc-IMJeyzsoI*t|0>W3HRn>t(r}pRb0oMYfK)SK^0P^q@a`J58`P4+$-XO13{7Lz)j2)3OTO;*;y zcow}Lr>Cu7_QXa@w1uf2Vf9=_uKB5ZY)tZ7xJHPK zhVNE|*t%CTjq1`BIHGQycWMdp-Ye!=8A23dcIBL~-Rqh6| zM((ZD68H?gV-aTom^7WoAgs3y$SjnO(zpo3`*LTg1ICAAXA)O?Y#&h$nDj z56d()G}f%@vQCF%u{x?S(-0exnQrz=7C3=H!)jf zBQFb4{s!!h3VbcSLlA#cQo&+Tlx=nR=~3J997J#vNmq=o7JgigWkAUe%F^waJzsh$-#3!uNH%{lEc?IvYL zB|15Ocd3^siMQb~d!KJJZ~nMRl6bayv~PSTMF?j^v!0EHX~2`yt9iejt*0Skk!-F7 zRP%ISk>a>uq1|h}VT3z8sKUG{qrh73)7lMedoz&kNV+M*XWOe7&Gq(%H)1j4YgCYVe zO~3kja*r+3hAfC2eaqeey3y(1?+9ot2IuOHln(27#>)B^mWbDUmA!r|t5LOz7~0PE zTpxzvUH1k;z)aI?%~SnA%av#@e;CUJbClr0RwMOJ^w>o-mv5qEPuk@~4#4)KSWQTm zd?9A=&a+~-R5F+*khjU2me-qb8b_f}s(Fpy7KbCcxzqWFEp2JugBVz)yDnj0rS6kO z$K{d=Gq+keATSkcr-nH;;)((9dkq|9eKY!U^!4$W*G7X7zju| zCVtSsd!tsdT@Etx3aj?Kk-=fHx$8ZAoz-;ZQzww`Z+$DdB+(b-KG*7nt+1HO{ULH!$tI5mj~?8k=n$MS+C_{YB+wCgl>R zupb625g%kHtIc#qnZ9%tL~sMFUxQg4KI^5<+iT8qQ|j5B?GuSZ)1X*HhMSE8ek=O;Q9efQgL1qpeuoPbPEKb(0%4 zD~XYaQ?CZYC|ogwz_-;v);cL=&WVcqKShkbkz@@D4jXyc5@C|s+dn6MG}xl5w54`e z2}Q;3@pan-hxZo)-y&6Ll&(3g4}OD9I=(44uAQ&8dYh2TP3^#g-%)9x^ z<8I1EQ~Uj@jCgbs5%5u$;%j{fkjNpyvK!gfi3&i-<9q-YwHLj&xPN$+jrZdlP5i^P z3Nw11=G!k5WecRkS`GohVW8dm3v1#PUTo4n&z_BBg@A{e%%9eoxiy$KrkdC=;rPwu z+6vrA6+DWS2EE1wOxi;ylNQwE{9(oMm#OXVioZ8Kx;1Ds2tI!0*GV1OD1OUC?5$`} zQg%!he*UIP>50+#P%)?LPI}(S4`T1SGOF*%vJBbAE@LXSWG}s(}|y? zlJb$1+7(^9PBVL#aE~pX5AnPQXEQXN%j(8S4-Yl(c1OaW8>^{_P>>nj#Rk&0&7cJM zM$IATW!7ou!m!gU;)KJp`}B>Ez}@p#VhzSQE2N~!$jdEM1uZm3DFe`2S{lcEjlI-I zkClh_QT3ATz01=rVycc%wxltAfa zqD^Wp)GkMe+Y%uuPHZ|)Mvf%A_dwv?wtnb`Q17a(po-YuBN@Qv9!rHu96eQ zW9=X4;)yZt12?hI-HXBN^S-r>XWcx#!}Hyvr;;2CAClj=CQ*%DzT>jpc<@&zbzRF< zKCL<&8r446R0oUDfcJ-sD_c|8ZRtKd0y(q;A+G=~=6@D@1PykPnHn=yq0?kx*c>0s zFK*PYOE%mh&@W8LxOSzZdNokO8NW}P_5`7WRm;7rD*|7C>gZg^rL|YtstT8xJyG17 zx8U2>^+^I}mJ18+oZF?SS8X+5&07h1*eG~{iAtp)mq(CXwG94tG+LF3-L3Jk*KzQc$hXk5O;QP?{XrT^9 zqyeRf^&j}vxHoZTf@#!QcQr12$ldu0uumgX#g~6R9er#5U_Ik*+Jdx5e&t#7?o{BJ zqTBT;N)I%^Ib;oMMugZ+ZpB9toYo)FB)|QqlINlOZNE{aVYTm~b7XT|37qWsdOKiz zy-^(N@qq^W$|ETHa5z_i%h}n+MFb9=YpawPr2MX#qYrb+sLtan!^fC@n6KFPexT;9 z8*Q0;Detn$(qEH|4oBso47XOl0oXo58J+lW%t)(G?>%}v8pKmZlC*~{%Pwwk&4a#M*6&_tS&uz!R`PgL0)t#ZB zCFhgz?f5-tGW1FMQt{TD^I@OgTm`!coM5-P9l&O~HBzO~I#VZ^3BJIp<*I^5uTAJOEV0{5fY7LXu>Q{TakG8)U>UjD|>wCpf(1myMhX5|!HU(T>> zS@5TW^+9-yjlLpigF7%ymH{ZRuA_>}&I+aFr=}b04&U;i^MNv?t7GN8-?Z+#kyp?~EQw5l!as+8 zIG9u9(%AeI2bX!0WgqVCh>&#~+>Ob)N2Z*4prZmfasgyB9KigF~k0eC;{bcOuHE(_}4{$<ztxYu0lxAuq$GMo(UUVEL9c_?Gd z9f>1oo}bq{)+Wy$kN#m^_b*2Dhhc1_n}wSD39~$9=uzs2%yRChdDQ0C@3ll=uiB_% z^sKhFagi4QrE@wHfAF|pE5u{`Bn_|>r&R6gxL$Z!?LTR zOS)XHq@VUCtE6PDcE`th$AJ)8&tEI9ub8k}r6D)14W~J;8KZtFjtGN1)eQ_&E+-I_ zgPBc0zB)&%?P+@-;u;_iNiC1df=AQH9PXkR|8Qr%cfw&j}-|S`F`x z2mjc&DSK#bDL!v^MlPxdZFA<7eo>);0AfbfVowy8{Ws%0EEZc?ys|Q*S{2AeIS9Up zrd|l2+7SpT2Y&;%5B!8zcgH#X64X@NO*dr%lR?D+o>XY;qdA{%rT3gF<;s^;&A&q* zpCaW?S;zG2h|L=9mYSfvZ|D4_8y%#xvLSq|_PKe(Z=&co!J~tX7yAY{M7O1YMoc{?y5cm@1HoxdgY*ux^|%-&Nx&G23Su=a7TKD{JN*1Bc#UQJrj1)tugj62`3xhzHh*?u+F zpBd$RMk7O$7NUKX}Zw`z#jrxmds-kH#N@yo0tXwqa! z9hl-lgFRa+d>;G3{O(FF>K0+$u@=sTQ|O`5nOzfo64I)8r+Ctc@k>2rLUrL{*bq79 z&I>xZrrF16-igjOI@S`OKI-5PZFN6wL{g8)!-d*^%$E+sLibI>s|)_2Gh3I5`%4|* zg(Vzq>5OGdg;CDO9;z1Q-jVuCm+_m+jHOF4jA9i=1a0>($?Kq!xB=17-xBUc@oA@o zM+J|B&2AfDYEOTwIWNa^w=|S6a{gX_y_4*bt=5RS#MGyA%FUhOqUwm$#x#$DBh!yH zk;o*wg`cCgmxJKm(y7r2^&AM;xwF!#m@56UG@(MnE70F_ZsFXkRZhNCvPW~d^TW02 zsEu2Ia>?Q zQ}xg(7f_IA-6nsq=WSVrE`ibo8AdeD=;1bsK(PKORk;P2RXr?gHxn;5F|<41C4wl5 zge#_hc$&jLA77Jrm$U4Q^r{b!c`S0!w&&W$u@tdcGW!ocvFH)40_zns_%t|5UO)5l zCePzGIZAy;1mBsrd0)V`(ScEg1isvna97r6Leb`>`Aq~CNgtWrL)6i*zsRSD5u5Ak zq;_pxh1FM7fxOrWyW`c}^JkCn;;9)elP&m0SV=!8(QPl4LBA0IX+vWt{OOH#l7>|TV{vDlwIGU=) z6_tqQ%%bTnz9j|cgYFE)=-u)4a!1Js}?4XX#v>{ z2%_DX8%A!Y$On46GmBnknNU8=wOXSpYO8V$u!lV$O>LI4yW4dnRV2uPnZ>VXFb_}M zNeR=A1mw)d@mevLD7}+6U#t^Y_NXhAY|s_Kdwr(|woMOJd!c(?%9f8-nF65Fd4+P& zig;v9+T-Jpw*G*8#`CDbPYBuZp{vOffY1@j@;uZ1gCBo#W<;1K8~&4I zS@Brg=XMB2*G!!6SE+&pV|mBfCMo>1Jz*NwsRF1cl0hH5T}q|*KdAPH$fZKpN{62E zTRpi-eQXBBR3VA~;9-5<_ML7vmM`8i(i6b(`*fW|rZYMq5zxX}}>k&J*z-)O@TQ$PFn@r!NaWXe|8AH%c=k*e7Q#&d%5 zFBH$gfk+7k`n113FF9J=wCpE8C46hpEh@s=0O?ZF(@#6bgv_E~T)pL_CiM0e%nXNC zu*Ihtai`bVgZE-4jgQvL*gC=8XOJ8-jtVWHqZ@6#uZ8T|Hj6>;&@2FN!3E}9)B_k9 zvn8dSMb6{=-v7JvC6So1-F0Z$R$cwxZMK z9qRe#ms3E)R!CCOSvhv*lp?-uC-YQ@lAfaMg&=CE_3pKk;4QdPriM5eoD4uiB9uqu z0h7SIE(hnF5`6&uhVy~ zc#PGL=EV{Hw}jr%jU{#E`2NY1cLG7XsTiw?c>CBwUipu5zVS{UWnI16W|FzO?LN@C zx%)-a-a;PgNmQVcr1tsJ^jeT&FY|tN{McodF6ZdpE8HV&OM;hIkyn$ez43KB6EAP% znc*AglOifBWwSt=&_GM5y>I4zewbV0)F4PgLXZ~g_o)WxjOYMQR>Aa#&1JUM-OsCXLh+be9zkvU zFx7K~lFZDhQvA{HzXfj_PL;*Q(GWg_%Vs*ff9gf>AFbxshR{(QWWN2oQmR-*jn-eU zFxvYH)>$#VHNSgjY{i3>4XI>AAmb}n zn$TltvjkVf@hgiemBjO4CO_z2AQYmS#Vx7WrdLasdHp>C3<=rdkK(+^3{-xTNhD32 z-YLl@v?C20aR}~eUXDo z3k$kj=at8isVSCEA|!P-*D!@0k3}=3KT*KVU_vIU(2Tj-8gC?Qb|-Mv(NaV1{i08D zM~eWr-DoW-H5=maA<9_#GCI7TKcSkKf*QB{tl-OXx{KV15vAwXZZ;zcS-v-;!CKKB z4Y?=0&u@^fJTVi6VxxBkZvs*EIx+`reDp+CV^7fahPANT0NCZzcA&;OpQ;o2b=dkk zU&Y{#1(3la_3i#UH+CF(XD38c2Ou)Gcs1zQ_IcegFPVlIwUP|zkSLBUj8xh8lhIWuZlF@fOylG%S0{jwOAlML((yh0kczJbEe)#ZBM{~MvLiNrbYO^+&>i9SQfbIR z&Z7a&HolU>WM7)=Ku-^<&_V9&pAXdTm*U?9IRjRe-;Xs7<+e<;bH3^2#VUIaB!1g; z2|3q%xYr_I;x~OTx@mp5T_M71n~S@_cknvo{w!nqgON7s0kIt9i$E*hU}h>N!-sI+ zRQRH}EnJ0L3nZsvM9dbJQT9!PE8xdA9?gr8R2_YN#;b=whMTUZZ520nu|x!1L_^!BWRfqwCD2QhQ((4FWN*5qziA^&;_;``YE-R1RuZ;c;o zZ4*Mfnz#hq!81m0rUf|KS%D}_6r#e32R{vnG%(CkcPjWl%DF~9Ny{r3ZDy)?Ht|L-L=M@j!)Ods^2PIv>>h5IFHi+saMAMDr5jgr z{D3vFLLlno)Nzbp;YLs?s{`bWa;hE4Q8gI8%A}302triqT$D`CLd3Qug|&eYzK-z| zgUwlTvEjA7A?reGhom&<^Bl{5)9ydKqEy5L4oZV?++c6ec^ltuzJf&aUT#;E*N`Cv zY;bk1-PxI8>r+@c>rs+AG%3CW^_D*y*xQo^TP&=l-96YhK949v@Yz;v*0szX7$J19 zGaBHCaFaaYC0_7Uv16w1Yd~|MZV={sf?!#7xIexHtb-xfb zIq83ZA9fKjGSI1FmQr(ouq#(_cXw`n*%c3p#+0R^ie*AW*?vzOT$B!FrydG435rbOf zBEZ|1JIg{Q8Gm@Mys>;8j|AiyyvCxp<+R87Nw%i28E@ zI4Em-_0z!oM38*z%1iK#>iVO@s}t7AYx zsKsAN#%flf6eJiefLC+7vEEZBQ)Bu5sl6){1BDJ2B#3kzrgN+N{2u#OpD{fJ-h@=F zhjNY!dnG(D=`=9p)yFwl7P$cHBBdva+xKKaJtEOsO6({%PgpFY-#4*XAF{u2?`a~3 z%~5^>c(Nm!0+2Wy^_ppfi=xJIIOV(u6>5W5R6EP59=;J;rNM(3TQ5H5gcFS&vAMM) z0C_N67CW2C@*NICUq-%hu|SvDY|Bf*hjp__G(7g zROY9)kv}A@GsfghCsF?g{}&UDE20*DbPDfRRIO``yK6}p=5Dk=AJPDijz%Na9dr#M zc#UjbOSd}wDU85?ZdOyOVIUeN#dm{x|7c8a63qQCIg`{MF9L0_yK-wgW&_@)t&a>; zZ~%~uM*dWjh1BBczK6*w@n!K~XJZSc=1tf5sc1i1fum9KsxwnxQDMtT8?6WnH+voXx#9t1 z&PyE6npJwAs;PNBy_&I5Je!l^zl9u2+`!8nKKl&UtaLh_M(A&SU!>nz8s4Kts%+?= z9KN+g|B@K7UHLoHn8)$?jbPs?_Qm%zVep^yf%CunyX2pd*{(bh8JM9kG!IwgWF@d( z#iBEXb#I$HaS*F}yHk@o+lVA>8-D=m5u>L3EV>Qmhkn$d2+li3I&#q|;OV-4_UGR24z%y63t(`{f&1$@51#6p5iq@)ADd;#lt^defmCYr)AmG>*N z?LM_oI#(cC#SsJ`MP~VW`*emYis3U5Jt>v5dOit?Uk9mUbrna8SisK=eqxB*P7SQwvW%;NIV;ezqO)DEN42uul+8wD-<8FDAScLw)SgZrYa$z z?1P;=sw&0-VbHZyXNg;abFptZEp>q}JS)3)D@vAsO|B1>Upqud{W&R;~jOFSM36wo89h=@bZS+2BLT268~6ua<;?JVwc=XSsq4z(2Y)IEzDSJ$(twqa|C}KqD24p2p3i z>B5Su!dSSgo%3C_2-hJNlBWP_n^4@{JQ}#}yN*z|VxhJ)B(ZbiW~>R}hzDbn){Ggw zL>oO6Gsh1TD+}Af*nl1l`?G(FZD%H@`od4dv#Dp1Exg-Jt=GkARQ{7vMm#wG<4~}Z&~u3S6z|g7%)UQBXg;BjRC?MJ*WA3M*!=a4`clH?ty*2COBH02f-@yO z{~#$dpj;hcz{gdp=2NLi209c=ET_5h{K+Q}RGYK%khtV-=5ca5lgZZutYVDkXGG$u zQYjjeNIaSe_-jnfnsssJDd1*Llb7!|57$J99Lu6Rnt~w25|~vdCP$Jki01u)S$D@4 zNrP$4sR537Ct;>mbd}<)Lwv6VhK%6X?Cbk@_#?Y}GBPbBff?O7CqLwx5i!i|0@P7P zF{gBe3hixs?l-SXdMGIo!r=NgtBm>9%*m$E8(*b|@+Z9`iia=SrMyQwC6<{-SHbE` ztM59(UYpwvB1&OB#yxAs4#I*xCA$4a;@Nb3-xh7*Hwlx5NEU3cXUl5y%1H(m$6!IK zVnYuFg%?-f2WP4cvE)$4x1WLi4Hw&x89E-;cXp<=v?jt>c#gHg;Z*zc-($6?;`s1s z*a({C+NIS9(6=hr?87>Pvf$C(3baYmhd3~>MZ5e^`Y&=B)$e`PO$=T6*d}9n?5XZf zDRcKL49^>tdKqVc9@J3Xi9f~Ry&6<~nzB&BKin{RsCknhdEL59cpHonR!7`hehAp9 zcXv$TIOMpOCy~ls7h=6zcQ`?Z*VhoJAa1K6ZVNa+Zdt1KE&hxWDNNGF6WmU5>mMjI zYI1Y+JpPo+;$|@83RGw4)9Ei89Kwx#-gd8RbpX@8M35yiq$L-?lp89|w+`e-77iU% zB+oOh2Yggpu>Tj&^+f~LNw3DC#)T#t#{2o}sC3j)b}7OPGhduQ$^#oBSIe1*2c{O* zydDuxvUG$lKi}aPZjBr_l=QIX2Tr@jd^?>zT&&z3(Nkt6AN~jT6tn$^Nmc_mxwG&0 z29v@X$8Guw?%iS|`WGm-w`ZycxZI*h4;5&9_1~Ml0|Co^rW6$V?Zf62FzI%T z1Y8d&k56`>07Ln;W)Fj51fq6qGS#(N*b`ZuwTQqyjN3b-+xr?18wwLY=zqHB8-zl>bXmS8&g?oc zv0Ua4HH}Ni4xw=(XZ71}_wMcXO}n!ncq#_}X~q)de#7I)ar3g@g2P)4wC+R2jy2kx zkvs6Lu>no@43YU5jLo_K)ntXB<6wzp<3SVBXGVC-_Q3nrH&uk3L@53QVpaGjHn4{~ zU5evnFwzT}8n>im{ZiIFGlpX=@s{x)$4SnNsfYDorD+ZBxf;rGKi?phC{<%RRdfzt zCkb|&C8WYigb52%#^BcnhQLK4KX%t>20kQmTg&j*C z-1Ki@{X{@~B9fbN;U=Qg7-roh;ojJxoiX=6j}ZLOk86{Qc|hv zOi|^Jcpfv1#)CD}w}Nc`fh;pF{I_a07IWXvK3(3L_Szh{GDzK*xkq@qzn2=OoTb{a zNQ@%xn+d}nd%Qt&lPEWxK5-hXDG~{RmDES^o%vi>sxi3pQvr+Tz~0rL?}}n9J;gt( zP;cMWtxXIcP6ey#pqb@Xu$45cWjuDcRPVh#dECllq-aKyquDj(#!RX4(7e)DiNvOj z8r0dLRb)d@OlxBY>=CPJgQZs36=ww~5JD(C)q19UY^g4e*I3NM(f}hG>|uF+R^;+nR~C^>W1H*^Fs2D*?$JyaG=P$v02L;#9HX8P*xtQ>@_U zcfPi)oYq**4iJM2BnKL?YvwaK#4|a+ESm0+(z2FQ+V8I1MBHe8rFJ`%5oD<0ICiAW z34yo-OhKdA-4~LqKI|=3_Ybf!FmF!oz(t5I!5Kw>5Z-8hqBYOv#m9XCW zur6W8g1W+1^)uk3p3sKwyK2Mi6aC}v$Xq-vVfQL+5#s-)&A`$pRpI`XY`^8yhp34i**5~1E@lARs zu|`x77<27d{UqOyTc75v@0acsX?+OsCT*RVbcV-Tp6uGNh=#4obVfeh(3WC9!Yk|pJfs4}% zn3%mAPL4BDT7LtMUs8ciQrnPfyhx*pXRhj-1lAt)-S%*K(y<5tZfmG}E_i$(zoC&} z828Qe9mIJ7tohngVb0gvT}yEiXeB<)!_SKl+}AO(`&#K9c&}oC+qc9Yn>$rP+}wrF zmB63>!cgAOcK%2kMP=CO*u#Hi?b@2&X7$1C1ooF>zD0A@8`{1#NhEB%S53ff0L4BQ zwi>)1E*Wu!4Prz(GHn@qy^}6ap}UAnw3thgulSSY(=q$A?Wv-;ICH+G{mJ+XSdNG4 zx5rbVmrr%4I9F2U_0lzbWUdgNj4EsQGe0H!#oH&KIxK#BfqOe4Aoe04@e9sy55NAA zEd%IFB4+6_mv*+-7wUq$vj2tQLQfZf+yeUnN1#<1{qiVH*F5#?ki#=-_ji4vR*rvU z2tPHyG@4-!0QX4AhNwL8hKW3Vrxsp32$lf81=!h#`{1RW^^f%5r{b62j~EJPmmfmg zAimY!!K$61|5Qw_m0oa2WSmq_n^(|WD5JZ1yr1b{f_Rs{v&Hk$ppY%DR1^;J%}?hA{a4_BWOg?EHozEc90Nx$_=Z?dj|FV}0*}!Ai~GI!QOMtw zrq@{?u9Iu>!~m_ByZtT!TDy9?$A<%|^2-~ijKZV$zjiqb``$F8AwnGQ<^23amDhS` zsiA+u1z!2-L$R?#)8w7nmHxkF_FTXOS<%{|KR|fSX?0-$|{@*{FIV!$_isi2o zlg9YS$l~o4pMX{G6wcksCv|4`rke?BEn5fwNckR!W8}2{K>y(P4b=l?-FDJ4*zK%^4-l0`t%;kJiAwloanhRSrBe0;oc(p zpZV`G4}XUB*C)h0tqInTnN5l|_VtGf-nO)y@pyw1@=}o33d-f!)of6YP=dh z7TaldMgcwy#@A`)f!x<>+PI@Bgj^2zGn785L0T0ss@<)Xr=oZ z19?$B9kDT^b+|?1370u;$>op&C|wr)52K-0WdG%J$OKeBc;FAf0Jd7$(fD)B(d{H{ zFN+2t8+cc+4P+AEv!Ptn86)|Z#Tn=m>5p8@`-M&-MC0@j&FoR@Spmgo@d7i27S6gLf6NLaI;~>K4S8tKICa&MFY!wDk^usGSGj-q`Q!JtRYzMj)wIJ z`&OKA)3IEvcn1v4C|wgOb?iSY6^ZIn_fc1Ikh78>Ex9L_x`6Ym`n;KA^7|&F{}*p> z85LLa^Z~|zU?ErtIyk}IHMkSpA-KB^GKAnB+%32h90m!_;O-8CyX&y?{N>$u&z}9T zA9m-=xpRAN&%M)CUDe%H)xYZgJ2n>o5hH-K%8!R!20p?1^1omdAWCQ$i}eg*iwBkl znFM03R^N&pNtGH<^O`Z%9SvXq%@Ln*%;Et?Y8D-L^)Ce+B>rsXr0n(Ww3U&Qvp8AB72Jld^) zsp9_}PhAy6wNEYzeoRVap`zMXZl)R zkw^eC-?2IWYrUttKg2xNNI<=}-&rn@f>0 zohVv~rba{i&CDWsbLUx(S?&9SIa%{wm?vn3c*I3_Yj2^QK`>m;N14s%3D^|-vX*_A zblL4-h=PK$;6urfLr$OZf}qkv5^!Nsd$m!pY_baH*Q8ZvA42tr)A~_?JG|fj&_ohBc!|$ z<&MA~>#IV#6sgrwqcaQ}Fwewi0U^*ZwdJjS$In>lNL2_?L9QT@NId%R<4z>zNsEo zuJ`%z&xq}!ug;YE_M86p^JUd`G_#?ET-ya_wPKxY4gGA3&C<{I!&V-SXNMsrYj^lN zS*=gV!&;Y!3Z++OMrq!PiX~`JIeb6Xd>IKoC4oS8n+sTp0MN#+MSdB=86o-LY*4P6 zX@RHjrBDBv=m=IUsGi=|37|aziX0FGHa`87SYe@}C79b#KVN}NluKb$Q_V7c4698inF@{cGw7z^nXYA>XWE1V}_jku5--ftJz=Q zB;A-~x|=Ll7ZYSlAK#FZt9*x}F{`HZFnOk~o*w7jM66v5U1Z-M6fFI*)fvileZ`+H zS(n?dIf1u!SJfr(D5%un8KlnZbK=%_Y;u^ZCQ2uv%(*Eq7tuyp0SyL$ae2jz1*uI|4!IML6 z0`z=ecfQ?@-4FJJ|F-nhLT{`ezvEeQdY<8(#B_m7-WS<>{fF_aGPPio==|$Qkogzg zgI361Km8UoD;p#KnJY!ocNeN+HYt0rs9)myfJDvAdpLV%8CQL!+a6OXF*lm%?7*Zq z=2*&YC%QEl^at)$$H6fd@Qd6N4FRe0Y9A}F-XBPT(ry_kyk^$78>`r1WBDC;oIm+l zji%fi?DYGqR1FIxmen3^Jk!ct!27T%nWUb4 zCpOlo5&q~)s4|9q#F>-#OAI7zsw5v5CC7{vqg5UW98Tj2Rlt)V0w3W@Y^qC9n`|i~x>>u>nSP`t37YPo4xXF`@2LG7VP-BN{vnOb z?I13nXKTkf)T-+JWF`i!y5x5Cvh9nY3DSHgzg35$EYRCxG+eYDnNMxA*~~{P_s&}0 zU6*Ea=rpY0+m8-hE@MshNoO~%HoW0qr*^P?EpAc!dj%j}Rvnv`FfNbe;obl!W~Z-1 zl#>!J?YB71Xw&f?_Bxm)7sb-2M{tprc&`oz_~m|BX;(MA-1Gin;}E$$QFr2Yr0r>O z$K{i~R}f+^J064y&dGOjjuPZ57A%`(C&PQXta9C^aEynJv5Rq(gb@c!GB`&M2Iq<- zqnPa3#?*tkH)al0r@Jwj8z1s#I&kU_LVo?sE?kZC`zspYMa5Hdf@8?QHxkD29_4&@ zG|9}9a=9zWo8!mVL^_G4>$%SlBVl<>F;Ss$Ahp_NFLdt^ysb=gR-dMuSDDFt=Qo$R zKs6o^V#Y`fZq;~KD-fLN-$Am2+Tnb~V6Ke+36u7_^B<^q%~+1(#J4z&vF|%Kff3&N z^Nr{GdAAog7nHLdei$PJ+<9ZuCOnY!fk_NtgDN&Ty?Vaa7E|k=_4oKGJlPNEb;OdYqAl?4_mg*eMJ3T7*a_qg48C)}$~KP!L_ zZZ8*L3>F-A=wdpvMK3=+<92UyW%K5=p-VmPh1ek?~mux;R6;KTL1!QA~8B530U8Q<& zSi3csAWnT4HX9IQ3@cShUGxy>yc6DHD+|+XM%2&ME2snpm^XIx%w>1{6+70QsI&Lg zxlQen)a33iTQ-^0dOq{QpG+HpDFlSt0?d? zk`&>cMA*4Jd(8CnC1dpHEuL)K);h+p*6~m#e2U%EG$>Sg#!npmIVtKu=J27uM75F3 zj)ZtL4qLI>VfUGz?sB}5M!$dDDNa}j6dWC8qg-$8Mo_m82}MBCpSm}*e~e{i_iR*> zT5Kp*%Iv$neCRTyhS9Hb>)qCwH)5D~At^bZ+C>$wU44~&`4fYiw_!r# z_up6mZ>L+ks1jW;LX7Vnl2a9x=>UWtyA>(hqiqS}2 zzWA3F)oeQ4bXM11ht|m^M8S4muiO)}zFJEW-?X*{HaUF}vs%)oy9ZaOg{S6?GKd8B zzEMge*IEsg#B0|g`dMFkk{2Fk(9&2gr*`bcVfBKurP*)bx>5@?BtYXE+l0ns+oYrp zxYgc2PSpc>sfG0tsoKgeo_!1U)o0n+-#dJ3v@-itkJ9t@>^<_v%qZ^tK~@c#jeeYg zdc--byTH;Mq54~k4^Q4nRnJp@Da)aM%~jQU5cfxotxup6wLrGiUe0Rq&+%U3XHEYs zdJt3;4?%JCw$pppd~IDX+fiVG@j6xEVBc%PkT`{E^{ucm;hoqEgJ}|;5GZ{zd#)}r z!>A=!l|uf_i-OtA%?QJ1trQ974@MxOz&hftVNKn2I5q-Ca^>c25cA~t)M#ax(pit1 zl9z%uBuzM(EqCN~u#jLDAsf9$yUDj=sEyB+o`ieMN&l|`3nshqrcGAi4pS6DSmbV2 z3|{q9qr;w~<$L`{CJO6q0g!He=-g1%`iPNB7$=$8u{4RdJ1dppgTJ~T4ASLcQ)4~; z!g?KwXtd^PHBtU>r*EE7JdkNOXn`oAswL=-b4dOYqg3SApMpd&pv4{DkHkQI)O@N{ zYe(-V55($N@C9ye5vL@c6xm!K%cnOVpL#@P=<)>tj_rVF4LK2j-TxYcH@@?5N z^xU;Z5UDzhNSb?}w^GZ-2EN;z4YL4WD5ovfZ%wtbY z!EQFmEPvLH6HuM~1Zrx%RRCET=DCk}^z$ut#I=TWV}qSBY(Cfb)#@lVc=o>^UJ5U! zYSf1bKXzssGwFRRlR&C${FpoOno z3O|UKn-7O{#J~TZWxnB!%{y;PI>v!AaDnDp{}^n8yql|j^yN{wkWm|=#Efeuna$*r zazPoNTyEN%@EDd24@To&>ID8gMHCvHkFUV5b){J1hV_7>Zdi^clC^Qt??n>-#E-4s zhgBPxq+C2FUzMx{W?@KGpA124M~?uz0(|MrNjSTmQiPjZvT<+zK0hRQC0g8}9UVQ@ zF^`R)ZkMFmEVS4Qi5=>O4LK%Ku-lWIw$^2YHiC>+9%hCC&n)P2ri^p{SPSlzK9u>z z=|+y5x3bt!4Yd?0n-B)pl+O{n{;EpC;um}>FauPKq-iRqe{yEuG` zVbfZx)``QBFN8hQ0rtXIY5mKhcNHEVag7nGbc=PnL+U~`>gbPOCy{els{};~f_W^J zOs=m^L#-x5U<%>J-K04hN+cC+iT52@t>bbNPH74e$$#iK*uIiW33!7H2MgJgA@Lb5 zBs)VP2Uyx=)aqs2d24!pBv~wB?doIP*7)!0NP56+x~j}Id}g9YPprrMiX8j>mv*vS zCR%5V9(Vy>5;Ycm3=KTtF1G=KAf?=v8%M?!o{E_J7~!dOD&PKOLr; zQZq)^hk2FpreZj&A*wXyIYtrp?VryEI1a1X?Tx*x-Vde2Sbf)o03oIX1^v6D_74vK=(S6nAC55>5W)E*ljoE+5@ROYEkT+ zt9Z1U$E?>L39Wl|u!=8{^I8Z> zIF&Px?0zECuVZL4!3bH|E4F?VpiFoSRB zf}1n5e)14%!Hn)yY81V_=B&m{1UsPT4G!$Ug<1})({|DyG8ZtzR3S5_p++JK2!8)6 z8j?}6jmKNZjGbwGB%~troTcBFoX@UU0?$^-ZnHeyG8d2)TY+8D8V&q6>~evr&T+(q zjn0EQX}@f_aJJ=Uv0QyTICS}i`^Jle^W|g8V-9)wcQncn7-l=9Y_u3Z$%Bcfez#xbVo=HIjFJYsn+<_4smTjdjx1Y!0*Y$i%^4Rl$AV?XCOx(Z=+IvR zm`_oKI)dSFlE^0j_C(N(z}XeEcxcCCT^J&aj0|t5i+c={I8)j&sG5P|6WUK%oc`S_ zWaA9P`cuze;9%kY$btYXEw>L-bLx4AALmd{YJ&-gS!qIZDb1K3H|c0BlzNSoR)>&c zT#fY1OH-YLMWG6l3QgN!GqcY;*fF&hVkptY2MJgFhQV08Ep8OvqYqfI0Uq&?4v1u? zCJ37D4#uCo*;Rf5(wiiYV#XO2|3Qm3*8jueyff#2Nyl+_O` zxxghmdE9nR*)E)wyx5^6yRhVW)jQ`|`p5g*fM|&~c+&IgV<98Hyuu;JPCxf%Z?xGT z0~>(m-OIT(M@m?g-@slBAa7x)eR}_isH%NDOg2mVlXJ$lXC#tQuUM@Qz@bYnFs@<$ z9kO`^11k9QC;CrQ{@o?!q>#LFDq6sX%y3dg56_`k6RFi4Dg^%_gB}h!3?!XEd`Q2QN+&A=c!se-g|1#DylP8HuUKF z;>;yQkhqB}qqtKHmKW&W!w8vx z&VI$QdLj*2{Va0W5g>|a+T&t+=rvh7Q|PRGI?QH41N&>vMJ!L0-fvc1Ud-KYKgpsAhbO-$`|{-H!(L8naB{zk;9-8}UAF&lB%O6HOux0}myp)J zJAZcn>LE%eXs!*w)|&V8YjbzFq2*^IqXmX#$yY|bPoXi)XKg*EH zHN{%o(V(6CF4_ji{2#dXl|rzRH5eKFzrMp#TGpn)aenb@RB00D5!z7rd~tlK=JDdS zL)-X{JL#3|TzF5j6}C5*ZO}j6S#f7zHtHzq7MfI?mT=Q?#V=!Ew60&n>7YmwasJKE zOX#@25!>rqC+gpyGbn}Zk8N?8G%?Q0$_ZW@FwG7`{W3lMQO;A=6EV3e<%ZX?4LNI% zjC;wSy3^o$#cp4G#iuXGI0gw)UPpG>?Jb(Wd$y3@(LH2i@Mu*6|3;i!?oR|2VTxZr z8k$W$Gsjl%O0D`lQLTnr_P`ey+I>2KXU6!pe3%jO)x(l`9KU1wH`O^J|NdNd5=CL6 z_?48o_;LEyMF{px63m6#TztMPFGtfo6yNcJfDRDt3dh{J5k~$VI7?a6qrJndE#*8F z{3JNQ55_N->LSuQ66d zqQ!v>BZ?H8x}8mezu?`7tzWkBz)4PW}nIGn{d8&P=Yv=Tz-Yn7AASgFzP&VFW zn2iNT*)BBsx1Gaxk_z|0LA56DMw)UYx_%10F$gD?# z2|xZ>K;VzI&-M|?KtkIe12D0Zm&JFmYG-bNkOB%FxM z^%bSCdeQM?5q*y_*}^kPiFZQM*9|hLKVMOKBJrwM+6dVPTTQ@0v8DP-Y(J6Cc?REB zd>u0X`ow91!XNiais-Q8E@@_W$aK&iq+cDK;(GR;PVxM^(i_pA%qQwLo+`znIGl0| zJk553=?%7~Q~%hYC6(LqJ65m%i7f<aRH!?z^b;4FFnbB*Yb@(8ugR`Hp!_5yrQ^cEB_uWGcYiML|Jmk!)TXIsn_>K# z@OMrq=@)WRs;js_ENkiX)KjD{EGmfG6m^qt4{{G>!JcqfAy?@q)vY5<+cskzw)-gN$Ho zI~?&Sg69t>p0KlERC{xR{V~SQK&|2T=UCsn`T*-3A5D87s5ya;3!_wnon*vw%zE6M zxrnuEa{qB?mB`Ah-GHL@P)(Ow%~HefXl|ApT0+rWDPGr`;|$<)KLfJn#yp{Y!Bpf| zBG5NYuN&_lK%}dD=*|dv`v*H4-!XKlh9b8|Y@jWWnZ)#f&@$3`n4SH;w`_;~VdC}Gp6f^b=+@X&L6Y^pys5nC>vN8WrCI@BXH4d-)zn!= zcr^7=q072&mE$u&M?_*#?p@i`Wmayho2q7b@Y)ap4M`_ve`c?O17rROI?HxuM@Ty^LvF2#Ta>r3KrHtkkDZNpSV);HBr&`I2a5__zOlFM8m=|IcY0WiQWLvi}zH zKUf*SU~VsI?g@X zf80JHy-}d$KmYKddlP%JB&9WRoTlOp-c51!dGf%gbV`{;g15OVU%&?DuCf1auzOwx zZ}Wu2OMI72vP1+ z6yW0_Rcm8$!ekTA!Leo{J%%hzndu?4UXvO6GuMXqV%jSs1@WWNNzXz?BToQ#bcy)P zU&VHS%%uDO5Sums3wMl7yVj6@h=q&yv1fSFj>|DkMDet@a5QsAi9vpGsEkb<4|G7D zPa~A&B%ODet>p(-zk1;(5lg|mPiBt0%IE{p7_9DU9~ynZac^Trb1n*3#KTy8C&>+% zD|^_BGz;DH6H4yMCIgn}Vn9!)$48H`ly+;1M9x(I=IZlxS0u?js#Kf6abq^U9}^jo zz8xwi=*f&~$Xea#`?2TdkLgnNJyl;pirr-U^LdeGj!~Xsl+3BEP}Dvbkv26I)LHi1 zMp>t$HOkDRccdSsmKGs_DB)Vw&v+twEFzG_>!<3vgx`1X(q`lfyW9sG9d_4ZD6Jle z$o|tuj}zax?x|%D)q*mAGm03i2z;Ga{D@Wf-8XbR9J+i4dfg#Zlh2bCnKogAE-|31 z_xF)~_U!WDV{ROlMu;l1#LR;_%f}y%ru<{*A9IYB80<;28-=nV*#4$obtRn=BSUtz z0-RoWy7P&*6f%n>|CJ!CDjZT;-q_)bCBs?^xv!-Ky{ba>d>HNu6s%sC=1HSke-W?) zGJK^KMvJpV9M6pvA5C?g#+gEuetSPMv@~MWdV)x}K@Fj|Y_+^)7qdf1eMq4cqMl{< zqoW;gCg1RyW&FE=IP7ogtm71Wo9|m|auSS5^>n)OQxW8~8iAWwMvxlvaQejEUkAvP z5~9OedOeF3!E9i2;0aw{B^oxhbiu`WeowD5D{J-0#dm8gH|&Vi>f(ft-)hX!0i%qo zJXls1|4>uvf2i5}E3kB?spwIK1i+n+Erg0KFQ4PIBAao!H0|>0bsATNY!UNC)15HF zGy|TJ`>|SDf3mH{ZcJ#ky&c(U)F>2&6&j(GuezIdMF$|`cCdlIvdZvvgUvOcX%)-kW znre&L1gH-FZv2nVn6$?P=;w48P-5lgmj_l^fJX8W;0fStN$62EvBJcEmz^m4i~P7s za6Ql{kvlA(b+wug>bVnt<1gZ>E(8AU$~9%4s6yYO_a7bUj{P=Qu)L`}MR`iO1fjh@DLZ! z5KW1*8ItqreV}0yqLtf%30mnnz~1Z3#eBOmPjpufxH(a4l}KRx(A~ykHEXqOV1hH| zClrNnKfafs3%u&fnvM<`7zB7i8~A}<^QISaL&~-K%uH>^UWztZk~y9{yNy1Bj!9P)ONahyhMf70Pz=9p8`-zq3Q{xBQ~gn~QEa<5 zs1%}%=OHhLZQxdRoFE6k)FfS?V{C-#*vx~;P5(3Kc>hC$;^MkcGLw*M+YvUVJ*U^# zWiv6AHFFSYNRDsYOg)CktFXyxU+^USH zZi=T1*;6`(U4#H%g{hj;ru!6_-ir=~P!kL4``V{?kGuT^y!)}J)N02sctmczbDSiQ zbycxeH;4!cis4|{TDt`JqU`hSc2LH|E#F{_Plkb&$Ua9_vmMW_-ZkY*sbMBxRBg#5 zYmW@EK|!}}wxiu8dIpZSXCUk?bJ1dmgR}V}jUM-z(9Vr- ztb_2Ld|&CgfZIlDlh1!f(tJB7^jyJwIRD{I{}>(Eyt8L>6UOpI=h^!DpY!)pU1<3H zftxj(dvufSWZzM%Z?y6&hVNqT7MS&KSF)+^k_tRXmX`_A*2vo>r&7Y+4x^MIaDRS*-a ztYNEov_33iHR?ZdV`oZQha^spDX9SHt>GNvDLUkxNWbOXbrlRTvq@sLekg9UU!ky? zLqJ9(W3r#xVEv3oNwhe7mrlB$NcXLw=7+l6r+7K)dK=qMBRz9Dic#-@a!K|?o$>Mo zvL&`2(24=CBqn{i{d^0atvjKsla-Lwwz2Jf?L_HhVKkRk08w!ZcN$ShU&L8|jqLr+$*mx?Sv@lnpt^Fn6ZscVD zp3Xs_H3|BMgRT)d?KT;GN!X($*VFHEquff_?+=y z1X#q6{T|!cPjF~-!LR4P&$6^P%RNSdVK2}q8 zdXq&ROd?zMWYl_N#bhQjkrCs0V#u2yajN-;q9zTHMIusGo+ZG+h|}g4f6eac@XfEK z-bz$M!{vj(IpS)X#%Fz0a=H8Mv=fdafly{tca|C#%>&uR{=hrv21T)UJ+->ubIEK9 zYKWB5TO#8=3MqT-)5eDdxRQ1CeIEOg2Kj}`r&@Fz6?yMwzY--1G`!rq@1MxE60@GM zl1Nr{fUeaxOlXiFrrb~D>A6ql)>)+}jHE4aoQy}*+7k>nJ)v9hmJ%Jh_Zj9y_1N8=cBuwek z&eZ3!%Y}PlUdwe~AHJf<{02>yyL0>PWhVy41MWhZB7Xsa%FyX;Qm5;&&51{F9D6Ym zEcwTjSc350SyB#X!T6dcb3-3TjRQv4)t%1PnC7jW1&w_7^bu^sZq;rzD6 zVxAD9z6)~H(_Ku zwRUu4CT`1fuiGKz>Utn`g7DQG52mmc;W?to`BOtpT_m z!_B;77+opSMDSzzWCGI)MxlDe$f8Bp*JVz7M3>#CuIWFgjzh06J)edzf%Y0#@n3du zm7x2mr{6_=dKvAV1Mxb#3!VXHUw6|z9fofs3B4Gj+B*_!PoAS0HzDJ2ED^F0u?J%D z!4FFgtXrqV1HAyv?IVj2_Va!v;K3ca0sjl#svb`88P;mE>#N)0lOFxk7^6+R7$;|l z4Vu7~6KGYE8oms>(sUYZ68yee1I%zc)1K(%uTBCKDv}D8k<=FXc26Erlr*e7Iu~qL z>3nVKtLi{1P64v4a8=c$a~7}unCovP(Puc;r@Jyb>k>)_De;9{>=M=Q-!=v7!GIr< zUo?LGCBt~>VR*&0toL4xFSKmcCpM%Js|0Cs$@zxjW&3Ck{p@k~K|O~~@bo@q|JGJp z@3Fef^S-*Qf#Dr#EF#TIfDz4$NyMayiNz<`XLClw6<4-ozqJ6V)$%bp-_`KSY8i-W zdzxB$1W8lsmJa2s)C|Yo{nm@s!^jL}$s!HH_KS!jff0$uC+Vf7wcVOoi0%o+;6I%M z1BKCeCxen8dp45Kt)YWOpR^gPzJ|_@?me^l8E5t{=Z8ZgO*b%2LAV5!@cBBe-zh3gei?N^U;Nq!+BX+3^hB{*`!A!{tOD%sg6VAw8Z zRKqq5hvgzk?sJA4g-4xtDB-NbqFRk5ZsNn*$XXR&q|R5;TD;w?Gn`W&{)m~_=qIl` zI+9yNF;zuqR1&f{iu*X|Esz1(WBozOATjG^4{#F_P3J4CLd zH7@IV>xcZP@0nMhYim$ZJ5PF1G~LVL5PS~%Fk}aHFN7^=e5$0RprUB;1e4peLnD@L zKO8y}A>n{}ljXRtyHTqi!*T&@J@u!n139@K=UtJ_@~L;9Uv%oi0sX7p#DEWGIy^ng zr$|o6^V$gv-Z6x0!1(*#QbzX`h5=rq&;&k&W$FANoxltqNk zUM2BPuftI^F6OIKuR!qaukCyRa_xGfV;$FpG1aE_B;2jH@bw%=;#TnRhQHOJHWChQ z`R0O>%iiS$&IfNZYCk|n5-vYU3zbYdj_-)uu@1{w=92=2Fh$wj-tUIG4iK6|{=|Mb zH~u+{m`L9n$(JXN&*jkK)XD5nf!nRSOrx6Zmm>5E-S9S+)1>+Fr__Mp4v6HqW6j+= z=tx#y=CQbDVOZ~%M1U8#opj~lG;1Ra!0!lITNJNwLkhgOfB1vCztDjEIAfy-reNL) zb4bR1jpBztn4{VccLcba43Xo6LW=97_xWap{b}~8>^8{F-vuj#1&|pctH6WDObfOuzig;~ShJXI>$iTm@S1IIE%VJ62 z6=AS*$H$+-m-s$bM1Yo77pNSrY&PtB>0FuR_%3G68)qhuK-u~6((|e?k2~;dpjP}P zGP7TG+zE|)(M465ktuF=JKxXXqHK}Ob;Y{1@5IsIYrvD8$!BpVp)Es#uAY|uDX<$+ zM8|Uy@EYtQovF}2E7I3Vv}jIj(vj7&;OY*auK2YbXS&!_VH&S88^#$H5!$H|PE;7Z zF)4%%d;J(dk&FTPTg{9?Z{kn4E4P?8o6dvWbeoP-R(q5{0TYMD+|W>*s*MRFxfJDk zYUYfINF(1vM^6Y_<)blz9Qn75yZ@JL|^_hIP zgnc~uOq72rCU&>C#_cFAi$9gcm+l{c-F%k4#tOW!G!XLQ;(j?s1~D;i^%qrcOsE%K zjL8VIUV|I)UG=c(9Q>-|-6MGDW-7#b_xxT?6WCytBpjBD@#*FyU72&&-?s#B&1Xk0cgqv)X#DY7$aN&oNs3FtSl^mL94xIB3cA@zb1Gt!Ime z3jx5DHZRSv-;QP)c5E)~dH#r&H67$HB~f+X9B_k*;|D@#tXXneHaXn)KJ9gtMviUd z0hG?Q#+)t1x`)AC3+I<|HPvUqEy8Aei!)OzKWZ2`7 zRlv%cY~l{v7Ihz25cV}Z+?{Fr%NGVxK`Ox(&#DIVRh0Hnwe4Z|61Av+ z@5XHX4OQYhac|nSaCeIK>9uvr=yok=l$l=1l+e0X#fy`_KH!FIJ1D3WW8slf<&kI7 z2c^`vCcv|e%3z5IC_LU2jU+Szy{+*-8sC7$Qs!HPi#YGGO`OSXQtt-t^|zL>K+P%Ps>XnZVR#{IaZ<90TZf^4e1`97%e?d5S9X=K{7E2Q$t690= zNHxftK#Qs_vujM6AHtcYrGGYsk9>Aqc~#Tb-rHf}Ky;01KM2G?->f@%oGP@Uh7M9+ zo)D^9x}VGt>C#|+k;;SZPPp{42&E}Y!eiZgBdE_uVj{G%)dHURxqG3bH`K^=fGY&{ zBHz(~N55`~BB8%M6&1Ny*TSgJ7w4e^NCajtwbOVe|^~R<_e~6pG{PA&W zjihUGOR>mB_A0=A85I8koDJa>X7TyPxhnK*n>DuJ$$&bKNCmfmLqsewiggQ^YA?9T zrE5$uHAe6|?|zF?N4F;uhO7=KWJi)RU!hVIGE<|8H+b~6tG}k3ey+RI!U?@$Z9-k}6SE+kMD8z+A7odL?}Bx3KJqxkBWGwEm9cVu}`ijdNFKIrJRe z%jyR^L>Dz})2w=V3$2XtfVQTo{X|R|g$10rEZP%$^&M6u#-if4l1I{p6QsGBI-V)h z3i>gnOJ%|Sb1oWN+CCTetx@!*cGdK5RL9+M>{e6t>~@4Rh2|P2EoiL)Wf=Os{Q$-J z8_U0EdaFK`Uyz@fwt6bi_uoVRP%`_M^Q9`|5f~*gLMYVQK5=plfw!z@3#pqKMwdLX zaEEi83r0xrbtGXIA8QReBC)-0b3IOlu7vJ|`lt#p4Y8DlhO(ex1`@4K1|De*$0ILo zJh6#jAN%r`hQLT_B9CL;adkyu4GX9hM(dU)-q60DB|I7>cXzgc^~d)y~66kpn|p-4Wn%QZVbn!U*ri zKGCN(u3yv&W5&{;t4`ABi)$~(87e`o=ZO&cF9_lNtasTZSBGmEb`r8nwjG2Baix=m zr|MT#++nxEV+GbD*1sA};od@1&Ss#58l-%Oqcx7wDrRv|Jp;C+V^MFu*%~&{tBVIQ zyPDSKIPxL9y=ji;e_V!S`kriLiD4LzT*VH*=g5($4~ooe{)P2poNcFEOCpf8QzSI5 zhOKL(W-UfX#`5c}SJ`LI2VZlwQ_07KS3TUn6{3P7)A+o%TwM>fsvW6^{BGAP(s>-n zD{6J%{-fSErulu?3=Auqg28i%HIbgB1@B5SuuMl521s;l~oY*9S@vj5QoQA*{&OWn+ zx*s~P26gv24P~upDT^o_&V9ftnkr~vII3EosW}d=m?K&3bgC}yFn|*S90j;N?1A6No|wV~IkmFQ(@3 zCyIrAYq*F5+^0d^5o`H|hpL`NCp&ntHd<|;1{3L}Dx!%?*dOKEpWK+_NmW?V#{8tA zf0>p(WWfzMFqEaHi%CD#}XG+Lp6yzZsHIl$KpAXk!d*IhFJEt=R7hc zTYfHJEPwU4MKd(J(Pge$6TjYv*vua-&4T;;4R=73)4X5GJ@|0bvnJh@8g$RM$YE9Q z^iG~H6PzJchFj%)$Pcfx=Zlt_JT^M~nVa8_i?^8!jZ`F9MOT@U+N^`;<5Xx3)t08702V`xZ05k zJEXXXc!O(vsC_Qbg?CQGyH_p5wbC!&W=HFa#*R21Ds@^Jg;ynuC%rS|(po2;M~$vE8N7dwNcz{Nyhsd={lV4iIJd3}f*SxI`9a)Pt0o z)#6_t)eD^YVk6$z$h|STkP`SyHP_Z1X&9mtXwH7;?-xIRtMV|t+!ssQj!%;{nUI|g zPWJHAR)AZ@{B9AI{CJY~|qyO#NQ)I>_3vkW%?=Jh?#}D}`jAeXQGKs}%Ai^pIztoG&=-kW6 z-R6e|BYDI2;GevP=X*0stZl~-q9w^%+)_0hmS^CM~cqY6JuDMPh@AAvPVNa zRtL%uR(R_z)UkB3Itx~I&+lep*qk+lhIV4Mpf)FFYR@iBcjFi7S<;ILWyuxWL6|O| zSv(0s1cier5XZJBF@ZiU3|EgI{`!e)vu1zTcI0h&!8`JM7|1FJB&RRH(T(uJq04wOl?X&u3OBH zQ>S~+jq_;V$`)`1#%*hV!t>y@kATn%0Yi4XL||>?cPcuLqGO*jswMWL(cw1=X%xul zx$D_e@U9n80ao(x#qahpY?i~5tRnX)S1ID22sUAHz7>f&SYF|b>F*oM9UEYQltA}p z8xXB%Ay+o_;UU85BirG~YURIVFVn&pB0+DgEX2c8*zF0-6qd%TyBZvTUxKOXa@O{v zJRe3$@osEddXruD@4WYcecwL?$!dYyQ_lMvHdFII={quLkM43MHWZ-UhAugIm!_sDr zaiS2i_!&Bfd3?Jn+@&V>=IA8bjAu(&ZH zhtcx@#aw04Ky?a|-JtuGrjz@(4eU{xZ$_9v(H5u?CL=p?^>m`HHT!)D(Y}pk z?rn{e)_dy~!9*!1J;W#s;TY}{fXE8zQpzTM^pQ)}M!}?R^Yiuxy#_W>*=zHwJr4xp zO*!paOMx+cUnI?nh>yvw0KwDtkk@VkiqE$}Dc8eRS0GEef`Y>@dVudDmwvG+oWHn* z?)i_|KJ1>%Iqb|5o^H?2M$jr$$(4yQZAR&i6@GQS!ILf;QV_fMe6axDHS_Pk!~hu# z0hARFAdb`dh!6w5><>!>D$0DpUx^7=Ltk~?nNHT~j6av}How&D80?|^*nV4Oc1D3| z@0lZfTt!C--=fKP>z%~SY$LbKjB(yqV<0eXHk8HVPu#GUcIEp-rLp3Pq)Ghn`QD#y z+F>qUcdb2IDD`U&b&%*c%-TcA0tkq-Es6o$5l%9g< z%3uaanmTIoXTqmXtgIFY0sZAUpsG@i`A$v4d`~KFSlKV3qUrpV(}UpDyA=Tvowz<+ zso8u5*%aPOjkC^8a+E`=IPpNk_MwgDx)y%R$M-Y7zqIL`X3oSZbQnVQ zPu##c7j81{F zEbC51FhVfux%T9lW|c0o>#C$1QY0GqZz3xRS;qLsb&c&F8(*(XkJVefXIICw=(0xY z5<7&eN=O^BV~i@S&aZ^P$fvFT#AdG%xr4+f==HXIVGT34zGvt#uDpA^D%s-BTofD~ zi*rF7r*Q1qERdP(`kW73_1|~F$DV4GO&$2~8ig}{m)J5&aBL|!0fC*2te0L@cbXOa zbkO${&^*xtno~KHxxP!2U6-c5=@sDW`2&wFYwhf*ht;MZd__Rv?(!GemWOK5Op!In z*o0(t_kR9<@o>zubOTC~R)Juptlz#$)x~EOOoB-O*exRXyVS%u zHTQ@V*`~ zVX%F?OZ9@=k=U6*V4qH9WkTEHuqv~idGUU9zE89yaY#A5HJwJ(xC9jt7^#qT#TXX0 zE-7B>S$?apAb5s!4dFJyA5?4}p2XCS4r?%|U7F_{B1%0)cxvab@69r+x&3}fGjomA z?&smaF_x4pteo6nChh8Nwyr;_M|m0eMg8Nq)(i7t$4{O=K>lWCjn6Fig0Et;oc5R0 za0=SLdT{u(+Qq2`VR}O1G!BkID(EJBb=k{1r`yKY_I0K=ZmVz1km!ofNI6?mJ$Ko( zj$lpcx6!GRaZ>vU`xpxgS1bafnj-!2w1xJ$k9D^oS zqpW9#=Rx!{mdLqxFyoB#kvnGGFHh#OZWUeq@My<=#n;~hg4TSw&EG7$Y}yEkZ)k>F zKU7&hRRt9jp({OJ7Z6co$Yo!5ENt2F(1)?^tmCs^Gh6Sf9J7c15D#mpDoKieF~FN` z`dX^~2_8kNaKCH|efUQqE8vtjH&)u#RM7)$uF&ZiNX@%3_t*qIeRaY(bzxH6VY}x) zXCSAdq@;j*p&sjtI2KI4thHy4ZNq5Z>O9?yi8*A`o_O%kUnAvi9>wPq73F0guoNEH zR%oM@;#<2j3e}h21gHi&>g+02zDCH|`CvdTW#P4x$uZ^Vr`ct!>?`YM<^AQL#_hYh zpRNZH%{4MZQ=+SG;8oAM_K$qwk|8!7bF{kNuwi{1hsz~ImH1d7F|zw?d_Oxw0ChHF!K_?- z37=pV?(S*LXD{l2Mv9ogqEaF83AcqXA8208)$DMfkiddbYfKkZ4HsT9Fbx5RkQeYJ z>BgN4QviPf$c=-cpLE==ltzEokPGUQ%WV@Y&ftK3#jP1sy4gw4BcrkMyvTG?*@LAe zcquja&mfWwRe8^H$A#~q7BLKKT8+Hrmy+4RIO%0s8Fd{}H3prSLb7_CR0mFVbukgN{3~@Jd`e2w; z43kHPjXE!;)M;i){?-$zW<@HZLsimA?H_x1^$o4HZXSr1Cl%Pa9}6rE)eU`A8WgxM zcZMIv&(r$ME~BZI#jvq7=Di;lMR;)}j%gqy47YlUp1(FR>ABZORGHZP9y(L0&3S&S zO3UN;9~n(6$~Y4x~i>?%6n*1939VUv^M9C)w3=ZJ(ywyRf5TGk+9|8K-T?%Lnu71;~j} z`p6giKq2Fj1LEkZ8h>VNzqjmunL-jyI40-PQdIh2wj5|aW#89=+B+>nnYv7d z@_Rphi&W2A`Mr#1O?}dOwa0G>CC47hfyjnjTD2HED6P@D69oB#Y7M>@tdX4P0(~=< zb(CnHukM1kZ@s&jsb^^;WkJdJMlt_dJ_h5iD19TFJ&d|$r>^}xJXoWH{uNmDABb4r z98)DxyC1&EADaBtfZzZETVp08cwhBLz#fm$ItgGo;m8(9x_77W?ua?6+;-IR{o!cY zh7rW;tjbcL?Uyr}Bk;8am^Q}RA?s8@ATejGzApZ!7r@sbK;Zf&&fZSxHu&Kg`1A+2 z3;;{&KThKR!0!G-I{u#I|12Q{fX0s;;by() zM}FD~|0BHl*S`I~$xyR{{P=-?5jkh4i=D3j-UAKn>iSpJMc(x6+U*1aUfe9(;W2pZ zmibr&y)}S9*U`M&;{_95j%|a%C%Zk~(UIlaHV}$o+aqWqOmN%yJzbD<+h99k=LE#A z6A=5_Ve1KqEd^{T0I{WjJ+%O)M(mjqdse`f0=5*er2xplKam2?ux64l#$+XW>oyW= LV4`1)z7YC1MFcD? From f03ac43b69e1698067f3264d52c6ed11b101a8cf Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Thu, 4 Jan 2024 16:45:44 -0800 Subject: [PATCH 35/77] FAQ grammar check --- .../aws-marketplace-payg-integration.md | 75 ++++++++++--------- .../azure-marketplace-payg-integration.md | 46 ++++++------ 2 files changed, 63 insertions(+), 58 deletions(-) diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md index b8eab5713ca..64f0d797041 100644 --- a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -34,52 +34,50 @@ By selecting the Rancher Prime listing from the AWS Marketplace, customers can d #### Where do I find the Rancher Prime listings? -The listings can be found in the AWS Marketplace, there are two listings: +There are two listings in the AWS Marketplace. They are: -- Rancher Prime -- Rancher Prime (EMEA Orders Only) +- [Rancher Prime](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c) +- [Rancher Prime (EMEA Orders Only)](https://aws.amazon.com/marketplace/pp/prodview-ocgjwd5c2aj5i) -#### Why are there 2 listings, which one should I use? +#### Why are there two listings? Which one should I use? -We have 2 listings for Rancher Prime, "EU, EEA, or UK Orders" and "no EU, EEA, or UK Orders", you should pick the listing that reflects where your AWS account gets billed. +We have two listings for Rancher Prime, "EU, EEA, or UK Orders" and "non EU, EEA, or UK Orders." You should pick the listing that reflects where your AWS account gets billed. #### Are these listings available in all countries? -The Rancher listing on AWS is not available to purchase in all countries. +No. The Rancher listing on AWS is not available to purchase in all countries. Your billing country is based on the AWS Account ID used to do the deployment. Please read the addendum at the end of this FAQ for a list of countries that can and cannot transact Rancher Prime via the AWS Marketplace. -#### My AWS account is in the USA, but I want to deploy Rancher in another AWS region, a region that is in a country where I currently cannot transact Rancher Prime, is this possible? +#### My AWS account is in the USA, but I want to deploy Rancher in another AWS region, a region that is in a country where I currently cannot transact Rancher Prime. Is this possible? Yes. As long as your AWS account is billed to one of the allowed countries, it is possible to deploy Rancher in any AWS regions. #### Is this listing available in China? -Whilst it is not possible to transact/bill Rancher Prime in China, it is possible to deploy into AWS regions in China. +While it is not possible to transact/bill Rancher Prime in China, it is possible to deploy into AWS regions in China. Please read the addendum at the end of this FAQ for a list of countries that can and cannot transact Rancher Prime via the AWS Marketplace. -#### Can I still deploy Rancher using the ‘Rancher Setup’ listing from the AWS Marketplace? +#### Can I still deploy Rancher using the "Rancher Setup" listing from the AWS Marketplace? -‘Rancher Setup’ is no longer available via AWS Marketplace. Customers should deploy an EKS Cluster to host Rancher. Please refer to the best practice documentation. - -Follow the steps in this [guide](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) except for the Rancher installation. The Rancher product install should be carried out as per the directions on the Marketplace listing. +"Rancher Setup" is no longer available via AWS Marketplace. Customers should deploy an EKS Cluster to host Rancher. Follow the steps in this [guide](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) except for the Rancher installation. The Rancher product installation should be carried out as per [installing the Rancher Prime PAYG offering on Amazon's AWS Marketplace](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md). ### Billing -#### I have an existing Rancher Prime subscription; can I use this on AWS? +#### I have an existing Rancher Prime subscription. Can I use this on AWS? -BYOS (Bring Your Own Subscription) Rancher deployments are supported on AWS, however, billing will not be via the AWS Marketplace. Once the existing subscription term ends, you can purchase Rancher Prime via the AWS Marketplace and reconfigure your cluster to support monthly billing via AWS. +BYOS (Bring Your Own Subscription) Rancher deployments are supported on AWS; however, billing will not be via the AWS Marketplace. Once the existing subscription term ends, you can purchase Rancher Prime via the AWS Marketplace and reconfigure your cluster to support monthly billing via AWS. -#### I have an existing Rancher Subscription purchased via the ’Rancher Premium Support’ listing on AWS; is this transferable to the new model? +#### I have an existing Rancher Subscription purchased via the ’Rancher Premium Support’ listing on AWS. Isthis transferable to the new model? No. A new deployment of Rancher Prime is required to benefit from the new monthly billing model. #### I have an existing deployment covered by a Rancher subscription; can I use this new listing in AWS for new deployments? -Yes, the listing works independently from your existing subscriptions. Please remember that support processes may be different for deployments using your existing subscription and those billed via the AWS Marketplace. +Yes. the listing works independently from your existing subscriptions. Please remember that support processes may be different for deployments using your existing subscription and those billed via the AWS Marketplace. #### Tell me more about how the billing for Rancher Prime works via AWS? @@ -91,12 +89,12 @@ total. - An average node count is calculated for the month. - There is a monthly usage charge for each node in the average node count. - The monthly usage charge depends on the number of nodes in use. -- There is a 5-node minimum, if the average node count is less than 5 nodes, the +- There is a 5-node minimum; if the average node count is less than 5 nodes, the charge will be for 5 nodes. #### What are the pricing tiers? -Rancher Prime has different pricing tiers when purchasing via the AWS Marketplace. This is based on the number of nodes which Rancher is managing. Details of the tiers are below, please check the listing for further pricing information. +Rancher Prime has different pricing tiers when purchasing via the AWS Marketplace. This is based on the number of nodes which Rancher is managing. Details of the tiers are below. Please check the listing for further pricing information. | Tier | Nodes (from) | Nodes (to) | | :------: | :----------: | :---------: | @@ -117,11 +115,17 @@ Rancher can be deployed manually using the standard documentation and repositori The average node count is calculated by adding the number of managed nodes (counted hourly) and dividing by the number of hours Rancher has been active in the billing cycle. -Below are 3 examples of how the average node count is calculated. Check the table below for the details. N.B. in our example month, we are using 730 hours, this may differ depending on the number of days in the month and the billing cycle. +Below are three examples of how the average node count is calculated. Check the table below for the details. + +:::note + +In our example month, we are using 730 hours; this may differ depending on the number of days in the month and the billing cycle. + +::: - **Static usage:** Using Rancher to manage 10 nodes, for 1 month (730 hours) with no additional nodes added in the month. - **Bursting Model:** Using Rancher to manage 10 nodes for 3 weeks (562 hours) in the month, bursting to 30 nodes for 1 week (168 hours). -- **Transient cluster:** A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours) +- **Transient cluster:** A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours). | | Hours Active (Hours Rancher is active in the month) | Nodes (Managed Nodes counted at each check-in) | Usage total (Sum of nodes reported at each check-in) | Average Node Count (Usage total / hours active) | Note | | ----------------- | :--: | :------------------------: | :----: | :--: | :------------------------------: | @@ -131,21 +135,21 @@ Below are 3 examples of how the average node count is calculated. Check the tabl #### Are special commercial terms available? -Depending on the deployment, it may be possible to secure special commercial terms (e.g., an annual subscription). This will be handled via an AWS Private offer, please contact SUSE for more information. +Depending on the deployment, securing special commercial terms (e.g., an annual subscription) may be possible. This will be handled via an AWS Private offer. Please contact SUSE for more information. #### Can my spend on Rancher Prime count towards my AWS Enterprise Discount Program? -Yes, it can. Please contact your AWS Sales Team for more details. +Yes. Please contact your AWS Sales Team for more details. #### How do I purchase Rancher for additional nodes? -Once Rancher has been deployed from the listing on AWS and billing is active, there is no need to make a specific purchase for additional nodes. Billing is dynamic and based on the number of nodes Rancher is managing. Just deploy or on-board additional clusters to Rancher as needed. +Once Rancher has been deployed from the listing on AWS and billing is active, there is no need to make a specific purchase for additional nodes. Billing is dynamic and based on the number of nodes Rancher is managing. Just deploy or onboard additional clusters to Rancher as needed. #### Is this an annual commitment, will it auto-renew? -By default, the Rancher Prime listing in AWS is billed on a monthly cycle, based on usage. Billing is on-going for as long as Rancher is deployed. +By default, the Rancher Prime listing in AWS is billed on a monthly cycle, based on usage. Billing is ongoing for as long as Rancher is deployed. -It is possible to set up an annual commitment via an AWS Private Offer, these will need to be reviewed and renewed at the end of the term, or the deployment will drop back to the default monthly billing cycle. +It is possible to set up an annual commitment via an AWS Private Offer; these will need to be reviewed and renewed at the end of the term, or the deployment will drop back to the default monthly billing cycle. ### Technical (Billing) @@ -153,9 +157,9 @@ It is possible to set up an annual commitment via an AWS Private Offer, these wi Yes. To benefit from monthly billing via the Marketplace, the primary Rancher cluster must be an EKS Cluster running in your AWS Account. -#### On which Kubernetes distributions can the AWS Marketplace listing be deployed? +#### Which Kubernetes distributions can the AWS Marketplace listing be deployed on? -The AWS Marketplace listing for Rancher Prime with Marketplace billing must be deployed on Amazon EKS. Downstream clusters / managed worker nodes can be running on any CNCF compliant Kubernetes platform, EKS, EKS-A, Rancher Kubernetes Engine, etc. +The AWS Marketplace listing for Rancher Prime with Marketplace billing must be deployed on Amazon EKS. Downstream clusters / managed worker nodes can run on any CNCF compliant Kubernetes platform, EKS, EKS-A, Rancher Kubernetes Engine, etc. #### What is the deployment mechanism? @@ -185,14 +189,13 @@ Billing through AWS Marketplace may not be supported with previous versions. #### How often is the listing updated (including the version of Rancher, etc.)? -Cloud marketplace listings are tied to a specific version of Rancher, usually the latest -version available at the time of listing. Typically, these are updated quarterly, or more frequently if there are security issues. +The marketplace listing is tied to a specific version of Rancher, usually the latest version available at the time of listing. Typically, these are updated quarterly, or more frequently if there are security issues. #### I have many Kubernetes clusters across multiple AWS accounts, does the Rancher Prime billing still work and enable tiered pricing? Yes. Downstream clusters managed by Rancher can be deployed across single or multiple AWS accounts, on-premises, or even in other public clouds. Downstream nodes will report up to the primary Rancher deployment. Tiered pricing is enabled and billing will be routed to the AWS account in which the primary cluster is running. -#### I have multiple independent clusters, each running a separate installation of the AWS Marketplace listing for Rancher Prime, how is this billed? +#### I have multiple independent clusters, each running a separate installation of the AWS Marketplace listing for Rancher Prime. How is this billed? As the Rancher Prime deployments are independent, each deployment is billed separately from the others. It is not possible to benefit from tiered pricing. @@ -200,17 +203,17 @@ As the Rancher Prime deployments are independent, each deployment is billed sepa The primary Rancher cluster must be running on EKS in the AWS Cloud and running the AWS Marketplace listing for Rancher. To benefit from tiered pricing, managed clusters (downstream clusters) should be connected to the primary Rancher cluster. -#### I have purchased multiple SUSE products from the AWS Marketplace (e.g., SUSE Manager, NeuVector Prime and now Rancher Prime), does the AWS Marketplace billing method still work? +#### I have purchased multiple SUSE products from the AWS Marketplace (e.g., SUSE Manager, NeuVector Prime and now Rancher Prime). Does the AWS Marketplace billing method still work? Yes. The billing mechanism of each deployment is independent, each product will be billed separately via the AWS Marketplace. #### I already have an existing EKS cluster in place and want to add Rancher and have this billed via Marketplace. Is this possible? -Yes, simply deploy the AWS Marketplace listing for Rancher Prime. +Yes. Simply deploy the AWS Marketplace listing for Rancher Prime. -#### I already have an existing cluster, with Rancher deployed, can I just install the marketplace version and have support billed via the AWS Marketplace? +#### I already have an existing cluster, with Rancher deployed. Can I just install the marketplace version and have support billed via the AWS Marketplace? -In order to benefit from monthly billing via the AWS Marketplace, the primary Rancher cluster needs to be deployed from the listing. It is then possible to migrate the existing Rancher configuration to the new deployment. +In order to benefit from monthly billing via the AWS Marketplace, the primary Rancher cluster needs to be deployed from the listing, it is then possible to migrate the existing Rancher configuration to the new deployment. Please follow the [documentation](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md) and be sure to back up the existing Rancher configuration. @@ -238,7 +241,7 @@ To ensure continuity with support, it is recommended that the primary Rancher cl There may be multiple reasons why the primary cluster is unable to connect to the AWS framework, but it is the customer’s responsibility to ensure that the primary cluster is active and connected. Whilst the cluster is not connected to the billing framework, it is not possible to raise a support request. -#### My primary cluster has been offline, what will happen with billing when reconnected? +#### My primary cluster has been offline. What will happen with billing when reconnected? If the primary cluster is offline or disconnected from the AWS billing framework for a period of time, when it reconnects, the stored usage data will be uploaded to AWS and will appear on your next AWS bill. @@ -246,7 +249,7 @@ Depending on when in the month the primary cluster gets reconnected you may have #### Can the managed worker nodes reside on premises, at the edge or even on another cloud provider? -Yes, nodes can run anywhere. SUSE Rancher will count the total number of nodes managed regardless of where they are deployed. +Yes. Nodes can run anywhere. SUSE Rancher will count the total number of nodes managed regardless of where they are deployed. #### How do I get fixes and updates for Rancher? diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md index d361798b8ec..42f6ae467ab 100644 --- a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/docs/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -36,20 +36,20 @@ By selecting the Rancher Prime listing in the Azure Marketplace, customers can d There are two listings in the Azure Marketplace. They are: -- Rancher Prime with 24x7 Support -- Rancher Prime with 24x7 Support (EMEA Orders Only) +- [Rancher Prime with 24x7 Support](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suse.rancher-prime-llc/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suse.rancher-prime-llcpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%221dafcf16-920e-46ea-80c9-dc85c6bd3a17%22%7D/searchTelemetryId/c2300fb7-ba7b-462a-ba57-a37cb5e2822d) +- [Rancher Prime with 24x7 Support (EMEA Orders Only)](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suseirelandltd1692213356027.rancher-prime-ltd/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suseirelandltd1692213356027.rancher-prime-ltdpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%22c6b1d79a-b577-47b0-90e5-41e6c49688ab%22%7D/searchTelemetryId/1793144d-e0d9-466e-8e36-dfeddc73163b) -#### Why are there 2 listings, which one should I use? +#### Why are there two listings? Which one should I use? There are two listings for Rancher Prime to accommodate Microsoft Azure billing regions. You should pick the listing that reflects where your Azure account gets billed. #### Are these listings available in all countries? -No, due to billing limitations and other restrictions, the Rancher Prime Azure Marketplace listing may not be purchasable in all countries. The Azure account you use for deployment determines your billing country. Contact your Azure Sales Team for more details. +No. Due to billing limitations and other restrictions, the Rancher Prime Azure Marketplace listing may not be purchasable in all countries. The Azure account you use for deployment determines your billing country. Contact your Azure Sales Team for more details. -#### My Azure account is in the USA, but I want to deploy Rancher in another Azure region, a region that is in a country where I currently cannot transact Rancher Prime, is this possible? +#### My Azure account is in the USA, but I want to deploy Rancher in another Azure region, a region that is in a country where I currently cannot transact Rancher Prime. Is this possible? -Yes, as long as your Azure account is billed to one of the allowed countries, it is possible to deploy Rancher Prime in any Azure region. +Yes. As long as your Azure account is billed to one of the allowed countries, it is possible to deploy Rancher Prime in any Azure region. #### Is this listing available in China? @@ -63,7 +63,7 @@ Self-installed BYOS (Bring Your Own Subscription) Rancher Prime deployments are #### I have an existing deployment covered by a Rancher subscription; can I use this new listing in the Azure Marketplace for new deployments? -Yes, the listing works independently from your existing Rancher Prime subscriptions. Only deployments through the marketplace listing will be billed through Azure. Support is always direct from SUSE. +Yes. the listing works independently from your existing Rancher Prime subscriptions. Only deployments through the marketplace listing will be billed through Azure. Support is always direct from SUSE. #### Tell me more about how the billing for Rancher Prime works via Azure? @@ -74,11 +74,11 @@ When purchasing Rancher Prime via the Azure Marketplace, the billing is as follo - An average node count is calculated for the month. - There is a monthly usage charge for each node in the average node count. - The monthly usage charge depends on the number of nodes in use. -- There is a 5-node minimum, if the average node count is less than 5 nodes, the charge will be for 5 nodes. +- There is a 5-node minimum; if the average node count is less than 5 nodes, the charge will be for 5 nodes. #### What are the pricing tiers? -Rancher Prime has different pricing tiers when purchasing via the Azure Marketplace. This is based on the number of nodes which Rancher is managing.Details of the tiers are shown below, please check the listing for further pricing information. +Rancher Prime has different pricing tiers when purchasing via the Azure Marketplace. This is based on the number of nodes that Rancher is managing. Details of the tiers are shown below. Please check the listing for further pricing information. | Tier | Nodes (from) | Nodes (to) | | :------: | :----------: | :---------: | @@ -104,7 +104,7 @@ In our example month, we are using 730 hours; this may differ depending on the n ::: - **Static Usage:** -Using Rancher to manage 10 nodes, for 1 month (730 hours) with no additional nodes added in the month. +Using Rancher to manage 10 nodes for 1 month (730 hours) with no additional nodes added in the month. - **Bursting Model:** Using Rancher to manage 10 nodes for 3 weeks (562 hours) in the month and bursting to 30 nodes for 1 week (168 hours). - **Transient Cluster:** @@ -118,21 +118,21 @@ A temporary deployment of Rancher on 20 nodes for 2 weeks (336 hours). #### Are special commercial terms available? -Depending on the deployment, it may be possible to secure special commercial terms, such as an annual subscription. This will be handled via an Azure private offer, contact SUSE for more information. +Depending on the deployment, securing special commercial terms (e.g., an annual subscription) may be possible. This will be handled via an Azure private offer. Please contact SUSE for more information. #### Can my spend on Rancher Prime count towards my MACC Program? -Yes, it can. Contact your Azure Sales Team for more details. +Yes. Contact your Azure Sales Team for more details. #### How do I purchase Rancher for additional nodes? -Once Rancher Prime has been deployed from the Azure Marketplace and billing is active, there is no need to make a specific purchase for additional nodes. Billing is dynamic and based on the number of nodes Rancher is managing. Just deploy or on-board additional clusters to Rancher as needed. +Once Rancher Prime has been deployed from the Azure Marketplace and billing is active, there is no need to make a specific purchase for additional nodes. Billing is dynamic and based on the number of nodes Rancher is managing. Just deploy or onboard additional clusters to Rancher as needed. #### Is this an annual commitment, will it auto-renew? -By default, the Rancher Prime listing is billed on a monthly cycle, based on usage. Billing is on-going for as long as Rancher Prime is deployed. +By default, the Rancher Prime listing is billed on a monthly cycle, based on usage. Billing is ongoing for as long as Rancher Prime is deployed. -It is possible to set up an annual commitment via an Azure Private Offer, these will need to be reviewed and renewed at the end of the term, or the deployment will drop back to the default monthly billing cycle. +It is possible to set up an annual commitment via an Azure Private Offer; these will need to be reviewed and renewed at the end of the term, or the deployment will drop back to the default monthly billing cycle. ### Technical @@ -140,7 +140,7 @@ It is possible to set up an annual commitment via an Azure Private Offer, these Yes. To benefit from monthly billing via Azure, the primary Rancher cluster must be an Azure Kubernetes Service (AKS) cluster running in your Azure account. -#### On which Kubernetes distributions can the Rancher Prime Azure Marketplace listing be deployed? +#### Which Kubernetes distributions can the Rancher Prime Azure Marketplace listing be deployed on? The Rancher Prime marketplace listing must be deployed on Azure Kubernetes Service (AKS). Downstream/managed clusters can run any supported Kubernetes platform: RKE, RKE2, EKS, GKE, vanilla Kubernetes, OpenShift, Mirantis Kubernetes Engine, etc. See Supported Platforms for more details. @@ -178,7 +178,7 @@ The marketplace listing is tied to a specific version of Rancher, usually it is Yes. Downstream/managed clusters can be deployed across single or multiple Azure accounts, on-premises, and in other public clouds. Downstream/managed nodes report up to Rancher Prime, enabling tiered pricing with billing routed to the Azure account in which the managing Rancher Prime cluster is running. -#### I have multiple independent clusters, each running a separate installation of the Rancher Prime Azure Marketplace listing; how is this billed? +#### I have multiple independent clusters, each running a separate installation of the Rancher Prime Azure Marketplace listing. How is this billed? As the Rancher Prime deployments are independent, each deployment is billed separately from the others. It is not possible to benefit from tiered pricing. If managing multiple independent Rancher Prime clusters, consider custom terms from SUSE. @@ -186,18 +186,20 @@ As the Rancher Prime deployments are independent, each deployment is billed sepa The primary Rancher Prime cluster must be running on AKS in Microsoft Azure, deployed through the marketplace listing. To benefit from tiered pricing, downstream/managed clusters should be imported into the primary Rancher Prime cluster. -#### I have purchased multiple SUSE products from the Azure Marketplace (e.g., SUSE Manager, NeuVector Prime, Rancher Prime); does the Azure Marketplace billing method still work? +#### I have purchased multiple SUSE products from the Azure Marketplace (e.g., SUSE Manager, NeuVector Prime, Rancher Prime). Does the Azure Marketplace billing method still work? Yes. The billing mechanisms for the deployments are independent and are billed separately via the Azure Marketplace. -#### I already have an existing AKS cluster in place and want to add Rancher Prime to it and be billed through the Azure Marketplace; is this possible? +#### I already have an existing AKS cluster in place and want to add Rancher Prime to it and be billed through the Azure Marketplace. Is this possible? -Yes, simply deploy the Rancher Prime to the cluster with the Azure Marketplace listing. +Yes. Simply deploy the Rancher Prime to the cluster with the Azure Marketplace listing. -#### I already deployed Rancher to an existing AKS cluster; can I just install the marketplace version to enable Azure Marketplace billing? +#### I already deployed Rancher to an existing AKS cluster. Can I just install the marketplace version to enable Azure Marketplace billing? No. You need to deploy Rancher Prime with the Azure Marketplace listing and migrate the existing Rancher configuration to this new deployment. Be sure that you back up your existing Rancher configuration. +### Technical (Product) + #### How do I get support? It is very simple to [open a support case](https://scc.suse.com/cloudsupport) with SUSE for Rancher Prime. Create a ‘supportconfig’ via the Rancher UI (click Get Support under the hamburger menu and follow instructions), then upload the ‘supportconfig’ output to the SUSE Customer Center. If the billing mechanism is active, a support case will be opened. See Supportconfig bundle in the Rancher [documentation](../integrations-in-rancher/cloud-marketplace/supportconfig.md) for more details. @@ -224,7 +226,7 @@ To ensure continuity of support, it is recommended that the primary Rancher Prim There may be multiple reasons why the primary cluster is unable to connect to the Azure billing framework, but it is the customer’s responsibility to ensure that the primary cluster is active and connected. While the cluster is not connected to the billing framework, it is not possible to raise a support request. -#### My primary cluster has been offline; what will happen with billing when reconnected? +#### My primary cluster has been offline. What will happen with billing when reconnected? If the Racher Prime cluster is offline or disconnected from the Azure billing framework for a period of time, when it reconnects, the stored usage data will be uploaded to Azure and will appear on your next Azure bill. Depending on the month when the primary cluster gets reconnected you may have several months of usage on your next billing cycle. From df5ca0229ac3eb2c178b1a197401f3bb1fcc82b6 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Fri, 5 Jan 2024 10:13:11 -0800 Subject: [PATCH 36/77] Move files to 2.7 docs --- sidebars.js | 32 ------------------- .../common-issues.md | 0 .../installing-rancher-prime.md | 0 .../prerequisites.md | 0 .../troubleshooting.md | 0 .../upgrading-rancher-payg-cluster.md | 0 .../common-issues.md | 0 .../installing-rancher-prime.md | 0 .../prerequisites.md | 0 .../troubleshooting.md | 0 .../upgrading-rancher-payg-cluster.md | 0 .../aws-marketplace-payg-integration.md | 0 .../azure-marketplace-payg-integration.md | 0 versioned_sidebars/version-2.7-sidebars.json | 32 +++++++++++++++++++ 14 files changed, 32 insertions(+), 32 deletions(-) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md (100%) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md (100%) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md (100%) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md (100%) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md (100%) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md (100%) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md (100%) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md (100%) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md (100%) rename {docs => versioned_docs/version-2.7}/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md (100%) rename {docs => versioned_docs/version-2.7}/pages-for-subheaders/aws-marketplace-payg-integration.md (100%) rename {docs => versioned_docs/version-2.7}/pages-for-subheaders/azure-marketplace-payg-integration.md (100%) diff --git a/sidebars.js b/sidebars.js index 262bd6b301c..ce3687e759b 100644 --- a/sidebars.js +++ b/sidebars.js @@ -1148,38 +1148,6 @@ const sidebars = { 'integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/common-issues' ] }, - { - type: 'category', - label: 'AWS Marketplace Pay-as-you-go (PAYG)', - link: { - type: 'doc', - id: "pages-for-subheaders/aws-marketplace-payg-integration" - }, - items: [ - 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites', - 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime', - 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster', - 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting', - 'integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues' - - ] - }, - { - type: 'category', - label: 'Azure Marketplace Pay-as-you-go (PAYG)', - link: { - type: 'doc', - id: "pages-for-subheaders/azure-marketplace-payg-integration" - }, - items: [ - 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites', - 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime', - 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster', - 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting', - 'integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues' - - ] - }, 'integrations-in-rancher/cloud-marketplace/supportconfig' ] }, diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md diff --git a/docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md similarity index 100% rename from docs/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md diff --git a/docs/pages-for-subheaders/aws-marketplace-payg-integration.md b/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md similarity index 100% rename from docs/pages-for-subheaders/aws-marketplace-payg-integration.md rename to versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md diff --git a/docs/pages-for-subheaders/azure-marketplace-payg-integration.md b/versioned_docs/version-2.7/pages-for-subheaders/azure-marketplace-payg-integration.md similarity index 100% rename from docs/pages-for-subheaders/azure-marketplace-payg-integration.md rename to versioned_docs/version-2.7/pages-for-subheaders/azure-marketplace-payg-integration.md diff --git a/versioned_sidebars/version-2.7-sidebars.json b/versioned_sidebars/version-2.7-sidebars.json index cfcb6c477f0..7729d6f3aa2 100644 --- a/versioned_sidebars/version-2.7-sidebars.json +++ b/versioned_sidebars/version-2.7-sidebars.json @@ -1108,6 +1108,38 @@ "integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/common-issues" ] }, + { + "type": "category", + "label": "AWS Marketplace Pay-as-you-go (PAYG)", + "link": { + "type": "doc", + "id": "pages-for-subheaders/aws-marketplace-payg-integration" + }, + "items": [ + "integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites", + "integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime", + "integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster", + "integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting", + "integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues" + + ] + }, + { + "type": "category", + "label": "Azure Marketplace Pay-as-you-go (PAYG)", + "link": { + "type": "doc", + "id": "pages-for-subheaders/azure-marketplace-payg-integration" + }, + "items": [ + "integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites", + "integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime", + "integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster", + "integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting", + "integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues" + + ] + }, "integrations-in-rancher/cloud-marketplace/supportconfig" ] }, From d489f0a00e8a88ea9e69c6dbc2ec0e0892b81d0d Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Fri, 5 Jan 2024 14:00:14 -0800 Subject: [PATCH 37/77] Added list of countires AWS offering is available / not available --- .../aws-marketplace-payg-integration.md | 259 +++++++++++++++++- 1 file changed, 256 insertions(+), 3 deletions(-) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md b/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md index 64f0d797041..0ccdf02ec58 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -49,7 +49,262 @@ No. The Rancher listing on AWS is not available to purchase in all countries. Your billing country is based on the AWS Account ID used to do the deployment. -Please read the addendum at the end of this FAQ for a list of countries that can and cannot transact Rancher Prime via the AWS Marketplace. +Please refer to the following lists of countries that can and cannot transact Rancher Prime via the AWS Marketplace. + +
+ Countries that can transact SUSE Rancher Support through the AWS Marketplace +
+
  • Australia, AU
    • +
  • Austria, AT
    • +
  • Bangladesh, BD
    • +
  • Belgium, BE
    • +
  • Bulgaria, BG
    • +
  • Cameroon, CM
    • +
  • Canada, CA
    • +
  • Chile, CL
    • +
  • Croatia, HR
    • +
  • Cyprus, CY
    • +
  • Czech Republic, CZ
    • +
  • Denmark, DK
    • +
  • Egypt, EG
    • +
  • Estonia, EE
    • +
  • Finland, FI
    • +
  • France, FR
    • +
  • Germany, DE
    • +
  • Greece, GR
    • +
  • Hungary, HU
    • +
  • Iceland, IS
    • +
  • India, IN
    • +
  • Indonesia, ID
    • +
  • Ireland, IE
    • +
  • Isle of Man, IM
    • +
  • Italy, IT
    • +
  • Kenya, KE
    • +
  • Kingdom of Saudi Arabia, SA
    • +
  • Korea, Republic of, KR
    • +
  • Latvia, LV
    • +
  • Lithuania, LT
    • +
  • Liechtenstein, LI
    • +
  • Luxembourg, LU
    • +
  • Malaysia, MY
    • +
  • Malta, MT
    • +
  • Netherlands, NL
    • +
  • New Zealand, NZ
    • +
  • Norway, NO
    • +
  • Poland, PL
    • +
  • Portugal, PT
    • +
  • Romania, RO
    • +
  • Russian Federation, RU
    • +
  • Singapore, SG
    • +
  • Slovakia, SK
    • +
  • Slovenia, SI
    • +
  • South Africa, ZA
    • +
  • Spain, ES
    • +
  • Sweden, SE
    • +
  • Switzerland, CH
    • +
  • Taiwan, Province of China, TW
    • +
  • Turkey, TR
    • +
  • United Kingdom, GB
    • +
  • United States, US
    • +
    +
    + +
    + Countries that cannot transact SUSE Rancher Support via the AWS Marketplace +
    +
  • Afghanistan, AF
    • +
  • Åland Islands, AX
    • +
  • Albania, AL
    • +
  • Algeria, DZ
    • +
  • American Samoa, AS
    • +
  • Andorra, AD
    • +
  • Angola, AO
    • +
  • Anguilla, AI
    • +
  • Antarctica, AQ
    • +
  • Antigua and Barbuda, AG
    • +
  • Argentina, AR
    • +
  • Armenia, AM
    • +
  • Aruba, AW
    • +
  • Azerbaijan, AZ
    • +
  • Bahamas, BS
    • +
  • Bahrain, BH
    • +
  • Barbados, BB
    • +
  • Belarus, BY
    • +
  • Belize, BZ
    • +
  • Benin, BJ
    • +
  • Bermuda, BM
    • +
  • Bhutan, BT
    • +
  • Bonaire, BQ
    • +
  • Bolivarian Republic of Venezuela, VE
    • +
  • Bosnia and Herzegovina, BA
    • +
  • Botswana, BW
    • +
  • Bouvet Island, BV
    • +
  • Brazil, BR
    • +
  • British Indian Ocean Territory, IO
    • +
  • Brunei Darussalam, BN
    • +
  • Burkina Faso, BF
    • +
  • Burundi, BI
    • +
  • Cambodia, KH
    • +
  • Cape Verde, CV
    • +
  • Cayman Islands, KY
    • +
  • Central African Republic, CF
    • +
  • Chad, TD
    • +
  • China, CN
    • +
  • Christmas Island, CX
    • +
  • Cocos (Keeling) Islands, CC
    • +
  • Colombia, CO
    • +
  • Comoros, KM
    • +
  • Congo, CG
    • +
  • Cook Islands, CK
    • +
  • Costa Rica, CR
    • +
  • Côte d'Ivoire, CI
    • +
  • Curaçao, CW
    • +
  • Democratic Republic of the Congo, CD
    • +
  • Djibouti, DJ
    • +
  • Dominica, DM
    • +
  • Dominican Republic, DO
    • +
  • Ecuador, EC
    • +
  • El Salvador, SV
    • +
  • Equatorial Guinea, GQ
    • +
  • Eritrea, ER
    • +
  • Ethiopia, ET
    • +
  • Falkland Islands (Malvinas), FK
    • +
  • Faroe Islands, FO
    • +
  • Federated States of Micronesia, FM
    • +
  • Fiji, FJ
    • +
  • Former Yugoslav Republic of Macedonia, MK
    • +
  • French Guiana, GF
    • +
  • French Polynesia, PF
    • +
  • French Southern Territories, TF
    • +
  • Gabon, GA
    • +
  • Gambia, GM
    • +
  • Georgia, GE
    • +
  • Ghana, GH
    • +
  • Gibraltar, GI
    • +
  • Greenland, GL
    • +
  • Grenada, GD
    • +
  • Guadeloupe, GP
    • +
  • Guam, GU
    • +
  • Guatemala, GT
    • +
  • Guernsey, GG
    • +
  • Guinea, GN
    • +
  • Guinea-Bissau, GW
    • +
  • Guyana, GY
    • +
  • Haiti, HT
    • +
  • Heard Island and McDonald Islands, HM
    • +
  • Holy See (Vatican City State), VA
    • +
  • Honduras, HN
    • +
  • Hong Kong, HK
    • +
  • Iraq, IQ
    • +
  • Israel, IL
    • +
  • Jamaica, JM
    • +
  • Japan, JP
    • +
  • Jersey, JE
    • +
  • Jordan, JO
    • +
  • Kazakhstan, KZ
    • +
  • Kiribati, KI
    • +
  • Kuwait, KW
    • +
  • Kyrgyzstan, KG
    • +
  • Lao People's Democratic Republic, LA
    • +
  • Lebanon, LB
    • +
  • Lesotho, LS
    • +
  • Liberia, LR
    • +
  • Libyan Arab Jamahiriya, LY
    • +
  • Macao, MO
    • +
  • Madagascar, MG
    • +
  • Malawi, MW
    • +
  • Maldives, MV
    • +
  • Mali, ML
    • +
  • Marshall Islands, MH
    • +
  • Martinique, MQ
    • +
  • Mauritania, MR
    • +
  • Mauritius, MU
    • +
  • Mayotte, YT
    • +
  • Mexico, MX
    • +
  • Mongolia, MN
    • +
  • Montenegro, ME
    • +
  • Montserrat, MS
    • +
  • Morocco, MA
    • +
  • Mozambique, MZ
    • +
  • Myanmar, MM
    • +
  • Namibia, NA
    • +
  • Nauru, NR
    • +
  • Nepal, NP
    • +
  • New Caledonia, NC
    • +
  • Nicaragua, NI
    • +
  • Niger, NE
    • +
  • Nigeria, NG
    • +
  • Niue, NU
    • +
  • Norfolk Island, NF
    • +
  • Northern Mariana Islands, MP
    • +
  • Oman, OM
    • +
  • Pakistan, PK
    • +
  • Palau, PW
    • +
  • Occupied Palestinian Territory, PS
    • +
  • Panama, PA
    • +
  • Papua New Guinea, PG
    • +
  • Paraguay, PY
    • +
  • Peru, PE
    • +
  • Philippines, PH
    • +
  • Pitcairn, PN
    • +
  • Plurinational State of Bolivia, BO
    • +
  • Puerto Rico, PR
    • +
  • Qatar, QA
    • +
  • Republic of Moldova, MD
    • +
  • Réunion, RE
    • +
  • Rwanda, RW
    • +
  • Saint Barthélemy, BL
    • +
  • Saint Helena, Ascension and Tristan da Cunha, SH
    • +
  • Saint Kitts and Nevis, KN
    • +
  • Saint Lucia, LC
    • +
  • Saint Martin, MF
    • +
  • Saint Pierre and Miquelon, PM
    • +
  • Saint Vincent and the Grenadines, VC
    • +
  • Samoa, WS
    • +
  • San Marino, SM
    • +
  • Sao Tome and Principe, ST
    • +
  • Senegal, SN
    • +
  • Serbia, RS
    • +
  • Seychelles, SC
    • +
  • Sierra Leone, SL
    • +
  • Sint Maarten, SX
    • +
  • Solomon Islands, SB
    • +
  • Somalia, SO
    • +
  • South Georgia and the South Sandwich Islands, GS
    • +
  • South Sudan, SS
    • +
  • Sri Lanka, LK
    • +
  • Suriname, SR
    • +
  • Svalbard and Jan Mayen, SJ
    • +
  • Swaziland, SZ
    • +
  • Tajikistan, TJ
    • +
  • Thailand, TH
    • +
  • Timor-Leste, TL
    • +
  • Togo, TG
    • +
  • Tokelau, TK
    • +
  • Tonga, TO
    • +
  • Trinidad and Tobago, TT
    • +
  • Tunisia, TN
    • +
  • Turkmenistan, TM
    • +
  • Turks and Caicos Islands, TC
    • +
  • Tuvalu, TV
    • +
  • Uganda, UG
    • +
  • Ukraine, UA
    • +
  • United Arab Emirates, AE
    • +
  • United Republic of Tanzania, TZ
    • +
  • United States Minor Outlying Islands, UM
    • +
  • Uruguay, UY
    • +
  • Uzbekistan, UZ
    • +
  • Vanuatu, VU
    • +
  • Viet Nam, VN
    • +
  • Virgin Islands, British, VG
    • +
  • Virgin Islands, U.S., VI
    • +
  • Wallis and Futuna, WF
    • +
  • Western Sahara, EH
    • +
  • Yemen, YE
    • +
  • Zambia, ZM
    • +
  • Zimbabwe, ZW
    • +
    +
    #### My AWS account is in the USA, but I want to deploy Rancher in another AWS region, a region that is in a country where I currently cannot transact Rancher Prime. Is this possible? @@ -59,8 +314,6 @@ Yes. As long as your AWS account is billed to one of the allowed countries, it i While it is not possible to transact/bill Rancher Prime in China, it is possible to deploy into AWS regions in China. -Please read the addendum at the end of this FAQ for a list of countries that can and cannot transact Rancher Prime via the AWS Marketplace. - #### Can I still deploy Rancher using the "Rancher Setup" listing from the AWS Marketplace? "Rancher Setup" is no longer available via AWS Marketplace. Customers should deploy an EKS Cluster to host Rancher. Follow the steps in this [guide](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) except for the Rancher installation. The Rancher product installation should be carried out as per [installing the Rancher Prime PAYG offering on Amazon's AWS Marketplace](../integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md). From 044dd0b8e9354fe992865661d2299abe56673ef4 Mon Sep 17 00:00:00 2001 From: Lucas Saintarbor Date: Fri, 5 Jan 2024 16:50:04 -0800 Subject: [PATCH 38/77] Apply suggestions from code review Co-authored-by: Billy Tat --- .../aws-marketplace-payg-integration/common-issues.md | 2 +- .../installing-rancher-prime.md | 6 +++--- .../installing-rancher-prime.md | 2 +- .../azure-marketplace-payg-integration/troubleshooting.md | 2 +- .../aws-marketplace-payg-integration.md | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index d1e7b7a462c..669cc128c1d 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -8,4 +8,4 @@ title: AWS Marketplace Common Issues helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud ``` -1. When migrating Rancher to a different EKS by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. +1. When migrating Rancher to a different EKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index e9d8ce02cb3..1a87947f8b9 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -14,7 +14,7 @@ Your EKS cluster requires an OIDC provider to be installed. To check for an OIDC aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query cluster.identity.oidc.issuer --output text ``` -A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` will be referred to in later instructions as the OIDC Provider Identity (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`). The final section of the URL, `1234567890ABCDEF`, is the `$OIDC_ID`. +A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`) will be referred to in later instructions as the OIDC Provider Identity. The final section of the URL, `1234567890ABCDEF`, is the `$OIDC_ID`. Using the `$OIDC_ID` of the issuer found above, you can check if a provider is installed with the following command: @@ -65,7 +65,7 @@ eksctl create iamserviceaccount \ ::: - The Rancher hostname must be resolvable by a public DNS. For more details, please refer to the [Prerequisites](prerequisites.md) section. For example, if the DNS name is rancher.my.org, `$HOST_NAME`=`rancher.my.org`. + The Rancher hostname must be resolvable by a public DNS. For more details, please refer to the [Prerequisites](prerequisites.md) section. For example, if the DNS name is `rancher.my.org`, then replace `$HOST_NAME` with `rancher.my.org` when running the `helm install` command. ```shell helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ @@ -133,7 +133,7 @@ After the Helm chart installation is complete, Rancher Prime is successfully ins ## Log into the Rancher Dashboard -You may now log in to the Rancher dashboard by pointing your browser to the Rancher server URL `https://$RANCHER_HOSTNAME`, where the Rancher hostname is the [hostname](#installing-rancher) is your chosen hostname when installing Rancher. +You may now log in to the Rancher dashboard by pointing your browser to the Rancher server URL `https://$RANCHER_HOSTNAME`, where`$RANCHER_HOSTNAME` is the hostname chosen when [installing Rancher](#installing-rancher). :::note diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index aa01ea2d2eb..c88231bcd2d 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -68,7 +68,7 @@ On the **Extensions + applications** page, the **Provisioning State** may show * ## Log into the Rancher Dashboard -You may now login to Rancher dashboard by pointing your browser to the Rancher server URL *https://$RANCHER_HOSTNAME*, where *Rancher hostname* is the [hostname](#rancher-configuration) you have chosen when configuring Rancher. +You may now login to Rancher dashboard by pointing your browser to the Rancher server URL `https://$RANCHER_HOSTNAME`, where $RANCHER_HOSTNAME is the [hostname](#rancher-configuration) you have chosen when configuring Rancher. :::note diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md index 4b9de5665f2..6f27894b08d 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md @@ -9,7 +9,7 @@ This section contains information to help troubleshoot issues when installing th After a successful deployment, check the status of the deployment, it should list similar pod and chart output. ```shell -kubectl get deployments --all-namespaces=true +kubectl get deployments --all-namespaces ``` ```shell diff --git a/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md b/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md index 0ccdf02ec58..6f7ff87d155 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -8,7 +8,7 @@ title: AWS Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, benefiting from a new pay-monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA AWS Marketplace offerings for Rancher Prime: +Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, benefiting from a new pay-monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEA and EMEA AWS Marketplace offerings for Rancher Prime: - [Rancher Prime](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c) - [Rancher Prime (EMEA Orders Only)](https://aws.amazon.com/marketplace/pp/prodview-ocgjwd5c2aj5i) From fa71d3a9bea526f59306e2438770f0570701dd81 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 9 Jan 2024 14:45:17 -0800 Subject: [PATCH 39/77] Updated placeholder values with $FOO_FOO --- .../aws-marketplace-payg-integration/troubleshooting.md | 8 ++++---- .../azure-marketplace-payg-integration/troubleshooting.md | 8 ++++---- .../upgrading-rancher-payg-cluster.md | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index b06b08d755a..441e193eda1 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -14,10 +14,10 @@ kubectl get pods --all-namespaces If a pod is not in a `Running` state, you can attempt to find the root cause with the following commands: -- Describe pod: `kubectl describe pod -n ` -- Pod container logs: `kubectl logs -n ` -- Describe job: `kubectl describe job -n ` -- Logs from the containers of pods of the job: `kubectl logs -l job-name= -n ` +- Describe pod: `kubectl describe pod $POD_NAME -n $NAMESPACE` +- Pod container logs: `kubectl logs $POD_NAME -n $NAMESPACE` +- Describe job: `kubectl describe job $JOB_NAME -n $NAMESPACE` +- Logs from the containers of pods of the job: `kubectl logs -l job-name=$JOB_NAME -n $NAMESPACE` ## Recovering from Failed Pods diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md index 6f27894b08d..882193656c9 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md @@ -44,10 +44,10 @@ kubectl get pods --all-namespaces If a pod is not in Running state, you can attempt to find the root cause with the following commands: -- Describe pod: `kubectl describe pod -n ` -- Pod container logs: `kubectl logs -n ` -- Describe job: `kubectl describe job -n ` -- Logs from the containers of pods of the job: `kubectl logs -l job-name= -n ` +- Describe pod: `kubectl describe pod $POD_NAME -n $NAMESPACE` +- Pod container logs: `kubectl logs $POD_NAME -n $NAMESPACE` +- Describe job: `kubectl describe job $JOB_NAME -n $NAMESPACE` +- Logs from the containers of pods of the job: `kubectl logs -l job-name=$JOB_NAME -n $NAMESPACE` ## Rancher Usage Record Not found diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index d71f1ff83f4..68f4a113461 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -7,7 +7,7 @@ The Azure Marketplace PAYG offering is periodically updated as a new version of To update to the latest version of the Rancher Prime PAYG offering supported in the marketplace listing, run the following command in the cluster Cloud Shell: ```shell -az k8s-extension update --name --cluster-name --resource-group --cluster-type managedClusters --version +az k8s-extension update --name $CLUSTER_EXTENSION_RESOURCE_NAME --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --cluster-type managedClusters --version $VERSION_TO_BE_UPGRADED ``` :::note From 3eadcfeec66b414e4bda7f987b73a5ebf7e35bf1 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 9 Jan 2024 15:23:57 -0800 Subject: [PATCH 40/77] Update image localtion for installation steps --- .../installing-rancher-prime.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index c88231bcd2d..3c1f7418590 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -16,6 +16,8 @@ Refer to the following steps for creating a new deployment of Rancher Prime from On the **Basics** tab, specify the **Project details** and **Instance details**: +![Basics tab](/img/install-rancher-prime-basics.png) + 1. Select an existing **Subscription** from the dropdown list. 1. Select an existing **Resource group** from the dropdown list. @@ -23,18 +25,20 @@ On the **Basics** tab, specify the **Project details** and **Instance details**: The **Create new** resource group feature is not supported. - ::: ![Create new resource group not supported](/img/install-rancher-prime-basics-create-new.png) + + ::: + 1. Select an existing **AKS Cluster Name** from the dropdown list. 1. Choose an **Extension Resource name**. It can consist of alphanumeric characters and dots; the length must be between 2 and 253 characters. - - ![Basics tab](/img/install-rancher-prime-basics.png) 1. Select **Next**. ### Rancher Configuration On the **Rancher Configuraion** tab, specify the following information: +![Rancher Configuration](/img/install-rancher-prime-bootstrap-password.png) + 1. Enter the **Hostname** for Rancher. The Rancher hostname must be a fully qualified domain name (FQDN) and the Rancher server URL will be created using this hostname. :::note @@ -48,7 +52,6 @@ On the **Rancher Configuraion** tab, specify the following information: The current Rancher deployment exposes the bootstrap password in the Cluster configuration settings in Azure Portal. Until this is resolved, we suggest changing the Admin password after initial login by editing your profile in the Rancher dashboard. ::: - ![Rancher Configuration](/img/install-rancher-prime-bootstrap-password.png) 1. Select **Next**. ### Review + create From e7e214f943be73b77e13236f13c73218c4074537 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 9 Jan 2024 15:25:28 -0800 Subject: [PATCH 41/77] Bold "Welcome to Rancer Prime" --- .../installing-rancher-prime.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 3c1f7418590..daaca936bb5 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -81,7 +81,7 @@ The Rancher hostname must be resolvable by public DNS. Please refer to the [Prer ## How to Use Rancher -After logging into Rancher Prime, you should notice the Welcome to Rancher Prime message at the top of the screen. +After logging into Rancher Prime, you should notice the **Welcome to Rancher Prime** message at the top of the screen. ![Rancher Prime Home](/img/install-rancher-prime-home.png) From e269c68ed27e12cb7bfcbac30c2a9081d7b22ca5 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 9 Jan 2024 15:32:55 -0800 Subject: [PATCH 42/77] Add links to tools needed for AWS installation --- .../aws-marketplace-payg-integration/prerequisites.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md index ab57dd37f42..7b7a3c25c8a 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md @@ -9,7 +9,7 @@ Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need t - Get the Load Balancer IP. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the EXTERNAL-IP. - The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS is set up to point to the EXTERNAL-IP saved. - Installation requires you to have the following tools available and properly configured to access your AWS account and your EKS cluster: - - `aws` - - `curl` - - `eksctl` - - `helm` (v3 or greater) + - [`aws`](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) + - [`curl`](https://curl.se/docs/install.html) + - [`eksctl`](https://eksctl.io/installation/) + - [`helm` (v3 or greater)](https://helm.sh/docs/intro/quickstart/#install-helm) From cef6a47378f158dc853c33dc30bee3fbe99ef1e7 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 9 Jan 2024 15:43:51 -0800 Subject: [PATCH 43/77] Update common issues sections and instructions for uninstalling Rancher Prime and --- .../aws-marketplace-payg-integration/common-issues.md | 9 ++------- .../installing-rancher-prime.md | 6 ++++++ .../azure-marketplace-payg-integration/common-issues.md | 4 ++-- .../installing-rancher-prime.md | 2 ++ 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index 669cc128c1d..c87f2e16e2d 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -1,11 +1,6 @@ --- title: AWS Marketplace Common Issues --- +### Migrating Rancher to a different EKS Cluster -1. Uninstalling Rancher Prime may not cleanly remove all the resources that Rancher created. You are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, we recommend first preparing and migrating any other workloads off the cluster to destroy the cluster to complete the uninstallation since cleanup is not recoverable. - - ```shell - helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud - ``` - -1. When migrating Rancher to a different EKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. +When migrating Rancher to a different EKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 1a87947f8b9..1d142b0b23e 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -144,3 +144,9 @@ The Rancher hostname must be resolvable by public DNS. For more details, please ## Uninstalling Rancher Prime PAYG Offering To uninstall the Rancher Prime PAYG offering, migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. + +Uninstalling Rancher Prime may not cleanly remove all the resources that Rancher created. You are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, we recommend first preparing and migrating any other workloads off the cluster to destroy the cluster to complete the uninstallation since cleanup is not recoverable. + + ```shell + helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud + ``` diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md index 230f3a0ae38..5a2f3be77ff 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -2,6 +2,6 @@ title: Azure Marketplace Common Issues --- -1. Uninstalling Rancher Prime may not cleanly remove all the resources that Rancher created. Users are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. +### Migrating Rancher to a different AKS Cluster -1. When migrating Rancher to a different AKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), Rancher Prime must be reinstalled via the Azure Marketplace on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. +When migrating Rancher to a different AKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), Rancher Prime must be reinstalled via the Azure Marketplace on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index daaca936bb5..ed194f1dab1 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -96,3 +96,5 @@ View billing information in the Azure Portal by going to **Home** > **Cost Manag ## Uninstalling Rancher Prime PAYG Offering To uninstall the Rancher Prime PAYG offering, migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. + +Uninstalling Rancher Prime may not cleanly remove all the resources that Rancher created. You are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. From e0dc5a7bc4a1bac9f4799a03248cecd05a1f7c64 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 11 Jan 2024 14:22:42 -0800 Subject: [PATCH 44/77] [2.7] Move files out of pages-for-subheaders --- versioned_docs/version-2.7/faq/general-faq.md | 6 +- .../faq/rancher-is-no-longer-needed.md | 4 +- versioned_docs/version-2.7/faq/security.md | 4 +- .../version-2.7/faq/technical-items.md | 2 +- ...install-upgrade-on-a-kubernetes-cluster.md | 42 ++--- .../rancher-on-aks.md | 8 +- .../rancher-on-amazon-eks.md | 6 +- .../rancher-on-gke.md | 8 +- .../rollbacks.md | 2 +- .../upgrades.md | 2 +- .../installation-and-upgrade.md | 40 ++-- .../installation-references/feature-flags.md | 2 +- .../helm-chart-options.md | 8 +- .../installation-references.md | 9 + .../installation-requirements.md | 38 ++-- .../port-requirements.md | 10 +- .../air-gapped-helm-cli-install.md | 14 +- .../infrastructure-private-registry.md | 8 +- .../publish-images.md | 4 +- .../other-installation-methods.md | 6 +- .../rancher-behind-an-http-proxy.md | 8 +- .../set-up-infrastructure.md | 2 +- .../rancher-on-a-single-node-with-docker.md | 28 +-- .../roll-back-docker-installed-rancher.md | 2 +- .../upgrade-docker-installed-rancher.md | 16 +- .../resources/add-tls-secrets.md | 2 +- .../resources/choose-a-rancher-version.md | 4 +- .../resources/local-system-charts.md | 2 +- .../resources/resources.md | 29 +++ .../resources/update-rancher-certificate.md | 2 +- .../resources/upgrade-cert-manager.md | 2 +- .../upgrade-and-roll-back-kubernetes.md | 4 +- ...de-kubernetes-without-upgrading-rancher.md | 2 +- .../version-2.7/getting-started/overview.md | 20 +- .../deploy-rancher-manager/aws.md | 4 +- .../deploy-rancher-manager/azure.md | 4 +- .../deploy-rancher-manager.md | 23 +++ .../deploy-rancher-manager/digitalocean.md | 4 +- .../deploy-rancher-manager/equinix-metal.md | 6 +- .../deploy-rancher-manager/gcp.md | 4 +- .../deploy-rancher-manager/helm-cli.md | 6 +- .../deploy-rancher-manager/hetzner-cloud.md | 4 +- .../deploy-rancher-manager/outscale-qs.md | 4 +- .../deploy-rancher-manager/vagrant.md | 4 +- .../deploy-workloads/deploy-workloads.md} | 4 +- .../deploy-workloads/workload-ingress.md | 2 +- .../quick-start-guides}/quick-start-guides.md | 6 +- .../advanced-user-guides.md | 0 .../cis-scan-guides/cis-scan-guides.md | 17 ++ .../configure-layer-7-nginx-load-balancer.md | 10 +- .../enable-api-audit-log.md | 2 +- .../continuous-delivery.md | 2 +- .../enable-experimental-features.md | 6 +- .../istio-traffic-management-features.md | 4 +- .../rancher-on-arm64.md | 2 +- .../unsupported-storage-drivers.md | 2 +- .../enable-istio-in-cluster.md | 4 +- .../istio-setup-guide/istio-setup-guide.md | 34 ++++ .../manage-pod-security-policies.md | 2 +- .../manage-project-resource-quotas.md | 6 +- .../manage-projects}/manage-projects.md | 16 +- .../monitoring-alerting-guides.md | 14 ++ .../enable-prometheus-federator.md | 2 +- .../prometheus-federator-guides.md | 12 ++ .../advanced-configuration.md | 6 +- .../monitoring-v2-configuration-guides.md | 14 +- .../open-ports-with-firewalld.md | 2 +- .../tune-etcd-for-large-installs.md | 2 +- .../about-provisioning-drivers.md | 51 +++++ .../manage-cluster-drivers.md | 2 +- .../about-rke1-templates.md | 42 ++--- .../about-rke1-templates/apply-templates.md | 4 +- .../about-rke1-templates/infrastructure.md | 2 +- .../manage-rke1-templates.md | 2 +- .../authentication-config.md | 30 +-- .../configure-active-directory.md | 4 +- .../configure-azure-ad.md | 2 +- .../configure-freeipa.md | 2 +- .../authentication-config/configure-github.md | 2 +- .../configure-okta-saml.md | 2 +- .../manage-users-and-groups.md | 2 +- ...on-permissions-and-global-configuration.md | 28 +-- ...re-microsoft-ad-federation-service-saml.md | 6 +- .../configure-openldap}/configure-openldap.md | 6 +- .../openldap-config-reference.md | 2 +- .../configure-shibboleth-saml.md | 8 +- .../create-pod-security-policies.md | 4 +- .../global-default-private-registry.md | 2 +- .../custom-roles.md | 2 +- .../global-permissions.md | 4 +- .../manage-role-based-access-control-rbac.md | 6 +- .../psa-config-templates.md | 2 +- ...up-rancher-launched-kubernetes-clusters.md | 10 +- .../backup-restore-and-disaster-recovery.md | 18 +- .../migrate-rancher-to-new-cluster.md | 2 +- ...aunched-kubernetes-clusters-from-backup.md | 4 +- .../deploy-apps-across-clusters.md | 4 +- .../multi-cluster-apps.md | 2 +- .../helm-charts-in-rancher.md | 2 +- .../ha-k3s-kubernetes-cluster.md | 4 +- .../ha-rke1-kubernetes-cluster.md | 2 +- .../ha-rke2-kubernetes-cluster.md | 2 +- .../infrastructure-setup.md | 4 +- .../nodes-in-amazon-ec2.md | 8 +- .../high-availability-installs.md | 2 +- .../kubernetes-cluster-setup.md | 0 .../rke1-for-rancher.md | 4 +- ...checklist-for-production-ready-clusters.md | 12 +- .../recommended-cluster-architecture.md | 2 +- .../roles-for-nodes-in-kubernetes.md | 2 +- .../kubernetes-clusters-in-rancher-setup.md | 18 +- ...quirements-for-rancher-managed-clusters.md | 12 +- .../register-existing-clusters.md | 10 +- .../set-up-cloud-providers/amazon.md | 2 +- .../set-up-cloud-providers.md | 8 +- .../aks.md | 2 +- .../gke.md | 6 +- ...usters-from-hosted-kubernetes-providers.md | 12 +- .../use-windows-clusters.md | 28 +-- .../horizontal-pod-autoscaler.md | 6 +- .../kubernetes-resources-setup.md | 28 +-- .../load-balancer-and-ingress-controller.md | 12 +- .../workloads-and-pods/deploy-workloads.md | 4 +- .../workloads-and-pods}/workloads-and-pods.md | 6 +- .../about-rancher-agents.md | 8 +- .../launch-kubernetes-with-rancher.md | 10 +- .../create-a-digitalocean-cluster.md | 6 +- .../create-an-amazon-ec2-cluster.md | 12 +- .../create-an-azure-cluster.md | 6 +- .../nutanix}/nutanix.md | 6 +- .../provision-kubernetes-clusters-in-aos.md | 4 +- .../use-new-nodes-in-an-infra-provider.md | 8 +- ...rovision-kubernetes-clusters-in-vsphere.md | 6 +- .../vsphere}/vsphere.md | 10 +- .../access-clusters}/access-clusters.md | 16 +- .../access-clusters/add-users-to-clusters.md | 4 +- .../authorized-cluster-endpoint.md | 2 +- .../use-kubectl-and-kubeconfig.md | 2 +- .../add-a-pod-security-policy.md | 4 +- .../manage-clusters/clean-cluster-nodes.md | 6 +- .../create-kubernetes-persistent-storage.md | 20 +- .../about-glusterfs-volumes.md | 2 +- .../dynamically-provision-new-storage.md | 2 +- .../install-iscsi-volumes.md | 2 +- .../install-cluster-autoscaler.md | 2 +- .../use-aws-ec2-auto-scaling-groups.md | 2 +- .../manage-clusters}/manage-clusters.md | 4 +- .../manage-clusters/nodes-and-node-pools.md | 28 +-- .../projects-and-namespaces.md | 8 +- .../nfs-storage.md | 2 +- .../provisioning-storage-examples.md | 6 +- .../vsphere-storage.md | 2 +- .../new-user-guides/manage-namespaces.md | 10 +- .../new-user-guides}/new-user-guides.md | 0 .../cis-scans}/cis-scans.md | 14 +- .../aws-cloud-marketplace.md | 6 +- .../cloud-marketplace}/cloud-marketplace.md | 0 .../fleet-gitops-at-scale.md | 8 +- .../integrations-in-rancher/harvester.md | 4 +- .../configuration-options.md | 8 +- .../istio/cpu-and-memory-allocations.md | 2 +- .../istio}/istio.md | 20 +- .../custom-resource-configuration.md | 4 +- .../flows-and-clusterflows.md | 2 +- .../outputs-and-clusteroutputs.md | 2 +- .../logging/logging-helm-chart-options.md | 2 +- .../logging}/logging.md | 20 +- .../monitoring-and-alerting.md | 44 ++--- .../integrations-in-rancher/neuvector.md | 2 +- .../about-provisioning-drivers.md | 51 ----- .../backup-restore-configuration.md | 12 -- .../pages-for-subheaders/cis-scan-guides.md | 17 -- .../deploy-rancher-manager.md | 23 --- .../downstream-cluster-configuration.md | 9 - .../installation-references.md | 9 - .../pages-for-subheaders/istio-setup-guide.md | 34 ---- .../kubernetes-components.md | 21 --- .../machine-configuration.md | 9 - .../monitoring-alerting-guides.md | 14 -- .../monitoring-v2-configuration.md | 15 -- .../node-template-configuration.md | 9 - .../prometheus-federator-guides.md | 12 -- .../rancher-managed-clusters.md | 23 --- .../rancher-server-configuration.md | 16 -- .../pages-for-subheaders/rancher-server.md | 21 --- .../pages-for-subheaders/resources.md | 29 --- .../single-node-rancher-in-docker.md | 9 - .../pages-for-subheaders/user-settings.md | 19 -- .../about-the-api}/about-the-api.md | 4 +- .../about-the-api/api-tokens.md | 2 +- .../backup-restore-configuration.md | 12 ++ .../best-practices}/best-practices.md | 2 +- .../monitoring-best-practices.md | 8 +- .../rancher-managed-clusters.md | 23 +++ .../on-premises-rancher-in-vsphere.md | 2 +- .../rancher-server/rancher-server.md | 21 +++ .../tips-for-running-rancher.md | 4 +- ...and-best-practices-for-rancher-at-scale.md | 4 +- .../cli-with-rancher}/cli-with-rancher.md | 2 +- .../cli-with-rancher/rancher-cli.md | 10 +- .../cluster-configuration.md | 14 +- .../downstream-cluster-configuration.md | 9 + .../machine-configuration.md | 9 + .../node-template-configuration/amazon-ec2.md | 4 +- .../node-template-configuration.md | 9 + .../aks-cluster-configuration.md | 2 +- .../gke-cluster-configuration.md | 6 +- .../gke-private-clusters.md | 2 +- .../rancher-server-configuration.md | 16 ++ .../rke1-cluster-configuration.md | 10 +- .../rke2-cluster-configuration.md | 4 +- .../rancher-agent-options.md | 2 +- .../use-existing-nodes}/use-existing-nodes.md | 20 +- .../reference-guides/kubernetes-concepts.md | 2 +- .../monitoring-v2-configuration.md | 15 ++ .../prometheus-federator.md | 4 +- .../prometheus-federator/rbac.md | 2 +- .../reference-guides/rancher-cluster-tools.md | 8 +- .../architecture-recommendations.md | 4 +- .../rancher-manager-architecture.md | 10 +- .../rancher-server-and-components.md | 4 +- .../reference-guides/rancher-project-tools.md | 4 +- .../hardening-guides/hardening-guides.md} | 20 +- .../k3s-hardening-guide.md | 0 ...sessment-guide-with-cis-v1.23-k8s-v1.23.md | 2 +- ...sessment-guide-with-cis-v1.24-k8s-v1.24.md | 2 +- ...ide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md | 2 +- .../rke1-hardening-guide.md | 8 +- ...sessment-guide-with-cis-v1.23-k8s-v1.23.md | 2 +- ...sessment-guide-with-cis-v1.24-k8s-v1.24.md | 2 +- ...ide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md | 2 +- .../rke2-hardening-guide.md | 2 +- ...sessment-guide-with-cis-v1.23-k8s-v1.23.md | 2 +- ...sessment-guide-with-cis-v1.24-k8s-v1.24.md | 2 +- ...ide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md | 2 +- .../rancher-security-best-practices.md | 2 +- .../rancher-security}/rancher-security.md | 14 +- .../security-advisories-and-cves.md | 4 +- .../selinux-rpm}/selinux-rpm.md | 2 +- .../advanced-options.md | 10 +- .../http-proxy-configuration.md | 4 +- .../single-node-rancher-in-docker.md | 9 + .../user-settings/api-keys.md | 2 +- .../user-settings/manage-cloud-credentials.md | 8 +- .../user-settings/manage-node-templates.md | 12 +- .../user-settings/user-settings.md | 19 ++ .../security/security-scan/security-scan.md | 2 +- .../_cluster-capabilities-table.md | 10 +- .../general-troubleshooting.md | 4 +- .../kubernetes-components.md | 21 +++ .../kubernetes-resources.md | 2 +- versioned_sidebars/version-2.7-sidebars.json | 176 +++++++++--------- 252 files changed, 1164 insertions(+), 1164 deletions(-) rename versioned_docs/version-2.7/{pages-for-subheaders => getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster}/install-upgrade-on-a-kubernetes-cluster.md (80%) rename versioned_docs/version-2.7/{pages-for-subheaders => getting-started/installation-and-upgrade}/installation-and-upgrade.md (59%) create mode 100644 versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/installation-references.md rename versioned_docs/version-2.7/{pages-for-subheaders => getting-started/installation-and-upgrade/installation-requirements}/installation-requirements.md (83%) rename versioned_docs/version-2.7/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install}/air-gapped-helm-cli-install.md (53%) rename versioned_docs/version-2.7/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods}/other-installation-methods.md (61%) rename versioned_docs/version-2.7/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy}/rancher-behind-an-http-proxy.md (55%) rename versioned_docs/version-2.7/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker}/rancher-on-a-single-node-with-docker.md (82%) create mode 100644 versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/resources.md create mode 100644 versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md rename versioned_docs/version-2.7/{pages-for-subheaders/deploy-rancher-workloads.md => getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md} (60%) rename versioned_docs/version-2.7/{pages-for-subheaders => getting-started/quick-start-guides}/quick-start-guides.md (60%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/advanced-user-guides}/advanced-user-guides.md (100%) create mode 100644 versioned_docs/version-2.7/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/advanced-user-guides/enable-experimental-features}/enable-experimental-features.md (89%) create mode 100644 versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas}/manage-project-resource-quotas.md (90%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/advanced-user-guides/manage-projects}/manage-projects.md (56%) create mode 100644 versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md create mode 100644 versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration}/advanced-configuration.md (51%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides}/monitoring-v2-configuration-guides.md (74%) create mode 100644 versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates}/about-rke1-templates.md (58%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config}/authentication-config.md (78%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration}/authentication-permissions-and-global-configuration.md (63%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml}/configure-microsoft-ad-federation-service-saml.md (76%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap}/configure-openldap.md (90%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml}/configure-shibboleth-saml.md (91%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac}/manage-role-based-access-control-rbac.md (73%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/backup-restore-and-disaster-recovery}/backup-restore-and-disaster-recovery.md (74%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/deploy-apps-across-clusters}/deploy-apps-across-clusters.md (71%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/helm-charts-in-rancher}/helm-charts-in-rancher.md (97%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/infrastructure-setup}/infrastructure-setup.md (58%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-cluster-setup}/kubernetes-cluster-setup.md (100%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters}/checklist-for-production-ready-clusters.md (77%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup}/kubernetes-clusters-in-rancher-setup.md (78%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers}/set-up-cloud-providers.md (73%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers}/set-up-clusters-from-hosted-kubernetes-providers.md (67%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters}/use-windows-clusters.md (84%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler}/horizontal-pod-autoscaler.md (70%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup}/kubernetes-resources-setup.md (54%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller}/load-balancer-and-ingress-controller.md (78%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods}/workloads-and-pods.md (92%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher}/launch-kubernetes-with-rancher.md (85%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix}/nutanix.md (65%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider}/use-new-nodes-in-an-infra-provider.md (92%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere}/vsphere.md (64%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/access-clusters}/access-clusters.md (71%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage}/create-kubernetes-persistent-storage.md (66%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler}/install-cluster-autoscaler.md (91%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters}/manage-clusters.md (68%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples}/provisioning-storage-examples.md (64%) rename versioned_docs/version-2.7/{pages-for-subheaders => how-to-guides/new-user-guides/new-user-guides}/new-user-guides.md (100%) rename versioned_docs/version-2.7/{pages-for-subheaders => integrations-in-rancher/cis-scans}/cis-scans.md (87%) rename versioned_docs/version-2.7/{pages-for-subheaders => integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace}/aws-cloud-marketplace.md (75%) rename versioned_docs/version-2.7/{pages-for-subheaders => integrations-in-rancher/cloud-marketplace}/cloud-marketplace.md (100%) rename versioned_docs/version-2.7/{pages-for-subheaders => integrations-in-rancher/fleet-gitops-at-scale}/fleet-gitops-at-scale.md (86%) rename versioned_docs/version-2.7/{pages-for-subheaders => integrations-in-rancher/istio/configuration-options}/configuration-options.md (81%) rename versioned_docs/version-2.7/{pages-for-subheaders => integrations-in-rancher/istio}/istio.md (86%) rename versioned_docs/version-2.7/{pages-for-subheaders => integrations-in-rancher/logging/custom-resource-configuration}/custom-resource-configuration.md (51%) rename versioned_docs/version-2.7/{pages-for-subheaders => integrations-in-rancher/logging}/logging.md (80%) rename versioned_docs/version-2.7/{pages-for-subheaders => integrations-in-rancher/monitoring-and-alerting}/monitoring-and-alerting.md (62%) delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/about-provisioning-drivers.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/backup-restore-configuration.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/cis-scan-guides.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/deploy-rancher-manager.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/downstream-cluster-configuration.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/installation-references.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/istio-setup-guide.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/kubernetes-components.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/machine-configuration.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/monitoring-alerting-guides.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/monitoring-v2-configuration.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/node-template-configuration.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/prometheus-federator-guides.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/rancher-managed-clusters.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/rancher-server-configuration.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/rancher-server.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/resources.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/single-node-rancher-in-docker.md delete mode 100644 versioned_docs/version-2.7/pages-for-subheaders/user-settings.md rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/about-the-api}/about-the-api.md (92%) create mode 100644 versioned_docs/version-2.7/reference-guides/backup-restore-configuration/backup-restore-configuration.md rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/best-practices}/best-practices.md (95%) create mode 100644 versioned_docs/version-2.7/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md create mode 100644 versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/rancher-server.md rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/cli-with-rancher}/cli-with-rancher.md (67%) rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/cluster-configuration}/cluster-configuration.md (50%) create mode 100644 versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md create mode 100644 versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md create mode 100644 versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration}/gke-cluster-configuration.md (97%) create mode 100644 versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes}/use-existing-nodes.md (67%) create mode 100644 versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/prometheus-federator}/prometheus-federator.md (97%) rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/rancher-manager-architecture}/rancher-manager-architecture.md (50%) rename versioned_docs/version-2.7/{pages-for-subheaders/rancher-hardening-guides.md => reference-guides/rancher-security/hardening-guides/hardening-guides.md} (62%) rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/rancher-security/hardening-guides/k3s-hardening-guide}/k3s-hardening-guide.md (100%) rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/rancher-security/hardening-guides/rke1-hardening-guide}/rke1-hardening-guide.md (93%) rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/rancher-security/hardening-guides/rke2-hardening-guide}/rke2-hardening-guide.md (98%) rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/rancher-security}/rancher-security.md (88%) rename versioned_docs/version-2.7/{pages-for-subheaders => reference-guides/rancher-security/selinux-rpm}/selinux-rpm.md (85%) create mode 100644 versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md create mode 100644 versioned_docs/version-2.7/reference-guides/user-settings/user-settings.md create mode 100644 versioned_docs/version-2.7/troubleshooting/kubernetes-components/kubernetes-components.md diff --git a/versioned_docs/version-2.7/faq/general-faq.md b/versioned_docs/version-2.7/faq/general-faq.md index 93c58e2ab93..146761ac85f 100644 --- a/versioned_docs/version-2.7/faq/general-faq.md +++ b/versioned_docs/version-2.7/faq/general-faq.md @@ -16,15 +16,15 @@ Swarm and Mesos are no longer selectable options when you create a new environme ## Is it possible to manage Azure Kubernetes Services with Rancher v2.x? -Yes. See our [Cluster Administration](../pages-for-subheaders/manage-clusters.md) guide for what Rancher features are available on AKS, as well as our [documentation on AKS](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md). +Yes. See our [Cluster Administration](../how-to-guides/new-user-guides/manage-clusters/manage-clusters.md) guide for what Rancher features are available on AKS, as well as our [documentation on AKS](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md). ## Does Rancher support Windows? -Yes. Rancher supports Windows Server 1809 containers. For details on how to set up a cluster with Windows worker nodes, refer to the section on [configuring custom clusters for Windows.](../pages-for-subheaders/use-windows-clusters.md) +Yes. Rancher supports Windows Server 1809 containers. For details on how to set up a cluster with Windows worker nodes, refer to the section on [configuring custom clusters for Windows.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md) ## Does Rancher support Istio? -Yes. Rancher supports [Istio](../pages-for-subheaders/istio.md). +Yes. Rancher supports [Istio](../integrations-in-rancher/istio/istio.md). ## Will Rancher v2.x support Hashicorp's Vault for storing secrets? diff --git a/versioned_docs/version-2.7/faq/rancher-is-no-longer-needed.md b/versioned_docs/version-2.7/faq/rancher-is-no-longer-needed.md index ce33edd6aec..3f825b0f048 100644 --- a/versioned_docs/version-2.7/faq/rancher-is-no-longer-needed.md +++ b/versioned_docs/version-2.7/faq/rancher-is-no-longer-needed.md @@ -19,7 +19,7 @@ The capability to access a downstream cluster without Rancher depends on the typ - **Registered clusters:** The cluster will be unaffected and you can access the cluster using the same methods that you did before the cluster was registered into Rancher. - **Hosted Kubernetes clusters:** If you created the cluster in a cloud-hosted Kubernetes provider such as EKS, GKE, or AKS, you can continue to manage the cluster using your provider's cloud credentials. -- **RKE clusters:** To access an [RKE cluster,](../pages-for-subheaders/launch-kubernetes-with-rancher.md) the cluster must have the [authorized cluster endpoint](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled, and you must have already downloaded the cluster's kubeconfig file from the Rancher UI. (The authorized cluster endpoint is enabled by default for RKE clusters.) With this endpoint, you can access your cluster with kubectl directly instead of communicating through the Rancher server's [authentication proxy.](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#1-the-authentication-proxy) For instructions on how to configure kubectl to use the authorized cluster endpoint, refer to the section about directly accessing clusters with [kubectl and the kubeconfig file.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) These clusters will use a snapshot of the authentication as it was configured when Rancher was removed. +- **RKE clusters:** To access an [RKE cluster,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) the cluster must have the [authorized cluster endpoint](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled, and you must have already downloaded the cluster's kubeconfig file from the Rancher UI. (The authorized cluster endpoint is enabled by default for RKE clusters.) With this endpoint, you can access your cluster with kubectl directly instead of communicating through the Rancher server's [authentication proxy.](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#1-the-authentication-proxy) For instructions on how to configure kubectl to use the authorized cluster endpoint, refer to the section about directly accessing clusters with [kubectl and the kubeconfig file.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) These clusters will use a snapshot of the authentication as it was configured when Rancher was removed. ### What if I don't want Rancher anymore? @@ -29,7 +29,7 @@ The previously recommended [System Tools](../reference-guides/system-tools.md) h ::: -If you [installed Rancher on a Kubernetes cluster,](../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) remove Rancher by using the [Rancher Cleanup](https://github.com/rancher/rancher-cleanup) tool. +If you [installed Rancher on a Kubernetes cluster,](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) remove Rancher by using the [Rancher Cleanup](https://github.com/rancher/rancher-cleanup) tool. Uninstalling Rancher in high-availability (HA) mode will also remove all `helm-operation-*` pods and the following apps: diff --git a/versioned_docs/version-2.7/faq/security.md b/versioned_docs/version-2.7/faq/security.md index 447fb53d7de..684444e7303 100644 --- a/versioned_docs/version-2.7/faq/security.md +++ b/versioned_docs/version-2.7/faq/security.md @@ -9,10 +9,10 @@ title: Security **Is there a Hardening Guide?** -The Hardening Guide is now located in the main [Security](../pages-for-subheaders/rancher-security.md) section. +The Hardening Guide is now located in the main [Security](../reference-guides/rancher-security/rancher-security.md) section.
    **What are the results of Rancher's Kubernetes cluster when it is CIS benchmarked?** -We have run the CIS Kubernetes benchmark against a hardened Rancher Kubernetes cluster. The results of that assessment can be found in the main [Security](../pages-for-subheaders/rancher-security.md) section. +We have run the CIS Kubernetes benchmark against a hardened Rancher Kubernetes cluster. The results of that assessment can be found in the main [Security](../reference-guides/rancher-security/rancher-security.md) section. diff --git a/versioned_docs/version-2.7/faq/technical-items.md b/versioned_docs/version-2.7/faq/technical-items.md index 8437ee3995c..db2500b7fbf 100644 --- a/versioned_docs/version-2.7/faq/technical-items.md +++ b/versioned_docs/version-2.7/faq/technical-items.md @@ -55,7 +55,7 @@ Node Templates can be accessed by opening your account menu (top right) and sele ### Why is my Layer-4 Load Balancer in `Pending` state? -The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers](../pages-for-subheaders/set-up-cloud-providers.md) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) +The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) ### Where is the state of Rancher stored? diff --git a/versioned_docs/version-2.7/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md similarity index 80% rename from versioned_docs/version-2.7/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md rename to versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md index cc8c3754f48..a9ff741e47a 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md @@ -24,12 +24,12 @@ Rancher can be installed on any Kubernetes cluster. This cluster can use upstrea For help setting up a Kubernetes cluster, we provide these tutorials: -- **RKE:** For the tutorial to install an RKE Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md) For help setting up the infrastructure for a high-availability RKE cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) -- **K3s:** For the tutorial to install a K3s Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/k3s-for-rancher.md) For help setting up the infrastructure for a high-availability K3s cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) -- **RKE2:** For the tutorial to install an RKE2 Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke2-for-rancher.md) For help setting up the infrastructure for a high-availability RKE2 cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md) -- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) -- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) -- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) GKE has two modes of operation when creating a Kubernetes cluster, Autopilot and Standard mode. The cluster configuration for Autopilot mode has restrictions on editing the kube-system namespace. However, Rancher needs to create resources in the kube-system namespace during installation. As a result, you will not be able to install Rancher on a GKE cluster created in Autopilot mode. +- **RKE:** For the tutorial to install an RKE Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md) For help setting up the infrastructure for a high-availability RKE cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) +- **K3s:** For the tutorial to install a K3s Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/k3s-for-rancher.md) For help setting up the infrastructure for a high-availability K3s cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) +- **RKE2:** For the tutorial to install an RKE2 Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke2-for-rancher.md) For help setting up the infrastructure for a high-availability RKE2 cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md) +- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-amazon-eks.md) +- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-aks.md) +- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-gke.md) GKE has two modes of operation when creating a Kubernetes cluster, Autopilot and Standard mode. The cluster configuration for Autopilot mode has restrictions on editing the kube-system namespace. However, Rancher needs to create resources in the kube-system namespace during installation. As a result, you will not be able to install Rancher on a GKE cluster created in Autopilot mode. ### Ingress Controller @@ -47,17 +47,17 @@ Examples are included in the **Amazon EKS**, **AKS**, and **GKE** tutorials abov The following CLI tools are required for setting up the Kubernetes cluster. Please make sure these tools are installed and available in your `$PATH`. - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) - Kubernetes command-line tool. -- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements](../getting-started/installation-and-upgrade/resources/helm-version-requirements.md) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. +- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements](../resources/helm-version-requirements.md) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. ## Install the Rancher Helm Chart Rancher is installed using the [Helm](https://helm.sh/) package manager for Kubernetes. Helm charts provide templating syntax for Kubernetes YAML manifest documents. With Helm, we can create configurable deployments instead of just using static files. -For systems without direct internet access, see [Air Gap: Kubernetes install](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md). +For systems without direct internet access, see [Air Gap: Kubernetes install](../other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md). -To choose a Rancher version to install, refer to [Choosing a Rancher Version.](../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md) +To choose a Rancher version to install, refer to [Choosing a Rancher Version.](../resources/choose-a-rancher-version.md) -To choose a version of Helm to install Rancher with, refer to the [Helm version requirements](../getting-started/installation-and-upgrade/resources/helm-version-requirements.md) +To choose a version of Helm to install Rancher with, refer to the [Helm version requirements](../resources/helm-version-requirements.md) :::note @@ -77,7 +77,7 @@ To set up Rancher, ### 1. Add the Helm Chart Repository -Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Rancher Version](../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md). +Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Rancher Version](../resources/choose-a-rancher-version.md). - Latest: Recommended for trying out the newest features ``` @@ -107,7 +107,7 @@ The Rancher management server is designed to be secure by default and requires S :::note -If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination). +If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer](../installation-references/helm-chart-options.md#external-tls-termination). ::: @@ -126,7 +126,7 @@ There are three recommended options for the source of the certificate used for T ### 4. Install cert-manager -> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination). +> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer](../installation-references/helm-chart-options.md#external-tls-termination). This step is only required to use certificates issued by Rancher's generated CA (`ingress.tls.source=rancher`) or to request Let's Encrypt issued certificates (`ingress.tls.source=letsEncrypt`). @@ -135,7 +135,7 @@ This step is only required to use certificates issued by Rancher's generated CA :::note Important: -Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation](../getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md). +Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation](../resources/upgrade-cert-manager.md). ::: @@ -275,7 +275,7 @@ Although an entry in the `Subject Alternative Names` is technically required, ha :::note -If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?](../faq/technical-items.md#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate) +If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?](../../../faq/technical-items.md#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate) ::: @@ -308,18 +308,18 @@ helm install rancher rancher-/rancher \ --set privateCA=true ``` -Now that Rancher is deployed, see [Adding TLS Secrets](../getting-started/installation-and-upgrade/resources/add-tls-secrets.md) to publish the certificate files so Rancher and the Ingress controller can use them. +Now that Rancher is deployed, see [Adding TLS Secrets](../resources/add-tls-secrets.md) to publish the certificate files so Rancher and the Ingress controller can use them.     The Rancher chart configuration has many options for customizing the installation to suit your specific environment. Here are some common advanced scenarios. -- [HTTP Proxy](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#http-proxy) -- [Private Container Image Registry](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#private-registry-and-air-gap-installs) -- [TLS Termination on an External Load Balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination) +- [HTTP Proxy](../installation-references/helm-chart-options.md#http-proxy) +- [Private Container Image Registry](../installation-references/helm-chart-options.md#private-registry-and-air-gap-installs) +- [TLS Termination on an External Load Balancer](../installation-references/helm-chart-options.md#external-tls-termination) -See the [Chart Options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md) for the full list of options. +See the [Chart Options](../installation-references/helm-chart-options.md) for the full list of options. ### 6. Verify that the Rancher Server is Successfully Deployed @@ -352,4 +352,4 @@ That's it. You should have a functional Rancher server. In a web browser, go to the DNS name that forwards traffic to your load balancer. Then you should be greeted by the colorful login page. -Doesn't work? Take a look at the [Troubleshooting](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md) Page +Doesn't work? Take a look at the [Troubleshooting](troubleshooting.md) Page diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md index ac86ad0ef25..6aa9bfda5ac 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md @@ -10,7 +10,7 @@ This page covers how to install Rancher on Microsoft's Azure Kubernetes Service The guide uses command line tools to provision an AKS cluster with an ingress. If you prefer to provision your cluster using the Azure portal, refer to the [official documentation](https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal). -If you already have an AKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have an AKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Prerequisites @@ -23,7 +23,7 @@ Deploying to Microsoft Azure will incur charges. - [Microsoft Azure Account](https://azure.microsoft.com/en-us/free/): A Microsoft Azure Account is required to create resources for deploying Rancher and Kubernetes. - [Microsoft Azure Subscription](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal): Use this link to follow a tutorial to create a Microsoft Azure subscription if you don't have one yet. - [Micsoroft Azure Tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant): Use this link and follow instructions to create a Microsoft Azure tenant. -- Your subscription has sufficient quota for at least 2 vCPUs. For details on Rancher server resource requirements, refer to [this section](../../../pages-for-subheaders/installation-requirements.md) +- Your subscription has sufficient quota for at least 2 vCPUs. For details on Rancher server resource requirements, refer to [this section](../installation-requirements/installation-requirements.md) - When installing Rancher with Helm in Azure, use the L7 load balancer to avoid networking issues. For more information, refer to the documentation on [Azure load balancer limitations](https://docs.microsoft.com/en-us/azure/load-balancer/components#limitations). ## 1. Prepare your Workstation @@ -138,7 +138,7 @@ There are many valid ways to set up the DNS. For help, refer to the [Azure DNS d ## 8. Install the Rancher Helm Chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use that DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -148,4 +148,4 @@ When installing Rancher on top of this setup, you will also need to pass the val --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md index 6563d4b14eb..85c83a2d503 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md @@ -8,7 +8,7 @@ title: Installing Rancher on Amazon EKS This page covers installing Rancher on an Amazon EKS cluster. You can also [install Rancher through the AWS Marketplace](../../quick-start-guides/deploy-rancher-manager/aws-marketplace.md). -If you already have an EKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have an EKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Creating an EKS Cluster for the Rancher Server @@ -142,7 +142,7 @@ There are many valid ways to set up the DNS. For help, refer to the AWS document ### 8. Install the Rancher Helm Chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use that DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -152,4 +152,4 @@ When installing Rancher on top of this setup, you will also need to pass the val --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md index 26a3fa905ee..a3c3518e4c0 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md @@ -8,13 +8,13 @@ title: Installing Rancher on a Google Kubernetes Engine Cluster In this section, you'll learn how to install Rancher using Google Kubernetes Engine. -If you already have a GKE Kubernetes cluster, skip to the step about [installing an ingress.](#7-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have a GKE Kubernetes cluster, skip to the step about [installing an ingress.](#7-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Prerequisites - You will need a Google account. - You will need a Google Cloud billing account. You can manage your Cloud Billing accounts using the Google Cloud Console. For more information about the Cloud Console, visit [General guide to the console.](https://support.google.com/cloud/answer/3465889?hl=en&ref_topic=3340599) -- You will need a cloud quota for at least one in-use IP address and at least 2 CPUs. For more details about hardware requirements for the Rancher server, refer to [this section.](../../../pages-for-subheaders/installation-requirements.md) +- You will need a cloud quota for at least one in-use IP address and at least 2 CPUs. For more details about hardware requirements for the Rancher server, refer to [this section.](../installation-requirements/installation-requirements.md) ## 1. Enable the Kubernetes Engine API @@ -184,7 +184,7 @@ There are many valid ways to set up the DNS. For help, refer to the Google Cloud ## 10. Install the Rancher Helm chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use the DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -194,7 +194,7 @@ When installing Rancher on top of this setup, you will also need to set the name --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. In Rancher v2.7.5, if you intend to use the default GKE ingress on your cluster without enabling VPC-native cluster mode, you need to set the following flag: diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md index 3b6f5cfe38f..b24a756b86d 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md @@ -78,7 +78,7 @@ A restore is performed by creating a Restore custom resource. 1. In the left navigation bar, click **Rancher Backups > Restore**. :::note - If the Rancher Backups app is not visible, you will need to install it from the Charts page in **Apps**. Refer [here](../../../pages-for-subheaders/helm-charts-in-rancher.md#charts) for more information. + If the Rancher Backups app is not visible, you will need to install it from the Charts page in **Apps**. Refer [here](../../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md#charts) for more information. ::: diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index e2ac41c4a34..70c112fb611 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -36,7 +36,7 @@ For migration of installs started with Helm 2, refer to the official [Helm 2 to ### For air-gapped installs: Populate private registry -For [air-gapped installs only,](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version. Follow the guide to [populate your private registry](../other-installation-methods/air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. +For [air-gapped installs only,](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version. Follow the guide to [populate your private registry](../other-installation-methods/air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. ### For upgrades with cert-manager older than 0.8.0 diff --git a/versioned_docs/version-2.7/pages-for-subheaders/installation-and-upgrade.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-and-upgrade.md similarity index 59% rename from versioned_docs/version-2.7/pages-for-subheaders/installation-and-upgrade.md rename to versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-and-upgrade.md index 3077b14edc2..f9067e831b7 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/installation-and-upgrade.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-and-upgrade.md @@ -18,7 +18,7 @@ In this section, - **K3s (Lightweight Kubernetes)** is also a fully compliant Kubernetes distribution. It is newer than RKE, easier to use, and more lightweight, with a binary size of less than 100 MB. - **RKE2** is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector. -Note the `restrictedAdmin` Helm chart option available for **the Rancher Server**. When this option is set to true, the initial Rancher user has restricted access to the local Kubernetes cluster to prevent privilege escalation. For more information, see the section about the [restricted-admin role.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) +Note the `restrictedAdmin` Helm chart option available for **the Rancher Server**. When this option is set to true, the initial Rancher user has restricted access to the local Kubernetes cluster to prevent privilege escalation. For more information, see the section about the [restricted-admin role.](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) ## Overview of Installation Options @@ -30,7 +30,7 @@ We recommend using Helm, a Kubernetes package manager, to install Rancher on mul ### Rancher on EKS Install with the AWS Marketplace -Rancher can be installed on to Amazon Elastic Kubernetes Service (EKS) [through the AWS Marketplace](../getting-started/quick-start-guides/deploy-rancher-manager/aws-marketplace.md). The EKS cluster deployed is production-ready and follows AWS best practices. +Rancher can be installed on to Amazon Elastic Kubernetes Service (EKS) [through the AWS Marketplace](../quick-start-guides/deploy-rancher-manager/aws-marketplace.md). The EKS cluster deployed is production-ready and follows AWS best practices. ### Single-node Kubernetes Install @@ -42,7 +42,7 @@ However, this option is useful if you want to save resources by using a single n For test and demonstration purposes, Rancher can be installed with Docker on a single node. A local Kubernetes cluster is installed in the single Docker container, and Rancher is installed on the local cluster. -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) ### Other Options @@ -50,9 +50,9 @@ There are also separate instructions for installing Rancher in an air gap enviro | Level of Internet Access | Kubernetes Installation - Strongly Recommended | Docker Installation | | ---------------------------------- | ------------------------------ | ---------- | -| With direct access to the Internet | [Docs](install-upgrade-on-a-kubernetes-cluster.md) | [Docs](rancher-on-a-single-node-with-docker.md) | -| Behind an HTTP proxy | [Docs](rancher-behind-an-http-proxy.md) | These [docs,](rancher-on-a-single-node-with-docker.md) plus this [configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) | -| In an air gap environment | [Docs](air-gapped-helm-cli-install.md) | [Docs](air-gapped-helm-cli-install.md) | +| With direct access to the Internet | [Docs](install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) | [Docs](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) | +| Behind an HTTP proxy | [Docs](other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md) | These [docs,](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) plus this [configuration](../../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) | +| In an air gap environment | [Docs](other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) | [Docs](other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) | We recommend installing Rancher on a Kubernetes cluster, because in a multi-node cluster, the Rancher management server becomes highly available. This high-availability configuration helps maintain consistent access to the downstream Kubernetes clusters that Rancher will manage. @@ -60,29 +60,29 @@ For that reason, we recommend that for a production-grade architecture, you shou For testing or demonstration purposes, you can install Rancher in single Docker container. In this Docker install, you can use Rancher to set up Kubernetes clusters out-of-the-box. The Docker install allows you to explore the Rancher server functionality, but it is intended to be used for development and testing purposes only. -Our [instructions for installing Rancher on Kubernetes](install-upgrade-on-a-kubernetes-cluster.md) describe how to first use K3s or RKE to create and manage a Kubernetes cluster, then install Rancher onto that cluster. +Our [instructions for installing Rancher on Kubernetes](install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) describe how to first use K3s or RKE to create and manage a Kubernetes cluster, then install Rancher onto that cluster. -When the nodes in your Kubernetes cluster are running and fulfill the [node requirements,](installation-requirements.md) you will use Helm to deploy Rancher onto Kubernetes. Helm uses Rancher's Helm chart to install a replica of Rancher on each node in the Kubernetes cluster. We recommend using a load balancer to direct traffic to each replica of Rancher in the cluster. +When the nodes in your Kubernetes cluster are running and fulfill the [node requirements,](installation-requirements/installation-requirements.md) you will use Helm to deploy Rancher onto Kubernetes. Helm uses Rancher's Helm chart to install a replica of Rancher on each node in the Kubernetes cluster. We recommend using a load balancer to direct traffic to each replica of Rancher in the cluster. -For a longer discussion of Rancher architecture, refer to the [architecture overview,](rancher-manager-architecture.md) [recommendations for production-grade architecture,](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) or our [best practices guide.](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) +For a longer discussion of Rancher architecture, refer to the [architecture overview,](../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) [recommendations for production-grade architecture,](../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) or our [best practices guide.](../../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) ## Prerequisites -Before installing Rancher, make sure that your nodes fulfill all of the [installation requirements.](installation-requirements.md) +Before installing Rancher, make sure that your nodes fulfill all of the [installation requirements.](installation-requirements/installation-requirements.md) ## Architecture Tip -For the best performance and greater security, we recommend a separate, dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and greater security, we recommend a separate, dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. -For more architecture recommendations, refer to [this page.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +For more architecture recommendations, refer to [this page.](../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) ### More Options for Installations on a Kubernetes Cluster -Refer to the [Helm chart options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md) for details on installing Rancher on a Kubernetes cluster with other configurations, including: +Refer to the [Helm chart options](installation-references/helm-chart-options.md) for details on installing Rancher on a Kubernetes cluster with other configurations, including: -- With [API auditing to record all transactions](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#api-audit-log) -- With [TLS termination on a load balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination) -- With a [custom Ingress](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#customizing-your-ingress) +- With [API auditing to record all transactions](installation-references/helm-chart-options.md#api-audit-log) +- With [TLS termination on a load balancer](installation-references/helm-chart-options.md#external-tls-termination) +- With a [custom Ingress](installation-references/helm-chart-options.md#customizing-your-ingress) In the Rancher installation instructions, we recommend using K3s or RKE to set up a Kubernetes cluster before installing Rancher on the cluster. Both K3s and RKE have many configuration options for customizing the Kubernetes cluster to suit your specific environment. For the full list of their capabilities, refer to their documentation: @@ -91,8 +91,8 @@ In the Rancher installation instructions, we recommend using K3s or RKE to set u ### More Options for Installations with Docker -Refer to the [docs about options for Docker installs](rancher-on-a-single-node-with-docker.md) for details about other configurations including: +Refer to the [docs about options for Docker installs](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) for details about other configurations including: -- With [API auditing to record all transactions](../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) -- With an [external load balancer](../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) -- With a [persistent data store](../reference-guides/single-node-rancher-in-docker/advanced-options.md#persistent-data) +- With [API auditing to record all transactions](../../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) +- With an [external load balancer](../../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) +- With a [persistent data store](../../reference-guides/single-node-rancher-in-docker/advanced-options.md#persistent-data) diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/feature-flags.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/feature-flags.md index 377d8111523..aeba1364392 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/feature-flags.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/feature-flags.md @@ -8,7 +8,7 @@ title: Feature Flags With feature flags, you can try out optional or experimental features, and enable legacy features that are being phased out. -To learn more about feature values and how to enable them, see [Enabling Experimental Features](../../../pages-for-subheaders/enable-experimental-features.md). +To learn more about feature values and how to enable them, see [Enabling Experimental Features](../../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md). :::note diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 66698c79f01..98cec0640f5 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -11,7 +11,7 @@ This page is a configuration reference for the Rancher Helm chart. For help choosing a Helm chart version, refer to [this page.](../../../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md) -For information on enabling experimental features, refer to [this page.](../../../pages-for-subheaders/enable-experimental-features.md) +For information on enabling experimental features, refer to [this page.](../../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md) ## Common Options @@ -85,13 +85,13 @@ kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{ Enabling the [API Audit Log](../../../how-to-guides/advanced-user-guides/enable-api-audit-log.md). -You can collect this log as you would any container log. Enable [logging](../../../pages-for-subheaders/logging.md) for the `System` Project on the Rancher server cluster. +You can collect this log as you would any container log. Enable [logging](../../../integrations-in-rancher/logging/logging.md) for the `System` Project on the Rancher server cluster. ```plain --set auditLog.level=1 ``` -By default enabling Audit Logging will create a sidecar container in the Rancher pod. This container (`rancher-audit-log`) will stream the log to `stdout`. You can collect this log as you would any container log. When using the sidecar as the audit log destination, the `hostPath`, `maxAge`, `maxBackups`, and `maxSize` options do not apply. It's advised to use your OS or Docker daemon's log rotation features to control disk space use. Enable [logging](../../../pages-for-subheaders/logging.md) for the Rancher server cluster or System Project. +By default enabling Audit Logging will create a sidecar container in the Rancher pod. This container (`rancher-audit-log`) will stream the log to `stdout`. You can collect this log as you would any container log. When using the sidecar as the audit log destination, the `hostPath`, `maxAge`, `maxBackups`, and `maxSize` options do not apply. It's advised to use your OS or Docker daemon's log rotation features to control disk space use. Enable [logging](../../../integrations-in-rancher/logging/logging.md) for the Rancher server cluster or System Project. Set the `auditLog.destination` to `hostPath` to forward logs to volume shared with the host system instead of streaming to a sidecar container. When setting the destination to `hostPath` you may want to adjust the other auditLog parameters for log rotation. @@ -206,7 +206,7 @@ kubectl -n cattle-system create secret generic tls-ca-additional --from-file=ca- ### Private Registry and Air Gap Installs -For details on installing Rancher with a private registry, see the [air gap installation docs.](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) +For details on installing Rancher with a private registry, see the [air gap installation docs.](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) ## External TLS Termination diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/installation-references.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/installation-references.md new file mode 100644 index 00000000000..67a379702cd --- /dev/null +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/installation-references.md @@ -0,0 +1,9 @@ +--- +title: Installation References +--- + + + + + +Please see the following reference guides for other installation resources: [Rancher Helm chart options](helm-chart-options.md), [TLS settings](tls-settings.md), and [feature flags](feature-flags.md). \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/installation-requirements.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md similarity index 83% rename from versioned_docs/version-2.7/pages-for-subheaders/installation-requirements.md rename to versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md index e10104ba6fb..d866b032994 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/installation-requirements.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md @@ -11,13 +11,13 @@ This page describes the software, hardware, and networking requirements for the :::note Important: -If you install Rancher on a Kubernetes cluster, requirements are different from the [node requirements for downstream user clusters,](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) which will run your apps and services. +If you install Rancher on a Kubernetes cluster, requirements are different from the [node requirements for downstream user clusters,](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) which will run your apps and services. ::: The Rancher UI works best in Firefox or Chromium based browsers (Chrome, Edge, Opera, Brave, etc). -See our page on [best practices](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for a list of recommendations for running a Rancher server in production. +See our page on [best practices](../../../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for a list of recommendations for running a Rancher server in production. ## Kubernetes Compatibility with Rancher @@ -25,7 +25,7 @@ Rancher needs to be installed on a supported Kubernetes version. Consult the [Ra ### Install Rancher on a Hardened Kubernetes cluster -If you install Rancher on a hardened Kubernetes cluster, check the [Exempting Required Rancher Namespaces](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md#exempting-required-rancher-namespaces) section for detailed requirements. +If you install Rancher on a hardened Kubernetes cluster, check the [Exempting Required Rancher Namespaces](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md#exempting-required-rancher-namespaces) section for detailed requirements. ## Operating Systems and Container Runtime Requirements @@ -41,7 +41,7 @@ Some distributions of Linux may have default firewall rules that block communica If you don't feel comfortable doing so, you might check suggestions in the [respective issue](https://github.com/rancher/rancher/issues/28840). Some users were successful [creating a separate firewalld zone with a policy of ACCEPT for the Pod CIDR](https://github.com/rancher/rancher/issues/28840#issuecomment-787404822). -If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).](../how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md) +If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).](../../../how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md) ### RKE2 Specific Requirements @@ -63,7 +63,7 @@ If you are installing Rancher on a K3s cluster with Alpine Linux, follow [these RKE requires a Docker container runtime. Supported Docker versions are specified in the [Support Matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) page. -For more information, see [Installing Docker](../getting-started/installation-and-upgrade/installation-requirements/install-docker.md). +For more information, see [Installing Docker](install-docker.md). ## Hardware Requirements @@ -102,7 +102,7 @@ If you find that your Rancher deployment no longer complies with the listed reco ### RKE2 Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -113,7 +113,7 @@ Please note that a highly available setup with at least three nodes is required | Large (*) | 500 | 5000 | 16 | 64 GB | | Larger (†) | (†) | (†) | (†) | (†) | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. (†): Larger deployment sizes are generally possible with ad-hoc hardware recommendations and tuning. You can [contact Rancher](https://rancher.com/contact/) for a custom evaluation. @@ -121,7 +121,7 @@ Refer to RKE2 documentation for more detailed information on [RKE2 general requi ### K3s Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -133,13 +133,13 @@ Please note that a highly available setup with at least three nodes is required (*): External Database Host refers to hosting the K3s cluster data store on an [dedicated external host](https://docs.k3s.io/datastore). This is optional. Exact requirements depend on the external data store. -(†): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(†): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. Refer to the K3s documentation for more detailed information on [general requirements](https://docs.k3s.io/installation/requirements). ### Hosted Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -151,11 +151,11 @@ These requirements apply to hosted Kubernetes clusters such as Amazon Elastic Ku | Medium | 300 | 3000 | 8 | 32 GB | | Large (*) | 500 | 5000 | 16 | 64 GB | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. ### RKE -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -165,13 +165,13 @@ Please note that a highly available setup with at least three nodes is required | Medium | 300 | 3000 | 8 | 32 GB | | Large (*) | 500 | 5000 | 16 | 64 GB | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. Refer to the RKE documentation for more detailed information on [general requirements](https://rke.docs.rancher.com/os). ### Docker -The following table lists minimum CPU and memory requirements for a [single Docker node installation of Rancher](rancher-on-a-single-node-with-docker.md). +The following table lists minimum CPU and memory requirements for a [single Docker node installation of Rancher](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md). Please note that a Docker installation is only suitable for development or testing purposes and is not meant to be used in production environments. @@ -190,9 +190,9 @@ For RKE, RKE2 and K3s installations, you don't have to install the Ingress manua For hosted Kubernetes clusters (EKS, GKE, AKS), you will need to set up the ingress. -- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) -- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) -- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) +- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) +- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) +- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) ## Disks @@ -214,8 +214,8 @@ Each node used should have a static IP configured, regardless of whether you are ### Port Requirements -To operate properly, Rancher requires a number of ports to be open on Rancher nodes and on downstream Kubernetes cluster nodes. [Port Requirements](../getting-started/installation-and-upgrade/installation-requirements/port-requirements.md) lists all the necessary ports for Rancher and Downstream Clusters for the different cluster types. +To operate properly, Rancher requires a number of ports to be open on Rancher nodes and on downstream Kubernetes cluster nodes. [Port Requirements](port-requirements.md) lists all the necessary ports for Rancher and Downstream Clusters for the different cluster types. ## Dockershim Support -For more information on Dockershim support, refer to [this page](../getting-started/installation-and-upgrade/installation-requirements/dockershim.md). +For more information on Dockershim support, refer to [this page](dockershim.md). diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md index 73c739499a5..1452dbfc69e 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md @@ -180,9 +180,9 @@ The following tables break down the port requirements for Rancher nodes, for inb Downstream Kubernetes clusters run your apps and services. This section describes what ports need to be opened on the nodes in downstream clusters so that Rancher can communicate with them. -The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). -The following diagram depicts the ports that are opened for each [cluster type](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The following diagram depicts the ports that are opened for each [cluster type](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md).
    Port Requirements for the Rancher Management Plane
    @@ -204,7 +204,7 @@ Refer [here](../../../integrations-in-rancher/harvester.md#port-requirements) fo
    Click to expand -The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) with nodes created in an [Infrastructure Provider](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) with nodes created in an [Infrastructure Provider](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). :::note @@ -221,7 +221,7 @@ The required ports are automatically opened by Rancher during creation of cluste
    Click to expand -The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) with [Custom Nodes](../../../pages-for-subheaders/use-existing-nodes.md). +The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) with [Custom Nodes](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md). @@ -232,7 +232,7 @@ The following table depicts the port requirements for [Rancher Launched Kubernet
    Click to expand -The following table depicts the port requirements for [hosted clusters](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md). +The following table depicts the port requirements for [hosted clusters](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md). diff --git a/versioned_docs/version-2.7/pages-for-subheaders/air-gapped-helm-cli-install.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md similarity index 53% rename from versioned_docs/version-2.7/pages-for-subheaders/air-gapped-helm-cli-install.md rename to versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md index d6fbc09698f..792a49a26a4 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/air-gapped-helm-cli-install.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md @@ -10,7 +10,7 @@ This section is about using the Helm CLI to install the Rancher server in an air The installation steps differ depending on whether Rancher is installed on an RKE Kubernetes cluster, a K3s Kubernetes cluster, or a single Docker container. -For more information on each installation option, refer to [this page.](installation-and-upgrade.md) +For more information on each installation option, refer to [this page.](../../installation-and-upgrade.md) Throughout the installation instructions, there will be _tabs_ for each installation option. @@ -22,13 +22,13 @@ If you install Rancher following the Docker installation guide, there is no upgr ## Installation Outline -1. [Set up infrastructure and private registry](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md) -2. [Collect and publish images to your private registry](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md) -3. [Set up a Kubernetes cluster (Skip this step for Docker installations)](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-kubernetes.md) -4. [Install Rancher](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md) +1. [Set up infrastructure and private registry](infrastructure-private-registry.md) +2. [Collect and publish images to your private registry](publish-images.md) +3. [Set up a Kubernetes cluster (Skip this step for Docker installations)](install-kubernetes.md) +4. [Install Rancher](install-rancher-ha.md) ## Upgrades -To upgrade Rancher with Helm CLI in an air gap environment, follow [this procedure.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md) +To upgrade Rancher with Helm CLI in an air gap environment, follow [this procedure.](../../install-upgrade-on-a-kubernetes-cluster/upgrades.md) -### [Next: Prepare your Node(s)](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md) +### [Next: Prepare your Node(s)](infrastructure-private-registry.md) diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md index 981223575fe..07b6b01097f 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md @@ -10,7 +10,7 @@ In this section, you will provision the underlying infrastructure for your Ranch An air gapped environment is an environment where the Rancher server is installed offline or behind a firewall. -The infrastructure depends on whether you are installing Rancher on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. For more information on each installation option, refer to [this page.](../../../../pages-for-subheaders/installation-and-upgrade.md) +The infrastructure depends on whether you are installing Rancher on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. For more information on each installation option, refer to [this page.](../../installation-and-upgrade.md) Rancher can be installed on any Kubernetes cluster. The RKE and K3s Kubernetes infrastructure tutorials below are still included for convenience. @@ -29,7 +29,7 @@ We recommend setting up the following infrastructure for a high-availability ins These hosts will be disconnected from the internet, but require being able to connect with your private registry. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. @@ -116,7 +116,7 @@ The etcd database requires an odd number of nodes so that it can always elect a These hosts will be disconnected from the internet, but require being able to connect with your private registry. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. @@ -180,7 +180,7 @@ If you need to create a private registry, refer to the documentation pages for y This host will be disconnected from the Internet, but needs to be able to connect to your private registry. -Make sure that your node fulfills the general installation requirements for [OS, containers, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your node fulfills the general installation requirements for [OS, containers, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md index 1bd1d3314f0..992129fc684 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md @@ -8,11 +8,11 @@ title: '2. Collect and Publish Images to your Private Registry' This section describes how to set up your private registry so that when you install Rancher, Rancher will pull all the required images from this registry. -By default, all images used to [provision Kubernetes clusters](../../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) or launch any tools in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. +By default, all images used to [provision Kubernetes clusters](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) or launch any tools in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. Populating the private registry with images is the same process for installing Rancher with Docker and for installing Rancher on a Kubernetes cluster. -The steps in this section differ depending on whether or not you are planning to use Rancher to provision a downstream cluster with Windows nodes or not. By default, we provide the steps of how to populate your private registry assuming that Rancher will provision downstream Kubernetes clusters with only Linux nodes. But if you plan on provisioning any [downstream Kubernetes clusters using Windows nodes](../../../../pages-for-subheaders/use-windows-clusters.md), there are separate instructions to support the images needed. +The steps in this section differ depending on whether or not you are planning to use Rancher to provision a downstream cluster with Windows nodes or not. By default, we provide the steps of how to populate your private registry assuming that Rancher will provision downstream Kubernetes clusters with only Linux nodes. But if you plan on provisioning any [downstream Kubernetes clusters using Windows nodes](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md), there are separate instructions to support the images needed. :::note Prerequisites: diff --git a/versioned_docs/version-2.7/pages-for-subheaders/other-installation-methods.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md similarity index 61% rename from versioned_docs/version-2.7/pages-for-subheaders/other-installation-methods.md rename to versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md index 7cd497a8d48..c5bd443da43 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/other-installation-methods.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md @@ -8,16 +8,16 @@ title: Other Installation Methods ### Air Gapped Installations -Follow [these steps](air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. +Follow [these steps](air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. ### Docker Installations -The [single-node Docker installation](rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. +The [single-node Docker installation](rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. The Docker installation is for development and testing environments only. Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rancher-behind-an-http-proxy.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md similarity index 55% rename from versioned_docs/version-2.7/pages-for-subheaders/rancher-behind-an-http-proxy.md rename to versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md index fd8a41b8e08..39b75558e22 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/rancher-behind-an-http-proxy.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md @@ -8,10 +8,10 @@ title: Installing Rancher behind an HTTP Proxy In a lot of enterprise environments, servers or VMs running on premise do not have direct Internet access, but must connect to external services through a HTTP(S) proxy for security reasons. This tutorial shows step by step how to set up a highly available Rancher installation in such an environment. -Alternatively, it is also possible to set up Rancher completely air-gapped without any Internet access. This process is described in detail in the [Rancher docs](air-gapped-helm-cli-install.md). +Alternatively, it is also possible to set up Rancher completely air-gapped without any Internet access. This process is described in detail in the [Rancher docs](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md). ## Installation Outline -1. [Set up infrastructure](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md) -2. [Set up a Kubernetes cluster](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-kubernetes.md) -3. [Install Rancher](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md) +1. [Set up infrastructure](set-up-infrastructure.md) +2. [Set up a Kubernetes cluster](install-kubernetes.md) +3. [Install Rancher](install-rancher.md) diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md index 7822fa065cd..1cb41c54fbf 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md @@ -26,7 +26,7 @@ The etcd database requires an odd number of nodes so that it can always elect a These hosts will connect to the internet through an HTTP proxy. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rancher-on-a-single-node-with-docker.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md similarity index 82% rename from versioned_docs/version-2.7/pages-for-subheaders/rancher-on-a-single-node-with-docker.md rename to versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md index da5b39209cf..049bf762a2a 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/rancher-on-a-single-node-with-docker.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md @@ -13,13 +13,13 @@ In this installation scenario, you'll install Docker on a single Linux host, and :::note Want to use an external load balancer? -See [Docker Install with an External Load Balancer](../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) instead. +See [Docker Install with an External Load Balancer](../../../../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) instead. ::: A Docker installation of Rancher is recommended only for development and testing purposes. The ability to migrate Rancher to a high-availability cluster depends on the Rancher version: -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) ## Privileged Access for Rancher @@ -27,11 +27,11 @@ When the Rancher server is deployed in the Docker container, a local Kubernetes ## Requirements for OS, Docker, Hardware, and Networking -Make sure that your node fulfills the general [installation requirements.](installation-requirements.md) +Make sure that your node fulfills the general [installation requirements.](../../installation-requirements/installation-requirements.md) ## 1. Provision Linux Host -Provision a single Linux host according to our [Requirements](installation-requirements.md) to launch your Rancher server. +Provision a single Linux host according to our [Requirements](../../installation-requirements/installation-requirements.md) to launch your Rancher server. ## 2. Choose an SSL Option and Install Rancher @@ -39,10 +39,10 @@ For security purposes, SSL (Secure Sockets Layer) is required when using Rancher :::tip Do you want to.. -- Use a proxy? See [HTTP Proxy Configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) -- Configure custom CA root certificate to access your services? See [Custom CA root certificate](../reference-guides/single-node-rancher-in-docker/advanced-options.md#custom-ca-certificate/) -- Complete an Air Gap Installation? See [Air Gap: Docker Install](air-gapped-helm-cli-install.md) -- Record all transactions with the Rancher API? See [API Auditing](../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) +- Use a proxy? See [HTTP Proxy Configuration](../../../../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) +- Configure custom CA root certificate to access your services? See [Custom CA root certificate](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md#custom-ca-certificate/) +- Complete an Air Gap Installation? See [Air Gap: Docker Install](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) +- Record all transactions with the Rancher API? See [API Auditing](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) ::: @@ -75,7 +75,7 @@ In development or testing environments where your team will access your Rancher Create a self-signed certificate using [OpenSSL](https://www.openssl.org/) or another method of your choice. - The certificate files must be in PEM format. -- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) +- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](certificate-troubleshooting.md) ::: @@ -109,7 +109,7 @@ The Docker install is not recommended for production. These instructions are pro :::note Prerequisites: - The certificate files must be in PEM format. -- In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) +- In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](certificate-troubleshooting.md) ::: @@ -199,13 +199,13 @@ When installing Rancher on a single node with Docker, there are several advanced - Persistent Data - Running `rancher/rancher` and `rancher/rancher-agent` on the Same Node -Refer to [this page](../reference-guides/single-node-rancher-in-docker/advanced-options.md) for details. +Refer to [this page](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md) for details. ## Troubleshooting -Refer to [this page](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) for frequently asked questions and troubleshooting tips. +Refer to [this page](certificate-troubleshooting.md) for frequently asked questions and troubleshooting tips. ## What's Next? -- **Recommended:** Review Single Node [Backup](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. -- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](kubernetes-clusters-in-rancher-setup.md). +- **Recommended:** Review Single Node [Backup](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. +- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md index 1ec111444b9..1a4519e1bfe 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md @@ -82,7 +82,7 @@ Rolling back to a previous version of Rancher destroys any changes made to Ranch --privileged \ rancher/rancher: ``` - Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) + Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) :::danger diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md index 2a3bdaa29df..b458a86bc73 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md @@ -17,7 +17,7 @@ The following instructions will guide you through upgrading a Rancher server tha ## Prerequisites - **Review the [known upgrade issues](../../install-upgrade-on-a-kubernetes-cluster/upgrades.md#known-upgrade-issues)** section in the Rancher documentation for the most noteworthy issues to consider when upgrading Rancher. A more complete list of known issues for each Rancher version can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums](https://forums.rancher.com/c/announcements/12). Note that upgrades to or from any chart in the [rancher-alpha repository](../../resources/choose-a-rancher-version.md#helm-chart-repositories) aren’t supported. -- **For [air gap installs only,](../../../../pages-for-subheaders/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version**. Follow the guide to [populate your private registry](../air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. +- **For [air gap installs only,](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version**. Follow the guide to [populate your private registry](../air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. ## Placeholder Review @@ -151,7 +151,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
    @@ -187,7 +187,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
    @@ -222,7 +222,7 @@ docker run -d --volumes-from rancher-data \ --no-cacerts ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
    #### Option D: Let's Encrypt Certificate @@ -259,7 +259,7 @@ docker run -d --volumes-from rancher-data \ --acme-domain ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) @@ -292,7 +292,7 @@ Placeholder | Description /rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) #### Option B: Bring Your Own Certificate: Self-Signed @@ -328,7 +328,7 @@ docker run -d --restart=unless-stopped \ --privileged \ /rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) #### Option C: Bring Your Own Certificate: Signed by Recognized CA @@ -370,7 +370,7 @@ docker run -d --volumes-from rancher-data \ --privileged /rancher/rancher: ``` -privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)     diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/add-tls-secrets.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/add-tls-secrets.md index 290f180adfd..3bd6babc719 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/add-tls-secrets.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/add-tls-secrets.md @@ -46,4 +46,4 @@ The configured `tls-ca` secret is retrieved when Rancher starts. On a running Ra ## Updating a Private CA Certificate -Follow the steps on [this page](update-rancher-certificate.md) to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. \ No newline at end of file +Follow the steps on [this page](update-rancher-certificate.md) to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. \ No newline at end of file diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md index d7051def448..b38afda6a62 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md @@ -15,7 +15,7 @@ For Docker installations of Rancher, which is used for development and testing, -When installing, upgrading, or rolling back Rancher Server when it is [installed on a Kubernetes cluster](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md), Rancher server is installed using a Helm chart on a Kubernetes cluster. Therefore, as you prepare to install or upgrade a high availability Rancher configuration, you must add a Helm chart repository that contains the charts for installing Rancher. +When installing, upgrading, or rolling back Rancher Server when it is [installed on a Kubernetes cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md), Rancher server is installed using a Helm chart on a Kubernetes cluster. Therefore, as you prepare to install or upgrade a high availability Rancher configuration, you must add a Helm chart repository that contains the charts for installing Rancher. Refer to the [Helm version requirements](helm-version-requirements.md) to choose a version of Helm to install Rancher. @@ -99,7 +99,7 @@ Because the rancher-alpha repository contains only alpha charts, switching betwe -When performing [Docker installs](../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. +When performing [Docker installs](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. ### Server Tags diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/local-system-charts.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/local-system-charts.md index e48012d6af4..4e07236b0fe 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/local-system-charts.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/local-system-charts.md @@ -14,4 +14,4 @@ In an air gapped installation of Rancher, you will need to configure Rancher to A local copy of `system-charts` has been packaged into the `rancher/rancher` container. To be able to use these features in an air gap install, you will need to run the Rancher install command with an extra environment variable, `CATTLE_SYSTEM_CATALOG=bundled`, which tells Rancher to use the local copy of the charts instead of attempting to fetch them from GitHub. -Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap installation](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) instructions for Docker and Helm installs. +Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap installation](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) instructions for Docker and Helm installs. diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/resources.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/resources.md new file mode 100644 index 00000000000..5d4fbf24fc1 --- /dev/null +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/resources.md @@ -0,0 +1,29 @@ +--- +title: Resources +--- + + + + + +### Docker Installations + +The [single-node Docker installation](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. + +Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. + +### Air-Gapped Installations + +Follow [these steps](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. + +An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. + +### Advanced Options + +When installing Rancher, there are several advanced options that can be enabled during installation. Within each install guide, these options are presented. Learn more about these options: + +- [Custom CA Certificate](custom-ca-root-certificates.md) +- [API Audit Log](../../../how-to-guides/advanced-user-guides/enable-api-audit-log.md) +- [TLS Settings](../installation-references/tls-settings.md) +- [etcd configuration](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md) +- [Local System Charts for Air Gap Installations](local-system-charts.md) | v2.3.0 | diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md index 513b46ac4d2..5b2e379c06b 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md @@ -8,7 +8,7 @@ title: Updating the Rancher Certificate ## Updating a Private CA Certificate -Follow these steps to rotate an SSL certificate and private CA used by Rancher [installed on a Kubernetes cluster](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md), or migrate to an SSL certificate signed by a private CA. +Follow these steps to rotate an SSL certificate and private CA used by Rancher [installed on a Kubernetes cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md), or migrate to an SSL certificate signed by a private CA. A summary of the steps is as follows: diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md index fa870013b2b..dd00964ef02 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md @@ -266,7 +266,7 @@ cert-manager-webhook-787858fcdb-nlzsq 1/1 Running 0 2m --- -Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the [cert-manager docs](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager). For instructions on upgrading cert-manager from version 1.5 to 1.6, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.5-1.6/). For instructions on upgrading cert-manager from version 1.6 to 1.7, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.6-1.7/). +Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the [cert-manager docs](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager). For instructions on upgrading cert-manager from version 1.5 to 1.6, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.5-1.6/). For instructions on upgrading cert-manager from version 1.6 to 1.7, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.6-1.7/). --- diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md index e54524ca7ad..a916003a9fa 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md @@ -36,9 +36,9 @@ The restore operation will work on a cluster that is not in a healthy or active :::note Prerequisites: -- The options below are available for [Rancher-launched Kubernetes clusters](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) and [Registered K3s Kubernetes clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md#additional-features-for-registered-rke2-and-k3s-clusters). +- The options below are available for [Rancher-launched Kubernetes clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) and [Registered K3s Kubernetes clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md#additional-features-for-registered-rke2-and-k3s-clusters). - The following options also apply to imported RKE2 clusters that you have registered. If you import a cluster from an external cloud platform but don't register it, you won't be able to upgrade the Kubernetes version from Rancher. -- Before upgrading Kubernetes, [back up your cluster.](../../pages-for-subheaders/backup-restore-and-disaster-recovery.md) +- Before upgrading Kubernetes, [back up your cluster.](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md) ::: diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md index 42c0b6348a2..a474f770b1b 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md @@ -14,7 +14,7 @@ The Kubernetes API can change between minor versions. Therefore, we don't suppor ::: -Rancher's Kubernetes metadata contains information specific to the Kubernetes version that Rancher uses to provision [RKE clusters](../../pages-for-subheaders/launch-kubernetes-with-rancher.md). Rancher syncs the data periodically and creates custom resource definitions (CRDs) for **system images,** **service options** and **addon templates**. Consequently, when a new Kubernetes version is compatible with the Rancher server version, the Kubernetes metadata makes the new version available to Rancher for provisioning clusters. The metadata gives you an overview of the information that the [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/) (RKE) uses for deploying various Kubernetes versions. +Rancher's Kubernetes metadata contains information specific to the Kubernetes version that Rancher uses to provision [RKE clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). Rancher syncs the data periodically and creates custom resource definitions (CRDs) for **system images,** **service options** and **addon templates**. Consequently, when a new Kubernetes version is compatible with the Rancher server version, the Kubernetes metadata makes the new version available to Rancher for provisioning clusters. The metadata gives you an overview of the information that the [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/) (RKE) uses for deploying various Kubernetes versions. This table below describes the CRDs that are affected by the periodic data sync. diff --git a/versioned_docs/version-2.7/getting-started/overview.md b/versioned_docs/version-2.7/getting-started/overview.md index b7f35276bc6..e89a6f48e5a 100644 --- a/versioned_docs/version-2.7/getting-started/overview.md +++ b/versioned_docs/version-2.7/getting-started/overview.md @@ -34,21 +34,21 @@ The Rancher API server is built on top of an embedded Kubernetes API server and ### Authorization and Role-Based Access Control -- **User management:** The Rancher API server [manages user identities](../pages-for-subheaders/authentication-config.md) that correspond to external authentication providers like Active Directory or GitHub, in addition to local users. -- **Authorization:** The Rancher API server manages [access control](../pages-for-subheaders/manage-role-based-access-control-rbac.md) and [security](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) policies. +- **User management:** The Rancher API server [manages user identities](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) that correspond to external authentication providers like Active Directory or GitHub, in addition to local users. +- **Authorization:** The Rancher API server manages [access control](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) and [security](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) policies. ### Working with Kubernetes -- **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes](../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) on existing nodes, or perform [Kubernetes upgrades.](installation-and-upgrade/upgrade-and-roll-back-kubernetes.md) -- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts](../pages-for-subheaders/helm-charts-in-rancher.md) that make it easy to repeatedly deploy applications. -- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration](../pages-for-subheaders/manage-projects.md) and for [managing applications within projects.](../pages-for-subheaders/kubernetes-resources-setup.md) -- **Fleet Continuous Delivery:** Within Rancher, you can leverage [Fleet Continuous Delivery](../pages-for-subheaders/fleet-gitops-at-scale.md) to deploy applications from git repositories, without any manual operation, to targeted downstream Kubernetes clusters. -- **Istio:** Our [integration with Istio](../pages-for-subheaders/istio.md) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. +- **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) on existing nodes, or perform [Kubernetes upgrades.](installation-and-upgrade/upgrade-and-roll-back-kubernetes.md) +- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts](../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md) that make it easy to repeatedly deploy applications. +- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration](../how-to-guides/advanced-user-guides/manage-projects/manage-projects.md) and for [managing applications within projects.](../how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md) +- **Fleet Continuous Delivery:** Within Rancher, you can leverage [Fleet Continuous Delivery](../integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md) to deploy applications from git repositories, without any manual operation, to targeted downstream Kubernetes clusters. +- **Istio:** Our [integration with Istio](../integrations-in-rancher/istio/istio.md) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. ### Working with Cloud Infrastructure - **Tracking nodes:** The Rancher API server tracks identities of all the [nodes](../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md) in all clusters. -- **Setting up infrastructure:** When configured to use a cloud provider, Rancher can dynamically provision [new nodes](../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) and [persistent storage](../pages-for-subheaders/create-kubernetes-persistent-storage.md) in the cloud. +- **Setting up infrastructure:** When configured to use a cloud provider, Rancher can dynamically provision [new nodes](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) and [persistent storage](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in the cloud. ### Cluster Visibility @@ -58,9 +58,9 @@ The Rancher API server is built on top of an embedded Kubernetes API server and ## Editing Downstream Clusters with Rancher -The options and settings available for an existing cluster change based on the method that you used to provision it. For example, only clusters [provisioned by RKE](../pages-for-subheaders/launch-kubernetes-with-rancher.md) have **Cluster Options** available for editing. +The options and settings available for an existing cluster change based on the method that you used to provision it. For example, only clusters [provisioned by RKE](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) have **Cluster Options** available for editing. -After a cluster is created with Rancher, a cluster administrator can manage cluster membership or manage node pools, among [other options.](../pages-for-subheaders/cluster-configuration.md) +After a cluster is created with Rancher, a cluster administrator can manage cluster membership or manage node pools, among [other options.](../reference-guides/cluster-configuration/cluster-configuration.md) The following table summarizes the options and settings available for each cluster type: diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/aws.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/aws.md index a3fd249d35e..91b82597680 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/aws.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/aws.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on AWS in a single-node :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -90,7 +90,7 @@ Two Kubernetes clusters are deployed into your AWS account, one running Rancher ## What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/azure.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/azure.md index c9b968077ab..82917ee7857 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/azure.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/azure.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Azure in a single-no :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -76,7 +76,7 @@ Two Kubernetes clusters are deployed into your Azure account, one running Ranche ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md new file mode 100644 index 00000000000..7027172fede --- /dev/null +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md @@ -0,0 +1,23 @@ +--- +title: Deploying Rancher Server +--- + + + + + +Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice. + +- [AWS](aws.md) (uses Terraform) +- [AWS Marketplace](aws-marketplace.md) (uses Amazon EKS) +- [Azure](azure.md) (uses Terraform) +- [DigitalOcean](digitalocean.md) (uses Terraform) +- [GCP](gcp.md) (uses Terraform) +- [Hetzner Cloud](hetzner-cloud.md) (uses Terraform) +- [Vagrant](vagrant.md) +- [Equinix Metal](equinix-metal.md) +- [Outscale](outscale-qs.md) (uses Terraform) + +If you prefer, the following guide will take you through the same process in individual steps. Use this if you want to run Rancher in a different provider, on prem, or if you would just like to see how easy it is. + +- [Manual Install](helm-cli.md) diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md index 81442f401b9..5d3be8eeda1 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on DigitalOcean in a si :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -69,7 +69,7 @@ Two Kubernetes clusters are deployed into your DigitalOcean account, one running ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 5c52b03bc97..226a2e291d0 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -15,7 +15,7 @@ title: Rancher Equinix Metal Quick Start :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. The Docker install is not recommended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. The Docker install is not recommended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -42,7 +42,7 @@ Begin deploying an Equinix Metal Host. Equinix Metal Servers can be provisioned - When provisioning a new Equinix Metal Server via the CLI or API you will need to provide the following information: project-id, plan, metro, and operating-system. - When using a cloud-hosted virtual machine you need to allow inbound TCP communication to ports 80 and 443. Please see your cloud host's documentation for information regarding port configuration. - For a full list of port requirements, refer to [Docker Installation](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md). -- Provision the host according to our [Requirements](../../../pages-for-subheaders/installation-requirements.md). +- Provision the host according to our [Requirements](../../installation-and-upgrade/installation-requirements/installation-requirements.md). ::: ### 2. Install Rancher @@ -107,4 +107,4 @@ Congratulations! You have created your first cluster. #### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md index 22ef8bb7ec9..ef465375c60 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on GCP in a single-node :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -72,7 +72,7 @@ Two Kubernetes clusters are deployed into your GCP account, one running Rancher ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md index d262b7e2fff..07afc518a5a 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md @@ -14,7 +14,7 @@ We don't recommend installing Rancher locally because it creates a networking pr Your Linux machine can be anywhere. It could be an Amazon EC2 instance, a Digital Ocean droplet, or an Azure virtual machine, to name a few examples. Other Rancher docs often use 'node' as a generic term for all of these. One possible way to deploy a Linux machine is by setting up an Amazon EC2 instance as shown in [this tutorial](../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md). -The full installation requirements are [here](../../../pages-for-subheaders/installation-requirements.md). +The full installation requirements are [here](../../installation-and-upgrade/installation-requirements/installation-requirements.md). ## Install K3s on Linux @@ -151,6 +151,6 @@ Now if you navigate to `.sslip.io` in a web browser, you shoul To make these instructions simple, we used a fake domain name and self-signed certificates to do this installation. Therefore, you will probably need to add a security exception to your web browser to see the Rancher UI. Note that for production installs, you would need a high-availability setup with a load balancer, a real domain name and real certificates. -These instructions also left out the full installation requirements and other installation options. If you have any issues with these steps, refer to the full [Helm CLI installation docs.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) +These instructions also left out the full installation requirements and other installation options. If you have any issues with these steps, refer to the full [Helm CLI installation docs.](../../installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) -To launch new Kubernetes clusters with your new Rancher server, you may need to set up cloud credentials in Rancher. For more information, see [Launching Kubernetes clusters with Rancher.](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +To launch new Kubernetes clusters with your new Rancher server, you may need to set up cloud credentials in Rancher. For more information, see [Launching Kubernetes clusters with Rancher.](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md index 73774d54f0b..eb56bfbe452 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Hetzner Cloud in a s :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -71,7 +71,7 @@ Two Kubernetes clusters are deployed into your Hetzner account, one running Ranc ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md index 587da5e2011..5d4e03fc6b9 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Outscale in a single :::note -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -71,7 +71,7 @@ Two Kubernetes clusters are deployed into your Outscale account, one running Ran ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index efd3465ce22..484d86b20f0 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -10,7 +10,7 @@ The following steps quickly deploy a Rancher Server with a single node cluster a :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -46,7 +46,7 @@ The intent of these guides is to quickly launch a sandbox that you can use to ev ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.7/pages-for-subheaders/deploy-rancher-workloads.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md similarity index 60% rename from versioned_docs/version-2.7/pages-for-subheaders/deploy-rancher-workloads.md rename to versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md index b2898cd513b..e6042decd34 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/deploy-rancher-workloads.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md @@ -8,5 +8,5 @@ title: Deploying Workloads These guides walk you through the deployment of an application, including how to expose the application for use outside of the cluster. -- [Workload with Ingress](../getting-started/quick-start-guides/deploy-workloads/workload-ingress.md) -- [Workload with NodePort](../getting-started/quick-start-guides/deploy-workloads/nodeports.md) +- [Workload with Ingress](workload-ingress.md) +- [Workload with NodePort](nodeports.md) diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md index 92e71d701c5..a1624912313 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md @@ -23,7 +23,7 @@ For this workload, you'll be deploying the application Rancher Hello-World. 1. Click **Deployment**. 1. Enter a **Name** for your workload. 1. From the **Container Image** field, enter `rancher/hello-world`. This field is case-sensitive. -1. Click **Add Port** and `Cluster IP` for the `Service Type` and enter `80` in the **Private Container Port** field. You may leave the `Name` blank or specify any name that you wish. Adding a port enables access to the application inside and outside of the cluster. For more information, see [Services](../../../pages-for-subheaders/workloads-and-pods.md#services). +1. Click **Add Port** and `Cluster IP` for the `Service Type` and enter `80` in the **Private Container Port** field. You may leave the `Name` blank or specify any name that you wish. Adding a port enables access to the application inside and outside of the cluster. For more information, see [Services](../../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md#services). 1. Click **Create**. **Result:** diff --git a/versioned_docs/version-2.7/pages-for-subheaders/quick-start-guides.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/quick-start-guides.md similarity index 60% rename from versioned_docs/version-2.7/pages-for-subheaders/quick-start-guides.md rename to versioned_docs/version-2.7/getting-started/quick-start-guides/quick-start-guides.md index d4f0f9e26b9..955135a1d48 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/quick-start-guides.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/quick-start-guides.md @@ -8,7 +8,7 @@ title: Rancher Deployment Quick Start Guides :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -16,6 +16,6 @@ Use this section of the docs to jump start your deployment and testing of Ranche We have Quick Start Guides for: -- [Deploying Rancher Server](deploy-rancher-manager.md): Get started running Rancher using the method most convenient for you. +- [Deploying Rancher Server](deploy-rancher-manager/deploy-rancher-manager.md): Get started running Rancher using the method most convenient for you. -- [Deploying Workloads](deploy-rancher-workloads.md): Deploy a simple [workload](https://kubernetes.io/docs/concepts/workloads/) and expose it, letting you access it from outside the cluster. +- [Deploying Workloads](deploy-workloads/deploy-workloads.md): Deploy a simple [workload](https://kubernetes.io/docs/concepts/workloads/) and expose it, letting you access it from outside the cluster. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/advanced-user-guides.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/advanced-user-guides.md similarity index 100% rename from versioned_docs/version-2.7/pages-for-subheaders/advanced-user-guides.md rename to versioned_docs/version-2.7/how-to-guides/advanced-user-guides/advanced-user-guides.md diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md new file mode 100644 index 00000000000..790b7e1b6c1 --- /dev/null +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md @@ -0,0 +1,17 @@ +--- +title: CIS Scan Guides +--- + + + + + +- [Install rancher-cis-benchmark](install-rancher-cis-benchmark.md) +- [Uninstall rancher-cis-benchmark](uninstall-rancher-cis-benchmark.md) +- [Run a Scan](run-a-scan.md) +- [Run a Scan Periodically on a Schedule](run-a-scan-periodically-on-a-schedule.md) +- [Skip Tests](skip-tests.md) +- [View Reports](view-reports.md) +- [Enable Alerting for rancher-cis-benchmark](enable-alerting-for-rancher-cis-benchmark.md) +- [Configure Alerts for Periodic Scan on a Schedule](configure-alerts-for-periodic-scan-on-a-schedule.md) +- [Create a Custom Benchmark Version to Run](create-a-custom-benchmark-version-to-run.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md index 98ea1abfb3e..dc19b0a28ea 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md @@ -14,14 +14,14 @@ This install procedure walks you through deployment of Rancher using a single co ## Requirements for OS, Docker, Hardware, and Networking -Make sure that your node fulfills the general [installation requirements.](../../pages-for-subheaders/installation-requirements.md) +Make sure that your node fulfills the general [installation requirements.](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) ## Installation Outline ## 1. Provision Linux Host -Provision a single Linux host according to our [Requirements](../../pages-for-subheaders/installation-requirements.md) to launch your Rancher Server. +Provision a single Linux host according to our [Requirements](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) to launch your Rancher Server. ## 2. Choose an SSL Option and Install Rancher @@ -170,7 +170,7 @@ http { ## What's Next? - **Recommended:** Review Single Node [Backup](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. -- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md).
    @@ -192,7 +192,7 @@ If you want to record all transactions with the Rancher API, enable the [API Aud ### Air Gap -If you are visiting this page to complete an [Air Gap Installation](../../pages-for-subheaders/air-gapped-helm-cli-install.md), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. +If you are visiting this page to complete an [Air Gap Installation](../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. **Example:** @@ -212,7 +212,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -This operation requires [privileged access](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher). +This operation requires [privileged access](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher). This layer 7 NGINX configuration is tested on NGINX version 1.13 (mainline) and 1.14 (stable). diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-api-audit-log.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-api-audit-log.md index 297c24946ec..f0795669975 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-api-audit-log.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-api-audit-log.md @@ -63,7 +63,7 @@ kubectl -n cattle-system logs -f rancher-84d886bdbb-s4s69 rancher-audit-log #### Shipping the Audit Log -You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging](../../pages-for-subheaders/logging.md) for details. +You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging](../../integrations-in-rancher/logging/logging.md) for details. ## Audit Log Samples diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md index ccc1c4f4bff..41c3aa82aea 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md @@ -8,7 +8,7 @@ title: Continuous Delivery [Fleet](../../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md) comes preinstalled in Rancher can't be fully disabled. However, the Fleet feature for GitOps continuous delivery may be disabled using the `continuous-delivery` feature flag. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/versioned_docs/version-2.7/pages-for-subheaders/enable-experimental-features.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md similarity index 89% rename from versioned_docs/version-2.7/pages-for-subheaders/enable-experimental-features.md rename to versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md index 0e5ad863608..778f2b05451 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/enable-experimental-features.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md @@ -6,7 +6,7 @@ title: Enabling Experimental Features -Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type](../how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. +Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type](unsupported-storage-drivers.md) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. The features can be enabled in three ways: @@ -23,7 +23,7 @@ If no value has been set, Rancher uses the default value. Because the API sets the actual value and the command line sets the default value, that means that if you enable or disable a feature with the API or UI, it will override any value set with the command line. -For example, if you install Rancher, then set a feature flag to true with the Rancher API, then upgrade Rancher with a command that sets the feature flag to false, the default value will still be false, but the feature will still be enabled because it was set with the Rancher API. If you then deleted the set value (true) with the Rancher API, setting it to NULL, the default value (false) would take effect. See the [feature flags page](../getting-started/installation-and-upgrade/installation-references/feature-flags.md) for more information. +For example, if you install Rancher, then set a feature flag to true with the Rancher API, then upgrade Rancher with a command that sets the feature flag to false, the default value will still be false, but the feature will still be enabled because it was set with the Rancher API. If you then deleted the set value (true) with the Rancher API, setting it to NULL, the default value (false) would take effect. See the [feature flags page](../../../getting-started/installation-and-upgrade/installation-references/feature-flags.md) for more information. ## Enabling Features when Starting Rancher @@ -57,7 +57,7 @@ If you are installing an alpha version, Helm requires adding the `--devel` optio ### Enabling Features for Air Gap Installs -To perform an [air gap installation of Rancher](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md), add a Helm chart repository and download a Helm chart, then install Rancher with Helm. +To perform an [air gap installation of Rancher](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md), add a Helm chart repository and download a Helm chart, then install Rancher with Helm. When you install the Helm chart, you should pass in feature flag names in a comma separated list, as in the following example: diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md index d34b03f676d..ac7861a0d83 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md @@ -8,9 +8,9 @@ title: UI for Istio Virtual Services and Destination Rules This feature enables a UI that lets you create, read, update and delete virtual services and destination rules, which are traffic management features of Istio. -> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster](../../../pages-for-subheaders/istio-setup-guide.md) in order to use the feature. +> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster](../istio-setup-guide/istio-setup-guide.md) in order to use the feature. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Status | Available as of ---|---|---|--- diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md index 5c86ee60a66..4811efbae33 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md @@ -15,7 +15,7 @@ Running on an ARM64 platform is currently an experimental feature and is not yet The following options are available when using an ARM64 platform: - Running Rancher on ARM64 based node(s) - - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install link](../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md): + - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install link](../../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md): ``` # In the last line `rancher/rancher:vX.Y.Z`, be certain to replace "X.Y.Z" with a released version in which ARM64 builds exist. For example, if your matching version is v2.5.8, you would fill in this line with `rancher/rancher:v2.5.8`. diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md index 96fdd1b8845..3670d00e39b 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md @@ -8,7 +8,7 @@ title: Allowing Unsupported Storage Drivers This feature allows you to use types for storage providers and provisioners that are not enabled by default. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index 3ca93936f1f..ccc2009b0bc 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -23,11 +23,11 @@ title: 1. Enable Istio in the Cluster 1. If you have not already installed your own monitoring app, you will be prompted to install the rancher-monitoring app. Optional: Set your Selector or Scrape config options on rancher-monitoring app install. 1. Optional: Configure member access and [resource limits](../../../integrations-in-rancher/istio/cpu-and-memory-allocations.md) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. 1. Optional: Make additional configuration changes to values.yaml if needed. -1. Optional: Add further resources or configuration via the [overlay file](../../../pages-for-subheaders/configuration-options.md#overlay-file). +1. Optional: Add further resources or configuration via the [overlay file](../../../integrations-in-rancher/istio/configuration-options/configuration-options.md#overlay-file). 1. Click **Install**. **Result:** Istio is installed at the cluster level. ## Additional Config Options -For more information on configuring Istio, refer to the [configuration reference.](../../../pages-for-subheaders/configuration-options.md) +For more information on configuring Istio, refer to the [configuration reference.](../../../integrations-in-rancher/istio/configuration-options/configuration-options.md) diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md new file mode 100644 index 00000000000..4682e638ed0 --- /dev/null +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md @@ -0,0 +1,34 @@ +--- +title: Setup Guide +--- + + + + + +This section describes how to enable Istio and start using it in your projects. + +If you use Istio for traffic management, you will need to allow external traffic to the cluster. In that case, you will need to follow all of the steps below. + +## Prerequisites + +This guide assumes you have already [installed Rancher,](../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) and you have already [provisioned a separate Kubernetes cluster](../../new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) on which you will install Istio. + +The nodes in your cluster must meet the [CPU and memory requirements.](../../../integrations-in-rancher/istio/cpu-and-memory-allocations.md) + +The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) + +## Install + +:::tip Quick Setup Tip: + +If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway](set-up-istio-gateway.md) and [setting up Istio's components for traffic management.](set-up-traffic-management.md) + +::: + +1. [Enable Istio in the cluster.](enable-istio-in-cluster.md) +1. [Enable Istio in all the namespaces where you want to use it.](enable-istio-in-namespace.md) +1. [Add deployments and services that have the Istio sidecar injected.](use-istio-sidecar.md) +1. [Set up the Istio gateway. ](set-up-istio-gateway.md) +1. [Set up Istio's components for traffic management.](set-up-traffic-management.md) +1. [Generate traffic and see Istio in action.](generate-and-view-traffic.md) diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md index 9ea614fcb95..f23197fa02b 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md @@ -8,7 +8,7 @@ title: Applying Pod Security Policies to Projects :::note -These cluster options are only available for [clusters in which Rancher has launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +These cluster options are only available for [clusters in which Rancher has launched Kubernetes](../../new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ::: diff --git a/versioned_docs/version-2.7/pages-for-subheaders/manage-project-resource-quotas.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md similarity index 90% rename from versioned_docs/version-2.7/pages-for-subheaders/manage-project-resource-quotas.md rename to versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md index a3bc8183b57..ca734c02b26 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/manage-project-resource-quotas.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md @@ -10,9 +10,9 @@ In situations where several teams share a cluster, one team may overconsume the This page is a how-to guide for creating resource quotas in existing projects. -Resource quotas can also be set when a new project is created. For details, refer to the section on [creating new projects.](../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md#creating-projects) +Resource quotas can also be set when a new project is created. For details, refer to the section on [creating new projects.](../../../new-user-guides/manage-clusters/projects-and-namespaces.md#creating-projects) -Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to projects. For details on how resource quotas work with projects in Rancher, refer to [this page.](../how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas.md) +Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to projects. For details on how resource quotas work with projects in Rancher, refer to [this page.](about-project-resource-quotas.md) ### Applying Resource Quotas to Existing Projects @@ -34,7 +34,7 @@ Edit resource quotas when: 1. Expand **Resource Quotas** and click **Add Resource**. Alternatively, you can edit existing quotas. -1. Select a Resource Type. For more information on types, see the [quota type reference.](../how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/resource-quota-types.md) +1. Select a Resource Type. For more information on types, see the [quota type reference.](resource-quota-types.md) 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/manage-projects.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md similarity index 56% rename from versioned_docs/version-2.7/pages-for-subheaders/manage-projects.md rename to versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md index be308c7e342..0b16e16d3bc 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/manage-projects.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md @@ -19,18 +19,18 @@ Rancher projects resolve this issue by allowing you to apply resources and acces You can use projects to perform actions like: -- [Assign users access to a group of namespaces](../how-to-guides/new-user-guides/add-users-to-projects.md) -- Assign users [specific roles in a project](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). A role can be owner, member, read-only, or [custom](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md) -- [Set resource quotas](manage-project-resource-quotas.md) -- [Manage namespaces](../how-to-guides/new-user-guides/manage-namespaces.md) -- [Configure tools](../reference-guides/rancher-project-tools.md) -- [Configure pod security policies](../how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md) +- [Assign users access to a group of namespaces](../../new-user-guides/add-users-to-projects.md) +- Assign users [specific roles in a project](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). A role can be owner, member, read-only, or [custom](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md) +- [Set resource quotas](manage-project-resource-quotas/manage-project-resource-quotas.md) +- [Manage namespaces](../../new-user-guides/manage-namespaces.md) +- [Configure tools](../../../reference-guides/rancher-project-tools.md) +- [Configure pod security policies](manage-pod-security-policies.md) ### Authorization -Non-administrative users are only authorized for project access after an [administrator](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owner or member](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) adds them to the project's **Members** tab. +Non-administrative users are only authorized for project access after an [administrator](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owner or member](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owner](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) adds them to the project's **Members** tab. -Whoever creates the project automatically becomes a [project owner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). +Whoever creates the project automatically becomes a [project owner](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). ## Switching between Projects diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md new file mode 100644 index 00000000000..8d8d50df647 --- /dev/null +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md @@ -0,0 +1,14 @@ +--- +title: Monitoring/Alerting Guides +--- + + + + + +- [Enable monitoring](enable-monitoring.md) +- [Uninstall monitoring](uninstall-monitoring.md) +- [Monitoring workloads](set-up-monitoring-for-workloads.md) +- [Customizing Grafana dashboards](customize-grafana-dashboard.md) +- [Persistent Grafana dashboards](create-persistent-grafana-dashboard.md) +- [Debugging high memory usage](debug-high-memory-usage.md) diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md index b4f9fcc166f..589875199e8 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md @@ -8,7 +8,7 @@ title: Enable Prometheus Federator ## Requirements -By default, Prometheus Federator is configured and intended to be deployed alongside [rancher-monitoring](../../../../pages-for-subheaders/monitoring-and-alerting.md), which deploys Prometheus Operator alongside a Cluster Prometheus that each Project Monitoring Stack is configured to federate namespace-scoped metrics from by default. +By default, Prometheus Federator is configured and intended to be deployed alongside [rancher-monitoring](../../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md), which deploys Prometheus Operator alongside a Cluster Prometheus that each Project Monitoring Stack is configured to federate namespace-scoped metrics from by default. For instructions on installing rancher-monitoring, refer to [this page](../enable-monitoring.md). diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md new file mode 100644 index 00000000000..4651e682528 --- /dev/null +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md @@ -0,0 +1,12 @@ +--- +title: Prometheus Federator Guides +--- + + + + + +- [Enable Prometheus Operator](enable-prometheus-federator.md) +- [Uninstall Prometheus Operator](uninstall-prometheus-federator.md) +- [Customize Grafana Dashboards](customize-grafana-dashboards.md) +- [Set Up Workloads](set-up-workloads.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/advanced-configuration.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md similarity index 51% rename from versioned_docs/version-2.7/pages-for-subheaders/advanced-configuration.md rename to versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md index 87efa2a0f9e..35de246d3de 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/advanced-configuration.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md @@ -8,12 +8,12 @@ title: Advanced Configuration ### Alertmanager -For information on configuring the Alertmanager custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +For information on configuring the Alertmanager custom resource, see [this page.](alertmanager.md) ### Prometheus -For information on configuring the Prometheus custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +For information on configuring the Prometheus custom resource, see [this page.](prometheus.md) ### PrometheusRules -For information on configuring the Prometheus custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) \ No newline at end of file +For information on configuring the Prometheus custom resource, see [this page.](prometheusrules.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/monitoring-v2-configuration-guides.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md similarity index 74% rename from versioned_docs/version-2.7/pages-for-subheaders/monitoring-v2-configuration-guides.md rename to versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md index bd0de341f46..46e41afd605 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/monitoring-v2-configuration-guides.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md @@ -12,7 +12,7 @@ For information on configuring custom scrape targets and rules for Prometheus, p ## Setting Resource Limits and Requests -The resource requests and limits for the monitoring application can be configured when installing `rancher-monitoring`. For more information about the default limits, see [this page.](../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) +The resource requests and limits for the monitoring application can be configured when installing `rancher-monitoring`. For more information about the default limits, see [this page.](../../../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) :::tip @@ -29,11 +29,11 @@ Instead, to configure Prometheus to scrape custom metrics, you will only need to ### ServiceMonitor and PodMonitor Configuration -For details, see [this page.](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) +For details, see [this page.](../../../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) ### Advanced Prometheus Configuration -For more information about directly editing the Prometheus custom resource, which may be helpful in advanced use cases, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +For more information about directly editing the Prometheus custom resource, which may be helpful in advanced use cases, see [this page.](advanced-configuration/prometheus.md) ## Alertmanager Configuration @@ -41,15 +41,15 @@ The Alertmanager custom resource usually doesn't need to be edited directly. For Routes and receivers are part of the configuration of the alertmanager custom resource. In the Rancher UI, Routes and Receivers are not true custom resources, but pseudo-custom resources that the Prometheus Operator uses to synchronize your configuration with the Alertmanager custom resource. When routes and receivers are updated, the monitoring application will automatically update Alertmanager to reflect those changes. -For some advanced use cases, you may want to configure alertmanager directly. For more information, refer to [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +For some advanced use cases, you may want to configure alertmanager directly. For more information, refer to [this page.](advanced-configuration/alertmanager.md) ### Receivers -Receivers are used to set up notifications. For details on how to configure receivers, see [this page.](../reference-guides/monitoring-v2-configuration/receivers.md) +Receivers are used to set up notifications. For details on how to configure receivers, see [this page.](../../../reference-guides/monitoring-v2-configuration/receivers.md) ### Routes -Routes filter notifications before they reach receivers. Each route needs to refer to a receiver that has already been configured. For details on how to configure routes, see [this page.](../reference-guides/monitoring-v2-configuration/routes.md) +Routes filter notifications before they reach receivers. Each route needs to refer to a receiver that has already been configured. For details on how to configure routes, see [this page.](../../../reference-guides/monitoring-v2-configuration/routes.md) ### Advanced -For more information about directly editing the Alertmanager custom resource, which may be helpful in advanced use cases, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) \ No newline at end of file +For more information about directly editing the Alertmanager custom resource, which may be helpful in advanced use cases, see [this page.](advanced-configuration/alertmanager.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md index 90ba4bd4e8c..2369abe3948 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md @@ -35,7 +35,7 @@ You can check the default firewall rules with this command: sudo iptables --list ``` -This section describes how to use `firewalld` to apply the [firewall port rules](../../pages-for-subheaders/installation-requirements.md#port-requirements) for nodes in a high-availability Rancher server cluster. +This section describes how to use `firewalld` to apply the [firewall port rules](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) for nodes in a high-availability Rancher server cluster. ## Prerequisite diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md index 7d803ff697e..59757908a7b 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md @@ -6,7 +6,7 @@ title: Tuning etcd for Large Installations -When Rancher is used to manage [a large infrastructure](../../pages-for-subheaders/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. +When Rancher is used to manage [a large infrastructure](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. The etcd data set is automatically cleaned up on a five minute interval by Kubernetes. There are situations, e.g. deployment thrashing, where enough events could be written to etcd and deleted before garbage collection occurs and cleans things up causing the keyspace to fill up. If you see `mvcc: database space exceeded` errors, in the etcd logs or Kubernetes API server logs, you should consider increasing the keyspace size. This can be accomplished by setting the [quota-backend-bytes](https://etcd.io/docs/v3.4.0/op-guide/maintenance/#space-quota) setting on the etcd servers. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md new file mode 100644 index 00000000000..6f6ed6821da --- /dev/null +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md @@ -0,0 +1,51 @@ +--- +title: About Provisioning Drivers +--- + + + + + +Drivers in Rancher allow you to manage which providers can be used to deploy [hosted Kubernetes clusters](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. + +### Rancher Drivers + +With Rancher drivers, you can enable/disable existing built-in drivers that are packaged in Rancher. Alternatively, you can add your own driver if Rancher has not yet implemented it. + +There are two types of drivers within Rancher: + +* [Cluster Drivers](#cluster-drivers) +* [Node Drivers](#node-drivers) + +### Cluster Drivers + +Cluster drivers are used to provision [hosted Kubernetes clusters](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md), such as GKE, EKS, AKS, etc.. The availability of which cluster driver to display when creating a cluster is defined based on the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters for hosted Kubernetes clusters. By default, Rancher is packaged with several existing cluster drivers, but you can also create custom cluster drivers to add to Rancher. + +By default, Rancher has activated several hosted Kubernetes cloud providers including: + +* [Amazon EKS](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) +* [Google GKE](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) +* [Azure AKS](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) + +There are several other hosted Kubernetes cloud providers that are disabled by default, but are packaged in Rancher: + +* [Alibaba ACK](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) +* [Huawei CCE](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) +* [Tencent](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) + +### Node Drivers + +Node drivers are used to provision hosts, which Rancher uses to launch and manage Kubernetes clusters. A node driver is the same as a [Docker Machine driver](https://docs.docker.com/machine/drivers/). The availability of which node driver to display when creating node templates is defined based on the node driver's status. Only `active` node drivers will be displayed as an option for creating node templates. By default, Rancher is packaged with many existing Docker Machine drivers, but you can also create custom node drivers to add to Rancher. + +If there are specific node drivers that you don't want to show to your users, you would need to de-activate these node drivers. + +Rancher supports several major cloud providers, but by default, these node drivers are active and available for deployment: + +* [Amazon EC2](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) +* [Azure](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md) +* [Digital Ocean](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md) +* [vSphere](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md) + +There are several other node drivers that are disabled by default, but are packaged in Rancher: + +* [Harvester](../../../../integrations-in-rancher/harvester.md#harvester-node-driver/), available in Rancher v2.6.1 diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md index 8d265e034f8..4e0819074a8 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md @@ -6,7 +6,7 @@ title: Cluster Drivers -Cluster drivers are used to create clusters in a [hosted Kubernetes provider](../../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md), such as Google GKE. The availability of which cluster driver to display when creating clusters is defined by the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters. By default, Rancher is packaged with several existing cloud provider cluster drivers, but you can also add custom cluster drivers to Rancher. +Cluster drivers are used to create clusters in a [hosted Kubernetes provider](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md), such as Google GKE. The availability of which cluster driver to display when creating clusters is defined by the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters. By default, Rancher is packaged with several existing cloud provider cluster drivers, but you can also add custom cluster drivers to Rancher. If there are specific cluster drivers that you do not want to show your users, you may deactivate those cluster drivers within Rancher and they will not appear as an option for cluster creation. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/about-rke1-templates.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md similarity index 58% rename from versioned_docs/version-2.7/pages-for-subheaders/about-rke1-templates.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md index 601a622a581..eab13feb274 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/about-rke1-templates.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md @@ -18,7 +18,7 @@ Admins control which cluster options can be changed by end users. RKE templates If a cluster was created with an RKE template, you can't change it to a different RKE template. You can only update the cluster to a new revision of the same template. -You can [save the configuration of an existing cluster as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. The new template can also be used to launch new clusters. +You can [save the configuration of an existing cluster as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. The new template can also be used to launch new clusters. The core features of RKE templates allow DevOps and security teams to: @@ -49,24 +49,24 @@ The [add-on section](#add-ons) of an RKE template is especially powerful because RKE templates are supported for Rancher-provisioned clusters. The templates can be used to provision custom clusters or clusters that are launched by an infrastructure provider. -RKE templates are for defining Kubernetes and Rancher settings. Node templates are responsible for configuring nodes. For tips on how to use RKE templates in conjunction with hardware, refer to [RKE Templates and Hardware](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md). +RKE templates are for defining Kubernetes and Rancher settings. Node templates are responsible for configuring nodes. For tips on how to use RKE templates in conjunction with hardware, refer to [RKE Templates and Hardware](infrastructure.md). RKE templates can be created from scratch to pre-define cluster configuration. They can be applied to launch new clusters, or templates can also be exported from existing running clusters. -The settings of an existing cluster can be [saved as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) This creates a new template and binds the cluster settings to the template, so that the cluster can only be upgraded if the [template is updated](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#updating-a-template), and the cluster is upgraded to [use a newer version of the template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) The new template can also be used to create new clusters. +The settings of an existing cluster can be [saved as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) This creates a new template and binds the cluster settings to the template, so that the cluster can only be upgraded if the [template is updated](manage-rke1-templates.md#updating-a-template), and the cluster is upgraded to [use a newer version of the template.](manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) The new template can also be used to create new clusters. ## Example Scenarios When an organization has both basic and advanced Rancher users, administrators might want to give the advanced users more options for cluster creation, while restricting the options for basic users. -These [example scenarios](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md) describe how an organization could use templates to standardize cluster creation. +These [example scenarios](example-use-cases.md) describe how an organization could use templates to standardize cluster creation. Some of the example scenarios include the following: -- **Enforcing templates:** Administrators might want to [enforce one or more template settings for everyone](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#enforcing-a-template-setting-for-everyone) if they want all new Rancher-provisioned clusters to have those settings. -- **Sharing different templates with different users:** Administrators might give [different templates to basic and advanced users,](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#templates-for-basic-and-advanced-users) so that basic users can have more restricted options and advanced users can use more discretion when creating clusters. -- **Updating template settings:** If an organization's security and DevOps teams decide to embed best practices into the required settings for new clusters, those best practices could change over time. If the best practices change, [a template can be updated to a new revision](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#updating-templates-and-clusters-created-with-them) and clusters created from the template can [upgrade to the new version](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) of the template. -- **Sharing ownership of a template:** When a template owner no longer wants to maintain a template, or wants to share ownership of the template, this scenario describes how [template ownership can be shared.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#allowing-other-users-to-control-and-share-a-template) +- **Enforcing templates:** Administrators might want to [enforce one or more template settings for everyone](example-use-cases.md#enforcing-a-template-setting-for-everyone) if they want all new Rancher-provisioned clusters to have those settings. +- **Sharing different templates with different users:** Administrators might give [different templates to basic and advanced users,](example-use-cases.md#templates-for-basic-and-advanced-users) so that basic users can have more restricted options and advanced users can use more discretion when creating clusters. +- **Updating template settings:** If an organization's security and DevOps teams decide to embed best practices into the required settings for new clusters, those best practices could change over time. If the best practices change, [a template can be updated to a new revision](example-use-cases.md#updating-templates-and-clusters-created-with-them) and clusters created from the template can [upgrade to the new version](manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) of the template. +- **Sharing ownership of a template:** When a template owner no longer wants to maintain a template, or wants to share ownership of the template, this scenario describes how [template ownership can be shared.](example-use-cases.md#allowing-other-users-to-control-and-share-a-template) ## Template Management @@ -82,34 +82,34 @@ For the settings that cannot be overridden, the end user will not be able to dir The documents in this section explain the details of RKE template management: -- [Getting permission to create templates](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/creator-permissions.md) -- [Creating and revising templates](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md) -- [Enforcing template settings](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/enforce-templates.md#requiring-new-clusters-to-use-an-rke-template) -- [Overriding template settings](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/override-template-settings.md) -- [Sharing templates with cluster creators](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) -- [Sharing ownership of a template](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md#sharing-ownership-of-templates) +- [Getting permission to create templates](creator-permissions.md) +- [Creating and revising templates](manage-rke1-templates.md) +- [Enforcing template settings](enforce-templates.md#requiring-new-clusters-to-use-an-rke-template) +- [Overriding template settings](override-template-settings.md) +- [Sharing templates with cluster creators](access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) +- [Sharing ownership of a template](access-or-share-templates.md#sharing-ownership-of-templates) -An [example YAML configuration file for a template](../reference-guides/rke1-template-example-yaml.md) is provided for reference. +An [example YAML configuration file for a template](../../../../reference-guides/rke1-template-example-yaml.md) is provided for reference. ## Applying Templates -You can [create a cluster from a template](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#creating-a-cluster-from-an-rke-template) that you created, or from a template that has been [shared with you.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md) +You can [create a cluster from a template](apply-templates.md#creating-a-cluster-from-an-rke-template) that you created, or from a template that has been [shared with you.](access-or-share-templates.md) -If the RKE template owner creates a new revision of the template, you can [upgrade your cluster to that revision.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#updating-a-cluster-created-with-an-rke-template) +If the RKE template owner creates a new revision of the template, you can [upgrade your cluster to that revision.](apply-templates.md#updating-a-cluster-created-with-an-rke-template) RKE templates can be created from scratch to pre-define cluster configuration. They can be applied to launch new clusters, or templates can also be exported from existing running clusters. -You can [save the configuration of an existing cluster as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. +You can [save the configuration of an existing cluster as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. ## Standardizing Hardware -RKE templates are designed to standardize Kubernetes and Rancher settings. If you want to standardize your infrastructure as well, one option is to use RKE templates [in conjunction with other tools](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md). +RKE templates are designed to standardize Kubernetes and Rancher settings. If you want to standardize your infrastructure as well, one option is to use RKE templates [in conjunction with other tools](infrastructure.md). -Another option is to use [cluster templates,](../how-to-guides/new-user-guides/manage-clusters/manage-cluster-templates.md) which include node pool configuration options, but don't provide configuration enforcement. +Another option is to use [cluster templates,](../../manage-clusters/manage-cluster-templates.md) which include node pool configuration options, but don't provide configuration enforcement. ## YAML Customization -If you define an RKE template as a YAML file, you can modify this [example RKE template YAML](../reference-guides/rke1-template-example-yaml.md). The YAML in the RKE template uses the same customization that Rancher uses when creating an RKE cluster, but since the YAML is located within the context of a Rancher provisioned cluster, you will need to nest the RKE template customization under the `rancher_kubernetes_engine_config` directive in the YAML. +If you define an RKE template as a YAML file, you can modify this [example RKE template YAML](../../../../reference-guides/rke1-template-example-yaml.md). The YAML in the RKE template uses the same customization that Rancher uses when creating an RKE cluster, but since the YAML is located within the context of a Rancher provisioned cluster, you will need to nest the RKE template customization under the `rancher_kubernetes_engine_config` directive in the YAML. The RKE documentation also has [annotated](https://rancher.com/docs/rke/latest/en/example-yamls/) `cluster.yml` files that you can use for reference. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md index 1818e9076ff..7f95ca305be 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md @@ -17,7 +17,7 @@ You can't change a cluster to use a different RKE template. You can only update ### Creating a Cluster from an RKE Template -To add a cluster [hosted by an infrastructure provider](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) using an RKE template, use these steps: +To add a cluster [hosted by an infrastructure provider](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) using an RKE template, use these steps: 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create** and choose the infrastructure provider. @@ -31,7 +31,7 @@ To add a cluster [hosted by an infrastructure provider](../../../../pages-for-su When the template owner creates a template, each setting has a switch in the Rancher UI that indicates if users can override the setting. -- If the setting allows a user override, you can update these settings in the cluster by [editing the cluster.](../../../../pages-for-subheaders/cluster-configuration.md) +- If the setting allows a user override, you can update these settings in the cluster by [editing the cluster.](../../../../reference-guides/cluster-configuration/cluster-configuration.md) - If the switch is turned off, you cannot change these settings unless the cluster owner creates a template revision that lets you override them. If there are settings that you want to change, but don't have the option to, you will need to contact the template owner to get a new revision of the template. If a cluster was created from an RKE template, you can edit the cluster to update the cluster to a new revision of the template. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md index 0b2b6f8b8eb..54a2897d38c 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md @@ -58,7 +58,7 @@ When you need to make changes to your infrastructure, instead of manually updati This section describes one way that you can make security and compliance-related config files standard in your clusters. -When you create a [CIS benchmark compliant cluster,](../../../../pages-for-subheaders/rancher-security.md) you have an encryption config file and an audit log config file. +When you create a [CIS benchmark compliant cluster,](../../../../reference-guides/rancher-security/rancher-security.md) you have an encryption config file and an audit log config file. Your infrastructure provisioning system can write those files to disk. Then in your RKE template, you would specify where those files will be, then add your encryption config file and audit log config file as extra mounts to the `kube-api-server`. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md index e9eac6fe7f6..6e8c75fe8d7 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md @@ -30,7 +30,7 @@ You can revise, share, and delete a template if you are an owner of the template 1. Optional: Share the template with other users or groups by [adding them as members.](access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) You can also make the template public to share with everyone in the Rancher setup. 1. Then follow the form on screen to save the cluster configuration parameters as part of the template's revision. The revision can be marked as default for this template. -**Result:** An RKE template with one revision is configured. You can use this RKE template revision later when you [provision a Rancher-launched cluster](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). After a cluster is managed by an RKE template, it cannot be disconnected and the option to uncheck **Use an existing RKE Template and Revision** will be unavailable. +**Result:** An RKE template with one revision is configured. You can use this RKE template revision later when you [provision a Rancher-launched cluster](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). After a cluster is managed by an RKE template, it cannot be disconnected and the option to uncheck **Use an existing RKE Template and Revision** will be unavailable. ### Updating a Template diff --git a/versioned_docs/version-2.7/pages-for-subheaders/authentication-config.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md similarity index 78% rename from versioned_docs/version-2.7/pages-for-subheaders/authentication-config.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md index f1bb3e3ce42..8db0c73fb3c 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/authentication-config.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md @@ -17,26 +17,26 @@ The Rancher authentication proxy integrates with the following external authenti | Auth Service | | ------------------------------------------------------------------------------------------------ | -| [Microsoft Active Directory](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md) | -| [GitHub](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md) | -| [Microsoft Azure AD](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md) | -| [FreeIPA](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md) | -| [OpenLDAP](configure-openldap.md) | -| [Microsoft AD FS](configure-microsoft-ad-federation-service-saml.md) | -| [PingIdentity](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-pingidentity.md) | -| [Keycloak (OIDC)](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-oidc.md) | -| [Keycloak (SAML)](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-saml.md) | -| [Okta](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md) | -| [Google OAuth](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-google-oauth.md) | -| [Shibboleth](configure-shibboleth-saml.md) | +| [Microsoft Active Directory](configure-active-directory.md) | +| [GitHub](configure-github.md) | +| [Microsoft Azure AD](configure-azure-ad.md) | +| [FreeIPA](configure-freeipa.md) | +| [OpenLDAP](../configure-openldap/configure-openldap.md) | +| [Microsoft AD FS](../configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md) | +| [PingIdentity](configure-pingidentity.md) | +| [Keycloak (OIDC)](configure-keycloak-oidc.md) | +| [Keycloak (SAML)](configure-keycloak-saml.md) | +| [Okta](configure-okta-saml.md) | +| [Google OAuth](configure-google-oauth.md) | +| [Shibboleth](../configure-shibboleth-saml/configure-shibboleth-saml.md) | -However, Rancher also provides [local authentication](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/create-local-users.md). +However, Rancher also provides [local authentication](create-local-users.md). In most cases, you should use an external authentication service over local authentication, as external authentication allows user management from a central location. However, you may want a few local authentication users for managing Rancher under rare circumstances, such as if your external authentication provider is unavailable or undergoing maintenance. ## Users and Groups -Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When authenticating with an external provider, groups are provided from the external provider based on the user. These users and groups are given specific roles to resources like clusters, projects, multi-cluster apps, and global DNS providers and entries. When you give access to a group, all users who are a member of that group in the authentication provider will be able to access the resource with the permissions that you've specified. For more information on roles and permissions, see [Role Based Access Control](manage-role-based-access-control-rbac.md). +Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When authenticating with an external provider, groups are provided from the external provider based on the user. These users and groups are given specific roles to resources like clusters, projects, multi-cluster apps, and global DNS providers and entries. When you give access to a group, all users who are a member of that group in the authentication provider will be able to access the resource with the permissions that you've specified. For more information on roles and permissions, see [Role Based Access Control](../manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). :::note @@ -44,7 +44,7 @@ Local authentication does not support creating or managing groups. ::: -For more information, see [Users and Groups](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md) +For more information, see [Users and Groups](manage-users-and-groups.md) ## Scope of Rancher Authorization diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md index b24c4879071..b3f2f9a3a09 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md @@ -8,11 +8,11 @@ title: Configure Active Directory (AD) If your organization uses Microsoft Active Directory as central user repository, you can configure Rancher to communicate with an Active Directory server to authenticate users. This allows Rancher admins to control access to clusters and projects based on users and groups managed externally in the Active Directory, while allowing end-users to authenticate with their AD credentials when logging in to the Rancher UI. -Rancher uses LDAP to communicate with the Active Directory server. The authentication flow for Active Directory is therefore the same as for the [OpenLDAP authentication](../../../../pages-for-subheaders/configure-openldap.md) integration. +Rancher uses LDAP to communicate with the Active Directory server. The authentication flow for Active Directory is therefore the same as for the [OpenLDAP authentication](../configure-openldap/configure-openldap.md) integration. :::note -Before you start, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +Before you start, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md index 1c6a4d02e40..87b27a419c4 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md @@ -325,5 +325,5 @@ Token Endpoint | https://login.partner.microsoftonline.cn/{tenantID}/oauth2/v2 > >- If you don't wish to upgrade to v2.7.0+ after the Azure AD Graph API is retired, you'll need to either: - Use the built-in Rancher auth or - - Use another third-party auth system and set that up in Rancher. Please see the [authentication docs](../../../../pages-for-subheaders/authentication-config.md) to learn how to configure other open authentication providers. + - Use another third-party auth system and set that up in Rancher. Please see the [authentication docs](authentication-config.md) to learn how to configure other open authentication providers. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md index 0fe6995d4ae..1b1526bca7d 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md @@ -12,7 +12,7 @@ If your organization uses FreeIPA for user authentication, you can configure Ran - You must have a [FreeIPA Server](https://www.freeipa.org/) configured. - Create a service account in FreeIPA with `read-only` access. Rancher uses this account to verify group membership when a user makes a request using an API key. -- Read [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +- Read [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md index 960d968de8d..c36d087ab5d 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md @@ -10,7 +10,7 @@ In environments using GitHub, you can configure Rancher to allow sign on using G :::note Prerequisites: -Read [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +Read [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md index cf84a9998a6..d53a871ad0b 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md @@ -100,7 +100,7 @@ The OpenLDAP service account is used for all searches. Rancher users will see us [Configure the settings](../configure-openldap/openldap-config-reference.md) for the OpenLDAP server, groups and users. Note that nested group membership isn't available. -> Before you proceed with the configuration, please familiarise yourself with [external authentication configuration and principal users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with [external authentication configuration and principal users](authentication-config.md#external-authentication-configuration-and-principal-users). 1. Sign into Rancher using a local user assigned the [administrator](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions) role (i.e., the _local principal_). 1. In the top left corner, click **☰ > Users & Authentication**. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md index 38fc2a6403c..ec39be1f01b 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md @@ -8,7 +8,7 @@ title: Users and Groups Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When you configure an external authentication provider, users from that provider will be able to log in to your Rancher server. When a user logs in, the authentication provider will supply your Rancher server with a list of groups to which the user belongs. -Access to clusters, projects, multi-cluster apps, and global DNS providers and entries can be controlled by adding either individual users or groups to these resources. When you add a group to a resource, all users who are members of that group in the authentication provider, will be able to access the resource with the permissions that you've specified for the group. For more information on roles and permissions, see [Role Based Access Control](../../../../pages-for-subheaders/manage-role-based-access-control-rbac.md). +Access to clusters, projects, multi-cluster apps, and global DNS providers and entries can be controlled by adding either individual users or groups to these resources. When you add a group to a resource, all users who are members of that group in the authentication provider, will be able to access the resource with the permissions that you've specified for the group. For more information on roles and permissions, see [Role Based Access Control](../manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). ## Managing Members diff --git a/versioned_docs/version-2.7/pages-for-subheaders/authentication-permissions-and-global-configuration.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md similarity index 63% rename from versioned_docs/version-2.7/pages-for-subheaders/authentication-permissions-and-global-configuration.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md index ae1a7e2fdd4..cc205b4ec02 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/authentication-permissions-and-global-configuration.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md @@ -6,7 +6,7 @@ title: Authentication, Permissions and Global Settings -After installation, the [system administrator](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md) should configure Rancher to configure authentication, authorization, security, default settings, security policies, drivers and global DNS entries. +After installation, the [system administrator](manage-role-based-access-control-rbac/global-permissions.md) should configure Rancher to configure authentication, authorization, security, default settings, security policies, drivers and global DNS entries. ## First Log In @@ -22,35 +22,35 @@ After you set the Rancher Server URL, we do not support updating it. Set the URL One of the key features that Rancher adds to Kubernetes is centralized user authentication. This feature allows to set up local users and/or connect to an external authentication provider. By connecting to an external authentication provider, you can leverage that provider's user and groups. -For more information how authentication works and how to configure each provider, see [Authentication](authentication-config.md). +For more information how authentication works and how to configure each provider, see [Authentication](authentication-config/authentication-config.md). ## Authorization Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. Once the user logs in to Rancher, their _authorization_, or their access rights within the system, is determined by the user's role. Rancher provides built-in roles to allow you to easily configure a user's permissions to resources, but Rancher also provides the ability to customize the roles for each Kubernetes resource. -For more information how authorization works and how to customize roles, see [Roles Based Access Control (RBAC)](manage-role-based-access-control-rbac.md). +For more information how authorization works and how to customize roles, see [Roles Based Access Control (RBAC)](manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). ## Pod Security Policies _Pod Security Policies_ (or PSPs) are objects that control security-sensitive aspects of pod specification, e.g. root privileges. If a pod does not meet the conditions specified in the PSP, Kubernetes will not allow it to start, and Rancher will display an error message. -For more information how to create and use PSPs, see [Pod Security Policies](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md). +For more information how to create and use PSPs, see [Pod Security Policies](create-pod-security-policies.md). ## Provisioning Drivers -Drivers in Rancher allow you to manage which providers can be used to provision [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. +Drivers in Rancher allow you to manage which providers can be used to provision [hosted Kubernetes clusters](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. -For more information, see [Provisioning Drivers](about-provisioning-drivers.md). +For more information, see [Provisioning Drivers](about-provisioning-drivers/about-provisioning-drivers.md). ## Adding Kubernetes Versions into Rancher With this feature, you can upgrade to the latest version of Kubernetes as soon as it is released, without upgrading Rancher. This feature allows you to easily upgrade Kubernetes patch versions (i.e. `v1.15.X`), but not intended to upgrade Kubernetes minor versions (i.e. `v1.X.0`) as Kubernetes tends to deprecate or add APIs between minor versions. -The information that Rancher uses to provision [RKE clusters](launch-kubernetes-with-rancher.md) is now located in the Rancher Kubernetes Metadata. For details on metadata configuration and how to change the Kubernetes version used for provisioning RKE clusters, see [Rancher Kubernetes Metadata.](../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md) +The information that Rancher uses to provision [RKE clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) is now located in the Rancher Kubernetes Metadata. For details on metadata configuration and how to change the Kubernetes version used for provisioning RKE clusters, see [Rancher Kubernetes Metadata.](../../../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md) -Rancher Kubernetes Metadata contains Kubernetes version information which Rancher uses to provision [RKE clusters](launch-kubernetes-with-rancher.md). +Rancher Kubernetes Metadata contains Kubernetes version information which Rancher uses to provision [RKE clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). -For more information on how metadata works and how to configure metadata config, see [Rancher Kubernetes Metadata](../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md). +For more information on how metadata works and how to configure metadata config, see [Rancher Kubernetes Metadata](../../../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md). ## Global Settings @@ -60,18 +60,18 @@ Click **☰** in the top left corner, then select **Global Settings**, to view a - **Settings**: Various Rancher defaults, such as the minimum length for a user's password (`password-min-length`). You should be cautious when modifying these settings, as invalid values may break your Rancher installation. - **Feature Flags**: Rancher features that can be toggled on or off. Some of these flags are for [experimental features](#enabling-experimental-features). -- **Banners**: Elements you can add to fixed locations on the portal. For example, you can use these options to [set a custom banner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/custom-branding.md#fixed-banners) for users when they login to Rancher. -- **Branding**: Rancher UI design elements that you can [customize](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/custom-branding.md). You can add a custom logo or favicon, and modify UI colors. +- **Banners**: Elements you can add to fixed locations on the portal. For example, you can use these options to [set a custom banner](custom-branding.md#fixed-banners) for users when they login to Rancher. +- **Branding**: Rancher UI design elements that you can [customize](custom-branding.md). You can add a custom logo or favicon, and modify UI colors. - **Performance**: Performance settings for the Rancher UI, such as incremental resource loading. - **Home Links**: Links displayed on the Rancher UI **Home** page. You can modify visibility for the default links or add your own links. ### Enabling Experimental Features -Rancher includes some features that are experimental and/or disabled by default. Feature flags allow you to enable these features. For more information, refer to the section about [feature flags.](enable-experimental-features.md) +Rancher includes some features that are experimental and/or disabled by default. Feature flags allow you to enable these features. For more information, refer to the section about [feature flags.](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md) ### Global Configuration -**Global Configuration** options aren't visible unless you activate the **legacy** [feature flag](enable-experimental-features.md). The **legacy** flag is disabled by default on fresh Rancher installs of v2.6 and later. If you upgrade from an earlier Rancher version, or activate the **legacy** feature flag on Rancher v2.6 and later, **Global Configuration** is available from the top navigation menu: +**Global Configuration** options aren't visible unless you activate the **legacy** [feature flag](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md). The **legacy** flag is disabled by default on fresh Rancher installs of v2.6 and later. If you upgrade from an earlier Rancher version, or activate the **legacy** feature flag on Rancher v2.6 and later, **Global Configuration** is available from the top navigation menu: 1. Click **☰** in the top left corner. 1. Select **Global Configuration** from the **Legacy Apps**. @@ -82,4 +82,4 @@ The following features are available under **Global Configuration**: - **Global DNS Entries** - **Global DNS Providers** -As these are legacy features, please see the Rancher v2.0—v2.4 docs on [catalogs](../../version-2.0-2.4/pages-for-subheaders/helm-charts-in-rancher.md), [global DNS entries](../../version-2.0-2.4/how-to-guides/new-user-guides/helm-charts-in-rancher/globaldns.md#adding-a-global-dns-entry), and [global DNS providers](../../version-2.0-2.4/how-to-guides/new-user-guides/helm-charts-in-rancher/globaldns.md#editing-a-global-dns-provider) for more details. \ No newline at end of file +As these are legacy features, please see the Rancher v2.0—v2.4 docs on [catalogs](../../../../version-2.0-2.4/pages-for-subheaders/helm-charts-in-rancher.md), [global DNS entries](../../../../version-2.0-2.4/how-to-guides/new-user-guides/helm-charts-in-rancher/globaldns.md#adding-a-global-dns-entry), and [global DNS providers](../../../../version-2.0-2.4/how-to-guides/new-user-guides/helm-charts-in-rancher/globaldns.md#editing-a-global-dns-provider) for more details. \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md similarity index 76% rename from versioned_docs/version-2.7/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md index 8662bf782fb..e10056cc0ae 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md @@ -24,8 +24,8 @@ You must have a [Microsoft AD FS Server](https://docs.microsoft.com/en-us/window Setting up Microsoft AD FS with Rancher Server requires configuring AD FS on your Active Directory server, and configuring Rancher to utilize your AD FS server. The following pages serve as guides for setting up Microsoft AD FS authentication on your Rancher installation. -- [1. Configuring Microsoft AD FS for Rancher](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) -- [2. Configuring Rancher for Microsoft AD FS](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-rancher-for-ms-adfs.md) +- [1. Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md) +- [2. Configuring Rancher for Microsoft AD FS](configure-rancher-for-ms-adfs.md) :::note SAML Provider Caveats: @@ -37,4 +37,4 @@ Setting up Microsoft AD FS with Rancher Server requires configuring AD FS on you ::: -### [Next: Configuring Microsoft AD FS for Rancher](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) +### [Next: Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/configure-openldap.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md similarity index 90% rename from versioned_docs/version-2.7/pages-for-subheaders/configure-openldap.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md index 9eb5fc7db2a..9285e08ef8b 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/configure-openldap.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md @@ -18,9 +18,9 @@ Rancher must be configured with a LDAP bind account (aka service account) to sea ## Configure OpenLDAP in Rancher -Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md) +Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](openldap-config-reference.md) -> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). 1. In the top left corner, click **☰ > Users & Authentication**. 1. In the left navigation menu, click **Auth Provider**. @@ -53,4 +53,4 @@ You will still be able to login using the locally configured `admin` account and ## Annex: Troubleshooting -If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. +If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../../../../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md index bd6f5454ba2..54d62bb9dd1 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md @@ -8,7 +8,7 @@ title: OpenLDAP Configuration Reference For further details on configuring OpenLDAP authentication, refer to the [official documentation.](https://www.openldap.org/doc/) -> Before you proceed with the configuration, please familiarize yourself with the concepts of [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarize yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). ## Background: OpenLDAP Authentication Flow diff --git a/versioned_docs/version-2.7/pages-for-subheaders/configure-shibboleth-saml.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md similarity index 91% rename from versioned_docs/version-2.7/pages-for-subheaders/configure-shibboleth-saml.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md index ea45e5311b6..482adb05a97 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/configure-shibboleth-saml.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md @@ -12,7 +12,7 @@ In this configuration, when Rancher users log in, they will be redirected to the If you also configure OpenLDAP as the back end to Shibboleth, it will return a SAML assertion to Rancher with user attributes that include groups. Then the authenticated user will be able to access resources in Rancher that their groups have permissions for. -> The instructions in this section assume that you understand how Rancher, Shibboleth, and OpenLDAP work together. For a more detailed explanation of how it works, refer to [this page.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/about-group-permissions.md) +> The instructions in this section assume that you understand how Rancher, Shibboleth, and OpenLDAP work together. For a more detailed explanation of how it works, refer to [this page.](about-group-permissions.md) ## Setting up Shibboleth in Rancher @@ -91,9 +91,9 @@ Rancher must be configured with a LDAP bind account (aka service account) to sea ### Configure OpenLDAP in Rancher -Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md) Note that nested group membership is not available for Shibboleth. +Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../configure-openldap/openldap-config-reference.md) Note that nested group membership is not available for Shibboleth. -> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). 1. Log into the Rancher UI using the initial local `admin` account. 1. In the top left corner, click **☰ > Users & Authentication**. @@ -103,4 +103,4 @@ Configure the settings for the OpenLDAP server, groups and users. For help filli ## Troubleshooting -If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. \ No newline at end of file +If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../../../../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. \ No newline at end of file diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md index b56ee2f48f4..44348c03f2e 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md @@ -60,9 +60,9 @@ Using Rancher, you can create a Pod Security Policy using our GUI rather than cr ### Requirements -Rancher can only assign PSPs for clusters that are [launched using RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +Rancher can only assign PSPs for clusters that are [launched using RKE](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). -You must enable PSPs at the cluster level before you can assign them to a project. This can be configured by [editing the cluster](../../../pages-for-subheaders/cluster-configuration.md). +You must enable PSPs at the cluster level before you can assign them to a project. This can be configured by [editing the cluster](../../../reference-guides/cluster-configuration/cluster-configuration.md). It is a best practice to set PSP at the cluster level. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md index eec64c568f2..419b6cba216 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md @@ -9,7 +9,7 @@ title: Configuring a Global Default Private Registry :::note This page describes how to configure a global default private registry from the Rancher UI, after Rancher is already installed. -For instructions on how to set up a private registry during Rancher installation, refer to the [air-gapped installation guide](../../../pages-for-subheaders/air-gapped-helm-cli-install.md). +For instructions on how to set up a private registry during Rancher installation, refer to the [air-gapped installation guide](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md). ::: diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md index de61e0f4fb7..5e9c6c7a96d 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md @@ -102,7 +102,7 @@ If a user is removed from the external authentication provider group, they would You can only assign a global role to a group if: -* You have set up an [external authentication provider](../../../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication) +* You have set up an [external authentication provider](../authentication-config/authentication-config.md#external-vs-local-authentication) * The external authentication provider supports [user groups](../../authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md) * You have already set up at least one user group with the authentication provider diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md index 64411298a62..dfae1c35f46 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md @@ -127,7 +127,7 @@ You can [assign a role to everyone in the group at the same time](#configuring-g Using custom permissions is convenient for providing users with narrow or specialized access to Rancher. -When a user from an [external authentication source](../../../../pages-for-subheaders/authentication-config.md) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in for the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters. +When a user from an [external authentication source](../authentication-config/authentication-config.md) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in for the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters. However, in some organizations, these permissions may extend too much access. Rather than assigning users the default global permissions of `Administrator` or `Standard User`, you can assign them a more restrictive set of custom global permissions. @@ -218,7 +218,7 @@ If a user is removed from the external authentication provider group, they would You can only assign a global role to a group if: -* You have set up an [external authentication provider](../../../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication) +* You have set up an [external authentication provider](../authentication-config/authentication-config.md#external-vs-local-authentication) * The external authentication provider supports [user groups](../authentication-config/manage-users-and-groups.md) * You have already set up at least one user group with the authentication provider diff --git a/versioned_docs/version-2.7/pages-for-subheaders/manage-role-based-access-control-rbac.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md similarity index 73% rename from versioned_docs/version-2.7/pages-for-subheaders/manage-role-based-access-control-rbac.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md index 3bb5d0170c6..82038ecfc7e 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/manage-role-based-access-control-rbac.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md @@ -6,7 +6,7 @@ title: Managing Role-Based Access Control (RBAC) -Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. As mentioned in [Authentication](authentication-config.md), users can either be local or external. +Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. As mentioned in [Authentication](../authentication-config/authentication-config.md), users can either be local or external. After you configure external authentication, the users that display on the **Users** page changes. @@ -18,11 +18,11 @@ After you configure external authentication, the users that display on the **Use Once the user logs in to Rancher, their _authorization_, or their access rights within the system, is determined by _global permissions_, and _cluster and project roles_. -- [Global Permissions](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md): +- [Global Permissions](global-permissions.md): Define user authorization outside the scope of any particular cluster. -- [Cluster and Project Roles](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md): +- [Cluster and Project Roles](cluster-and-project-roles.md): Define user authorization inside the specific cluster or project where they are assigned the role. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md index b85fd487935..963bebfd316 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md @@ -36,7 +36,7 @@ You can assign a PSA template at the same time that you create a downstream clus ### Hardening the Cluster -If you select the **rancher-restricted** template but don't select a **CIS Profile**, you won't meet required CIS benchmarks. See the [RKE2 hardening guide](../../../pages-for-subheaders/rke2-hardening-guide.md) for more details. +If you select the **rancher-restricted** template but don't select a **CIS Profile**, you won't meet required CIS benchmarks. See the [RKE2 hardening guide](../../../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md) for more details.     diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md index a9046a1e64d..08d8e96c8bd 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md @@ -6,7 +6,7 @@ title: Backing up a Cluster -In the Rancher UI, etcd backup and recovery for [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) can be easily performed. +In the Rancher UI, etcd backup and recovery for [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) can be easily performed. Rancher recommends configuring recurrent `etcd` snapshots for all production clusters. Additionally, one-time snapshots can be taken as well. @@ -165,7 +165,7 @@ If the etcd snapshot restore fails, the phase will be set to `Failed`. Select how often you want recurring snapshots to be taken as well as how many snapshots to keep. The amount of time is measured in hours. With timestamped snapshots, the user has the ability to do a point-in-time recovery. -By default, [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk). To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. +By default, [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk). To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. During cluster provisioning or editing the cluster, the configuration for snapshots can be found in the advanced section for **Cluster Options**. Click on **Show advanced options**. @@ -183,7 +183,7 @@ In the **Advanced Cluster Options** section, there are several options available Set the schedule for how you want recurring snapshots to be taken as well as how many snapshots to keep. The schedule is conventional cron format. The retention policy dictates the number of snapshots matching a name to keep per node. -By default, [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk) every 5 hours starting at 12 AM. To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. +By default, [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk) every 5 hours starting at 12 AM. To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. During cluster provisioning or editing the cluster, the configuration for snapshots can be found under **Cluster Configuration**. Click on **etcd**. @@ -248,12 +248,12 @@ Rancher supports two different backup targets: -By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) in `/opt/rke/etcd-snapshots`. All recurring snapshots are taken at configured intervals. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. +By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) in `/opt/rke/etcd-snapshots`. All recurring snapshots are taken at configured intervals. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. -By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) in `/var/lib/rancher//server/db/snapshots` where `` is either `k3s` or `rke2`. All recurring snapshots are taken per the cron schedule. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. +By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) in `/var/lib/rancher//server/db/snapshots` where `` is either `k3s` or `rke2`. All recurring snapshots are taken per the cron schedule. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/backup-restore-and-disaster-recovery.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md similarity index 74% rename from versioned_docs/version-2.7/pages-for-subheaders/backup-restore-and-disaster-recovery.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md index 19feeb770d0..24833279d3f 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/backup-restore-and-disaster-recovery.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md @@ -16,7 +16,7 @@ The backup-restore operator needs to be installed in the local cluster, and only ## Backup and Restore for Rancher installed with Docker -For Rancher installed with Docker, refer to [this page](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) to perform backups and [this page](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md) to perform restores. +For Rancher installed with Docker, refer to [this page](back-up-docker-installed-rancher.md) to perform backups and [this page](restore-docker-installed-rancher.md) to perform restores. ## How Backups and Restores Work @@ -38,7 +38,7 @@ The Backup and Restore custom resources can be created in the Rancher UI, or by :::note -Refer [here](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md#2-restore-from-backup-using-a-restore-custom-resource) for help on restoring an existing backup file into a v1.22 cluster in Rancher v2.6.3. +Refer [here](migrate-rancher-to-new-cluster.md#2-restore-from-backup-using-a-restore-custom-resource) for help on restoring an existing backup file into a v1.22 cluster in Rancher v2.6.3. ::: @@ -48,7 +48,7 @@ The `rancher-backup` operator can be installed from the Rancher UI, or with the :::note -There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer [here](./fleet-gitops-at-scale.md#troubleshooting) for a workaround. +There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer [here](../../../integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md#troubleshooting) for a workaround. ::: @@ -59,7 +59,7 @@ There is a known issue in Fleet that occurs after performing a restoration using 1. In the left navigation bar, **Apps > Charts**. 1. Click **Rancher Backups**. 1. Click **Install**. -1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../reference-guides/backup-restore-configuration/storage-configuration.md) +1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../../../reference-guides/backup-restore-configuration/storage-configuration.md) 1. Click **Install**. **Result:** The `rancher-backup` operator is installed. @@ -79,22 +79,22 @@ Only the rancher admins and the local cluster’s cluster-owner can: ## Backing up Rancher -A backup is performed by creating a Backup custom resource. For a tutorial, refer to [this page.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher.md) +A backup is performed by creating a Backup custom resource. For a tutorial, refer to [this page.](back-up-rancher.md) ## Restoring Rancher -A restore is performed by creating a Restore custom resource. For a tutorial, refer to [this page.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher.md) +A restore is performed by creating a Restore custom resource. For a tutorial, refer to [this page.](restore-rancher.md) ## Migrating Rancher to a New Cluster -A migration is performed by following [these steps.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +A migration is performed by following [these steps.](migrate-rancher-to-new-cluster.md) ## Default Storage Location Configuration Configure a storage location where all backups are saved by default. You will have the option to override this with each backup, but will be limited to using an S3-compatible or Minio object store. -For information on configuring these options, refer to [this page.](../reference-guides/backup-restore-configuration/storage-configuration.md) +For information on configuring these options, refer to [this page.](../../../reference-guides/backup-restore-configuration/storage-configuration.md) ### Example values.yaml for the rancher-backup Helm Chart -The example [values.yaml file](../reference-guides/backup-restore-configuration/storage-configuration.md#example-valuesyaml-for-the-rancher-backup-helm-chart) can be used to configure the `rancher-backup` operator when the Helm CLI is used to install it. +The example [values.yaml file](../../../reference-guides/backup-restore-configuration/storage-configuration.md#example-valuesyaml-for-the-rancher-backup-helm-chart) can be used to configure the `rancher-backup` operator when the Helm CLI is used to install it. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 4b58db9ead3..29f22ab6164 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -160,7 +160,7 @@ Kubernetes v1.22, available as an experimental feature of v2.6.3, does not suppo ### 3. Install cert-manager -Follow the steps to [install cert-manager](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager) in the documentation about installing cert-manager on Kubernetes. +Follow the steps to [install cert-manager](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager) in the documentation about installing cert-manager on Kubernetes. ### 4. Bring up Rancher with Helm diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md index 313812b6129..c4d2ae77476 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md @@ -6,7 +6,7 @@ title: Restoring a Cluster from Backup -Etcd backup and recovery for [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) can be easily performed. Snapshots of the etcd database are taken and saved either locally onto the etcd nodes or to a S3 compatible target. The advantages of configuring S3 is that if all etcd nodes are lost, your snapshot is saved remotely and can be used to restore the cluster. +Etcd backup and recovery for [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) can be easily performed. Snapshots of the etcd database are taken and saved either locally onto the etcd nodes or to a S3 compatible target. The advantages of configuring S3 is that if all etcd nodes are lost, your snapshot is saved remotely and can be used to restore the cluster. Rancher recommends enabling the [ability to set up recurring snapshots of etcd](back-up-rancher-launched-kubernetes-clusters.md#configuring-recurring-snapshots), but [one-time snapshots](back-up-rancher-launched-kubernetes-clusters.md#one-time-snapshots) can easily be taken as well. Rancher allows restore from [saved snapshots](#restoring-a-cluster-from-a-snapshot) or if you don't have any snapshots, you can still [restore etcd](#recovering-etcd-without-a-snapshot-rke). @@ -130,4 +130,4 @@ If the group of etcd nodes loses quorum, the Kubernetes cluster will report a fa 5. Run the revised command. -6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster](../../../pages-for-subheaders/use-existing-nodes.md) and you want to reuse an old node, you are required to [clean up the nodes](../manage-clusters/clean-cluster-nodes.md) before attempting to add them back into a cluster. +6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) and you want to reuse an old node, you are required to [clean up the nodes](../manage-clusters/clean-cluster-nodes.md) before attempting to add them back into a cluster. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/deploy-apps-across-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md similarity index 71% rename from versioned_docs/version-2.7/pages-for-subheaders/deploy-apps-across-clusters.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md index b23735dcedb..2d4bd5cdcb0 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/deploy-apps-across-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md @@ -12,10 +12,10 @@ Rancher offers several ways to deploy applications across clusters, depending on Rancher v2.5 and later uses Fleet to deploy applications across clusters. -Continuous Delivery with Fleet is GitOps at scale. For more information, refer to the [Fleet section](../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md). +Continuous Delivery with Fleet is GitOps at scale. For more information, refer to the [Fleet section](fleet.md). ## Multi-cluster Apps In Rancher before v2.5, the multi-cluster apps feature was used to deploy applications across clusters. The multi-cluster apps feature is deprecated, but still available as a legacy feature. -See the [multi-cluster app documentation](../how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md) for more details. \ No newline at end of file +See the [multi-cluster app documentation](multi-cluster-apps.md) for more details. \ No newline at end of file diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md index 64c852c3629..61952f9dca3 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md @@ -62,7 +62,7 @@ In the **Upgrades** section, select the upgrade strategy to use, when you decide ### Roles -In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications](../../../pages-for-subheaders/helm-charts-in-rancher.md), that specific user's permissions are used for creation of all workloads/resources that is required by the app. +In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications](../helm-charts-in-rancher/helm-charts-in-rancher.md), that specific user's permissions are used for creation of all workloads/resources that is required by the app. For multi-cluster applications, the application is deployed by a _system user_ and is assigned as the creator of all underlying resources. A _system user_ is used instead of the actual user due to the fact that the actual user could be removed from one of the target projects. If the actual user was removed from one of the projects, then that user would no longer be able to manage the application for the other projects. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/helm-charts-in-rancher.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md similarity index 97% rename from versioned_docs/version-2.7/pages-for-subheaders/helm-charts-in-rancher.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md index ecc7993c7d9..fa99b770228 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/helm-charts-in-rancher.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md @@ -147,7 +147,7 @@ The upgrade button has been removed for legacy apps from the **Apps > Installed If you have a legacy app installed and want to upgrade it: -- The legacy [feature flag](enable-experimental-features.md) must be turned on (if it's not turned on automatically because of having a legacy app before upgrading) +- The legacy [feature flag](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md) must be turned on (if it's not turned on automatically because of having a legacy app before upgrading) - You can upgrade the app from cluster explorer, from the left nav section **Legacy > Project > Apps** - For multi-cluster apps, you can go to **≡ > Multi-cluster Apps** and upgrade the app from there diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md index c01c4af7823..7c7d1b10a15 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md @@ -10,7 +10,7 @@ This tutorial is intended to help you provision the underlying infrastructure fo The recommended infrastructure for the Rancher-only Kubernetes cluster differs depending on whether Rancher will be installed on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. -For more information about each installation option, refer to [this page.](../../../pages-for-subheaders/installation-and-upgrade.md) +For more information about each installation option, refer to [this page.](../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) :::note Important: @@ -27,7 +27,7 @@ To install the Rancher management server on a high-availability K3s cluster, we ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md index da8a1aec080..d1bd489bd16 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md @@ -30,7 +30,7 @@ The etcd database requires an odd number of nodes so that it can always elect a ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md index 5ff0add4879..ddc85f764a8 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md @@ -24,7 +24,7 @@ To install the Rancher management server on a high-availability RKE2 cluster, we ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/infrastructure-setup.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md similarity index 58% rename from versioned_docs/version-2.7/pages-for-subheaders/infrastructure-setup.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md index fabdc72e975..ccdca3126b8 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/infrastructure-setup.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md @@ -6,7 +6,7 @@ title: Don't have infrastructure for your Kubernetes cluster? Try one of these t -To set up infrastructure for a high-availability K3s Kubernetes cluster with an external DB, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) +To set up infrastructure for a high-availability K3s Kubernetes cluster with an external DB, refer to [this page.](ha-k3s-kubernetes-cluster.md) -To set up infrastructure for a high-availability RKE Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) +To set up infrastructure for a high-availability RKE Kubernetes cluster, refer to [this page.](ha-rke1-kubernetes-cluster.md) diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md index 9c7f55b9443..bcc1337121a 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md @@ -6,7 +6,7 @@ title: Setting up Nodes in Amazon EC2 -In this tutorial, you will learn one way to set up Linux nodes for the Rancher management server. These nodes will fulfill the node requirements for [OS, Docker, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +In this tutorial, you will learn one way to set up Linux nodes for the Rancher management server. These nodes will fulfill the node requirements for [OS, Docker, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) If the Rancher server will be installed on an RKE Kubernetes cluster, you should provision three instances. @@ -16,8 +16,8 @@ If the Rancher server is installed in a single Docker container, you only need o ### 1. Optional Preparation -- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.](../../../pages-for-subheaders/set-up-cloud-providers.md) -- **Create security group:** We also recommend setting up a security group for the Rancher nodes that complies with the [port requirements for Rancher nodes.](../../../pages-for-subheaders/installation-requirements.md#port-requirements) +- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.](../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) +- **Create security group:** We also recommend setting up a security group for the Rancher nodes that complies with the [port requirements for Rancher nodes.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) ### 2. Provision Instances @@ -30,7 +30,7 @@ If the Rancher server is installed in a single Docker container, you only need o 1. In the **Number of instances** field, enter the number of instances. A high-availability K3s cluster requires only two instances, while a high-availability RKE cluster requires three instances. 1. Optional: If you created an IAM role for Rancher to manipulate AWS resources, select the new IAM role in the **IAM role** field. 1. Click **Next: Add Storage,** **Next: Add Tags,** and **Next: Configure Security Group**. -1. In **Step 6: Configure Security Group,** select a security group that complies with the [port requirements](../../../pages-for-subheaders/installation-requirements.md#port-requirements) for Rancher nodes. +1. In **Step 6: Configure Security Group,** select a security group that complies with the [port requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) for Rancher nodes. 1. Click **Review and Launch**. 1. Click **Launch**. 1. Choose a new or existing key pair that you will use to connect to your instance later. If you are using an existing key pair, make sure you already have access to the private key. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md index a5d69ed221d..a287c374fe3 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md @@ -14,7 +14,7 @@ Then Helm is used to install Rancher on top of the Kubernetes cluster. Helm uses The Rancher server data is stored on etcd. This etcd database also runs on all three nodes, and requires an odd number of nodes so that it can always elect a leader with a majority of the etcd cluster. If the etcd database cannot elect a leader, etcd can fail, requiring the cluster to be restored from backup. -For information on how Rancher works, regardless of the installation method, refer to the [architecture section.](../../../pages-for-subheaders/rancher-manager-architecture.md) +For information on how Rancher works, regardless of the installation method, refer to the [architecture section.](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) ### Recommended Architecture diff --git a/versioned_docs/version-2.7/pages-for-subheaders/kubernetes-cluster-setup.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup.md similarity index 100% rename from versioned_docs/version-2.7/pages-for-subheaders/kubernetes-cluster-setup.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup.md diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md index 1d1c0682ec1..e61bdb43e0a 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md @@ -14,7 +14,7 @@ Rancher can run on any Kubernetes cluster, included hosted Kubernetes solutions ::: -For systems without direct internet access, refer to [Air Gap: Kubernetes install.](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) +For systems without direct internet access, refer to [Air Gap: Kubernetes install.](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) :::tip Single-node Installation Tip: @@ -192,5 +192,5 @@ The "rancher-cluster" parts of the two latter file names are dependent on how yo See the [Troubleshooting](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md) page. -### [Next: Install Rancher](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) +### [Next: Install Rancher](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/checklist-for-production-ready-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md similarity index 77% rename from versioned_docs/version-2.7/pages-for-subheaders/checklist-for-production-ready-clusters.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md index f5816af3c48..d3609540e2a 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/checklist-for-production-ready-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md @@ -8,15 +8,15 @@ title: Checklist for Production-Ready Clusters In this section, we recommend best practices for creating the production-ready Kubernetes clusters that will run your apps and services. -For a list of requirements for your cluster, including the requirements for OS/Docker, hardware, and networking, refer to the section on [node requirements.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) +For a list of requirements for your cluster, including the requirements for OS/Docker, hardware, and networking, refer to the section on [node requirements.](../node-requirements-for-rancher-managed-clusters.md) This is a shortlist of best practices that we strongly recommend for all production clusters. -For a full list of all the best practices that we recommend, refer to the [best practices section.](best-practices.md) +For a full list of all the best practices that we recommend, refer to the [best practices section.](../../../../reference-guides/best-practices/best-practices.md) ### Node Requirements -* Make sure your nodes fulfill all of the [node requirements,](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) including the port requirements. +* Make sure your nodes fulfill all of the [node requirements,](../node-requirements-for-rancher-managed-clusters.md) including the port requirements. ### Back up etcd @@ -33,10 +33,10 @@ For a full list of all the best practices that we recommend, refer to the [best * Assign two or more nodes the `controlplane` role for master component high availability. * Assign two or more nodes the `worker` role for workload rescheduling upon node failure. -For more information on what each role is used for, refer to the [section on roles for nodes in Kubernetes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md) +For more information on what each role is used for, refer to the [section on roles for nodes in Kubernetes.](roles-for-nodes-in-kubernetes.md) For more information about the -number of nodes for each Kubernetes role, refer to the section on [recommended architecture.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +number of nodes for each Kubernetes role, refer to the section on [recommended architecture.](../../../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) ### Logging and Monitoring @@ -50,4 +50,4 @@ number of nodes for each Kubernetes role, refer to the section on [recommended a ### Networking * Minimize network latency. Rancher recommends minimizing latency between the etcd nodes. The default setting for `heartbeat-interval` is `500`, and the default setting for `election-timeout` is `5000`. These [settings for etcd tuning](https://coreos.com/etcd/docs/latest/tuning.html) allow etcd to run in most networks (except really high latency networks). -* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider](set-up-cloud-providers.md) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). +* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider](../set-up-cloud-providers/set-up-cloud-providers.md) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md index 7c5e21424ea..c709d847ae3 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md @@ -66,7 +66,7 @@ Adding more than one node with the `worker` role will make sure your workloads c ### Why Production Requirements are Different for the Rancher Cluster and the Clusters Running Your Applications -You may have noticed that our [Kubernetes Install](../../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) instructions do not meet our definition of a production-ready cluster, as there are no dedicated nodes for the `worker` role. However, for your Rancher installation, this three node cluster is valid, because: +You may have noticed that our [Kubernetes Install](../../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) instructions do not meet our definition of a production-ready cluster, as there are no dedicated nodes for the `worker` role. However, for your Rancher installation, this three node cluster is valid, because: * It allows one `etcd` node failure. * It maintains multiple instances of the master components by having multiple `controlplane` nodes. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md index 04eeb4466d4..1c627844659 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md @@ -8,7 +8,7 @@ title: Roles for Nodes in Kubernetes This section describes the roles for etcd nodes, controlplane nodes, and worker nodes in Kubernetes, and how the roles work together in a cluster. -This diagram is applicable to Kubernetes clusters [launched with Rancher using RKE.](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +This diagram is applicable to Kubernetes clusters [launched with Rancher using RKE.](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ![Cluster diagram](/img/clusterdiagram.svg)
    Lines show the traffic flow between components. Colors are used purely for visual aid diff --git a/versioned_docs/version-2.7/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md similarity index 78% rename from versioned_docs/version-2.7/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md index 899d4bb5937..bb5e556d5c2 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md @@ -9,9 +9,9 @@ description: Provisioning Kubernetes Clusters Rancher simplifies the creation of clusters by allowing you to create them through the Rancher UI rather than more complex alternatives. Rancher provides multiple options for launching a cluster. Use the option that best fits your use case. -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../../../reference-guides/kubernetes-concepts.md) page. -For a conceptual overview of how the Rancher server provisions clusters and what tools it uses to provision them, refer to the [architecture](rancher-manager-architecture.md) page. +For a conceptual overview of how the Rancher server provisions clusters and what tools it uses to provision them, refer to the [architecture](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) page. @@ -29,7 +29,7 @@ In this scenario, Rancher does not provision Kubernetes because it is installed If you use a Kubernetes provider such as Google GKE, Rancher integrates with its cloud APIs, allowing you to create and manage role-based access control for the hosted cluster from the Rancher UI. -For more information, refer to the section on [hosted Kubernetes clusters.](set-up-clusters-from-hosted-kubernetes-providers.md) +For more information, refer to the section on [hosted Kubernetes clusters.](set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) ## Launching Kubernetes with Rancher @@ -41,23 +41,23 @@ These nodes can be dynamically provisioned through Rancher's UI, which calls [Do If you already have a node that you want to add to an RKE cluster, you can add it to the cluster by running a Rancher agent container on it. -For more information, refer to the section on [RKE clusters.](../pages-for-subheaders/launch-kubernetes-with-rancher.md) +For more information, refer to the section on [RKE clusters.](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ### Launching Kubernetes and Provisioning Nodes in an Infrastructure Provider Rancher can dynamically provision nodes in infrastructure providers such as Amazon EC2, DigitalOcean, Azure, or vSphere, then install Kubernetes on them. -Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider.md#node-templates). This template defines the parameters used to launch nodes in your cloud providers. +Using Rancher, you can create pools of nodes based on a [node template](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). This template defines the parameters used to launch nodes in your cloud providers. One benefit of using nodes hosted by an infrastructure provider is that if a node loses connectivity with the cluster, Rancher can automatically replace it, thus maintaining the expected cluster configuration. -The cloud providers available for creating a node template are decided based on the [node drivers](use-new-nodes-in-an-infra-provider.md#node-drivers) active in the Rancher UI. +The cloud providers available for creating a node template are decided based on the [node drivers](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-drivers) active in the Rancher UI. -For more information, refer to the section on [nodes hosted by an infrastructure provider](use-new-nodes-in-an-infra-provider.md) +For more information, refer to the section on [nodes hosted by an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### Launching Kubernetes on Existing Custom Nodes -When setting up this type of cluster, Rancher installs Kubernetes on existing [custom nodes,](use-existing-nodes.md) which creates a custom cluster. +When setting up this type of cluster, Rancher installs Kubernetes on existing [custom nodes,](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) which creates a custom cluster. You can bring any nodes you want to Rancher and use them to create a cluster. @@ -71,7 +71,7 @@ Registering EKS clusters now provides additional benefits. For the most part, re When you delete an EKS cluster that was created in Rancher, the cluster is destroyed. When you delete an EKS cluster that was registered in Rancher, it is disconnected from the Rancher server, but it still exists and you can still access it in the same way you did before it was registered in Rancher. -For more information, see [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md) +For more information, see [this page.](register-existing-clusters.md) ## Programmatically Creating Clusters diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md index 3f0575a2f76..7cd0bb6f3f9 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md @@ -10,7 +10,7 @@ This page describes the requirements for the Rancher managed Kubernetes clusters :::note -If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.](../../../pages-for-subheaders/installation-requirements.md) +If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) ::: @@ -47,7 +47,7 @@ SUSE Linux may have a firewall that blocks all ports by default. In that situati ### Flatcar Container Linux Nodes -When [Launching Kubernetes with Rancher](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) using Flatcar Container Linux nodes, it is required to use the following configuration in the [Cluster Config File](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md#rke-cluster-config-file-reference) +When [Launching Kubernetes with Rancher](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) using Flatcar Container Linux nodes, it is required to use the following configuration in the [Cluster Config File](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md#rke-cluster-config-file-reference) @@ -92,13 +92,13 @@ It is also required to enable the Docker service, you can enable the Docker serv systemctl enable docker.service ``` -The Docker service is enabled automatically when using [Node Drivers](../../../pages-for-subheaders/about-provisioning-drivers.md#node-drivers). +The Docker service is enabled automatically when using [Node Drivers](../authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md#node-drivers). ### Windows Nodes Nodes with Windows Server must run Docker Enterprise Edition. -Windows nodes can be used for worker nodes only. See [Configuring Custom Clusters for Windows](../../../pages-for-subheaders/use-windows-clusters.md) +Windows nodes can be used for worker nodes only. See [Configuring Custom Clusters for Windows](use-windows-clusters/use-windows-clusters.md) ## Hardware Requirements @@ -114,7 +114,7 @@ For hardware recommendations for etcd clusters in production, refer to the offic For a production cluster, we recommend that you restrict traffic by opening only the ports defined in the port requirements below. -The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options](kubernetes-clusters-in-rancher-setup.md). For a breakdown of the port requirements for etcd nodes, controlplane nodes, and worker nodes in a Kubernetes cluster, refer to the [port requirements for the Rancher Kubernetes Engine.](https://rancher.com/docs/rke/latest/en/os/#ports) @@ -130,4 +130,4 @@ You should never register a node with the same hostname or IP address as an exis If you want to provision a Kubernetes cluster that is compliant with the CIS (Center for Internet Security) Kubernetes Benchmark, we recommend to following our hardening guide to configure your nodes before installing Kubernetes. -For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.](../../../pages-for-subheaders/rancher-security.md#rancher-hardening-guide) +For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.](../../../reference-guides/rancher-security/rancher-security.md#rancher-hardening-guide) diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 16f14da7e3f..a62ed8dc14d 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -17,7 +17,7 @@ The control that Rancher has to manage a registered cluster depends on the type Registered RKE Kubernetes clusters must have all three node roles - etcd, controlplane and worker. A cluster with only controlplane components cannot be registered in Rancher. -For more information on RKE node roles, see the [best practices.](../../../pages-for-subheaders/checklist-for-production-ready-clusters.md#cluster-architecture) +For more information on RKE node roles, see the [best practices.](checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md#cluster-architecture) ### Permissions @@ -114,9 +114,9 @@ The control that Rancher has to manage a registered cluster depends on the type After registering a cluster, the cluster owner can: - [Manage cluster access](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) through role-based access control -- Enable [monitoring, alerts and notifiers](../../../pages-for-subheaders/monitoring-and-alerting.md) -- Enable [logging](../../../pages-for-subheaders/logging.md) -- Enable [Istio](../../../pages-for-subheaders/istio.md) +- Enable [monitoring, alerts and notifiers](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) +- Enable [logging](../../../integrations-in-rancher/logging/logging.md) +- Enable [Istio](../../../integrations-in-rancher/istio/istio.md) - Manage projects and workloads ### Additional Features for Registered RKE2 and K3s Clusters @@ -141,7 +141,7 @@ Rancher handles registered EKS, AKS, or GKE clusters similarly to clusters creat When you create an EKS, AKS, or GKE cluster in Rancher, then delete it, Rancher destroys the cluster. When you delete a registered cluster through Rancher, the Rancher server _disconnects_ from the cluster. The cluster remains live, although it's no longer in Rancher. You can still access the deregistered cluster in the same way you did before you registered it. -See [Cluster Management Capabilities by Cluster Type](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for more information about what features are available for managing registered clusters. +See [Cluster Management Capabilities by Cluster Type](kubernetes-clusters-in-rancher-setup.md) for more information about what features are available for managing registered clusters. ## Configuring RKE2 and K3s Cluster Upgrades diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md index 10700b418d4..df31897b817 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md @@ -34,7 +34,7 @@ All nodes added to the cluster must be able to interact with EC2 so that they ca While creating an [Amazon EC2 cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md), you must fill in the **IAM Instance Profile Name** (not ARN) of the created IAM role when creating the **Node Template**. -While creating a [Custom cluster](../../../../pages-for-subheaders/use-existing-nodes.md), you must manually attach the IAM role to the instance(s). +While creating a [Custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md), you must manually attach the IAM role to the instance(s). IAM Policy for nodes with the `controlplane` role: diff --git a/versioned_docs/version-2.7/pages-for-subheaders/set-up-cloud-providers.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md similarity index 73% rename from versioned_docs/version-2.7/pages-for-subheaders/set-up-cloud-providers.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md index 9a02515dba9..11c5e5590e3 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/set-up-cloud-providers.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md @@ -23,19 +23,19 @@ The following cloud providers can be enabled: ### Setting up the Amazon Cloud Provider -For details on enabling the Amazon cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md) +For details on enabling the Amazon cloud provider, refer to [this page.](amazon.md) ### Setting up the Azure Cloud Provider -For details on enabling the Azure cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/azure.md) +For details on enabling the Azure cloud provider, refer to [this page.](azure.md) ### Setting up the GCE Cloud Provider -For details on enabling the Google Compute Engine cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/google-compute-engine.md) +For details on enabling the Google Compute Engine cloud provider, refer to [this page.](google-compute-engine.md) ### Setting up the vSphere Cloud Provider -For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](configure-in-tree-vsphere.md) and [out-of-tree vSphere config](configure-out-of-tree-vsphere.md). ### Setting up a Custom Cloud Provider diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md index c3fac126e64..65fe5e545bb 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md @@ -268,7 +268,7 @@ For more information about connecting to an AKS private cluster, see the [AKS do The AKS provisioner can synchronize the state of an AKS cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) -For information on configuring the refresh interval, see [this section.](../../../../pages-for-subheaders/gke-cluster-configuration.md#configuring-the-refresh-interval) +For information on configuring the refresh interval, see [this section.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md#configuring-the-refresh-interval) ## Programmatically Creating AKS Clusters diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index 335267c0d66..287367362a8 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -63,7 +63,7 @@ Use Rancher to set up and configure your Kubernetes cluster. To successfully cre 1. Optional: Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Optional: Add Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to the cluster. 1. Enter your Google project ID and your Google cloud credentials. -1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](../../../../pages-for-subheaders/gke-cluster-configuration.md) +1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) 1. Click **Create**. **Result:** You have successfully deployed a GKE cluster. @@ -83,7 +83,7 @@ Private GKE clusters are supported. Note: This advanced setup can require more s ## Configuration Reference -For details on configuring GKE clusters in Rancher, see [this page.](../../../../pages-for-subheaders/gke-cluster-configuration.md) +For details on configuring GKE clusters in Rancher, see [this page.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) ## Updating Kubernetes Version The Kubernetes version of a cluster can be upgraded to any version available in the region or zone for the GKE cluster. Upgrading the master Kubernetes version does not automatically upgrade worker nodes. Nodes can be upgraded independently. @@ -98,7 +98,7 @@ GKE has removed basic authentication in 1.19+. In order to upgrade a cluster to The GKE provisioner can synchronize the state of a GKE cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) -For information on configuring the refresh interval, see [this section.](../../../../pages-for-subheaders/gke-cluster-configuration.md#configuring-the-refresh-interval) +For information on configuring the refresh interval, see [this section.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md#configuring-the-refresh-interval) ## Programmatically Creating GKE Clusters diff --git a/versioned_docs/version-2.7/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md similarity index 67% rename from versioned_docs/version-2.7/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md index fd4f4ed5bda..070c16dc420 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md @@ -25,9 +25,9 @@ Rancher supports the following Kubernetes providers: When using Rancher to create a cluster hosted by a provider, you are prompted for authentication information. This information is required to access the provider's API. For more information on how to obtain this information, see the following procedures: -- [Creating a GKE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) -- [Creating an EKS Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) -- [Creating an AKS Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) -- [Creating an ACK Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) -- [Creating a TKE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) -- [Creating a CCE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) +- [Creating a GKE Cluster](gke.md) +- [Creating an EKS Cluster](eks.md) +- [Creating an AKS Cluster](aks.md) +- [Creating an ACK Cluster](alibaba.md) +- [Creating a TKE Cluster](tencent.md) +- [Creating a CCE Cluster](huawei.md) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/use-windows-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md similarity index 84% rename from versioned_docs/version-2.7/pages-for-subheaders/use-windows-clusters.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md index 2e76e0ca874..91cee26d619 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/use-windows-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md @@ -6,7 +6,7 @@ title: Launching Kubernetes on Windows Clusters -When provisioning a [custom cluster](use-existing-nodes.md) using Rancher, Rancher uses RKE (the Rancher Kubernetes Engine) to install Kubernetes on your existing nodes. +When provisioning a [custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) using Rancher, Rancher uses RKE (the Rancher Kubernetes Engine) to install Kubernetes on your existing nodes. In a Windows cluster provisioned with Rancher, the cluster must contain both Linux and Windows nodes. The Kubernetes controlplane can only run on Linux nodes, and the Windows nodes can only have the worker role. Windows nodes can only be used for deploying workloads. @@ -42,7 +42,7 @@ Rancher will allow Windows workload pods to deploy on both Windows and Linux wor ## Requirements for Windows Clusters -The general node requirements for networking, operating systems, and Docker are the same as the node requirements for a [Rancher installation](installation-requirements.md). +The general node requirements for networking, operating systems, and Docker are the same as the node requirements for a [Rancher installation](../../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md). ### OS and Docker Requirements @@ -68,13 +68,13 @@ Rancher will not provision the node if the node does not meet these requirements ### Networking Requirements -Before provisioning a new cluster, be sure that you have already installed Rancher on a device that accepts inbound network traffic. This is required in order for the cluster nodes to communicate with Rancher. If you have not already installed Rancher, please refer to the [installation documentation](installation-and-upgrade.md) before proceeding with this guide. +Before provisioning a new cluster, be sure that you have already installed Rancher on a device that accepts inbound network traffic. This is required in order for the cluster nodes to communicate with Rancher. If you have not already installed Rancher, please refer to the [installation documentation](../../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) before proceeding with this guide. Rancher only supports Windows using Flannel as the network provider. There are two network options: [**Host Gateway (L2bridge)**](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#host-gw) and [**VXLAN (Overlay)**](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#vxlan). The default option is **VXLAN (Overlay)** mode. -For **Host Gateway (L2bridge)** networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. +For **Host Gateway (L2bridge)** networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. For **VXLAN (Overlay)** networking, the [KB4489899](https://support.microsoft.com/en-us/help/4489899) hotfix must be installed. Most cloud-hosted VMs already have this hotfix. @@ -134,18 +134,18 @@ Windows requires that containers must be built on the same Windows Server versio ### Cloud Provider Specific Requirements -If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page](../pages-for-subheaders/set-up-cloud-providers.md) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. +If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page](../set-up-cloud-providers/set-up-cloud-providers.md) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. If you are using the GCE (Google Compute Engine) cloud provider, you must do the following: -- Enable the GCE cloud provider in the `cluster.yml` by following [these steps.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/google-compute-engine.md) +- Enable the GCE cloud provider in the `cluster.yml` by following [these steps.](../set-up-cloud-providers/google-compute-engine.md) - When provisioning the cluster in Rancher, choose **Custom cloud provider** as the cloud provider in the Rancher UI. ## Tutorial: How to Create a Cluster with Windows Support This tutorial describes how to create a Rancher-provisioned cluster with the three nodes in the [recommended architecture.](#recommended-architecture) -When you provision a cluster with Rancher on existing nodes, you will add nodes to the cluster by installing the [Rancher agent](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) on each one. When you create or edit your cluster from the Rancher UI, you will see a **Customize Node Run Command** that you can run on each server to add it to your cluster. +When you provision a cluster with Rancher on existing nodes, you will add nodes to the cluster by installing the [Rancher agent](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) on each one. When you create or edit your cluster from the Rancher UI, you will see a **Customize Node Run Command** that you can run on each server to add it to your cluster. To set up a cluster with support for Windows nodes and containers, you will need to complete the tasks below. @@ -172,11 +172,11 @@ You will provision three nodes: | Node 2 | Linux (Ubuntu Server 18.04 recommended) | | Node 3 | Windows (Windows Server core version 1809 or above required) | -If your nodes are hosted by a **Cloud Provider** and you want automation support such as loadbalancers or persistent storage devices, your nodes have additional configuration requirements. For details, see [Selecting Cloud Providers.](../pages-for-subheaders/set-up-cloud-providers.md) +If your nodes are hosted by a **Cloud Provider** and you want automation support such as loadbalancers or persistent storage devices, your nodes have additional configuration requirements. For details, see [Selecting Cloud Providers.](../set-up-cloud-providers/set-up-cloud-providers.md) ### 2. Create the Cluster on Existing Nodes -The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster](use-existing-nodes.md) with some Windows-specific requirements. +The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) with some Windows-specific requirements. 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create**. @@ -190,7 +190,7 @@ The instructions for creating a Windows cluster on existing nodes are very simil :::note Important: -For Host Gateway (L2bridge) networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. +For Host Gateway (L2bridge) networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. ::: @@ -206,7 +206,7 @@ The first node in your cluster should be a Linux host has both the **Control Pla 1. In the **Node Operating System** section, click **Linux**. 1. In the **Node Role** section, choose at least **etcd** and **Control Plane**. We recommend selecting all three. -1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) 1. Copy the command displayed on the screen to your clipboard. 1. SSH into your Linux host and run the command that you copied to your clipboard. 1. When you are finished provisioning your Linux node(s), select **Done**. @@ -273,9 +273,9 @@ You can add Windows hosts to the cluster by editing the cluster and choosing the After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster: -- **Access your cluster with the kubectl CLI:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. -- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through the Rancher server. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. +- **Access your cluster with the kubectl CLI:** Follow [these steps](../../manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. +- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through the Rancher server. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. ## Configuration for Storage Classes in Azure -If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. For details, refer to [this section.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/azure-storageclass-configuration.md) +If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. For details, refer to [this section.](azure-storageclass-configuration.md) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/horizontal-pod-autoscaler.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md similarity index 70% rename from versioned_docs/version-2.7/pages-for-subheaders/horizontal-pod-autoscaler.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md index d18ce147d06..e0f5e51e4b4 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/horizontal-pod-autoscaler.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md @@ -20,11 +20,11 @@ The way that you manage HPAs is different based on your version of the Kubernete - **For Kubernetes API version autoscaling/V2beta1:** This version of the Kubernetes API lets you autoscale your pods based on the CPU and memory utilization of your application. - **For Kubernetes API Version autoscaling/V2beta2:** This version of the Kubernetes API lets you autoscale your pods based on CPU and memory utilization, in addition to custom metrics. -You can create, manage, and delete HPAs using the Rancher UI. From the Rancher UI you can configure the HPA to scale based on CPU and memory utilization. For more information, refer to [Managing HPAs with the Rancher UI](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-ui.md). To scale the HPA based on custom metrics, you still need to use `kubectl`. For more information, refer to [Configuring HPA to Scale Using Custom Metrics with Prometheus](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-kubectl.md#configuring-hpa-to-scale-using-custom-metrics-with-prometheus). +You can create, manage, and delete HPAs using the Rancher UI. From the Rancher UI you can configure the HPA to scale based on CPU and memory utilization. For more information, refer to [Managing HPAs with the Rancher UI](manage-hpas-with-ui.md). To scale the HPA based on custom metrics, you still need to use `kubectl`. For more information, refer to [Configuring HPA to Scale Using Custom Metrics with Prometheus](manage-hpas-with-kubectl.md#configuring-hpa-to-scale-using-custom-metrics-with-prometheus). Clusters created in Rancher v2.0.7 and higher automatically have all the requirements needed (metrics-server and Kubernetes cluster configuration) to use HPA. ## Testing HPAs with a Service Deployment -You can see your HPA's current number of replicas by going to your project and clicking **Resources > HPA**. For more information, refer to [Get HPA Metrics and Status](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-ui.md). +You can see your HPA's current number of replicas by going to your project and clicking **Resources > HPA**. For more information, refer to [Get HPA Metrics and Status](manage-hpas-with-ui.md). -You can also use `kubectl` to get the status of HPAs that you test with your load testing tool. For more information, refer to [Testing HPAs with kubectl](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/test-hpas-with-kubectl.md). +You can also use `kubectl` to get the status of HPAs that you test with your load testing tool. For more information, refer to [Testing HPAs with kubectl](test-hpas-with-kubectl.md). diff --git a/versioned_docs/version-2.7/pages-for-subheaders/kubernetes-resources-setup.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md similarity index 54% rename from versioned_docs/version-2.7/pages-for-subheaders/kubernetes-resources-setup.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md index 865f5ae5c46..132e0f2627d 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/kubernetes-resources-setup.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md @@ -10,15 +10,15 @@ You can view and manipulate all of the custom resources and CRDs in a Kubernetes ## Workloads -Deploy applications to your cluster nodes using [workloads](workloads-and-pods.md), which are objects that contain pods that run your apps, along with metadata that set rules for the deployment's behavior. Workloads can be deployed within the scope of the entire clusters or within a namespace. +Deploy applications to your cluster nodes using [workloads](workloads-and-pods/workloads-and-pods.md), which are objects that contain pods that run your apps, along with metadata that set rules for the deployment's behavior. Workloads can be deployed within the scope of the entire clusters or within a namespace. -When deploying a workload, you can deploy from any image. There are a variety of [workload types](workloads-and-pods.md#workload-types) to choose from which determine how your application should run. +When deploying a workload, you can deploy from any image. There are a variety of [workload types](workloads-and-pods/workloads-and-pods.md#workload-types) to choose from which determine how your application should run. Following a workload deployment, you can continue working with it. You can: -- [Upgrade](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/upgrade-workloads.md) the workload to a newer version of the application it's running. -- [Roll back](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/roll-back-workloads.md) a workload to a previous version, if an issue occurs during upgrade. -- [Add a sidecar](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/add-a-sidecar.md), which is a workload that supports a primary workload. +- [Upgrade](workloads-and-pods/upgrade-workloads.md) the workload to a newer version of the application it's running. +- [Roll back](workloads-and-pods/roll-back-workloads.md) a workload to a previous version, if an issue occurs during upgrade. +- [Add a sidecar](workloads-and-pods/add-a-sidecar.md), which is a workload that supports a primary workload. ## Load Balancing and Ingress @@ -30,10 +30,10 @@ If you want your applications to be externally accessible, you must add a load b Rancher supports two types of load balancers: -- [Layer-4 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) -- [Layer-7 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) +- [Layer-4 Load Balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) +- [Layer-7 Load Balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) -For more information, see [load balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). +For more information, see [load balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). #### Ingress @@ -41,7 +41,7 @@ Load Balancers can only handle one IP address per service, which means if you ru Ingress is a set of rules that act as a load balancer. Ingress works in conjunction with one or more ingress controllers to dynamically route service requests. When the ingress receives a request, the ingress controller(s) in your cluster program the load balancer to direct the request to the correct service based on service subdomains or path rules that you've configured. -For more information, see [Ingress](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/add-ingresses.md). +For more information, see [Ingress](load-balancer-and-ingress-controller/add-ingresses.md). When using ingresses in a project, you can program the ingress hostname to an external DNS by setting up a Global DNS entry. @@ -49,7 +49,7 @@ When using ingresses in a project, you can program the ingress hostname to an ex After you expose your cluster to external requests using a load balancer and/or ingress, it's only available by IP address. To create a resolveable hostname, you must create a service record, which is a record that maps an IP address, external hostname, DNS record alias, workload(s), or labelled pods to a specific hostname. -For more information, see [Service Discovery](../how-to-guides/new-user-guides/kubernetes-resources-setup/create-services.md). +For more information, see [Service Discovery](create-services.md). ## Applications @@ -61,7 +61,7 @@ Within the context of a Rancher project or namespace, _resources_ are files and Resources include: -- [Certificates](../how-to-guides/new-user-guides/kubernetes-resources-setup/encrypt-http-communication.md): Files used to encrypt/decrypt data entering or leaving the cluster. -- [ConfigMaps](../how-to-guides/new-user-guides/kubernetes-resources-setup/configmaps.md): Files that store general configuration information, such as a group of config files. -- [Secrets](../how-to-guides/new-user-guides/kubernetes-resources-setup/secrets.md): Files that store sensitive data like passwords, tokens, or keys. -- [Registries](../how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries.md): Files that carry credentials used to authenticate with private registries. +- [Certificates](encrypt-http-communication.md): Files used to encrypt/decrypt data entering or leaving the cluster. +- [ConfigMaps](configmaps.md): Files that store general configuration information, such as a group of config files. +- [Secrets](secrets.md): Files that store sensitive data like passwords, tokens, or keys. +- [Registries](kubernetes-and-docker-registries.md): Files that carry credentials used to authenticate with private registries. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/load-balancer-and-ingress-controller.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md similarity index 78% rename from versioned_docs/version-2.7/pages-for-subheaders/load-balancer-and-ingress-controller.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md index 41bdf40a323..b3f3976e6e3 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/load-balancer-and-ingress-controller.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md @@ -17,10 +17,10 @@ If you want your applications to be externally accessible, you must add a load b Rancher supports two types of load balancers: -- [Layer-4 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) -- [Layer-7 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) +- [Layer-4 Load Balancers](layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) +- [Layer-7 Load Balancers](layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) -For more information, see [load balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). +For more information, see [load balancers](layer-4-and-layer-7-load-balancing.md). ### Load Balancer Limitations @@ -30,9 +30,9 @@ Load Balancers have a couple of limitations you should be aware of: - If you want to use a load balancer with a Hosted Kubernetes cluster (i.e., clusters hosted in GKE, EKS, or AKS), the load balancer must be running within that cloud provider's infrastructure. Please review the compatibility tables regarding support for load balancers based on how you've provisioned your clusters: -- [Support for Layer-4 Load Balancing](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#support-for-layer-4-load-balancing) +- [Support for Layer-4 Load Balancing](layer-4-and-layer-7-load-balancing.md#support-for-layer-4-load-balancing) -- [Support for Layer-7 Load Balancing](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#support-for-layer-7-load-balancing) +- [Support for Layer-7 Load Balancing](layer-4-and-layer-7-load-balancing.md#support-for-layer-7-load-balancing) ## Ingress @@ -60,6 +60,6 @@ Refrain from adding an Ingress to the `local` cluster. The Nginx Ingress Control ::: -- For more information on how to set up ingress in Rancher, see [Ingress](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/add-ingresses.md). +- For more information on how to set up ingress in Rancher, see [Ingress](add-ingresses.md). - For complete information about ingress and ingress controllers, see the [Kubernetes Ingress Documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - When using ingresses in a project, you can program the ingress hostname to an external DNS by setting up a Global DNS entry. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md index e63edcef74a..b3c89b90949 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md @@ -21,7 +21,7 @@ Deploy a workload to run an application in one or more containers. 1. Either select an existing namespace, or click **Add to a new namespace** and enter a new namespace. -1. Click **Add Port** to enter a port mapping, which enables access to the application inside and outside of the cluster . For more information, see [Services](../../../../pages-for-subheaders/workloads-and-pods.md#services). +1. Click **Add Port** to enter a port mapping, which enables access to the application inside and outside of the cluster . For more information, see [Services](workloads-and-pods.md#services). 1. Configure the remaining options: @@ -45,7 +45,7 @@ Deploy a workload to run an application in one or more containers. - In [Amazon AWS](https://aws.amazon.com/), the nodes must be in the same Availability Zone and possess IAM permissions to attach/unattach volumes. - - The cluster must be using the [AWS cloud provider](https://github.com/kubernetes/website/blob/release-1.18/content/en/docs/concepts/cluster-administration/cloud-providers.md#aws) option. For more information on enabling this option see [Creating an Amazon EC2 Cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) or [Creating a Custom Cluster](../../../../pages-for-subheaders/use-existing-nodes.md). + - The cluster must be using the [AWS cloud provider](https://github.com/kubernetes/website/blob/release-1.18/content/en/docs/concepts/cluster-administration/cloud-providers.md#aws) option. For more information on enabling this option see [Creating an Amazon EC2 Cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) or [Creating a Custom Cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md). ::: diff --git a/versioned_docs/version-2.7/pages-for-subheaders/workloads-and-pods.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md similarity index 92% rename from versioned_docs/version-2.7/pages-for-subheaders/workloads-and-pods.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md index 5cfe84668af..c20787712ae 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/workloads-and-pods.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md @@ -71,9 +71,9 @@ There are several types of services available in Rancher. The descriptions below This section of the documentation contains instructions for deploying workloads and using workload options. -- [Deploy Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md) -- [Upgrade Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/upgrade-workloads.md) -- [Rollback Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/roll-back-workloads.md) +- [Deploy Workloads](deploy-workloads.md) +- [Upgrade Workloads](upgrade-workloads.md) +- [Rollback Workloads](roll-back-workloads.md) ## Related Links diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md index bd90885720a..2d98149dae2 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md @@ -11,15 +11,15 @@ There are two different agent resources deployed on Rancher managed clusters: - [cattle-cluster-agent](#cattle-cluster-agent) - [cattle-node-agent](#cattle-node-agent) -For a conceptual overview of how the Rancher server provisions clusters and communicates with them, refer to the [architecture](../../../pages-for-subheaders/rancher-manager-architecture.md). +For a conceptual overview of how the Rancher server provisions clusters and communicates with them, refer to the [architecture](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md). ### cattle-cluster-agent -The `cattle-cluster-agent` is used to connect to the Kubernetes API of [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. The `cattle-cluster-agent` is deployed using a Deployment resource. +The `cattle-cluster-agent` is used to connect to the Kubernetes API of [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) clusters. The `cattle-cluster-agent` is deployed using a Deployment resource. ### cattle-node-agent -The `cattle-node-agent` is used to interact with nodes in a [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) cluster when performing cluster operations. Examples of cluster operations are upgrading Kubernetes version and creating/restoring etcd snapshots. The `cattle-node-agent` is deployed using a DaemonSet resource to make sure it runs on every node. The `cattle-node-agent` is used as fallback option to connect to the Kubernetes API of [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters when `cattle-cluster-agent` is unavailable. +The `cattle-node-agent` is used to interact with nodes in a [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) cluster when performing cluster operations. Examples of cluster operations are upgrading Kubernetes version and creating/restoring etcd snapshots. The `cattle-node-agent` is deployed using a DaemonSet resource to make sure it runs on every node. The `cattle-node-agent` is used as fallback option to connect to the Kubernetes API of [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) clusters when `cattle-cluster-agent` is unavailable. ### Scheduling rules @@ -32,7 +32,7 @@ If control plane nodes are present in the cluster, the default tolerations will | `cattle-cluster-agent` | `beta.kubernetes.io/os:NotIn:windows` | none | **Note:** These are the default tolerations, and will be replaced by tolerations matching taints applied to controlplane nodes.

    `effect:NoSchedule`
    `key:node-role.kubernetes.io/controlplane`
    `value:true`

    `effect:NoSchedule`
    `key:node-role.kubernetes.io/control-plane`
    `operator:Exists`

    `effect:NoSchedule`
    `key:node-role.kubernetes.io/master`
    `operator:Exists` | | `cattle-node-agent` | `beta.kubernetes.io/os:NotIn:windows` | none | `operator:Exists` | -The `cattle-cluster-agent` Deployment has preferred scheduling rules using `preferredDuringSchedulingIgnoredDuringExecution`, favoring to be scheduled on nodes with the `controlplane` node. When there are no controlplane nodes visible in the cluster (this is usually the case when using [Clusters from Hosted Kubernetes Providers](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md)), you can add the label `cattle.io/cluster-agent=true` on a node to prefer scheduling the `cattle-cluster-agent` pod to that node. +The `cattle-cluster-agent` Deployment has preferred scheduling rules using `preferredDuringSchedulingIgnoredDuringExecution`, favoring to be scheduled on nodes with the `controlplane` node. When there are no controlplane nodes visible in the cluster (this is usually the case when using [Clusters from Hosted Kubernetes Providers](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md)), you can add the label `cattle.io/cluster-agent=true` on a node to prefer scheduling the `cattle-cluster-agent` pod to that node. See [Kubernetes: Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) to find more information about scheduling rules. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/launch-kubernetes-with-rancher.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md similarity index 85% rename from versioned_docs/version-2.7/pages-for-subheaders/launch-kubernetes-with-rancher.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md index 5b7f4363bab..e62d67c8323 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/launch-kubernetes-with-rancher.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md @@ -20,23 +20,23 @@ Rancher can also create pools of nodes. One benefit of installing Kubernetes on ### Requirements -If you use RKE to set up a cluster, your nodes must meet the [requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) for nodes in downstream user clusters. +If you use RKE to set up a cluster, your nodes must meet the [requirements](../kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) for nodes in downstream user clusters. ### Launching Kubernetes on New Nodes in an Infrastructure Provider -Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider.md#node-templates). This node template defines the parameters you want to use to launch nodes in your cloud providers. +Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). This node template defines the parameters you want to use to launch nodes in your cloud providers. One benefit of installing Kubernetes on node pools hosted by an infrastructure provider is that if a node loses connectivity with the cluster, Rancher can automatically create another node to join the cluster to ensure that the count of the node pool is as expected. -For more information, refer to the section on [launching Kubernetes on new nodes.](use-new-nodes-in-an-infra-provider.md) +For more information, refer to the section on [launching Kubernetes on new nodes.](use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### Launching Kubernetes on Existing Custom Nodes In this scenario, you want to install Kubernetes on bare-metal servers, on-prem virtual machines, or virtual machines that already exist in a cloud provider. With this option, you will run a Rancher agent Docker container on the machine. -If you want to reuse a node from a previous custom cluster, [clean the node](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node](../manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. -For more information, refer to the section on [custom nodes.](use-existing-nodes.md) +For more information, refer to the section on [custom nodes.](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) ### Programmatically Creating RKE Clusters diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index bef31ab3f23..6f64d0abb70 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -32,7 +32,7 @@ Then you will create a DigitalOcean cluster in Rancher, and when configuring the ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for DigitalOcean will allow Rancher to provision new nodes in DigitalOcean. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for DigitalOcean will allow Rancher to provision new nodes in DigitalOcean. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -46,7 +46,7 @@ Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an- 1. On the **Clusters** page, click **Create**. 1. Click **DigitalOcean**. 1. Enter a **Cluster Name**. -1. Add one or more node pools to your cluster. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Add one or more node pools to your cluster. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. **In the Cluster Configuration** section, choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Click **Create**. @@ -75,7 +75,7 @@ Use Rancher to create a Kubernetes cluster in DigitalOcean. 1. Click **DigitalOcean**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to the [DigitalOcean machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 5bc7d109825..3a4db1d0a73 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -18,7 +18,7 @@ Then you will create an EC2 cluster in Rancher, and when configuring the new clu - **AWS EC2 Access Key and Secret Key** that will be used to create the instances. See [Amazon Documentation: Creating Access Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) how to create an Access Key and Secret Key. - **IAM Policy created** to add to the user of the Access Key And Secret Key. See [Amazon Documentation: Creating IAM Policies (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start) how to create an IAM policy. See our three example JSON policies below: - [Example IAM Policy](#example-iam-policy) - - [Example IAM Policy with PassRole](#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) + - [Example IAM Policy with PassRole](#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) - [Example IAM Policy to allow encrypted EBS volumes](#example-iam-policy-to-allow-encrypted-ebs-volumes) - **IAM Policy added as Permission** to the user. See [Amazon Documentation: Adding Permissions to a User (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) how to attach it to an user. @@ -48,7 +48,7 @@ The steps to create a cluster differ based on your Rancher version. ### 2. Create a node template with your cloud credentials and information from EC2 -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for EC2 will allow Rancher to provision new nodes in EC2. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for EC2 will allow Rancher to provision new nodes in EC2. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates** @@ -64,14 +64,14 @@ Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an- ### 3. Create a cluster with node pools using the node template -Add one or more node pools to your cluster. For more information about node pools, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +Add one or more node pools to your cluster. For more information about node pools, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. Click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create**. 1. Click **Amazon EC2**. -1. Create a node pool for each Kubernetes role. For each node pool, choose a node template that you created. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Create a node pool for each Kubernetes role. For each node pool, choose a node template that you created. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers](../../../../pages-for-subheaders/set-up-cloud-providers.md) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) +1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) :::note @@ -107,7 +107,7 @@ If you already have a set of cloud credentials to use, skip this section. 1. Click **Amazon EC2**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to [the EC2 machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 758616b057d..2b9e2e10cdd 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -69,7 +69,7 @@ The creation of this service principal returns three pieces of identification in ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for Azure will allow Rancher to provision new nodes in Azure. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for Azure will allow Rancher to provision new nodes in Azure. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -85,7 +85,7 @@ Use Rancher to create a Kubernetes cluster in Azure. 1. On the **Clusters** page, click **Create**. 1. Click **Azure**. 1. Enter a **Cluster Name**. -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. In the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Click **Create**. @@ -116,7 +116,7 @@ Use Rancher to create a Kubernetes cluster in Azure. 1. Click **Azure**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to the [Azure machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/nutanix.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md similarity index 65% rename from versioned_docs/version-2.7/pages-for-subheaders/nutanix.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md index b626cf2bd12..9c761b50475 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/nutanix.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md @@ -13,9 +13,9 @@ Rancher can provision nodes in AOS (AHV) and install Kubernetes on them. When cr A Nutanix cluster may consist of multiple groups of VMs with distinct properties, such as the amount of memory or the number of vCPUs. This grouping allows for fine-grained control over the sizing of nodes for each Kubernetes role. -- [Creating a Nutanix Cluster](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md#creating-a-nutanix-aos-cluster) -- [Provisioning Storage](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md) +- [Creating a Nutanix Cluster](provision-kubernetes-clusters-in-aos.md#creating-a-nutanix-aos-cluster) +- [Provisioning Storage](provision-kubernetes-clusters-in-aos.md) ## Creating a Nutanix Cluster -In [this section,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in Nutanix AOS. \ No newline at end of file +In [this section,](provision-kubernetes-clusters-in-aos.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in Nutanix AOS. \ No newline at end of file diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index ded99b0679c..df67f078ac3 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -55,7 +55,7 @@ Setting up [VM-VM Anti-Affinity Policies](https://portal.nutanix.com/page/docume ### 1. Create a node template -Creating a [node template](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for Nutanix AOS will allow Rancher to provision new nodes in Nutanix AOS. Node templates can be reused for other clusters. +Creating a [node template](../use-new-nodes-in-an-infra-provider.md#node-templates) for Nutanix AOS will allow Rancher to provision new nodes in Nutanix AOS. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -75,7 +75,7 @@ Use Rancher to create a Kubernetes cluster in Nutanix AOS. 1. Enter a **Cluster Name**, then click **Continue**. 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users who can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used, and whether you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../use-new-nodes-in-an-infra-provider.md#node-pools) 1. Review your options to confirm they're correct. Then click **Create**. **Result:** Your cluster is created and assigned a state of **Provisioning**. Rancher is standing up your cluster. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md similarity index 92% rename from versioned_docs/version-2.7/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md index 59e2425659f..88bac5263d0 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md @@ -125,11 +125,11 @@ Node templates can use cloud credentials to store credentials for launching node - Multiple node templates can share the same cloud credential to create node pools. If your key is compromised or expired, the cloud credential can be updated in a single place, which allows all node templates that are using it to be updated at once. -After cloud credentials are created, the user can start [managing the cloud credentials that they created](../reference-guides/user-settings/manage-cloud-credentials.md). +After cloud credentials are created, the user can start [managing the cloud credentials that they created](../../../../reference-guides/user-settings/manage-cloud-credentials.md). ### Node Drivers -If you don't find the node driver that you want to use, you can see if it is available in Rancher's built-in [node drivers and activate it](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#activatingdeactivating-node-drivers), or you can [add your own custom node driver](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#adding-custom-node-drivers). +If you don't find the node driver that you want to use, you can see if it is available in Rancher's built-in [node drivers and activate it](../../authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#activatingdeactivating-node-drivers), or you can [add your own custom node driver](../../authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#adding-custom-node-drivers). ## RKE2 Clusters @@ -137,7 +137,7 @@ Rancher v2.6 introduces provisioning for [RKE2](https://docs.rke2.io/) clusters :::note -For RKE2 cluster templates, please refer to [this page](../how-to-guides/new-user-guides/manage-clusters/manage-cluster-templates.md#rke2-cluster-template) for additional information. +For RKE2 cluster templates, please refer to [this page](../../manage-clusters/manage-cluster-templates.md#rke2-cluster-template) for additional information. ::: @@ -149,7 +149,7 @@ The same functionality of using `etcd`, `controlplane` and `worker` nodes is pos The implementation of the three node roles in Rancher means that Rancher managed RKE2 clusters are able to easily leverage all of the same architectural best practices that are recommended for RKE clusters. -In our [recommended cluster architecture](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md), we outline how many nodes of each role clusters should have: +In our [recommended cluster architecture](../../kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md), we outline how many nodes of each role clusters should have: - At least three nodes with the role etcd to survive losing one node - At least two nodes with the role controlplane for master component high availability diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index 90f094ee5e7..9aec21efdf6 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -69,7 +69,7 @@ If you have a cluster with DRS enabled, setting up [VM-VM Affinity Rules](https: ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for vSphere will allow Rancher to provision new nodes in vSphere. Node templates can be reused for other clusters. +Creating a [node template](../use-new-nodes-in-an-infra-provider.md#node-templates) for vSphere will allow Rancher to provision new nodes in vSphere. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -90,7 +90,7 @@ Use Rancher to create a Kubernetes cluster in vSphere. 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. If you want to dynamically provision persistent storage or other infrastructure later, you will need to enable the vSphere cloud provider by modifying the cluster YAML file. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../use-new-nodes-in-an-infra-provider.md#node-pools) 1. Review your options to confirm they're correct. Then click **Create**. **Result:** @@ -111,4 +111,4 @@ After creating your cluster, you can access it through the Rancher UI. As a best - **Access your cluster with the kubectl CLI:** Follow [these steps](../../../../new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. - **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../../../new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. -- **Provision Storage:** For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../../../pages-for-subheaders/provisioning-storage-examples.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). \ No newline at end of file +- **Provision Storage:** For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/vsphere.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md similarity index 64% rename from versioned_docs/version-2.7/pages-for-subheaders/vsphere.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md index 634a037c1cd..9890f087ece 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/vsphere.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md @@ -21,7 +21,7 @@ The vSphere node templates have been updated, allowing you to bring cloud operat ### Self-healing Node Pools -One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,](use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. +One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,](../use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. :::caution @@ -33,7 +33,7 @@ It is not recommended to enable node auto-replace on a node pool of master nodes Node templates for vSphere have been updated so that when you create a node template with your vSphere credentials, the template is automatically populated with the same options for provisioning VMs that you have access to in the vSphere console. -For the fields to be populated, your setup needs to fulfill the [prerequisites.](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md#preparation-in-vsphere) +For the fields to be populated, your setup needs to fulfill the [prerequisites.](provision-kubernetes-clusters-in-vsphere.md#preparation-in-vsphere) ### More Supported Operating Systems @@ -47,14 +47,14 @@ In this YouTube video, we demonstrate how to set up a node template with the new ## Creating a vSphere Cluster -In [this section,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in vSphere. +In [this section,](provision-kubernetes-clusters-in-vsphere.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in vSphere. ## Provisioning Storage -For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. Refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../manage-clusters/provisioning-storage-examples/vsphere-storage.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. Refer to [in-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). ## Enabling the vSphere Cloud Provider When a cloud provider is set up in Rancher, the Rancher server can automatically provision new infrastructure for the cluster, including new nodes or persistent storage devices. -For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). diff --git a/versioned_docs/version-2.7/pages-for-subheaders/access-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md similarity index 71% rename from versioned_docs/version-2.7/pages-for-subheaders/access-clusters.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md index 69d18515700..a4929ee26cf 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/access-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md @@ -8,11 +8,11 @@ title: Cluster Access This section is about what tools can be used to access clusters managed by Rancher. -For information on how to give users permission to access a cluster, see the section on [adding users to clusters.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) +For information on how to give users permission to access a cluster, see the section on [adding users to clusters.](add-users-to-clusters.md) -For more information on roles-based access control, see [this section.](manage-role-based-access-control-rbac.md) +For more information on roles-based access control, see [this section.](../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) -For information on how to set up an authentication system, see [this section.](authentication-config.md) +For information on how to set up an authentication system, see [this section.](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) ## Clusters in Rancher UI @@ -29,7 +29,7 @@ You can also access the **Clusters** page by clicking the **Manage** button abov On the **Clusters** page, select **⁝** at the end of each row to view a submenu with the following options: -* [Kubectl Shell](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md) +* [Kubectl Shell](use-kubectl-and-kubeconfig.md) * Download KubeConfig * Copy KubeConfig to Clipboard * Edit Config @@ -53,13 +53,13 @@ The **Cluster Dashboard** lists information about a specific cluster, such as nu You can use the Kubernetes command-line tool, [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), to manage your clusters. You have two options for using kubectl: -- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md). -- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md). +- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell](use-kubectl-and-kubeconfig.md). +- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](use-kubectl-and-kubeconfig.md). ## Rancher CLI -You can control your clusters by downloading Rancher's own command-line interface, [Rancher CLI](cli-with-rancher.md). This CLI tool can interact directly with different clusters and projects or pass them `kubectl` commands. +You can control your clusters by downloading Rancher's own command-line interface, [Rancher CLI](../../../../reference-guides/cli-with-rancher/cli-with-rancher.md). This CLI tool can interact directly with different clusters and projects or pass them `kubectl` commands. ## Rancher API -Finally, you can interact with your clusters over the Rancher API. Before you use the API, you must obtain an [API key](../reference-guides/user-settings/api-keys.md). To view the different resource fields and actions for an API object, open the API UI, which can be accessed by clicking on **View in API** for any Rancher UI object. +Finally, you can interact with your clusters over the Rancher API. Before you use the API, you must obtain an [API key](../../../../reference-guides/user-settings/api-keys.md). To view the different resource fields and actions for an API object, open the API UI, which can be accessed by clicking on **View in API** for any Rancher UI object. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md index 148715a31de..ebb64045d5c 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md @@ -35,7 +35,7 @@ Cluster administrators can edit the membership for a cluster, controlling which If external authentication is configured: - - Rancher returns users from your [external authentication](../../../../pages-for-subheaders/authentication-config.md) source as you type. + - Rancher returns users from your [external authentication](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) source as you type. :::note Using AD but can't find your users? @@ -47,7 +47,7 @@ Cluster administrators can edit the membership for a cluster, controlling which :::note - If you are logged in as a local user, external users do not display in your search results. For more information, see [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). + If you are logged in as a local user, external users do not display in your search results. For more information, see [External Authentication Configuration and Principal Users](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md index 543ed4d10b4..8db87b8b982 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md @@ -27,7 +27,7 @@ If admins have [kubeconfig token generation turned off](../../../../reference-gu ### Two Authentication Methods for RKE Clusters -If the cluster is not an [RKE cluster,](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) the kubeconfig file allows you to access the cluster in only one way: it lets you be authenticated with the Rancher server, then Rancher allows you to run kubectl commands on the cluster. +If the cluster is not an [RKE cluster,](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) the kubeconfig file allows you to access the cluster in only one way: it lets you be authenticated with the Rancher server, then Rancher allows you to run kubectl commands on the cluster. For RKE clusters, the kubeconfig file allows you to be authenticated in two ways: diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md index 6099a7d33d3..2c32c5c3660 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md @@ -48,7 +48,7 @@ Rancher will discover and show resources created by `kubectl`. However, these re ## Authenticating Directly with a Downstream Cluster -This section intended to help you set up an alternative method to access an [RKE cluster.](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +This section intended to help you set up an alternative method to access an [RKE cluster.](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) This method is only available for RKE, RKE2, and K3s clusters that have the [authorized cluster endpoint](../../../../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled. When Rancher creates the cluster, it generates a kubeconfig file that includes additional kubectl context(s) for accessing your cluster. This additional context allows you to use kubectl to authenticate with the downstream cluster without authenticating through Rancher. For a longer explanation of how the authorized cluster endpoint works, refer to [this page](authorized-cluster-endpoint.md). diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md index 9b9c30d32cb..a705b202f2f 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md @@ -8,7 +8,7 @@ title: Adding a Pod Security Policy :::note Prerequisite: -The options below are available only for clusters that are [launched using RKE.](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +The options below are available only for clusters that are [launched using RKE.](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ::: @@ -22,7 +22,7 @@ You can assign a pod security policy when you provision a cluster. However, if y :::note - This option is only available for clusters [provisioned by RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). + This option is only available for clusters [provisioned by RKE](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ::: diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md index b45beab4572..736bc664d8c 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md @@ -27,9 +27,9 @@ When cleaning nodes provisioned using Rancher, the following components are dele | All resources create under the `management.cattle.io` API Group | ✓ | ✓ | ✓ | | | All CRDs created by Rancher v2.x | ✓ | ✓ | ✓ | | -[1]: ../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md -[2]: ../../../pages-for-subheaders/use-existing-nodes.md -[3]: ../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +[1]: ../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md +[2]: ../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +[3]: ../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md [4]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md ## Removing a Node from a Cluster by Rancher UI diff --git a/versioned_docs/version-2.7/pages-for-subheaders/create-kubernetes-persistent-storage.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md similarity index 66% rename from versioned_docs/version-2.7/pages-for-subheaders/create-kubernetes-persistent-storage.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md index 6bda26af36e..dc7e5cd56ac 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/create-kubernetes-persistent-storage.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md @@ -9,15 +9,15 @@ description: "Learn about the two ways with which you can create persistent stor When deploying an application that needs to retain data, you'll need to create persistent storage. Persistent storage allows you to store application data external from the pod running your application. This storage practice allows you to maintain application data, even if the application's pod fails. -The documents in this section assume that you understand the Kubernetes concepts of persistent volumes, persistent volume claims, and storage classes. For more information, refer to the section on [how storage works.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-persistent-storage.md) +The documents in this section assume that you understand the Kubernetes concepts of persistent volumes, persistent volume claims, and storage classes. For more information, refer to the section on [how storage works.](manage-persistent-storage/about-persistent-storage.md) ### Prerequisites -To set up persistent storage, the `Manage Volumes` [role](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. +To set up persistent storage, the `Manage Volumes` [role](../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../pages-for-subheaders/set-up-cloud-providers.md) +For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) For attaching existing persistent storage to a cluster, the cloud provider does not need to be enabled. @@ -30,7 +30,7 @@ The overall workflow for setting up existing storage is as follows: 3. Add a persistent volume claim (PVC) that refers to the PV. 4. Mount the PVC as a volume in your workload. -For details and prerequisites, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/set-up-existing-storage.md) +For details and prerequisites, refer to [this page.](manage-persistent-storage/set-up-existing-storage.md) ### Dynamically Provisioning New Storage in Rancher @@ -40,7 +40,7 @@ The overall workflow for provisioning new storage is as follows: 2. Add a persistent volume claim (PVC) that refers to the storage class. 3. Mount the PVC as a volume for your workload. -For details and prerequisites, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md) +For details and prerequisites, refer to [this page.](manage-persistent-storage/dynamically-provision-new-storage.md) ### Longhorn Storage @@ -50,19 +50,19 @@ Longhorn is free, open source software. Originally developed by Rancher Labs, it If you have a pool of block storage, Longhorn can help you provide persistent storage to your Kubernetes cluster without relying on cloud providers. For more information about Longhorn features, refer to the [documentation.](https://longhorn.io/docs/latest/what-is-longhorn/) -Rancher v2.5 simplified the process of installing Longhorn on a Rancher-managed cluster. For more information, see [this page.](../integrations-in-rancher/longhorn.md) +Rancher v2.5 simplified the process of installing Longhorn on a Rancher-managed cluster. For more information, see [this page.](../../../../integrations-in-rancher/longhorn.md) ### Provisioning Storage Examples -We provide examples of how to provision storage with [NFS,](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md) [vSphere,](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) and [Amazon's EBS.](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) +We provide examples of how to provision storage with [NFS,](../provisioning-storage-examples/nfs-storage.md) [vSphere,](../provisioning-storage-examples/vsphere-storage.md) and [Amazon's EBS.](../provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) ### GlusterFS Volumes -In clusters that store data on GlusterFS volumes, you may experience an issue where pods fail to mount volumes after restarting the `kubelet`. For details on preventing this from happening, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md) +In clusters that store data on GlusterFS volumes, you may experience an issue where pods fail to mount volumes after restarting the `kubelet`. For details on preventing this from happening, refer to [this page.](manage-persistent-storage/about-glusterfs-volumes.md) ### iSCSI Volumes -In [Rancher Launched Kubernetes clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. For details on resolving this issue, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md) +In [Rancher Launched Kubernetes clusters](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. For details on resolving this issue, refer to [this page.](manage-persistent-storage/install-iscsi-volumes.md) ### hostPath Volumes Before you create a hostPath volume, you need to set up an [extra_bind](https://rancher.com/docs/rke/latest/en/config-options/services/services-extras/#extra-binds/) in your cluster configuration. This will mount the path as a volume in your kubelets, which can then be used for hostPath volumes in your workloads. @@ -71,7 +71,7 @@ Before you create a hostPath volume, you need to set up an [extra_bind](https:// Kubernetes is moving away from maintaining cloud providers in-tree. vSphere has an out-of-tree cloud provider that can be used by installing the vSphere cloud provider and cloud storage plugins. -For instructions on how to migrate from the in-tree vSphere cloud provider to out-of-tree, and manage the existing VMs post migration, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md) +For instructions on how to migrate from the in-tree vSphere cloud provider to out-of-tree, and manage the existing VMs post migration, refer to [this page.](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md) ### Related Links diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md index aef5e622446..6c0b1c1d0d2 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md @@ -8,7 +8,7 @@ title: GlusterFS Volumes :::note -This section only applies to [RKE clusters.](../../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +This section only applies to [RKE clusters.](../../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ::: diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md index 5ad0b03cd45..18ed7d49f29 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md @@ -23,7 +23,7 @@ To provision new storage for your workloads, follow these steps: - To set up persistent storage, the `Manage Volumes` [role](../../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. - If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../../../../pages-for-subheaders/set-up-cloud-providers.md) +- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) - Make sure your storage provisioner is available to be enabled. The following storage provisioners are enabled by default: diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md index cce04e02a24..6fe70097a2f 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md @@ -6,7 +6,7 @@ title: iSCSI Volumes -In [Rancher Launched Kubernetes clusters](../../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. This failure is likely due to an incompatibility issue involving the iSCSI initiator tool. You can resolve this issue by installing the iSCSI initiator tool on each of your cluster nodes. +In [Rancher Launched Kubernetes clusters](../../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. This failure is likely due to an incompatibility issue involving the iSCSI initiator tool. You can resolve this issue by installing the iSCSI initiator tool on each of your cluster nodes. Rancher Launched Kubernetes clusters storing data on iSCSI volumes leverage the [iSCSI initiator tool](http://www.open-iscsi.com/), which is embedded in the kubelet's `rancher/hyperkube` Docker image. From each kubelet (i.e., the _initiator_), the tool discovers and launches sessions with an iSCSI volume (i.e., the _target_). However, in some instances, the versions of the iSCSI initiator tool installed on the initiator and the target may not match, resulting in a connection failure. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/install-cluster-autoscaler.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md similarity index 91% rename from versioned_docs/version-2.7/pages-for-subheaders/install-cluster-autoscaler.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md index 8b749aae5ee..127153dd06b 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/install-cluster-autoscaler.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md @@ -25,4 +25,4 @@ Cluster Autoscaler provides support to distinct cloud providers. For more inform ### Setting up Cluster Autoscaler on Amazon Cloud Provider -For details on running the cluster autoscaler on Amazon cloud provider, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md) +For details on running the cluster autoscaler on Amazon cloud provider, refer to [this page.](use-aws-ec2-auto-scaling-groups.md) diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md index c8debb174ad..7daaab8504b 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md @@ -238,7 +238,7 @@ More info is at [RKE clusters on AWS](../../../new-user-guides/kubernetes-cluste Once we've configured AWS, let's create VMs to bootstrap our cluster: -* master (etcd+controlplane): Depending your needs, deploy three master instances with proper size. More info is at [the recommendations for production-ready clusters.](../../../../pages-for-subheaders/checklist-for-production-ready-clusters.md) +* master (etcd+controlplane): Depending your needs, deploy three master instances with proper size. More info is at [the recommendations for production-ready clusters.](../../kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) * IAM role: `K8sMasterRole` * Security group: `K8sMasterSg` * Tags: diff --git a/versioned_docs/version-2.7/pages-for-subheaders/manage-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md similarity index 68% rename from versioned_docs/version-2.7/pages-for-subheaders/manage-clusters.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md index e6f69885338..23fc13f7b51 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/manage-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md @@ -10,13 +10,13 @@ After you provision a cluster in Rancher, you can begin using powerful Kubernete :::note -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../../../reference-guides/kubernetes-concepts.md) page. ::: ## Managing Clusters in Rancher -After clusters have been [provisioned into Rancher](kubernetes-clusters-in-rancher-setup.md), [cluster owners](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. +After clusters have been [provisioned into Rancher](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md), [cluster owners](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md index 2e7f151e5c2..fbbe7813b4e 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md @@ -13,11 +13,11 @@ After you launch a Kubernetes cluster in Rancher, you can manage individual node 1. Find the cluster whose nodes you want to manage, and click the **Explore** button at the end of the row. 1. Select **Nodes** from the left navigation. -Depending on the [option used](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) to provision the cluster, there are different node options available. +Depending on the [option used](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) to provision the cluster, there are different node options available. :::note -If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters](../../../pages-for-subheaders/cluster-configuration.md). +If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters](../../../reference-guides/cluster-configuration/cluster-configuration.md). ::: @@ -36,9 +36,9 @@ The following table lists which node options are available for each type of clus | [Download Keys](#ssh-into-a-node-hosted-by-an-infrastructure-provider) | ✓ | | | | | Download SSH key in order to SSH into the node. | | [Node Scaling](#scaling-nodes) | ✓ | | | ✓ | | Scale the number of nodes in the node pool up or down. | -[1]: ../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md -[2]: ../../../pages-for-subheaders/use-existing-nodes.md -[3]: ../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +[1]: ../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md +[2]: ../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +[3]: ../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md [4]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md [5]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -47,17 +47,17 @@ The following table lists which node options are available for each type of clus ### Nodes Hosted by an Infrastructure Provider -Node pools are available when you provision Rancher-launched Kubernetes clusters on nodes that are [hosted in an infrastructure provider.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +Node pools are available when you provision Rancher-launched Kubernetes clusters on nodes that are [hosted in an infrastructure provider.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) -Clusters provisioned using [one of the node pool options](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) can be scaled up or down if the node pool is edited. +Clusters provisioned using [one of the node pool options](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-pools) can be scaled up or down if the node pool is edited. -A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. +A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. -Rancher uses [node templates](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) to replace nodes in the node pool. Each node template uses cloud provider credentials to allow Rancher to set up the node in the infrastructure provider. +Rancher uses [node templates](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) to replace nodes in the node pool. Each node template uses cloud provider credentials to allow Rancher to set up the node in the infrastructure provider. ### Nodes Provisioned by Hosted Kubernetes Providers -Options for managing nodes [hosted by a Kubernetes provider](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md) are somewhat limited in Rancher. Rather than using the Rancher UI to make edits such as scaling the number of nodes up or down, edit the cluster directly. +Options for managing nodes [hosted by a Kubernetes provider](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) are somewhat limited in Rancher. Rather than using the Rancher UI to make edits such as scaling the number of nodes up or down, edit the cluster directly. ### Registered Nodes @@ -76,13 +76,13 @@ To manage individual nodes, browse to the cluster that you want to manage and th ## Viewing a Node in the Rancher API -Select this option to view the node's [API endpoints](../../../pages-for-subheaders/about-the-api.md). +Select this option to view the node's [API endpoints](../../../reference-guides/about-the-api/about-the-api.md). ## Deleting a Node Use **Delete** to remove defective nodes from the cloud provider. -When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) +When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) :::tip @@ -92,11 +92,11 @@ If your cluster is hosted by an infrastructure provider, and you want to scale y ## Scaling Nodes -For nodes hosted by an infrastructure provider, you can scale the number of nodes in each [node pool](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) by using the scale controls. This option isn't available for other cluster types. +For nodes hosted by an infrastructure provider, you can scale the number of nodes in each [node pool](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-pools) by using the scale controls. This option isn't available for other cluster types. ## SSH into a Node Hosted by an Infrastructure Provider -For [nodes hosted by an infrastructure provider](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), you have the option of downloading its SSH key so that you can connect to it remotely from your desktop. +For [nodes hosted by an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), you have the option of downloading its SSH key so that you can connect to it remotely from your desktop. 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, go to the cluster where you want to SSH into a node and click the name of the cluster. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md index d74b70822d3..09c74502119 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md @@ -38,10 +38,10 @@ You can assign resources at the project level so that each namespace in the proj You can assign the following resources directly to namespaces: -- [Workloads](../../../pages-for-subheaders/workloads-and-pods.md) -- [Load Balancers/Ingress](../../../pages-for-subheaders/load-balancer-and-ingress-controller.md) +- [Workloads](../kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) +- [Load Balancers/Ingress](../kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md) - [Service Discovery Records](../../new-user-guides/kubernetes-resources-setup/create-services.md) -- [Persistent Volume Claims](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) +- [Persistent Volume Claims](create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) - [Certificates](../../new-user-guides/kubernetes-resources-setup/encrypt-http-communication.md) - [ConfigMaps](../../new-user-guides/kubernetes-resources-setup/configmaps.md) - [Registries](../../new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries.md) @@ -180,7 +180,7 @@ To add a resource quota, 1. In the **Resource Quotas** tab, click **Add Resource**. 1. Select a **Resource Type**. For more information, see [Resource Quotas.](projects-and-namespaces.md). 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. -1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit](../../../pages-for-subheaders/manage-project-resource-quotas.md) +1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit](../../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md) 1. Click **Create**. **Result:** Your project is created. You can view it from the cluster's **Projects/Namespaces** view. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md index 9898df21025..b5fd1fee669 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md @@ -10,7 +10,7 @@ Before you can use the NFS storage volume plug-in with Rancher deployments, you :::note -- If you already have an NFS share, you don't need to provision a new NFS server to use the NFS volume plugin within Rancher. Instead, skip the rest of this procedure and complete [adding storage](../../../../pages-for-subheaders/create-kubernetes-persistent-storage.md). +- If you already have an NFS share, you don't need to provision a new NFS server to use the NFS volume plugin within Rancher. Instead, skip the rest of this procedure and complete [adding storage](../create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md). - This procedure demonstrates how to set up an NFS server using Ubuntu, although you should be able to use these instructions for other Linux distros (e.g. Debian, RHEL, Arch Linux, etc.). For official instruction on how to create an NFS server using another Linux distro, consult the distro's documentation. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/provisioning-storage-examples.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md similarity index 64% rename from versioned_docs/version-2.7/pages-for-subheaders/provisioning-storage-examples.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md index 44fd9593fba..b1d89e54c05 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/provisioning-storage-examples.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md @@ -10,6 +10,6 @@ Rancher supports persistent storage with a variety of volume plugins. However, b For your convenience, Rancher offers documentation on how to configure some of the popular storage methods: -- [NFS](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md) -- [vSphere](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) -- [EBS](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) +- [NFS](nfs-storage.md) +- [vSphere](vsphere-storage.md) +- [EBS](persistent-storage-in-amazon-ebs.md) diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md index b13cee6512d..0bede8b10ae 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md @@ -13,7 +13,7 @@ In order to dynamically provision storage in vSphere, the vSphere provider must ### Prerequisites -In order to provision vSphere volumes in a cluster created with the [Rancher Kubernetes Engine (RKE)](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md), the [vSphere cloud provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/vsphere) must be explicitly enabled in the [cluster options](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md). +In order to provision vSphere volumes in a cluster created with the [Rancher Kubernetes Engine (RKE)](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md), the [vSphere cloud provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/vsphere) must be explicitly enabled in the [cluster options](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md). ### Creating a StorageClass diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-namespaces.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-namespaces.md index 0419be358a6..48ae6879c01 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-namespaces.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-namespaces.md @@ -12,10 +12,10 @@ Although you assign resources at the project level so that each namespace in the Resources that you can assign directly to namespaces include: -- [Workloads](../../pages-for-subheaders/workloads-and-pods.md) -- [Load Balancers/Ingress](../../pages-for-subheaders/load-balancer-and-ingress-controller.md) +- [Workloads](kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) +- [Load Balancers/Ingress](kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md) - [Service Discovery Records](kubernetes-resources-setup/create-services.md) -- [Persistent Volume Claims](../../pages-for-subheaders/create-kubernetes-persistent-storage.md) +- [Persistent Volume Claims](manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) - [Certificates](kubernetes-resources-setup/encrypt-http-communication.md) - [ConfigMaps](kubernetes-resources-setup/configmaps.md) - [Registries](kubernetes-resources-setup/kubernetes-and-docker-registries.md) @@ -44,7 +44,7 @@ When working with project resources that you can assign to a namespace (i.e., [w 1. Click **Cluster > Projects/Namespaces**. 1. Go to the project where you want to add a namespace and click **Create Namespace**. Alternately, go to **Not in a Project** to create a namespace not associated with a project. -1. **Optional:** If your project has [Resource Quotas](../../pages-for-subheaders/manage-project-resource-quotas.md) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). +1. **Optional:** If your project has [Resource Quotas](../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). 1. Enter a **Name** and then click **Create**. @@ -64,7 +64,7 @@ Cluster admins and members may occasionally need to move a namespace to another :::note Notes: - Don't move the namespaces in the `System` project. Moving these namespaces can adversely affect cluster networking. - - You cannot move a namespace into a project that already has a [resource quota](../../pages-for-subheaders/manage-project-resource-quotas.md)configured. + - You cannot move a namespace into a project that already has a [resource quota](../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md)configured. - If you move a namespace from a project that has a quota set to a project with no quota set, the quota is removed from the namespace. 1. Choose a new project for the new namespace and then click **Move**. Alternatively, you can remove the namespace from all projects by selecting **None**. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/new-user-guides.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/new-user-guides/new-user-guides.md similarity index 100% rename from versioned_docs/version-2.7/pages-for-subheaders/new-user-guides.md rename to versioned_docs/version-2.7/how-to-guides/new-user-guides/new-user-guides/new-user-guides.md diff --git a/versioned_docs/version-2.7/pages-for-subheaders/cis-scans.md b/versioned_docs/version-2.7/integrations-in-rancher/cis-scans/cis-scans.md similarity index 87% rename from versioned_docs/version-2.7/pages-for-subheaders/cis-scans.md rename to versioned_docs/version-2.7/integrations-in-rancher/cis-scans/cis-scans.md index d9c5dbecabb..c6423844d0c 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/cis-scans.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cis-scans/cis-scans.md @@ -29,7 +29,7 @@ The Benchmark version is included in the generated report. The Benchmark provides recommendations of two types: Automated and Manual. Recommendations marked as Manual in the Benchmark are not included in the generated report. -Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](./rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version. +Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](../../reference-guides/rancher-security/rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version. The report contains the following information: @@ -48,7 +48,7 @@ The report contains the following information: | `actual_value` | The test's actual value, present if reported by `kube-bench`. | | `expected_result` | The test's expected result, present if reported by `kube-bench`. | -Refer to [the table in the cluster hardening guide](./rancher-security.md) for information on which versions of Kubernetes, the Benchmark, Rancher, and our cluster hardening guide correspond to each other. Also refer to the hardening guide for configuration files of CIS-compliant clusters and information on remediating failed tests. +Refer to [the table in the cluster hardening guide](../../reference-guides/rancher-security/rancher-security.md) for information on which versions of Kubernetes, the Benchmark, Rancher, and our cluster hardening guide correspond to each other. Also refer to the hardening guide for configuration files of CIS-compliant clusters and information on remediating failed tests. ## Test Profiles @@ -90,7 +90,7 @@ There are two types of RKE cluster scan profiles: The EKS and GKE cluster scan profiles are based on CIS Benchmark versions that are specific to those types of clusters. -In order to pass the "Hardened" profile, you will need to follow the steps on the [hardening guide](./rancher-security.md#rancher-hardening-guide) and use the `cluster.yml` defined in the hardening guide to provision a hardened cluster. +In order to pass the "Hardened" profile, you will need to follow the steps on the [hardening guide](../../reference-guides/rancher-security/rancher-security.md#rancher-hardening-guide) and use the `cluster.yml` defined in the hardening guide to provision a hardened cluster. The default profile and the supported CIS benchmark version depends on the type of cluster that will be scanned: @@ -103,7 +103,7 @@ The `rancher-cis-benchmark` supports the CIS 1.6 Benchmark version. ## About Skipped and Not Applicable Tests -For a list of skipped and not applicable tests, refer to [this page](../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md). +For a list of skipped and not applicable tests, refer to [this page](../../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md). For now, only user-defined skipped tests are marked as skipped in the generated report. @@ -111,12 +111,12 @@ Any skipped tests that are defined as being skipped by one of the default profil ## Roles-based Access Control -For information about permissions, refer to [this page](../integrations-in-rancher/cis-scans/rbac-for-cis-scans.md) +For information about permissions, refer to [this page](rbac-for-cis-scans.md) ## Configuration -For more information about configuring the custom resources for the scans, profiles, and benchmark versions, refer to [this page](../integrations-in-rancher/cis-scans/configuration-reference.md) +For more information about configuring the custom resources for the scans, profiles, and benchmark versions, refer to [this page](configuration-reference.md) ## How-to Guides -Please refer to the [CIS Scan Guides](../pages-for-subheaders/cis-scan-guides.md) to learn how to run CIS scans. +Please refer to the [CIS Scan Guides](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) to learn how to run CIS scans. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/aws-cloud-marketplace.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md similarity index 75% rename from versioned_docs/version-2.7/pages-for-subheaders/aws-cloud-marketplace.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md index c487e1d6f92..13b1398077e 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/aws-cloud-marketplace.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md @@ -16,12 +16,12 @@ Rancher offers an integration with the AWS Marketplace which allows users to pur - Rancher must be deployed with additional metrics enabled. - Rancher must be installed on an EKS cluster. - You must purchase at least one entitlement to Rancher support through AWS Marketplace. -- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md) for more information. +- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](adapter-requirements.md) for more information. ## How to Use -1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md). -2. [Install the CSP Adapter](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md). +1. Complete the [prerequisite steps](adapter-requirements.md). +2. [Install the CSP Adapter](install-adapter.md). ## FAQ diff --git a/versioned_docs/version-2.7/pages-for-subheaders/cloud-marketplace.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/cloud-marketplace.md similarity index 100% rename from versioned_docs/version-2.7/pages-for-subheaders/cloud-marketplace.md rename to versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/cloud-marketplace.md diff --git a/versioned_docs/version-2.7/pages-for-subheaders/fleet-gitops-at-scale.md b/versioned_docs/version-2.7/integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md similarity index 86% rename from versioned_docs/version-2.7/pages-for-subheaders/fleet-gitops-at-scale.md rename to versioned_docs/version-2.7/integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md index 67d7aac5785..7beecb02d0b 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/fleet-gitops-at-scale.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md @@ -13,7 +13,7 @@ Fleet is a separate project from Rancher, and can be installed on any Kubernetes ## Architecture -For information about how Fleet works, see [this page](../integrations-in-rancher/fleet-gitops-at-scale/architecture.md). +For information about how Fleet works, see [this page](architecture.md). ## Accessing Fleet in the Rancher UI @@ -41,7 +41,7 @@ Follow the steps below to access Continuous Delivery in the Rancher UI: ## Windows Support -For details on support for clusters with Windows nodes, see [this page](../integrations-in-rancher/fleet-gitops-at-scale/windows-support.md). +For details on support for clusters with Windows nodes, see [this page](windows-support.md). ## GitHub Repository @@ -49,7 +49,7 @@ The Fleet Helm charts are available [here](https://github.com/rancher/fleet/rele ## Using Fleet Behind a Proxy -For details on using Fleet behind a proxy, see [this page](../integrations-in-rancher/fleet-gitops-at-scale/use-fleet-behind-a-proxy.md). +For details on using Fleet behind a proxy, see [this page](use-fleet-behind-a-proxy.md). ## Helm Chart Dependencies @@ -59,7 +59,7 @@ The Helm chart in the git repository must include its dependencies in the charts ## Troubleshooting -- **Known Issue**: clientSecretName and helmSecretName secrets for Fleet gitrepos are not included in the backup nor restore created by the [backup-restore-operator](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher.md#1-install-the-rancher-backup-operator). We will update the community once a permanent solution is in place. +- **Known Issue**: clientSecretName and helmSecretName secrets for Fleet gitrepos are not included in the backup nor restore created by the [backup-restore-operator](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher.md#1-install-the-rancher-backup-operator). We will update the community once a permanent solution is in place. - **Temporary Workaround**: By default, user-defined secrets are not backed up in Fleet. It is necessary to recreate secrets if performing a disaster recovery restore or migration of Rancher into a fresh cluster. To modify resourceSet to include extra resources you want to backup, refer to docs [here](https://github.com/rancher/backup-restore-operator#user-flow). diff --git a/versioned_docs/version-2.7/integrations-in-rancher/harvester.md b/versioned_docs/version-2.7/integrations-in-rancher/harvester.md index 300a5826e16..cd6673582d8 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/harvester.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/harvester.md @@ -10,7 +10,7 @@ Introduced in Rancher v2.6.1, [Harvester](https://docs.harvesterhci.io/) is an o ### Feature Flag -The Harvester feature flag is used to manage access to the Virtualization Management (VM) page in Rancher where users can navigate directly to Harvester clusters and access the Harvester UI. The Harvester feature flag is enabled by default. Click [here](../pages-for-subheaders/enable-experimental-features.md) for more information on feature flags in Rancher. +The Harvester feature flag is used to manage access to the Virtualization Management (VM) page in Rancher where users can navigate directly to Harvester clusters and access the Harvester UI. The Harvester feature flag is enabled by default. Click [here](../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md) for more information on feature flags in Rancher. To navigate to the Harvester cluster, click **☰ > Virtualization Management**. From Harvester Clusters page, click one of the clusters listed to go to the single Harvester cluster view. @@ -28,7 +28,7 @@ The [Harvester node driver](https://docs.harvesterhci.io/v1.1/rancher/node/node- Harvester allows `.ISO` images to be uploaded and displayed through the Harvester UI, but this is not supported in the Rancher UI. This is because `.ISO` images usually require additional setup that interferes with a clean deployment (without requiring user intervention), and they are not typically used in cloud environments. -Click [here](../pages-for-subheaders/about-provisioning-drivers.md#node-drivers) for more information on node drivers in Rancher. +Click [here](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md#node-drivers) for more information on node drivers in Rancher. ### Port Requirements diff --git a/versioned_docs/version-2.7/pages-for-subheaders/configuration-options.md b/versioned_docs/version-2.7/integrations-in-rancher/istio/configuration-options/configuration-options.md similarity index 81% rename from versioned_docs/version-2.7/pages-for-subheaders/configuration-options.md rename to versioned_docs/version-2.7/integrations-in-rancher/istio/configuration-options/configuration-options.md index fdfc51d41bc..35546a12f03 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/configuration-options.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/istio/configuration-options/configuration-options.md @@ -28,16 +28,16 @@ The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=fals If you would like to limit Prometheus to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true`. Once you do this, you must perform some additional configuration to continue to monitor your resources. -For details, refer to [this section.](../integrations-in-rancher/istio/configuration-options/selectors-and-scrape-configurations.md) +For details, refer to [this section.](selectors-and-scrape-configurations.md) ### Enable Istio with Pod Security Policies -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/pod-security-policies.md) +Refer to [this section.](pod-security-policies.md) ### Additional Steps for Installing Istio on an RKE2 Cluster -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/install-istio-on-rke2-cluster.md) +Refer to [this section.](install-istio-on-rke2-cluster.md) ### Additional Steps for Project Network Isolation -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/project-network-isolation.md) \ No newline at end of file +Refer to [this section.](project-network-isolation.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/integrations-in-rancher/istio/cpu-and-memory-allocations.md b/versioned_docs/version-2.7/integrations-in-rancher/istio/cpu-and-memory-allocations.md index 10fe77c9ec4..d61b13089cd 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/istio/cpu-and-memory-allocations.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/istio/cpu-and-memory-allocations.md @@ -45,7 +45,7 @@ To configure the resources allocated to an Istio component, 1. In the left navigation bar, click **Apps**. 1. Click **Installed Apps**. 1. Go to the `istio-system` namespace. In one of the Istio workloads, such as `rancher-istio`, click **⋮ > Edit/Upgrade**. -1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](../../pages-for-subheaders/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) +1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](configuration-options/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) 1. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations. 1. Click **Upgrade**. to rollout changes diff --git a/versioned_docs/version-2.7/pages-for-subheaders/istio.md b/versioned_docs/version-2.7/integrations-in-rancher/istio/istio.md similarity index 86% rename from versioned_docs/version-2.7/pages-for-subheaders/istio.md rename to versioned_docs/version-2.7/integrations-in-rancher/istio/istio.md index 93f1e9b7cc5..c622d0d2180 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/istio.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/istio/istio.md @@ -18,7 +18,7 @@ This core service mesh provides features that include but are not limited to the - **Security** with resources to authenticate and authorize traffic and users, mTLS included. - **Observability** of logs, metrics, and distributed traffic flows. -After [setting up istio](istio-setup-guide.md) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. +After [setting up istio](../../how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. Istio needs to be set up by a `cluster-admin` before it can be used in a project. @@ -29,7 +29,7 @@ The overall architecture of Istio has been simplified. A single component, Istio Addons that were previously installed by Istio (cert-manager, Grafana, Jaeger, Kiali, Prometheus, Zipkin) will now need to be installed separately. Istio will support installation of integrations that are from the Istio Project and will maintain compatibility with those that are not. -A Prometheus integration will still be available through an installation of [Rancher Monitoring](monitoring-and-alerting.md), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. +A Prometheus integration will still be available through an installation of [Rancher Monitoring](../monitoring-and-alerting/monitoring-and-alerting.md), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. Istio has migrated away from Helm as a way to install Istio and now provides installation through the istioctl binary or Istio Operator. To ensure the easiest interaction with Istio, Rancher's Istio will maintain a Helm chart that utilizes the istioctl binary to manage your Istio installation. @@ -55,21 +55,21 @@ Note that this is not a production-qualified deployment of Jaeger. This deployme ## Prerequisites -Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](../integrations-in-rancher/istio/cpu-and-memory-allocations.md) to run all of the components of Istio. +Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](cpu-and-memory-allocations.md) to run all of the components of Istio. If you are installing Istio on RKE2 cluster, some additional steps are required. For details, see [this section.](#additional-steps-for-installing-istio-on-an-rke2-cluster) ## Setup Guide -Refer to the [setup guide](istio-setup-guide.md) for instructions on how to set up Istio and use it in a project. +Refer to the [setup guide](../../how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md) for instructions on how to set up Istio and use it in a project. ## Remove Istio -To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.](../integrations-in-rancher/istio/disable-istio.md) +To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.](disable-istio.md) ## Accessing Visualizations -> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.](../integrations-in-rancher/istio/rbac-for-istio.md) +> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.](rbac-for-istio.md) After Istio is set up in a cluster, Grafana, Prometheus, and Kiali are available in the Rancher UI. @@ -87,7 +87,7 @@ To access the Kiali visualization, 1. In the left navigation bar, click **Istio**. 1. Click **Kiali**. From here you can access the **Traffic Graph** tab or the **Traffic Metrics** tab to see network visualizations and metrics. -By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](../integrations-in-rancher/istio/configuration-options/selectors-and-scrape-configurations.md) if you would like to use a different configuration for prometheus data scraping. +By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](configuration-options/selectors-and-scrape-configurations.md) if you would like to use a different configuration for prometheus data scraping. Your access to the visualizations depend on your role. Grafana and Prometheus are only available for `cluster-admin` roles. The Kiali UI is available only to `cluster-admin` by default, but `cluster-admin` can allow other roles to access them by editing the Istio values.yaml. @@ -107,15 +107,15 @@ By default, each Rancher-provisioned cluster has one NGINX ingress controller al ![In an Istio-enabled cluster, you can have two ingresses: the default Nginx ingress, and the default Istio controller.](/img/istio-ingress.svg) - Additional Istio Ingress gateways can be enabled via the [overlay file](configuration-options.md#overlay-file). + Additional Istio Ingress gateways can be enabled via the [overlay file](configuration-options/configuration-options.md#overlay-file). ### Egress Support -By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](configuration-options.md#overlay-file). +By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](configuration-options/configuration-options.md#overlay-file). ## Additional Steps for Installing Istio on an RKE2 Cluster -To install Istio on an RKE2 cluster, follow the steps in [this section.](../integrations-in-rancher/istio/configuration-options/install-istio-on-rke2-cluster.md) +To install Istio on an RKE2 cluster, follow the steps in [this section.](configuration-options/install-istio-on-rke2-cluster.md) ## Upgrading Istio in an Air-Gapped Environment diff --git a/versioned_docs/version-2.7/pages-for-subheaders/custom-resource-configuration.md b/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md similarity index 51% rename from versioned_docs/version-2.7/pages-for-subheaders/custom-resource-configuration.md rename to versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md index 37c2f337d78..eb1020ac1a2 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/custom-resource-configuration.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md @@ -8,5 +8,5 @@ title: Custom Resource Configuration The following Custom Resource Definitions are used to configure logging: -- [Flow and ClusterFlow](../integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md) -- [Output and ClusterOutput](../integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md) \ No newline at end of file +- [Flow and ClusterFlow](flows-and-clusterflows.md) +- [Output and ClusterOutput](outputs-and-clusteroutputs.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md b/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md index 65707e0980a..66f1614b045 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md @@ -8,7 +8,7 @@ title: Flows and ClusterFlows See the [Logging operator documentation](https://kube-logging.github.io/docs/configuration/flow/) for the full details on how to configure `Flows` and `ClusterFlows`. -See [Rancher Integration with Logging Services: Troubleshooting](../../../pages-for-subheaders/logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. +See [Rancher Integration with Logging Services: Troubleshooting](../logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. ## Flows diff --git a/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md b/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md index 3ae66c9145a..e62870d33f6 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md @@ -8,7 +8,7 @@ title: Outputs and ClusterOutputs See the [Logging operator documentation](https://kube-logging.github.io/docs/configuration/flow/) for the full details on how to configure `Flows` and `ClusterFlows`. -See [Rancher Integration with Logging Services: Troubleshooting](../../../pages-for-subheaders/logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. +See [Rancher Integration with Logging Services: Troubleshooting](../logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. ## Outputs diff --git a/versioned_docs/version-2.7/integrations-in-rancher/logging/logging-helm-chart-options.md b/versioned_docs/version-2.7/integrations-in-rancher/logging/logging-helm-chart-options.md index 643114f6d7c..d68865a3afc 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/logging/logging-helm-chart-options.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/logging/logging-helm-chart-options.md @@ -45,7 +45,7 @@ Logging v2 was tested with SELinux on RHEL/CentOS 7 and 8. [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8. -To use Logging v2 with SELinux, we recommend installing the `rancher-selinux` RPM according to these [instructions](../../pages-for-subheaders/selinux-rpm.md). +To use Logging v2 with SELinux, we recommend installing the `rancher-selinux` RPM according to these [instructions](../../reference-guides/rancher-security/selinux-rpm/selinux-rpm.md). Then, when installing the logging application, configure the chart to be SELinux aware by changing `global.seLinux.enabled` to `true` in the `values.yaml`. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/logging.md b/versioned_docs/version-2.7/integrations-in-rancher/logging/logging.md similarity index 80% rename from versioned_docs/version-2.7/pages-for-subheaders/logging.md rename to versioned_docs/version-2.7/integrations-in-rancher/logging/logging.md index 427422627f3..a79c896ec6e 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/logging.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/logging/logging.md @@ -31,13 +31,13 @@ You can enable the logging for a Rancher managed cluster by going to the Apps pa ## Architecture -For more information about how the logging application works, see [this section.](../integrations-in-rancher/logging/logging-architecture.md) +For more information about how the logging application works, see [this section.](logging-architecture.md) ## Role-based Access Control -Rancher logging has two roles, `logging-admin` and `logging-view`. For more information on how and when to use these roles, see [this page.](../integrations-in-rancher/logging/rbac-for-logging.md) +Rancher logging has two roles, `logging-admin` and `logging-view`. For more information on how and when to use these roles, see [this page.](rbac-for-logging.md) ## Configuring Logging Custom Resources @@ -49,38 +49,38 @@ To manage `Flows,` `ClusterFlows`, `Outputs`, and `ClusterOutputs`, ### Flows and ClusterFlows -For help with configuring `Flows` and `ClusterFlows`, see [this page.](../integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md) +For help with configuring `Flows` and `ClusterFlows`, see [this page.](custom-resource-configuration/flows-and-clusterflows.md) ### Outputs and ClusterOutputs -For help with configuring `Outputs` and `ClusterOutputs`, see [this page.](../integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md) +For help with configuring `Outputs` and `ClusterOutputs`, see [this page.](custom-resource-configuration/outputs-and-clusteroutputs.md) ## Configuring the Logging Helm Chart -For a list of options that can be configured when the logging application is installed or upgraded, see [this page.](../integrations-in-rancher/logging/logging-helm-chart-options.md) +For a list of options that can be configured when the logging application is installed or upgraded, see [this page.](logging-helm-chart-options.md) ### Windows Support -You can [enable logging](../integrations-in-rancher/logging/logging-helm-chart-options.md#enabledisable-windows-node-logging) from Windows nodes. +You can [enable logging](logging-helm-chart-options.md#enabledisable-windows-node-logging) from Windows nodes. ### Working with a Custom Docker Root Directory -For details on using a custom Docker root directory, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#working-with-a-custom-docker-root-directory) +For details on using a custom Docker root directory, see [this section.](logging-helm-chart-options.md#working-with-a-custom-docker-root-directory) ### Working with Taints and Tolerations -For information on how to use taints and tolerations with the logging application, see [this page.](../integrations-in-rancher/logging/taints-and-tolerations.md) +For information on how to use taints and tolerations with the logging application, see [this page.](taints-and-tolerations.md) ### Logging V2 with SELinux -For information on enabling the logging application for SELinux-enabled nodes, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#enabling-the-logging-application-to-work-with-selinux) +For information on enabling the logging application for SELinux-enabled nodes, see [this section.](logging-helm-chart-options.md#enabling-the-logging-application-to-work-with-selinux) ### Additional Logging Sources -By default, Rancher collects logs for control plane components and node components for all cluster types. In some cases additional logs can be collected. For details, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#additional-logging-sources) +By default, Rancher collects logs for control plane components and node components for all cluster types. In some cases additional logs can be collected. For details, see [this section.](logging-helm-chart-options.md#additional-logging-sources) ## Troubleshooting diff --git a/versioned_docs/version-2.7/pages-for-subheaders/monitoring-and-alerting.md b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md similarity index 62% rename from versioned_docs/version-2.7/pages-for-subheaders/monitoring-and-alerting.md rename to versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index a4d38ca86dd..38e7a9a12a2 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/monitoring-and-alerting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -11,7 +11,7 @@ The `rancher-monitoring` application can quickly deploy leading open-source moni Introduced in Rancher v2.5, the application is powered by [Prometheus](https://prometheus.io/), [Grafana](https://grafana.com/grafana/), [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/), the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), and the [Prometheus adapter.](https://github.com/DirectXMan12/k8s-prometheus-adapter) -For information on V1 monitoring and alerting, available in Rancher v2.2 up to v2.4, please see the Rancher v2.0—v2.4 docs on [cluster monitoring](../../version-2.0-2.4/pages-for-subheaders/cluster-monitoring.md), [alerting](../../version-2.0-2.4/pages-for-subheaders/cluster-alerts.md), [notifiers](../../version-2.0-2.4/explanations/integrations-in-rancher/notifiers.md) and other [tools](../../version-2.0-2.4/pages-for-subheaders/project-tools.md). +For information on V1 monitoring and alerting, available in Rancher v2.2 up to v2.4, please see the Rancher v2.0—v2.4 docs on [cluster monitoring](../../../version-2.0-2.4/pages-for-subheaders/cluster-monitoring.md), [alerting](../../../version-2.0-2.4/pages-for-subheaders/cluster-alerts.md), [notifiers](../../../version-2.0-2.4/explanations/integrations-in-rancher/notifiers.md) and other [tools](../../../version-2.0-2.4/pages-for-subheaders/project-tools.md). Using the `rancher-monitoring` application, you can quickly deploy leading open-source monitoring and alerting solutions onto your cluster. @@ -30,7 +30,7 @@ The monitoring application: - Defines precomputed, frequently needed or computationally expensive expressions as new time series based on metrics collected via Prometheus. - Exposes collected metrics from Prometheus to the Kubernetes Custom Metrics API via Prometheus Adapter for use in HPA. -See [How Monitoring Works](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md) for an explanation of how the monitoring components work together. +See [How Monitoring Works](how-monitoring-works.md) for an explanation of how the monitoring components work together. ## Default Components and Deployments @@ -38,7 +38,7 @@ See [How Monitoring Works](../integrations-in-rancher/monitoring-and-alerting/ho By default, the monitoring application deploys Grafana dashboards (curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project) onto a cluster. -It also deploys an Alertmanager UI and a Prometheus UI. For more information about these tools, see [Built-in Dashboards.](../integrations-in-rancher/monitoring-and-alerting/built-in-dashboards.md) +It also deploys an Alertmanager UI and a Prometheus UI. For more information about these tools, see [Built-in Dashboards.](built-in-dashboards.md) ### Default Metrics Exporters By default, Rancher Monitoring deploys exporters (such as [node-exporter](https://github.com/prometheus/node_exporter) and [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics)). @@ -47,41 +47,41 @@ These default exporters automatically scrape metrics for CPU and memory from all ### Default Alerts -The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](../integrations-in-rancher/monitoring-and-alerting/built-in-dashboards.md#alertmanager-ui) and click **Expand all groups.** +The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](built-in-dashboards.md#alertmanager-ui) and click **Expand all groups.** ### Components Exposed in the Rancher UI -For a list of monitoring components exposed in the Rancher UI, along with common use cases for editing them, see [this section.](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md#components-exposed-in-the-rancher-ui) +For a list of monitoring components exposed in the Rancher UI, along with common use cases for editing them, see [this section.](how-monitoring-works.md#components-exposed-in-the-rancher-ui) ## Role-based Access Control -For information on configuring access to monitoring, see [this page.](../integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md) +For information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) ## Guides -- [Enable monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) -- [Uninstall monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) -- [Monitoring workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) -- [Customizing Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) -- [Persistent Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) -- [Debugging high memory usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) +- [Enable monitoring](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) +- [Uninstall monitoring](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) +- [Monitoring workloads](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) +- [Customizing Grafana dashboards](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) +- [Persistent Grafana dashboards](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) +- [Debugging high memory usage](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) ## Configuration ### Configuring Monitoring Resources in Rancher -The configuration reference assumes familiarity with how monitoring components work together. For more information, see [How Monitoring Works.](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md) +The configuration reference assumes familiarity with how monitoring components work together. For more information, see [How Monitoring Works.](how-monitoring-works.md) -- [ServiceMonitor and PodMonitor](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) -- [Receiver](../reference-guides/monitoring-v2-configuration/receivers.md) -- [Route](../reference-guides/monitoring-v2-configuration/routes.md) -- [PrometheusRule](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) -- [Prometheus](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) -- [Alertmanager](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +- [ServiceMonitor and PodMonitor](../../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) +- [Receiver](../../reference-guides/monitoring-v2-configuration/receivers.md) +- [Route](../../reference-guides/monitoring-v2-configuration/routes.md) +- [PrometheusRule](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) +- [Prometheus](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +- [Alertmanager](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) ### Configuring Helm Chart Options -For more information on `rancher-monitoring` chart options, including options to set resource limits and requests, see [Helm Chart Options](../reference-guides/monitoring-v2-configuration/helm-chart-options.md). +For more information on `rancher-monitoring` chart options, including options to set resource limits and requests, see [Helm Chart Options](../../reference-guides/monitoring-v2-configuration/helm-chart-options.md). ## Windows Cluster Support @@ -89,11 +89,11 @@ When deployed onto an RKE1 Windows cluster, Monitoring V2 will now automatically To be able to fully deploy Monitoring V2 for Windows, all of your Windows hosts must have a minimum [wins](https://github.com/rancher/wins) version of v0.1.0. -For more details on how to upgrade wins on existing Windows hosts, see [Windows cluster support for Monitoring V2.](../integrations-in-rancher/monitoring-and-alerting/windows-support.md). +For more details on how to upgrade wins on existing Windows hosts, see [Windows cluster support for Monitoring V2.](windows-support.md). ## Known Issues There is a [known issue](https://github.com/rancher/rancher/issues/28787#issuecomment-693611821) that K3s clusters require more than the allotted default memory. If you enable monitoring on a K3s cluster, set `prometheus.prometheusSpec.resources.memory.limit` to 2500 Mi and `prometheus.prometheusSpec.resources.memory.request` to 1750 Mi. -See [Debugging High Memory Usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) for advice and recommendations. +See [Debugging High Memory Usage](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) for advice and recommendations. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/neuvector.md b/versioned_docs/version-2.7/integrations-in-rancher/neuvector.md index fbc5eccec1c..0ae04075ab4 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/neuvector.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/neuvector.md @@ -8,7 +8,7 @@ title: NeuVector Integration ### NeuVector Integration in Rancher -[NeuVector 5.x](https://open-docs.neuvector.com/) is an open-source container-centric security platform that is integrated with Rancher. NeuVector offers real-time compliance, visibility, and protection for critical applications and data during runtime. NeuVector provides a firewall, container process/file system monitoring, security auditing with CIS benchmarks, and vulnerability scanning. For more information on Rancher security, please see the [security documentation](../pages-for-subheaders/rancher-security.md). +[NeuVector 5.x](https://open-docs.neuvector.com/) is an open-source container-centric security platform that is integrated with Rancher. NeuVector offers real-time compliance, visibility, and protection for critical applications and data during runtime. NeuVector provides a firewall, container process/file system monitoring, security auditing with CIS benchmarks, and vulnerability scanning. For more information on Rancher security, please see the [security documentation](../reference-guides/rancher-security/rancher-security.md). NeuVector can be enabled through a Helm chart that may be installed either through **Apps** or through the **Cluster Tools** button in the Rancher UI. Once the Helm chart is installed, users can easily [deploy and manage NeuVector clusters within Rancher](https://open-docs.neuvector.com/deploying/rancher#deploy-and-manage-neuvector-through-rancher-apps-marketplace). diff --git a/versioned_docs/version-2.7/pages-for-subheaders/about-provisioning-drivers.md b/versioned_docs/version-2.7/pages-for-subheaders/about-provisioning-drivers.md deleted file mode 100644 index 30c1cbeff74..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/about-provisioning-drivers.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: About Provisioning Drivers ---- - - - - - -Drivers in Rancher allow you to manage which providers can be used to deploy [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. - -### Rancher Drivers - -With Rancher drivers, you can enable/disable existing built-in drivers that are packaged in Rancher. Alternatively, you can add your own driver if Rancher has not yet implemented it. - -There are two types of drivers within Rancher: - -* [Cluster Drivers](#cluster-drivers) -* [Node Drivers](#node-drivers) - -### Cluster Drivers - -Cluster drivers are used to provision [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md), such as GKE, EKS, AKS, etc.. The availability of which cluster driver to display when creating a cluster is defined based on the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters for hosted Kubernetes clusters. By default, Rancher is packaged with several existing cluster drivers, but you can also create custom cluster drivers to add to Rancher. - -By default, Rancher has activated several hosted Kubernetes cloud providers including: - -* [Amazon EKS](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) -* [Google GKE](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) -* [Azure AKS](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) - -There are several other hosted Kubernetes cloud providers that are disabled by default, but are packaged in Rancher: - -* [Alibaba ACK](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) -* [Huawei CCE](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) -* [Tencent](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) - -### Node Drivers - -Node drivers are used to provision hosts, which Rancher uses to launch and manage Kubernetes clusters. A node driver is the same as a [Docker Machine driver](https://docs.docker.com/machine/drivers/). The availability of which node driver to display when creating node templates is defined based on the node driver's status. Only `active` node drivers will be displayed as an option for creating node templates. By default, Rancher is packaged with many existing Docker Machine drivers, but you can also create custom node drivers to add to Rancher. - -If there are specific node drivers that you don't want to show to your users, you would need to de-activate these node drivers. - -Rancher supports several major cloud providers, but by default, these node drivers are active and available for deployment: - -* [Amazon EC2](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) -* [Azure](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md) -* [Digital Ocean](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md) -* [vSphere](vsphere.md) - -There are several other node drivers that are disabled by default, but are packaged in Rancher: - -* [Harvester](../integrations-in-rancher/harvester.md#harvester-node-driver/), available in Rancher v2.6.1 diff --git a/versioned_docs/version-2.7/pages-for-subheaders/backup-restore-configuration.md b/versioned_docs/version-2.7/pages-for-subheaders/backup-restore-configuration.md deleted file mode 100644 index 104584f741d..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/backup-restore-configuration.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Rancher Backup Configuration Reference ---- - - - - - -- [Backup configuration](../reference-guides/backup-restore-configuration/backup-configuration.md) -- [Restore configuration](../reference-guides/backup-restore-configuration/restore-configuration.md) -- [Storage location configuration](../reference-guides/backup-restore-configuration/storage-configuration.md) -- [Example Backup and Restore Custom Resources](../reference-guides/backup-restore-configuration/examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/cis-scan-guides.md b/versioned_docs/version-2.7/pages-for-subheaders/cis-scan-guides.md deleted file mode 100644 index e76d47504e6..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/cis-scan-guides.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: CIS Scan Guides ---- - - - - - -- [Install rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark.md) -- [Uninstall rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/uninstall-rancher-cis-benchmark.md) -- [Run a Scan](../how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan.md) -- [Run a Scan Periodically on a Schedule](../how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan-periodically-on-a-schedule.md) -- [Skip Tests](../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md) -- [View Reports](../how-to-guides/advanced-user-guides/cis-scan-guides/view-reports.md) -- [Enable Alerting for rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/enable-alerting-for-rancher-cis-benchmark.md) -- [Configure Alerts for Periodic Scan on a Schedule](../how-to-guides/advanced-user-guides/cis-scan-guides/configure-alerts-for-periodic-scan-on-a-schedule.md) -- [Create a Custom Benchmark Version to Run](../how-to-guides/advanced-user-guides/cis-scan-guides/create-a-custom-benchmark-version-to-run.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/deploy-rancher-manager.md b/versioned_docs/version-2.7/pages-for-subheaders/deploy-rancher-manager.md deleted file mode 100644 index 74e282f0832..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/deploy-rancher-manager.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Deploying Rancher Server ---- - - - - - -Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice. - -- [AWS](../getting-started/quick-start-guides/deploy-rancher-manager/aws.md) (uses Terraform) -- [AWS Marketplace](../getting-started/quick-start-guides/deploy-rancher-manager/aws-marketplace.md) (uses Amazon EKS) -- [Azure](../getting-started/quick-start-guides/deploy-rancher-manager/azure.md) (uses Terraform) -- [DigitalOcean](../getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md) (uses Terraform) -- [GCP](../getting-started/quick-start-guides/deploy-rancher-manager/gcp.md) (uses Terraform) -- [Hetzner Cloud](../getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md) (uses Terraform) -- [Vagrant](../getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md) -- [Equinix Metal](../getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md) -- [Outscale](../getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md) (uses Terraform) - -If you prefer, the following guide will take you through the same process in individual steps. Use this if you want to run Rancher in a different provider, on prem, or if you would just like to see how easy it is. - -- [Manual Install](../getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/downstream-cluster-configuration.md b/versioned_docs/version-2.7/pages-for-subheaders/downstream-cluster-configuration.md deleted file mode 100644 index b9fbad0b966..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/downstream-cluster-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Downstream Cluster Configuration ---- - - - - - -The following docs will discuss [node template configuration](./node-template-configuration.md) and [machine configuration](./machine-configuration.md). \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/installation-references.md b/versioned_docs/version-2.7/pages-for-subheaders/installation-references.md deleted file mode 100644 index 6108728b04f..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/installation-references.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Installation References ---- - - - - - -Please see the following reference guides for other installation resources: [Rancher Helm chart options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md), [TLS settings](../getting-started/installation-and-upgrade/installation-references/tls-settings.md), and [feature flags](../getting-started/installation-and-upgrade/installation-references/feature-flags.md). \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/istio-setup-guide.md b/versioned_docs/version-2.7/pages-for-subheaders/istio-setup-guide.md deleted file mode 100644 index 24475f7ffea..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/istio-setup-guide.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Setup Guide ---- - - - - - -This section describes how to enable Istio and start using it in your projects. - -If you use Istio for traffic management, you will need to allow external traffic to the cluster. In that case, you will need to follow all of the steps below. - -## Prerequisites - -This guide assumes you have already [installed Rancher,](installation-and-upgrade.md) and you have already [provisioned a separate Kubernetes cluster](kubernetes-clusters-in-rancher-setup.md) on which you will install Istio. - -The nodes in your cluster must meet the [CPU and memory requirements.](../integrations-in-rancher/istio/cpu-and-memory-allocations.md) - -The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) - -## Install - -:::tip Quick Setup Tip: - -If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md) and [setting up Istio's components for traffic management.](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md) - -::: - -1. [Enable Istio in the cluster.](../how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md) -1. [Enable Istio in all the namespaces where you want to use it.](../how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md) -1. [Add deployments and services that have the Istio sidecar injected.](../how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md) -1. [Set up the Istio gateway. ](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md) -1. [Set up Istio's components for traffic management.](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md) -1. [Generate traffic and see Istio in action.](../how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/kubernetes-components.md b/versioned_docs/version-2.7/pages-for-subheaders/kubernetes-components.md deleted file mode 100644 index f048b5ba19b..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/kubernetes-components.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Kubernetes Components ---- - - - - - -The commands and steps listed in this section apply to the core Kubernetes components on [Rancher Launched Kubernetes](../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. - -This section includes troubleshooting tips in the following categories: - -- [Troubleshooting etcd Nodes](../troubleshooting/kubernetes-components/troubleshooting-etcd-nodes.md) -- [Troubleshooting Controlplane Nodes](../troubleshooting/kubernetes-components/troubleshooting-controlplane-nodes.md) -- [Troubleshooting nginx-proxy Nodes](../troubleshooting/kubernetes-components/troubleshooting-nginx-proxy.md) -- [Troubleshooting Worker Nodes and Generic Components](../troubleshooting/kubernetes-components/troubleshooting-worker-nodes-and-generic-components.md) - -## Kubernetes Component Diagram - -![Cluster diagram](/img/clusterdiagram.svg)
    -Lines show the traffic flow between components. Colors are used purely for visual aid \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/machine-configuration.md b/versioned_docs/version-2.7/pages-for-subheaders/machine-configuration.md deleted file mode 100644 index e1b9bb72f0a..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/machine-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Machine Configuration ---- - - - - - -Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2.md), [DigitalOcean](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean.md), and [Azure](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure.md) to learn more. \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/monitoring-alerting-guides.md b/versioned_docs/version-2.7/pages-for-subheaders/monitoring-alerting-guides.md deleted file mode 100644 index 7f8eef25877..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/monitoring-alerting-guides.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: Monitoring/Alerting Guides ---- - - - - - -- [Enable monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) -- [Uninstall monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) -- [Monitoring workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) -- [Customizing Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) -- [Persistent Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) -- [Debugging high memory usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/monitoring-v2-configuration.md b/versioned_docs/version-2.7/pages-for-subheaders/monitoring-v2-configuration.md deleted file mode 100644 index 79f97d9513d..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/monitoring-v2-configuration.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Monitoring V2 Configuration ---- - - - - - -The following sections will explain important options essential to configuring Monitoring V2 in Rancher: - -- [Receiver Configuration](../reference-guides/monitoring-v2-configuration/receivers.md) -- [Route Configuration](../reference-guides/monitoring-v2-configuration/routes.md) -- [ServiceMonitor and PodMonitor Configuration](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) -- [Helm Chart Options](../reference-guides/monitoring-v2-configuration/helm-chart-options.md) -- [Examples](../reference-guides/monitoring-v2-configuration/examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/node-template-configuration.md b/versioned_docs/version-2.7/pages-for-subheaders/node-template-configuration.md deleted file mode 100644 index e6c22d5e852..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/node-template-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Node Template Configuration ---- - - - - - -To learn about node template config, refer to [EC2 Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md), [DigitalOcean Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/digitalocean.md), [Azure Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/azure.md), [vSphere Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/vsphere.md), and [Nutanix Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/nutanix.md). diff --git a/versioned_docs/version-2.7/pages-for-subheaders/prometheus-federator-guides.md b/versioned_docs/version-2.7/pages-for-subheaders/prometheus-federator-guides.md deleted file mode 100644 index 2d1c0ae8224..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/prometheus-federator-guides.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Prometheus Federator Guides ---- - - - - - -- [Enable Prometheus Operator](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md) -- [Uninstall Prometheus Operator](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/uninstall-prometheus-federator.md) -- [Customize Grafana Dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/customize-grafana-dashboards.md) -- [Set Up Workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/set-up-workloads.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rancher-managed-clusters.md b/versioned_docs/version-2.7/pages-for-subheaders/rancher-managed-clusters.md deleted file mode 100644 index 2cdb03fd909..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/rancher-managed-clusters.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Best Practices for Rancher Managed Clusters ---- - - - - - -### Logging - -Refer to [this guide](../reference-guides/best-practices/rancher-managed-clusters/logging-best-practices.md) for our recommendations for cluster-level logging and application logging. - -### Monitoring - -Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. Refer to this [guide](../reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md) for our recommendations. - -### Tips for Setting Up Containers - -Running well-built containers can greatly impact the overall performance and security of your environment. Refer to this [guide](../reference-guides/best-practices/rancher-managed-clusters/tips-to-set-up-containers.md) for tips. - -### Best Practices for Rancher Managed vSphere Clusters - -This [guide](../reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters-in-vsphere.md) outlines a reference architecture for provisioning downstream Rancher clusters in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rancher-server-configuration.md b/versioned_docs/version-2.7/pages-for-subheaders/rancher-server-configuration.md deleted file mode 100644 index 5e18f69e740..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/rancher-server-configuration.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Rancher Server Configuration ---- - - - - - -- [RKE1 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -- [RKE2 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) -- [K3s Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) -- [EKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/eks-cluster-configuration.md) -- [AKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md) -- [GKE Cluster Configuration](../pages-for-subheaders/gke-cluster-configuration.md) -- [Use Existing Nodes](../pages-for-subheaders/use-existing-nodes.md) -- [Sync Clusters](../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rancher-server.md b/versioned_docs/version-2.7/pages-for-subheaders/rancher-server.md deleted file mode 100644 index 45c3917cd58..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/rancher-server.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Best Practices for the Rancher Server ---- - - - - - -This guide contains our recommendations for running the Rancher server, and is intended to be used in situations in which Rancher manages downstream Kubernetes clusters. - -### Recommended Architecture and Infrastructure - -Refer to this [guide](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for our general advice for setting up the Rancher server on a high-availability Kubernetes cluster. - -### Deployment Strategies - -This [guide](../reference-guides/best-practices/rancher-server/rancher-deployment-strategy.md) is designed to help you choose whether a regional deployment strategy or a hub-and-spoke deployment strategy is better for a Rancher server that manages downstream Kubernetes clusters. - -### Installing Rancher in a vSphere Environment - -This [guide](../reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md) outlines a reference architecture for installing Rancher in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/resources.md b/versioned_docs/version-2.7/pages-for-subheaders/resources.md deleted file mode 100644 index 52e61353441..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/resources.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Resources ---- - - - - - -### Docker Installations - -The [single-node Docker installation](rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. - -Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. - -### Air-Gapped Installations - -Follow [these steps](air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. - -An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. - -### Advanced Options - -When installing Rancher, there are several advanced options that can be enabled during installation. Within each install guide, these options are presented. Learn more about these options: - -- [Custom CA Certificate](../getting-started/installation-and-upgrade/resources/custom-ca-root-certificates.md) -- [API Audit Log](../how-to-guides/advanced-user-guides/enable-api-audit-log.md) -- [TLS Settings](../getting-started/installation-and-upgrade/installation-references/tls-settings.md) -- [etcd configuration](../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md) -- [Local System Charts for Air Gap Installations](../getting-started/installation-and-upgrade/resources/local-system-charts.md) | v2.3.0 | diff --git a/versioned_docs/version-2.7/pages-for-subheaders/single-node-rancher-in-docker.md b/versioned_docs/version-2.7/pages-for-subheaders/single-node-rancher-in-docker.md deleted file mode 100644 index 91072d2b3b4..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/single-node-rancher-in-docker.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Single Node Rancher in Docker ---- - - - - - -The following docs will discuss [HTTP proxy configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) and [advanced options](../reference-guides/single-node-rancher-in-docker/advanced-options.md) for Docker installs. \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/user-settings.md b/versioned_docs/version-2.7/pages-for-subheaders/user-settings.md deleted file mode 100644 index a9ed1c72d92..00000000000 --- a/versioned_docs/version-2.7/pages-for-subheaders/user-settings.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: User Settings ---- - - - - - -Within Rancher, each user has a number of settings associated with their login: personal preferences, API keys, etc. You can configure these settings by choosing from the **User Settings** menu. You can open this menu by clicking your avatar, located within the main menu. - -![User Settings Menu](/img/user-settings.png) - -The available user settings are: - -- [API & Keys](../reference-guides/user-settings/api-keys.md): If you want to interact with Rancher programmatically, you need an API key. Follow the directions in this section to obtain a key. -- [Cloud Credentials](../reference-guides/user-settings/manage-cloud-credentials.md): Manage cloud credentials [used by node templates](use-new-nodes-in-an-infra-provider.md#node-templates) to [provision nodes for clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md). -- [Node Templates](../reference-guides/user-settings/manage-node-templates.md): Manage templates [used by Rancher to provision nodes for clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md). -- [Preferences](../reference-guides/user-settings/user-preferences.md): Sets superficial preferences for the Rancher UI. -- Log Out: Ends your user session. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/about-the-api.md b/versioned_docs/version-2.7/reference-guides/about-the-api/about-the-api.md similarity index 92% rename from versioned_docs/version-2.7/pages-for-subheaders/about-the-api.md rename to versioned_docs/version-2.7/reference-guides/about-the-api/about-the-api.md index 8ae08ab09f0..c8364cdc7d8 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/about-the-api.md +++ b/versioned_docs/version-2.7/reference-guides/about-the-api/about-the-api.md @@ -27,9 +27,9 @@ Go to the URL endpoint at `https:///v3`, where `` is ## Authentication -API requests must include authentication information. Authentication is done with HTTP basic authentication using [API Keys](../reference-guides/user-settings/api-keys.md). API keys can create new clusters and have access to multiple clusters via `/v3/clusters/`. [Cluster and project roles](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) apply to these keys and restrict what clusters and projects the account can see and what actions they can take. +API requests must include authentication information. Authentication is done with HTTP basic authentication using [API Keys](../user-settings/api-keys.md). API keys can create new clusters and have access to multiple clusters via `/v3/clusters/`. [Cluster and project roles](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) apply to these keys and restrict what clusters and projects the account can see and what actions they can take. -By default, some cluster-level API tokens are generated with infinite time-to-live (`ttl=0`). In other words, API tokens with `ttl=0` never expire unless you invalidate them. For details on how to invalidate them, refer to the [API tokens page](../reference-guides/about-the-api/api-tokens.md). +By default, some cluster-level API tokens are generated with infinite time-to-live (`ttl=0`). In other words, API tokens with `ttl=0` never expire unless you invalidate them. For details on how to invalidate them, refer to the [API tokens page](api-tokens.md). ## Making requests diff --git a/versioned_docs/version-2.7/reference-guides/about-the-api/api-tokens.md b/versioned_docs/version-2.7/reference-guides/about-the-api/api-tokens.md index 5fe8a0eb5a4..c6f738d1836 100644 --- a/versioned_docs/version-2.7/reference-guides/about-the-api/api-tokens.md +++ b/versioned_docs/version-2.7/reference-guides/about-the-api/api-tokens.md @@ -52,7 +52,7 @@ This setting is used by all kubeconfig tokens except those created by the CLI to Users can enable token hashing, where tokens will undergo a one-way hash using the SHA256 algorithm. This is a non-reversible process, once enabled, this feature cannot be disabled. It is advisable to take backups prior to enabling and/or evaluating in a test environment first. -To enable token hashing, refer to [this section](../../pages-for-subheaders/enable-experimental-features.md). +To enable token hashing, refer to [this section](../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md). This feature will affect all tokens which include, but are not limited to, the following: diff --git a/versioned_docs/version-2.7/reference-guides/backup-restore-configuration/backup-restore-configuration.md b/versioned_docs/version-2.7/reference-guides/backup-restore-configuration/backup-restore-configuration.md new file mode 100644 index 00000000000..1f74b2fad9b --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/backup-restore-configuration/backup-restore-configuration.md @@ -0,0 +1,12 @@ +--- +title: Rancher Backup Configuration Reference +--- + + + + + +- [Backup configuration](backup-configuration.md) +- [Restore configuration](restore-configuration.md) +- [Storage location configuration](storage-configuration.md) +- [Example Backup and Restore Custom Resources](examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/best-practices.md b/versioned_docs/version-2.7/reference-guides/best-practices/best-practices.md similarity index 95% rename from versioned_docs/version-2.7/pages-for-subheaders/best-practices.md rename to versioned_docs/version-2.7/reference-guides/best-practices/best-practices.md index 7009f6cce70..546ae01be94 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/best-practices.md +++ b/versioned_docs/version-2.7/reference-guides/best-practices/best-practices.md @@ -14,7 +14,7 @@ Use the navigation bar on the left to find the current best practices for managi For more guidance on best practices, you can consult these resources: -- [Security](rancher-security.md) +- [Security](../rancher-security/rancher-security.md) - [Rancher Blog](https://www.suse.com/c/rancherblog/) - [Rancher Forum](https://forums.rancher.com/) - [Rancher Users Slack](https://slack.rancher.io/) diff --git a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md index 3fd02858c9a..a4db6a3e650 100644 --- a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md +++ b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md @@ -8,7 +8,7 @@ title: Monitoring Best Practices Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. This is not different when using Kubernetes and Rancher. Fortunately the integrated monitoring and alerting functionality makes this whole process a lot easier. -The [Rancher monitoring documentation](../../../pages-for-subheaders/monitoring-and-alerting.md) describes how you can set up a complete Prometheus and Grafana stack. Out of the box this will scrape monitoring data from all system and Kubernetes components in your cluster and provide sensible dashboards and alerts for them to get started. But for a reliable setup, you also need to monitor your own workloads and adapt Prometheus and Grafana to your own specific use cases and cluster sizes. This document aims to give you best practices for this. +The [Rancher monitoring documentation](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) describes how you can set up a complete Prometheus and Grafana stack. Out of the box this will scrape monitoring data from all system and Kubernetes components in your cluster and provide sensible dashboards and alerts for them to get started. But for a reliable setup, you also need to monitor your own workloads and adapt Prometheus and Grafana to your own specific use cases and cluster sizes. This document aims to give you best practices for this. ## What to Monitor @@ -90,7 +90,7 @@ Sometimes it is useful to monitor workloads from the outside. For this, you can If you have a (micro)service architecture where multiple individual workloads within your cluster are communicating with each other, it is really important to have detailed metrics and traces about this traffic to understand how all these workloads are communicating with each other and where a problem or bottleneck may be. -Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click](../../../pages-for-subheaders/istio.md) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. +Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click](../../../integrations-in-rancher/istio/istio.md) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. ## Real User Monitoring @@ -98,7 +98,7 @@ Monitoring the availability and performance of all your internal workloads is vi ## Security Monitoring -In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans](../../../pages-for-subheaders/cis-scan-guides.md) which check if the cluster is configured according to security best practices. +In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) which check if the cluster is configured according to security best practices. For the workloads, you can have a look at Kubernetes and Container security solutions like [NeuVector](https://www.suse.com/products/neuvector/), [Falco](https://falco.org/), [Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/), [SysDig](https://sysdig.com/). @@ -112,4 +112,4 @@ When setting up alerts, configure them for all the workloads that are critical t If an alert starts firing, but there is nothing you can do about it at the moment, it's also fine to silence the alert for a certain amount of time, so that you can look at it later. -You can find more information on how to set up alerts and notification channels in the [Rancher Documentation](../../../pages-for-subheaders/monitoring-and-alerting.md). +You can find more information on how to set up alerts and notification channels in the [Rancher Documentation](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md). diff --git a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md new file mode 100644 index 00000000000..72c44ac9a78 --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md @@ -0,0 +1,23 @@ +--- +title: Best Practices for Rancher Managed Clusters +--- + + + + + +### Logging + +Refer to [this guide](logging-best-practices.md) for our recommendations for cluster-level logging and application logging. + +### Monitoring + +Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. Refer to this [guide](monitoring-best-practices.md) for our recommendations. + +### Tips for Setting Up Containers + +Running well-built containers can greatly impact the overall performance and security of your environment. Refer to this [guide](tips-to-set-up-containers.md) for tips. + +### Best Practices for Rancher Managed vSphere Clusters + +This [guide](rancher-managed-clusters-in-vsphere.md) outlines a reference architecture for provisioning downstream Rancher clusters in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. diff --git a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md index 74243559753..6d35b2dc2d8 100644 --- a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md +++ b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md @@ -43,7 +43,7 @@ Configure appropriate Firewall / ACL rules to only expose access to Rancher ### Size the VM's According to Rancher Documentation -See [Installation Requirements](../../../pages-for-subheaders/installation-requirements.md). +See [Installation Requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md). ### Leverage VM Templates to Construct the Environment diff --git a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/rancher-server.md b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/rancher-server.md new file mode 100644 index 00000000000..a79561ced2c --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/rancher-server.md @@ -0,0 +1,21 @@ +--- +title: Best Practices for the Rancher Server +--- + + + + + +This guide contains our recommendations for running the Rancher server, and is intended to be used in situations in which Rancher manages downstream Kubernetes clusters. + +### Recommended Architecture and Infrastructure + +Refer to this [guide](tips-for-running-rancher.md) for our general advice for setting up the Rancher server on a high-availability Kubernetes cluster. + +### Deployment Strategies + +This [guide](rancher-deployment-strategy.md) is designed to help you choose whether a regional deployment strategy or a hub-and-spoke deployment strategy is better for a Rancher server that manages downstream Kubernetes clusters. + +### Installing Rancher in a vSphere Environment + +This [guide](on-premises-rancher-in-vsphere.md) outlines a reference architecture for installing Rancher in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. \ No newline at end of file diff --git a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md index 1ed05696fa2..8c71b562ae0 100644 --- a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md +++ b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md @@ -30,11 +30,11 @@ For best performance, run all three of your nodes in the same geographic datacen It's strongly recommended to have a "staging" or "pre-production" environment of the Kubernetes cluster that Rancher runs on. This environment should mirror your production environment as closely as possible in terms of software and hardware configuration. ### Monitor Your Clusters to Plan Capacity -The Rancher server's Kubernetes cluster should run within the [system and hardware requirements](../../../pages-for-subheaders/installation-requirements.md) as closely as possible. The more you deviate from the system and hardware requirements, the more risk you take. +The Rancher server's Kubernetes cluster should run within the [system and hardware requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) as closely as possible. The more you deviate from the system and hardware requirements, the more risk you take. However, metrics-driven capacity planning analysis should be the ultimate guidance for scaling Rancher, because the published requirements take into account a variety of workload types. Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with Prometheus, a leading open-source monitoring solution, and Grafana, which lets you visualize the metrics from Prometheus. -After you [enable monitoring](../../../pages-for-subheaders/monitoring-and-alerting.md) in the cluster, you can set up alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. +After you [enable monitoring](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) in the cluster, you can set up alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. diff --git a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md index 16707e39feb..896a4978b12 100644 --- a/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md +++ b/versioned_docs/version-2.7/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md @@ -29,7 +29,7 @@ This is typical in Rancher, as many operations create new `RoleBinding` objects You can reduce the number of `RoleBindings` in the upstream cluster in the following ways: * Limit the use of the [Restricted Admin](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) role. Apply other roles wherever possible. -* If you use [external authentication](../../../pages-for-subheaders/authentication-config.md), use groups to assign roles. +* If you use [external authentication](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md), use groups to assign roles. * Only add users to clusters and projects when necessary. * Remove clusters and projects when they are no longer needed. * Only use custom roles if necessary. @@ -93,7 +93,7 @@ You should keep the local Kubernetes cluster up to date. This will ensure that y Etcd is the backend database for Kubernetes and for Rancher. It plays a very important role in Rancher performance. -The two main bottlenecks to [etcd performance](https://etcd.io/docs/v3.4/op-guide/performance/) are disk and network speed. Etcd should run on dedicated nodes with a fast network setup and with SSDs that have high input/output operations per second (IOPS). For more information regarding etcd performance, see [Slow etcd performance (performance testing and optimization)](https://www.suse.com/support/kb/doc/?id=000020100) and [Tuning etcd for Large Installations](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md). Information on disks can also be found in the [Installation Requirements](../../../pages-for-subheaders/installation-requirements.md#disks). +The two main bottlenecks to [etcd performance](https://etcd.io/docs/v3.4/op-guide/performance/) are disk and network speed. Etcd should run on dedicated nodes with a fast network setup and with SSDs that have high input/output operations per second (IOPS). For more information regarding etcd performance, see [Slow etcd performance (performance testing and optimization)](https://www.suse.com/support/kb/doc/?id=000020100) and [Tuning etcd for Large Installations](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md). Information on disks can also be found in the [Installation Requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#disks). It's best to run etcd on exactly three nodes, as adding more nodes will reduce operation speed. This may be counter-intuitive to common scaling approaches, but it's due to etcd's [replication mechanisms](https://etcd.io/docs/v3.5/faq/#what-is-maximum-cluster-size). diff --git a/versioned_docs/version-2.7/pages-for-subheaders/cli-with-rancher.md b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/cli-with-rancher.md similarity index 67% rename from versioned_docs/version-2.7/pages-for-subheaders/cli-with-rancher.md rename to versioned_docs/version-2.7/reference-guides/cli-with-rancher/cli-with-rancher.md index 547d4c50308..a0e50c51b71 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/cli-with-rancher.md +++ b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/cli-with-rancher.md @@ -6,4 +6,4 @@ title: CLI with Rancher -Interact with Rancher using command line interface (CLI) tools from your workstation. The following docs will describe the [Rancher CLI](../reference-guides/cli-with-rancher/rancher-cli.md) and [kubectl Utility](../reference-guides/cli-with-rancher/kubectl-utility.md). \ No newline at end of file +Interact with Rancher using command line interface (CLI) tools from your workstation. The following docs will describe the [Rancher CLI](rancher-cli.md) and [kubectl Utility](kubectl-utility.md). \ No newline at end of file diff --git a/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md index 0c9a27c1694..03860d29c94 100644 --- a/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md @@ -65,16 +65,16 @@ The following commands are available for use in Rancher CLI. | Command | Result | |---|---| | `apps, [app]` | Performs operations on catalog applications (i.e., individual [Helm charts](https://docs.helm.sh/developing_charts/)) or Rancher charts. | -| `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | -| `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | +| `catalog` | Performs operations on [catalogs](../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md). | +| `clusters, [cluster]` | Performs operations on your [clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | -| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | +| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md)). Specify resources by name or ID. | | `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | | `namespaces, [namespace]` |Performs operations on namespaces. | | `nodes, [node]` |Performs operations on nodes. | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | -| `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | +| `ps` | Displays [workloads](../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) in a project. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | | `help, [h]` | Shows a list of commands or help for one command. | @@ -88,4 +88,4 @@ All commands accept the `--help` flag, which documents each command's usage. ### Limitations -The Rancher CLI **cannot** be used to install [dashboard apps or Rancher feature charts](../../pages-for-subheaders/helm-charts-in-rancher.md). +The Rancher CLI **cannot** be used to install [dashboard apps or Rancher feature charts](../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md). diff --git a/versioned_docs/version-2.7/pages-for-subheaders/cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/cluster-configuration.md similarity index 50% rename from versioned_docs/version-2.7/pages-for-subheaders/cluster-configuration.md rename to versioned_docs/version-2.7/reference-guides/cluster-configuration/cluster-configuration.md index 60e02a8cd40..04264ce4b2d 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/cluster-configuration.md @@ -8,18 +8,18 @@ title: Cluster Configuration After you provision a Kubernetes cluster using Rancher, you can still edit options and settings for the cluster. -For information on editing cluster membership, go to [this page.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) +For information on editing cluster membership, go to [this page.](../../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) ### Cluster Configuration References The cluster configuration options depend on the type of Kubernetes cluster: -- [RKE Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -- [RKE2 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) -- [K3s Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) -- [EKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/eks-cluster-configuration.md) -- [GKE Cluster Configuration](gke-cluster-configuration.md) -- [AKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md) +- [RKE Cluster Configuration](rancher-server-configuration/rke1-cluster-configuration.md) +- [RKE2 Cluster Configuration](rancher-server-configuration/rke2-cluster-configuration.md) +- [K3s Cluster Configuration](rancher-server-configuration/k3s-cluster-configuration.md) +- [EKS Cluster Configuration](rancher-server-configuration/eks-cluster-configuration.md) +- [GKE Cluster Configuration](rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) +- [AKS Cluster Configuration](rancher-server-configuration/aks-cluster-configuration.md) ### Cluster Management Capabilities by Cluster Type diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md new file mode 100644 index 00000000000..897728cd346 --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md @@ -0,0 +1,9 @@ +--- +title: Downstream Cluster Configuration +--- + + + + + +The following docs will discuss [node template configuration](node-template-configuration/node-template-configuration.md) and [machine configuration](machine-configuration/machine-configuration.md). \ No newline at end of file diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md new file mode 100644 index 00000000000..b28ccd669dd --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md @@ -0,0 +1,9 @@ +--- +title: Machine Configuration +--- + + + + + +Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](amazon-ec2.md), [DigitalOcean](digitalocean.md), and [Azure](azure.md) to learn more. \ No newline at end of file diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md index bd79dabbed5..e4b77c5174c 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md @@ -25,7 +25,7 @@ See [Amazon Documentation: Adding Permissions to a User (Console)](https://docs. See our three example JSON policies: - [Example IAM Policy](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy) -- [Example IAM Policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) +- [Example IAM Policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) - [Example IAM Policy to allow encrypted EBS volumes](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-to-allow-encrypted-ebs-volumes) policy to an user. ### Authenticate & Configure Nodes @@ -44,7 +44,7 @@ If you provide your own security group for an EC2 instance, please note that Ran Configure the instances that will be created. Make sure you configure the correct **SSH User** for the configured AMI. It is possible that a selected region does not support the default instance type. In this scenario you must select an instance type that does exist, otherwise an error will occur stating the requested configuration is not supported. -If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md), you will need an additional permission in your policy. See [Example IAM policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) for an example policy. +If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md), you will need an additional permission in your policy. See [Example IAM policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) for an example policy. ### Engine Options diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md new file mode 100644 index 00000000000..bbe4d6127c3 --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md @@ -0,0 +1,9 @@ +--- +title: Node Template Configuration +--- + + + + + +To learn about node template config, refer to [EC2 Node Template Configuration](amazon-ec2.md), [DigitalOcean Node Template Configuration](digitalocean.md), [Azure Node Template Configuration](azure.md), [vSphere Node Template Configuration](vsphere.md), and [Nutanix Node Template Configuration](nutanix.md). diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md index 67cd280e470..dc3974e551f 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md @@ -17,7 +17,7 @@ title: AKS Cluster Configuration Reference When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. -Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../pages-for-subheaders/manage-role-based-access-control-rbac.md) +Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) ## Cloud Credentials diff --git a/versioned_docs/version-2.7/pages-for-subheaders/gke-cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md similarity index 97% rename from versioned_docs/version-2.7/pages-for-subheaders/gke-cluster-configuration.md rename to versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md index de9a1638a9c..8b63d9b8490 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/gke-cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md @@ -107,7 +107,7 @@ _Mutable: no_ :::caution -Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md). +Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](gke-private-clusters.md). ::: @@ -117,7 +117,7 @@ Assign nodes only internal IP addresses. Private cluster nodes cannot access the :::caution -Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md). +Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](gke-private-clusters.md). ::: @@ -204,7 +204,7 @@ The node operating system image. For more information for the node image options :::note -The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](/versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](logging.md) is compatible with the Container-Optimized OS image. +The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](/versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](../../../../integrations-in-rancher/logging/logging.md) is compatible with the Container-Optimized OS image. ::: diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md index 120be47a641..553ab6396cf 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md @@ -30,7 +30,7 @@ This scenario is not officially supported, but is described for cases in which u ::: -If restricting both incoming and outgoing traffic to nodes is a requirement, follow the air-gapped installation instructions to set up a private container image [registry](../../../../pages-for-subheaders/air-gapped-helm-cli-install.md) on the VPC where the cluster is going to be, allowing the cluster nodes to access and download the images they need to run the cluster agent. If the control plane endpoint is also private, Rancher will need [direct access](#direct-access) to it. +If restricting both incoming and outgoing traffic to nodes is a requirement, follow the air-gapped installation instructions to set up a private container image [registry](../../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) on the VPC where the cluster is going to be, allowing the cluster nodes to access and download the images they need to run the cluster agent. If the control plane endpoint is also private, Rancher will need [direct access](#direct-access) to it. ### Private Control Plane Endpoint diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md new file mode 100644 index 00000000000..e4da90d371a --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md @@ -0,0 +1,16 @@ +--- +title: Rancher Server Configuration +--- + + + + + +- [RKE1 Cluster Configuration](rke1-cluster-configuration.md) +- [RKE2 Cluster Configuration](rke2-cluster-configuration.md) +- [K3s Cluster Configuration](k3s-cluster-configuration.md) +- [EKS Cluster Configuration](eks-cluster-configuration.md) +- [AKS Cluster Configuration](aks-cluster-configuration.md) +- [GKE Cluster Configuration](gke-cluster-configuration/gke-cluster-configuration.md) +- [Use Existing Nodes](use-existing-nodes/use-existing-nodes.md) +- [Sync Clusters](sync-clusters.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md index 6d260b3dd68..d97170934a7 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md @@ -6,7 +6,7 @@ title: RKE Cluster Configuration Reference -When Rancher installs Kubernetes, it uses [RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) or [RKE2](https://docs.rke2.io/) as the Kubernetes distribution. +When Rancher installs Kubernetes, it uses [RKE](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) or [RKE2](https://docs.rke2.io/) as the Kubernetes distribution. This section covers the configuration options that are available in Rancher for a new or existing RKE Kubernetes cluster. @@ -20,7 +20,7 @@ You can configure the Kubernetes options one of two ways: The RKE cluster config options are nested under the `rancher_kubernetes_engine_config` directive. For more information, see the section about the [cluster config file.](#rke-cluster-config-file-reference) -In [clusters launched by RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md), you can edit any of the remaining options that follow. +In [clusters launched by RKE](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md), you can edit any of the remaining options that follow. For an example of RKE config file syntax, see the [RKE documentation](https://rancher.com/docs/rke/latest/en/example-yamls/). @@ -92,7 +92,7 @@ Project network isolation is available if you are using any RKE network plugin t ### Kubernetes Cloud Providers -You can configure a [Kubernetes cloud provider](../../../pages-for-subheaders/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. :::note @@ -135,7 +135,7 @@ We recommend using a load balancer with the authorized cluster endpoint. For det ### Node Pools -For information on using the Rancher UI to set up node pools in an RKE cluster, refer to [this page.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +For information on using the Rancher UI to set up node pools in an RKE cluster, refer to [this page.](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### NGINX Ingress @@ -329,7 +329,7 @@ See [Docker Root Directory](#docker-root-directory). ### enable_cluster_monitoring -Option to enable or disable [Cluster Monitoring](../../../pages-for-subheaders/monitoring-and-alerting.md). +Option to enable or disable [Cluster Monitoring](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md). ### enable_network_policy diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index 34c63378cbe..5ab4deb37fe 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -121,7 +121,7 @@ When using `cilium` or `multus,cilium` as your container network interface provi ##### Cloud Provider -You can configure a [Kubernetes cloud provider](../../../pages-for-subheaders/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. :::note @@ -139,7 +139,7 @@ The default [pod security admission configuration template](../../../how-to-guid ##### Worker CIS Profile -Select a [CIS benchmark](../../../pages-for-subheaders/cis-scan-guides.md) to validate the system configuration against. +Select a [CIS benchmark](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) to validate the system configuration against. ##### Project Network Isolation diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md index 3c363d053cf..183cdb4f558 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md @@ -6,7 +6,7 @@ title: Rancher Agent Options -Rancher deploys an agent on each node to communicate with the node. This pages describes the options that can be passed to the agent. To use these options, you will need to [create a cluster with custom nodes](../../../../pages-for-subheaders/use-existing-nodes.md) and add the options to the generated `docker run` command when adding a node. +Rancher deploys an agent on each node to communicate with the node. This pages describes the options that can be passed to the agent. To use these options, you will need to [create a cluster with custom nodes](use-existing-nodes.md) and add the options to the generated `docker run` command when adding a node. For an overview of how Rancher communicates with downstream clusters using node agents, refer to the [architecture section.](../../../rancher-manager-architecture/communicating-with-downstream-user-clusters.md#3-node-agents) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/use-existing-nodes.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md similarity index 67% rename from versioned_docs/version-2.7/pages-for-subheaders/use-existing-nodes.md rename to versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index 56a5c7efab7..cca7752af30 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/use-existing-nodes.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -9,7 +9,7 @@ description: To create a cluster with custom nodes, you’ll need to access serv When you create a custom cluster, Rancher uses RKE (the Rancher Kubernetes Engine) to create a Kubernetes cluster in on-prem bare-metal servers, on-prem virtual machines, or in any node hosted by an infrastructure provider. -To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node. +To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node. This section describes how to set up a custom cluster. @@ -17,7 +17,7 @@ This section describes how to set up a custom cluster. :::note Want to use Windows hosts as Kubernetes workers? -See [Configuring Custom Clusters for Windows](use-windows-clusters.md) before you start. +See [Configuring Custom Clusters for Windows](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md) before you start. ::: @@ -29,9 +29,9 @@ Begin creation of a custom cluster by provisioning a Linux host. Your host can b - An on-prem VM - A bare-metal server -If you want to reuse a node from a previous custom cluster, [clean the node](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node](../../../../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. -Provision the host according to the [installation requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) and the [checklist for production-ready clusters.](checklist-for-production-ready-clusters.md) +Provision the host according to the [installation requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) and the [checklist for production-ready clusters.](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) If you're using Amazon EC2 as your host and want to use the [dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/) feature, there are additional [requirements](https://rancher.com/docs/rke//latest/en/config-options/dual-stack#requirements) when provisioning the host. @@ -45,7 +45,7 @@ If you're using Amazon EC2 as your host and want to use the [dual-stack](https:/ :::note Using Windows nodes as Kubernetes workers? - - See [Enable the Windows Support Option](use-windows-clusters.md). + - See [Enable the Windows Support Option](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md). - The only Network Provider available for clusters with Windows support is Flannel. ::: @@ -60,16 +60,16 @@ If you're using Amazon EC2 as your host and want to use the [dual-stack](https:/ 4. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -7. From **Node Role**, choose the roles that you want filled by a cluster node. You must provision at least one node for each role: `etcd`, `worker`, and `control plane`. All three roles are required for a custom cluster to finish provisioning. For more information on roles, see [this section.](../reference-guides/kubernetes-concepts.md#roles-for-nodes-in-kubernetes-clusters) +7. From **Node Role**, choose the roles that you want filled by a cluster node. You must provision at least one node for each role: `etcd`, `worker`, and `control plane`. All three roles are required for a custom cluster to finish provisioning. For more information on roles, see [this section.](../../../kubernetes-concepts.md#roles-for-nodes-in-kubernetes-clusters) :::note -- Using Windows nodes as Kubernetes workers? See [this section](use-windows-clusters.md). +- Using Windows nodes as Kubernetes workers? See [this section](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md). - Bare-Metal Server Reminder: If you plan on dedicating bare-metal servers to each role, you must provision a bare-metal server for each role (i.e. provision multiple bare-metal servers). ::: -8. **Optional**: Click **[Show advanced options](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. +8. **Optional**: Click **[Show advanced options](rancher-agent-options.md)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. 9. Copy the command displayed on screen to your clipboard. @@ -137,5 +137,5 @@ Key=kubernetes.io/cluster/CLUSTERID, Value=shared After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster: -- **Access your cluster with the kubectl CLI:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. -- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. +- **Access your cluster with the kubectl CLI:** Follow [these steps](../../../../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. +- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../../../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. diff --git a/versioned_docs/version-2.7/reference-guides/kubernetes-concepts.md b/versioned_docs/version-2.7/reference-guides/kubernetes-concepts.md index 707fb8e1c51..e1e880e8cd4 100644 --- a/versioned_docs/version-2.7/reference-guides/kubernetes-concepts.md +++ b/versioned_docs/version-2.7/reference-guides/kubernetes-concepts.md @@ -57,7 +57,7 @@ Each [worker node](https://kubernetes.io/docs/concepts/architecture/nodes/) runs - **Kubelets:** An agent that monitors the state of the node, ensuring your containers are healthy. - **Workloads:** The containers and pods that hold your apps, as well as other types of deployments. -Worker nodes also run storage and networking drivers, and ingress controllers when required. You create as many worker nodes as necessary to run your [workloads](../pages-for-subheaders/workloads-and-pods.md). +Worker nodes also run storage and networking drivers, and ingress controllers when required. You create as many worker nodes as necessary to run your [workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md). ## About Helm diff --git a/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md b/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md new file mode 100644 index 00000000000..62bade46a2a --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md @@ -0,0 +1,15 @@ +--- +title: Monitoring V2 Configuration +--- + + + + + +The following sections will explain important options essential to configuring Monitoring V2 in Rancher: + +- [Receiver Configuration](receivers.md) +- [Route Configuration](routes.md) +- [ServiceMonitor and PodMonitor Configuration](servicemonitors-and-podmonitors.md) +- [Helm Chart Options](helm-chart-options.md) +- [Examples](examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/prometheus-federator.md b/versioned_docs/version-2.7/reference-guides/prometheus-federator/prometheus-federator.md similarity index 97% rename from versioned_docs/version-2.7/pages-for-subheaders/prometheus-federator.md rename to versioned_docs/version-2.7/reference-guides/prometheus-federator/prometheus-federator.md index efef5f5abae..4b1e8a21143 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/prometheus-federator.md +++ b/versioned_docs/version-2.7/reference-guides/prometheus-federator/prometheus-federator.md @@ -24,7 +24,7 @@ Prometheus Federator is designed to be deployed alongside an existing Prometheus 1. On deploying this chart, users can create ProjectHelmCharts CRs with `spec.helmApiVersion` set to `monitoring.cattle.io/v1alpha1` (also known as "Project Monitors" in the Rancher UI) in a **Project Registration Namespace (`cattle-project-`)**. 2. On seeing each ProjectHelmChartCR, the operator will automatically deploy a Project Prometheus stack on the Project Owner's behalf in the **Project Release Namespace (`cattle-project--monitoring`)** based on a HelmChart CR and a HelmRelease CR automatically created by the ProjectHelmChart controller in the **Operator / System Namespace**. -3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). For more information, see the section on [configuring RBAC](../reference-guides/prometheus-federator/rbac.md). +3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). For more information, see the section on [configuring RBAC](rbac.md). ### What is a Project? @@ -43,7 +43,7 @@ As a Project Operator based on [rancher/helm-project-operator](https://github.co 1. **Operator / System Namespace**: The namespace that the operator is deployed into (e.g., `cattle-monitoring-system`). This namespace will contain all HelmCharts and HelmReleases for all ProjectHelmCharts watched by this operator. **Only Cluster Admins should have access to this namespace.** -2. **Project Registration Namespace (`cattle-project-`)**: The set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace. For details, refer to the [RBAC page](../reference-guides/prometheus-federator/rbac.md). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace.** +2. **Project Registration Namespace (`cattle-project-`)**: The set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace. For details, refer to the [RBAC page](rbac.md). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace.** :::note Notes: diff --git a/versioned_docs/version-2.7/reference-guides/prometheus-federator/rbac.md b/versioned_docs/version-2.7/reference-guides/prometheus-federator/rbac.md index 8b54ce9559f..276dd7d75f5 100644 --- a/versioned_docs/version-2.7/reference-guides/prometheus-federator/rbac.md +++ b/versioned_docs/version-2.7/reference-guides/prometheus-federator/rbac.md @@ -8,7 +8,7 @@ title: Role-Based Access Control This section describes the expectations for Role-Based Access Control (RBAC) for Prometheus Federator. -As described in the section on [namespaces](../../pages-for-subheaders/prometheus-federator.md#namespaces), Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: +As described in the section on [namespaces](prometheus-federator.md#namespaces), Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: - ClusterRoleBindings - RoleBindings in the Project Release Namespace diff --git a/versioned_docs/version-2.7/reference-guides/rancher-cluster-tools.md b/versioned_docs/version-2.7/reference-guides/rancher-cluster-tools.md index 63d8490bc41..ca037f533de 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-cluster-tools.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-cluster-tools.md @@ -21,7 +21,7 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For more information, refer to the logging documentation [here.](../pages-for-subheaders/logging.md) +For more information, refer to the logging documentation [here.](../integrations-in-rancher/logging/logging.md) ## Monitoring and Alerts Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. @@ -32,7 +32,7 @@ Notifiers are services that inform you of alert events. You can configure notifi Alerts are rules that trigger those notifications. Before you can receive alerts, you must configure one or more notifier in Rancher. The scope for alerts can be set at either the cluster or project level. -For more information, refer to the monitoring documentation [here.](../pages-for-subheaders/monitoring-and-alerting.md) +For more information, refer to the monitoring documentation [here.](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) ## Istio @@ -40,7 +40,7 @@ For more information, refer to the monitoring documentation [here.](../pages-for Rancher's integration with Istio was improved in Rancher v2.5. -For more information, refer to the Istio documentation [here.](../pages-for-subheaders/istio.md) +For more information, refer to the Istio documentation [here.](../integrations-in-rancher/istio/istio.md) ## OPA Gatekeeper [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper) is an open-source project that provides integration between OPA and Kubernetes to provide policy control via admission controller webhooks. For details on how to enable Gatekeeper in Rancher, refer to the [OPA Gatekeeper section.](../integrations-in-rancher/opa-gatekeeper.md) @@ -49,4 +49,4 @@ For more information, refer to the Istio documentation [here.](../pages-for-subh Rancher can run a security scan to check whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark. -For more information, refer to the CIS scan documentation [here.](../pages-for-subheaders/cis-scan-guides.md) \ No newline at end of file +For more information, refer to the CIS scan documentation [here.](../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) \ No newline at end of file diff --git a/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/architecture-recommendations.md b/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/architecture-recommendations.md index 1ece990ff8c..b84375fbda5 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/architecture-recommendations.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/architecture-recommendations.md @@ -57,7 +57,7 @@ We recommend the following configurations for the load balancer and Ingress cont It is strongly recommended to install Rancher on a Kubernetes cluster on hosted infrastructure such as Amazon's EC2 or Google Compute Engine. -For the best performance and greater security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and greater security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. ## Recommended Node Roles for Kubernetes Installations @@ -99,7 +99,7 @@ With that said, it is safe to use all three roles on three nodes when setting up Because no additional workloads will be deployed on the Rancher server cluster, in most cases it is not necessary to use the same architecture that we recommend for the scalability and reliability of downstream clusters. -For more best practices for downstream clusters, refer to the [production checklist](../../pages-for-subheaders/checklist-for-production-ready-clusters.md) or our [best practices guide.](../../pages-for-subheaders/best-practices.md) +For more best practices for downstream clusters, refer to the [production checklist](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) or our [best practices guide.](../best-practices/best-practices.md) ## Architecture for an Authorized Cluster Endpoint (ACE) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rancher-manager-architecture.md b/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md similarity index 50% rename from versioned_docs/version-2.7/pages-for-subheaders/rancher-manager-architecture.md rename to versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md index d7e76f28573..97ef05d0b6b 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/rancher-manager-architecture.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md @@ -6,16 +6,16 @@ title: Architecture -This section focuses on the [Rancher server and its components](../reference-guides/rancher-manager-architecture/rancher-server-and-components.md) and how [Rancher communicates with downstream Kubernetes clusters](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md). +This section focuses on the [Rancher server and its components](rancher-server-and-components.md) and how [Rancher communicates with downstream Kubernetes clusters](communicating-with-downstream-user-clusters.md). -For information on the different ways that Rancher can be installed, refer to the [overview of installation options.](installation-and-upgrade.md#overview-of-installation-options) +For information on the different ways that Rancher can be installed, refer to the [overview of installation options.](../../getting-started/installation-and-upgrade/installation-and-upgrade.md#overview-of-installation-options) -For a list of main features of the Rancher API server, refer to the [overview section.](../getting-started/overview.md#features-of-the-rancher-api-server) +For a list of main features of the Rancher API server, refer to the [overview section.](../../getting-started/overview.md#features-of-the-rancher-api-server) -For guidance about setting up the underlying infrastructure for the Rancher server, refer to the [architecture recommendations.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +For guidance about setting up the underlying infrastructure for the Rancher server, refer to the [architecture recommendations.](architecture-recommendations.md) :::note -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../kubernetes-concepts.md) page. ::: \ No newline at end of file diff --git a/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/rancher-server-and-components.md b/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/rancher-server-and-components.md index e9fec332622..d30d4900d23 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/rancher-server-and-components.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-manager-architecture/rancher-server-and-components.md @@ -10,9 +10,9 @@ The majority of Rancher 2.x software runs on the Rancher Server. Rancher Server The figure below illustrates the high-level architecture of Rancher 2.x. The figure depicts a Rancher Server installation that manages two downstream Kubernetes clusters: one created by RKE and another created by Amazon EKS (Elastic Kubernetes Service). -For the best performance and security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. -The diagram below shows how users can manipulate both [Rancher-launched Kubernetes](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters and [hosted Kubernetes](../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md) clusters through Rancher's authentication proxy: +The diagram below shows how users can manipulate both [Rancher-launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters and [hosted Kubernetes](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) clusters through Rancher's authentication proxy:
    Managing Kubernetes Clusters through Rancher's Authentication Proxy
    diff --git a/versioned_docs/version-2.7/reference-guides/rancher-project-tools.md b/versioned_docs/version-2.7/reference-guides/rancher-project-tools.md index f199d246d2c..d2b99f71fa9 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-project-tools.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-project-tools.md @@ -29,8 +29,8 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For details, refer to the [logging section.](../pages-for-subheaders/logging.md) +For details, refer to the [logging section.](../integrations-in-rancher/logging/logging.md) ## Monitoring -Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.](../pages-for-subheaders/monitoring-and-alerting.md) +Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rancher-hardening-guides.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/hardening-guides.md similarity index 62% rename from versioned_docs/version-2.7/pages-for-subheaders/rancher-hardening-guides.md rename to versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/hardening-guides.md index 5db6c192945..1ab615e083e 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/rancher-hardening-guides.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/hardening-guides.md @@ -26,31 +26,31 @@ Each self-assessment guide is accompanied by a hardening guide. These guides wer | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | |--------------------|-----------------------|-----------------------|------------------| -| Kubernetes v1.23 | CIS v1.23 | [Link](../reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke1-hardening-guide.md) | -| Kubernetes v1.24 | CIS v1.24 | [Link](../reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke1-hardening-guide.md) | -| Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](../reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke1-hardening-guide.md) | +| Kubernetes v1.23 | CIS v1.23 | [Link](rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke1-hardening-guide/rke1-hardening-guide.md) | +| Kubernetes v1.24 | CIS v1.24 | [Link](rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke1-hardening-guide/rke1-hardening-guide.md) | +| Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke1-hardening-guide/rke1-hardening-guide.md) | ### RKE2 Guides | Type | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | |------|--------------------|-----------------------|-----------------------|------------------| -| Rancher provisioned RKE2 | Kubernetes v1.23 | CIS v1.23 | [Link](../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke2-hardening-guide.md) | -| Rancher provisioned RKE2 | Kubernetes v1.24 | CIS v1.24 | [Link](../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke2-hardening-guide.md) | -| Rancher provisioned RKE2 | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](../reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke2-hardening-guide.md) | +| Rancher provisioned RKE2 | Kubernetes v1.23 | CIS v1.23 | [Link](rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](rke2-hardening-guide/rke2-hardening-guide.md) | +| Rancher provisioned RKE2 | Kubernetes v1.24 | CIS v1.24 | [Link](rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](rke2-hardening-guide/rke2-hardening-guide.md) | +| Rancher provisioned RKE2 | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](rke2-hardening-guide/rke2-hardening-guide.md) | | Standalone RKE2 | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](https://docs.rke2.io/security/cis_self_assessment123) | [Link](https://docs.rke2.io/security/hardening_guide) | ### K3s Guides | Type | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | |------|--------------------|-----------------------|-----------------------|------------------| -| Rancher provisioned K3s cluster | Kubernetes v1.23 | CIS v1.23 | [Link](../reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](k3s-hardening-guide.md) | -| Rancher provisioned K3s cluster | Kubernetes v1.24 | CIS v1.24 | [Link](../reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](k3s-hardening-guide.md) | -| Rancher provisioned K3s cluster | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](../reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](k3s-hardening-guide.md) | +| Rancher provisioned K3s cluster | Kubernetes v1.23 | CIS v1.23 | [Link](k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md) | [Link](k3s-hardening-guide/k3s-hardening-guide.md) | +| Rancher provisioned K3s cluster | Kubernetes v1.24 | CIS v1.24 | [Link](k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md) | [Link](k3s-hardening-guide/k3s-hardening-guide.md) | +| Rancher provisioned K3s cluster | Kubernetes v1.25/v1.26/v1.27 | CIS v1.7 | [Link](k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md) | [Link](k3s-hardening-guide/k3s-hardening-guide.md) | | Standalone K3s | Kubernetes v1.22 up to v1.24 | CIS v1.23 | [Link](https://docs.k3s.io/security/self-assessment) | [Link](https://docs.k3s.io/security/hardening-guide) | ## Rancher with SELinux [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a kernel module that adds extra access controls and security tools to Linux. Historically used by government agencies, SELinux is now industry-standard. SELinux is enabled by default on RHEL and CentOS. -To use Rancher with SELinux, we recommend [installing](../reference-guides/rancher-security/selinux-rpm/about-rancher-selinux.md) the `rancher-selinux` RPM. +To use Rancher with SELinux, we recommend [installing](../selinux-rpm/about-rancher-selinux.md) the `rancher-selinux` RPM. diff --git a/versioned_docs/version-2.7/pages-for-subheaders/k3s-hardening-guide.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-hardening-guide.md similarity index 100% rename from versioned_docs/version-2.7/pages-for-subheaders/k3s-hardening-guide.md rename to versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-hardening-guide.md diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md index d0ddba7d1e7..c34143594e8 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md @@ -6,7 +6,7 @@ title: K3s Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23 -This document is a companion to the [K3s Hardening Guide](../../../../pages-for-subheaders/k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [K3s Hardening Guide](k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md index 1d348069a2a..0b199590889 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md @@ -6,7 +6,7 @@ title: K3s Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24 -This document is a companion to the [K3s Hardening Guide](../../../../pages-for-subheaders/k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [K3s Hardening Guide](k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md index e7373288b35..fe6b3ef299c 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md @@ -6,7 +6,7 @@ title: K3s Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27 -This document is a companion to the [K3s Hardening Guide](../../../../pages-for-subheaders/k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [K3s Hardening Guide](k3s-hardening-guide.md), which provides prescriptive guidance on how to harden K3s clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rke1-hardening-guide.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide.md similarity index 93% rename from versioned_docs/version-2.7/pages-for-subheaders/rke1-hardening-guide.md rename to versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide.md index effc11a78bf..838589b82ad 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/rke1-hardening-guide.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide.md @@ -151,13 +151,13 @@ Execute this script to apply the `default-allow-all.yaml` configuration with the ## Known Limitations - Rancher **exec shell** and **view logs** for pods are **not** functional in a hardened setup when only a public IP is provided when registering custom nodes. This functionality requires a private IP to be provided when registering the custom nodes. -- When setting `default_pod_security_policy_template_id:` to `restricted` or `restricted-noroot`, based on the pod security policies (PSP) [provided](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) by Rancher, Rancher creates `RoleBindings` and `ClusterRoleBindings` on the `default` service accounts. The CIS check 5.1.5 requires that the `default` service accounts have no roles or cluster roles bound to it apart from the defaults. In addition, the `default` service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments. +- When setting `default_pod_security_policy_template_id:` to `restricted` or `restricted-noroot`, based on the pod security policies (PSP) [provided](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) by Rancher, Rancher creates `RoleBindings` and `ClusterRoleBindings` on the `default` service accounts. The CIS check 5.1.5 requires that the `default` service accounts have no roles or cluster roles bound to it apart from the defaults. In addition, the `default` service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments. ## Reference Hardened RKE `cluster.yml` Configuration The reference `cluster.yml` is used by the RKE CLI that provides the configuration needed to achieve a hardened installation of RKE. RKE [documentation](https://rancher.com/docs/rke/latest/en/installation/) provides additional details about the configuration items. This reference `cluster.yml` does not include the required `nodes` directive which will vary depending on your environment. Documentation for node configuration in RKE can be found [here](https://rancher.com/docs/rke/latest/en/config-options/nodes/). -The example `cluster.yml` configuration file contains an Admission Configuration policy in the `services.kube-api.admission_configuration` field. This [sample](../reference-guides/rancher-security/psa-restricted-exemptions.md) policy contains the namespace exemptions necessary for an imported RKE cluster to run properly in Rancher, similar to Rancher's pre-defined [`rancher-restricted`](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) policy. +The example `cluster.yml` configuration file contains an Admission Configuration policy in the `services.kube-api.admission_configuration` field. This [sample](../../psa-restricted-exemptions.md) policy contains the namespace exemptions necessary for an imported RKE cluster to run properly in Rancher, similar to Rancher's pre-defined [`rancher-restricted`](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) policy. If you prefer to use RKE's default `restricted` policy, then leave the `services.kube-api.admission_configuration` field empty and set `services.pod_security_configuration` to `restricted`. See [the RKE docs](https://rke.docs.rancher.com/config-options/services/pod-security-admission) for more information. @@ -165,7 +165,7 @@ If you prefer to use RKE's default `restricted` policy, then leave the `services :::note -If you intend to import an RKE cluster into Rancher, please consult the [documentation](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. +If you intend to import an RKE cluster into Rancher, please consult the [documentation](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. ::: ```yaml @@ -407,7 +407,7 @@ addons: | ## Reference Hardened RKE Cluster Template Configuration -The reference RKE cluster template provides the minimum required configuration to achieve a hardened installation of Kubernetes. RKE templates are used to provision Kubernetes and define Rancher settings. Follow the Rancher [documentation](installation-and-upgrade.md) for additional information about installing RKE and its template details. +The reference RKE cluster template provides the minimum required configuration to achieve a hardened installation of Kubernetes. RKE templates are used to provision Kubernetes and define Rancher settings. Follow the Rancher [documentation](../../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) for additional information about installing RKE and its template details. diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md index 9c6d1369a90..774f12f8be9 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md @@ -6,7 +6,7 @@ title: RKE Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23 -This document is a companion to the [RKE Hardening Guide](../../../../pages-for-subheaders/rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE Hardening Guide](rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md index 5f3c20fb37f..e37a56d277e 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md @@ -6,7 +6,7 @@ title: RKE Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24 -This document is a companion to the [RKE Hardening Guide](../../../../pages-for-subheaders/rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE Hardening Guide](rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md index 9fe9ca2045f..bfb274d96fa 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md @@ -6,7 +6,7 @@ title: RKE Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27 -This document is a companion to the [RKE Hardening Guide](../../../../pages-for-subheaders/rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE Hardening Guide](rke1-hardening-guide.md), which provides prescriptive guidance on how to harden RKE clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rke2-hardening-guide.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md similarity index 98% rename from versioned_docs/version-2.7/pages-for-subheaders/rke2-hardening-guide.md rename to versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md index 378050c8e45..0cce6028916 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/rke2-hardening-guide.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide.md @@ -124,7 +124,7 @@ When both the `defaultPodSecurityAdmissionConfigurationTemplateName` and `profil These namespaces are exempted to allow system pods to run without restrictions, which is required for proper operation of the cluster. :::note -If you intend to import an RKE cluster into Rancher, please consult the [documentation](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. +If you intend to import an RKE cluster into Rancher, please consult the [documentation](../../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates.md) for how to configure the PSA to exempt Rancher system namespaces. ::: diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md index 3099612cacb..d9145e2ce85 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23.md @@ -6,7 +6,7 @@ title: RKE2 Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23 -This document is a companion to the [RKE2 Hardening Guide](../../../../pages-for-subheaders/rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE2 Hardening Guide](rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md index ba80c0a516a..0e74634d09d 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.24-k8s-v1.24.md @@ -6,7 +6,7 @@ title: RKE2 Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24 -This document is a companion to the [RKE2 Hardening Guide](../../../../pages-for-subheaders/rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE2 Hardening Guide](rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md index b7d4a36ea4b..c93773a62a7 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25-v1.26-v1.27.md @@ -6,7 +6,7 @@ title: RKE2 Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27 -This document is a companion to the [RKE2 Hardening Guide](../../../../pages-for-subheaders/rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. +This document is a companion to the [RKE2 Hardening Guide](rke2-hardening-guide.md), which provides prescriptive guidance on how to harden RKE2 clusters that are running in production and managed by Rancher. This benchmark guide helps you evaluate the security of a hardened cluster against each control in the CIS Kubernetes Benchmark. This guide corresponds to the following versions of Rancher, CIS Benchmarks, and Kubernetes: diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/rancher-security-best-practices.md b/versioned_docs/version-2.7/reference-guides/rancher-security/rancher-security-best-practices.md index 1a5cb92faa7..ea78abe7d0e 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/rancher-security-best-practices.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/rancher-security-best-practices.md @@ -18,4 +18,4 @@ See [OWASP Web Application Security Testing - Enumerate Infrastructure and Appli Some environments may require additional security controls for session management. For example, you may want to limit users' concurrent active sessions or restrict which geolocations those sessions can be initiated from. Such features are not supported by Rancher out of the box. -If you require such features, combine Layer 7 firewalls with [external authentication providers](../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication). \ No newline at end of file +If you require such features, combine Layer 7 firewalls with [external authentication providers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md#external-vs-local-authentication). \ No newline at end of file diff --git a/versioned_docs/version-2.7/pages-for-subheaders/rancher-security.md b/versioned_docs/version-2.7/reference-guides/rancher-security/rancher-security.md similarity index 88% rename from versioned_docs/version-2.7/pages-for-subheaders/rancher-security.md rename to versioned_docs/version-2.7/reference-guides/rancher-security/rancher-security.md index 67c496fe24d..a051712aae3 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/rancher-security.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/rancher-security.md @@ -23,13 +23,13 @@ title: Security -Security is at the heart of all Rancher features. From integrating with all the popular authentication tools and services, to an enterprise grade [RBAC capability](manage-role-based-access-control-rbac.md), Rancher makes your Kubernetes clusters even more secure. +Security is at the heart of all Rancher features. From integrating with all the popular authentication tools and services, to an enterprise grade [RBAC capability](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md), Rancher makes your Kubernetes clusters even more secure. On this page, we provide security related documentation along with resources to help you secure your Rancher installation and your downstream Kubernetes clusters. ### NeuVector Integration with Rancher -NeuVector is an open-source, container-focused security application that is now integrated into Rancher. NeuVector provides production security, DevOps vulnerability protection, and a container firewall, et al. Please see the [Rancher docs](../integrations-in-rancher/neuvector.md) and the [NeuVector docs](https://open-docs.neuvector.com/) for more information. +NeuVector is an open-source, container-focused security application that is now integrated into Rancher. NeuVector provides production security, DevOps vulnerability protection, and a container firewall, et al. Please see the [Rancher docs](../../integrations-in-rancher/neuvector.md) and the [NeuVector docs](https://open-docs.neuvector.com/) for more information. ### Running a CIS Security Scan on a Kubernetes Cluster @@ -45,13 +45,13 @@ The Benchmark provides recommendations of two types: Automated and Manual. We ru When Rancher runs a CIS security scan on a cluster, it generates a report showing the results of each test, including a summary with the number of passed, skipped and failed tests. The report also includes remediation steps for any failed tests. -For details, refer to the section on [security scans](cis-scan-guides.md). +For details, refer to the section on [security scans](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md). ### SELinux RPM [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8. -We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: `rancher-selinux` and `rke2-selinux`. For details, see [this page](selinux-rpm.md). +We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: `rancher-selinux` and `rke2-selinux`. For details, see [this page](selinux-rpm/selinux-rpm.md). ### Rancher Hardening Guide @@ -84,12 +84,12 @@ Please note that new reports are no longer shared or made publicly available. ### Rancher Security Advisories and CVEs -Rancher is committed to informing the community of security issues in our products. For the list of CVEs (Common Vulnerabilities and Exposures) for issues we have resolved, refer to [this page.](../reference-guides/rancher-security/security-advisories-and-cves.md) +Rancher is committed to informing the community of security issues in our products. For the list of CVEs (Common Vulnerabilities and Exposures) for issues we have resolved, refer to [this page.](security-advisories-and-cves.md) ### Kubernetes Security Best Practices -For recommendations on securing your Kubernetes cluster, refer to the [Kubernetes Security Best Practices](../reference-guides/rancher-security/kubernetes-security-best-practices.md) guide. +For recommendations on securing your Kubernetes cluster, refer to the [Kubernetes Security Best Practices](kubernetes-security-best-practices.md) guide. ### Rancher Security Best Practices -For recommendations on securing your Rancher Manager deployments, refer to the [Rancher Security Best Practices](../reference-guides/rancher-security/rancher-security-best-practices.md) guide. +For recommendations on securing your Rancher Manager deployments, refer to the [Rancher Security Best Practices](rancher-security-best-practices.md) guide. diff --git a/versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md b/versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md index 8f3649e7a85..ad7fb02ad7b 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md @@ -23,8 +23,8 @@ Rancher is committed to informing the community of security issues in our produc | [CVE-2022-31247](https://github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg) | An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation in downstream clusters through cluster role template binding (CRTB) and project role template binding (PRTB). The vulnerability can be exploited by any user who has permissions to create/edit CRTB or PRTB (such as `cluster-owner`, `manage cluster members`, `project-owner`, and `manage project members`) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. | 18 August 2022 | [Rancher v2.6.7](https://github.com/rancher/rancher/releases/tag/v2.6.7) and [Rancher v2.5.16](https://github.com/rancher/rancher/releases/tag/v2.5.16) | | [CVE-2021-36783](https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8) | It was discovered that in Rancher versions up to and including 2.5.12 and 2.6.3, there is a failure to properly sanitize credentials in cluster template answers. This failure can lead to plaintext storage and exposure of credentials, passwords, and API tokens. The exposed credentials are visible in Rancher to authenticated `Cluster Owners`, `Cluster Members`, `Project Owners`, and `Project Members` on the endpoints `/v1/management.cattle.io.clusters`, `/v3/clusters`, and `/k8s/clusters/local/apis/management.cattle.io/v3/clusters`. | 18 August 2022 | [Rancher v2.6.7](https://github.com/rancher/rancher/releases/tag/v2.6.7) and [Rancher v2.5.16](https://github.com/rancher/rancher/releases/tag/v2.5.16) | | [CVE-2021-36782](https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f) | An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields like passwords, API keys, and Rancher's service account token (used to provision clusters) were stored in plaintext directly on Kubernetes objects like `Clusters` (e.g., `cluster.management.cattle.io`). Anyone with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data. The issue was partially found and reported by Florian Struck (from [Continum AG](https://www.continum.net/)) and [Marco Stuurman](https://github.com/fe-ax) (from [Shock Media B.V.](https://www.shockmedia.nl/)). | 18 August 2022 | [Rancher v2.6.7](https://github.com/rancher/rancher/releases/tag/v2.6.7) and [Rancher v2.5.16](https://github.com/rancher/rancher/releases/tag/v2.5.16) | -| [CVE-2022-21951](https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c) | This vulnerability only affects customers using [Weave](../../faq/container-network-interface-providers.md#weave) Container Network Interface (CNI) when configured through [RKE templates](../../pages-for-subheaders/about-rke1-templates.md). A vulnerability was discovered in Rancher versions 2.5.0 up to and including 2.5.13, and 2.6.0 up to and including 2.6.4, where a user interface (UI) issue with RKE templates does not include a value for the Weave password when Weave is chosen as the CNI. If a cluster is created based on the mentioned template, and Weave is configured as the CNI, no password will be created for [network encryption](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/) in Weave; therefore, network traffic in the cluster will be sent unencrypted. | 24 May 2022 | [Rancher v2.6.5](https://github.com/rancher/rancher/releases/tag/v2.6.5) and [Rancher v2.5.14](https://github.com/rancher/rancher/releases/tag/v2.5.14) | -| [CVE-2021-36784](https://github.com/rancher/rancher/security/advisories/GHSA-jwvr-vv7p-gpwq) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 which allows users who have create or update permissions on [Global Roles](../../pages-for-subheaders/manage-role-based-access-control-rbac.md) to escalate their permissions, or those of another user, to admin-level permissions. Global Roles grant users Rancher-wide permissions, such as the ability to create clusters. In the identified versions of Rancher, when users are given permission to edit or create Global Roles, they are not restricted to only granting permissions which they already posses. This vulnerability affects customers who utilize non-admin users that are able to create or edit Global Roles. The most common use case for this scenario is the `restricted-admin` role. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | +| [CVE-2022-21951](https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c) | This vulnerability only affects customers using [Weave](../../faq/container-network-interface-providers.md#weave) Container Network Interface (CNI) when configured through [RKE templates](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md). A vulnerability was discovered in Rancher versions 2.5.0 up to and including 2.5.13, and 2.6.0 up to and including 2.6.4, where a user interface (UI) issue with RKE templates does not include a value for the Weave password when Weave is chosen as the CNI. If a cluster is created based on the mentioned template, and Weave is configured as the CNI, no password will be created for [network encryption](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/) in Weave; therefore, network traffic in the cluster will be sent unencrypted. | 24 May 2022 | [Rancher v2.6.5](https://github.com/rancher/rancher/releases/tag/v2.6.5) and [Rancher v2.5.14](https://github.com/rancher/rancher/releases/tag/v2.5.14) | +| [CVE-2021-36784](https://github.com/rancher/rancher/security/advisories/GHSA-jwvr-vv7p-gpwq) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 which allows users who have create or update permissions on [Global Roles](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) to escalate their permissions, or those of another user, to admin-level permissions. Global Roles grant users Rancher-wide permissions, such as the ability to create clusters. In the identified versions of Rancher, when users are given permission to edit or create Global Roles, they are not restricted to only granting permissions which they already posses. This vulnerability affects customers who utilize non-admin users that are able to create or edit Global Roles. The most common use case for this scenario is the `restricted-admin` role. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | | [CVE-2021-4200](https://github.com/rancher/rancher/security/advisories/GHSA-hx8w-ghh8-r4xf) | This vulnerability only affects customers using the `restricted-admin` role in Rancher. A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 where the `global-data` role in `cattle-global-data` namespace grants write access to the Catalogs. Since each user with any level of catalog access was bound to the `global-data` role, this grants write access to templates (`CatalogTemplates`) and template versions (`CatalogTemplateVersions`) for any user with any level of catalog access. New users created in Rancher are by default assigned to the `user` role (standard user), which is not designed to grant write catalog access. This vulnerability effectively elevates the privilege of any user to write access for the catalog template and catalog template version resources. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | | [GHSA-wm2r-rp98-8pmh](https://github.com/rancher/rancher/security/advisories/GHSA-wm2r-rp98-8pmh) | This vulnerability only affects customers using [Fleet](../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md) for continuous delivery with authenticated Git and/or Helm repositories. An issue was discovered in `go-getter` library in versions prior to [`v1.5.11`](https://github.com/hashicorp/go-getter/releases/tag/v1.5.11) that exposes SSH private keys in base64 format due to a failure in redacting such information from error messages. The vulnerable version of this library is used in Rancher through Fleet in versions of Fleet prior to [`v0.3.9`](https://github.com/rancher/fleet/releases/tag/v0.3.9). This issue affects Rancher versions 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3. The issue was found and reported by Dagan Henderson from Raft Engineering. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | | [CVE-2021-36778](https://github.com/rancher/rancher/security/advisories/GHSA-4fc7-hc63-7fjg) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.11 and from 2.6.0 up to and including 2.6.2, where an insufficient check of the same-origin policy when downloading Helm charts from a configured private repository can lead to exposure of the repository credentials to a third-party provider. This issue only happens when the user configures access credentials to a private repository in Rancher inside `Apps & Marketplace > Repositories`. The issue was found and reported by Martin Andreas Ullrich. | 14 Apr 2022 | [Rancher v2.6.3](https://github.com/rancher/rancher/releases/tag/v2.6.3) and [Rancher v2.5.12](https://github.com/rancher/rancher/releases/tag/v2.5.12) | diff --git a/versioned_docs/version-2.7/pages-for-subheaders/selinux-rpm.md b/versioned_docs/version-2.7/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md similarity index 85% rename from versioned_docs/version-2.7/pages-for-subheaders/selinux-rpm.md rename to versioned_docs/version-2.7/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md index c72c72ff56a..f2d93d01bb1 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/selinux-rpm.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md @@ -17,4 +17,4 @@ After being historically used by government agencies, SELinux is now industry st Enforcing ``` -We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: [`rancher-selinux`](../reference-guides/rancher-security/selinux-rpm/about-rancher-selinux.md) and [`rke2-selinux`](../reference-guides/rancher-security/selinux-rpm/about-rke2-selinux.md). \ No newline at end of file +We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: [`rancher-selinux`](about-rancher-selinux.md) and [`rke2-selinux`](about-rke2-selinux.md). \ No newline at end of file diff --git a/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/advanced-options.md b/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/advanced-options.md index 081d79e4b04..4d410831bf9 100644 --- a/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/advanced-options.md +++ b/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/advanced-options.md @@ -19,7 +19,7 @@ Use the command example to start a Rancher container with your private CA certif The example below is based on having the CA root certificates in the `/host/certs` directory on the host and mounting this directory on `/container/certs` inside the Rancher container. -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ``` docker run -d --restart=unless-stopped \ @@ -38,7 +38,7 @@ The API Audit Log writes to `/var/log/auditlog` inside the rancher container by See [API Audit Log](../../how-to-guides/advanced-user-guides/enable-api-audit-log.md) for more information and options. -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ``` docker run -d --restart=unless-stopped \ @@ -61,7 +61,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) See [TLS settings](../../getting-started/installation-and-upgrade/installation-references/tls-settings.md) for more information and options. @@ -87,7 +87,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ### Running `rancher/rancher` and `rancher/rancher-agent` on the Same Node @@ -106,4 +106,4 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) diff --git a/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md b/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md index bc81ed966c2..4936d839dd2 100644 --- a/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md @@ -24,7 +24,7 @@ NO_PROXY must be in uppercase to use network range (CIDR) notation. ## Docker Installation -Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md) are: +Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) are: - `localhost` - `127.0.0.1` @@ -46,7 +46,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ### Air-gapped proxy configuration diff --git a/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md b/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md new file mode 100644 index 00000000000..e605bd0c77a --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md @@ -0,0 +1,9 @@ +--- +title: Single Node Rancher in Docker +--- + + + + + +The following docs will discuss [HTTP proxy configuration](http-proxy-configuration.md) and [advanced options](advanced-options.md) for Docker installs. \ No newline at end of file diff --git a/versioned_docs/version-2.7/reference-guides/user-settings/api-keys.md b/versioned_docs/version-2.7/reference-guides/user-settings/api-keys.md index 95a26a81a45..d5ff1d1fb24 100644 --- a/versioned_docs/version-2.7/reference-guides/user-settings/api-keys.md +++ b/versioned_docs/version-2.7/reference-guides/user-settings/api-keys.md @@ -51,7 +51,7 @@ Users may opt to enable [token hashing](../about-the-api/api-tokens.md). - Enter your API key information into the application that will send requests to the Rancher API. - Learn more about the Rancher endpoints and parameters by selecting **View in API** for an object in the Rancher UI. -- API keys are used for API calls and [Rancher CLI](../../pages-for-subheaders/cli-with-rancher.md). +- API keys are used for API calls and [Rancher CLI](../cli-with-rancher/cli-with-rancher.md). ## Deleting API Keys diff --git a/versioned_docs/version-2.7/reference-guides/user-settings/manage-cloud-credentials.md b/versioned_docs/version-2.7/reference-guides/user-settings/manage-cloud-credentials.md index e93b79d5c07..f32c283f3b3 100644 --- a/versioned_docs/version-2.7/reference-guides/user-settings/manage-cloud-credentials.md +++ b/versioned_docs/version-2.7/reference-guides/user-settings/manage-cloud-credentials.md @@ -6,7 +6,7 @@ title: Managing Cloud Credentials -When you create a cluster [hosted by an infrastructure provider](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), [node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. +When you create a cluster [hosted by an infrastructure provider](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), [node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. Node templates can use cloud credentials to access the credential information required to provision nodes in the infrastructure providers. The same cloud credential can be used by multiple node templates. By using a cloud credential, you do not have to re-enter access keys for the same cloud provider. Cloud credentials are stored as Kubernetes secrets. @@ -14,7 +14,7 @@ Cloud credentials are only used by node templates if there are fields marked as You can create cloud credentials in two contexts: -- [During creation of a node template](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for a cluster. +- [During creation of a node template](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) for a cluster. - In the **User Settings** Cloud credentials are bound to their creator's user profile. They **cannot** be shared between non-admin users. However, admins are able to view and manage the cloud credentials of other users. @@ -29,7 +29,7 @@ Cloud credentials are bound to their creator's user profile. They **cannot** be 1. Based on the selected cloud credential type, enter the required values to authenticate with the infrastructure provider. 1. Click **Create**. -**Result:** The cloud credential is created and can immediately be used to [create node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates). +**Result:** The cloud credential is created and can immediately be used to [create node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). ## Updating a Cloud Credential @@ -40,7 +40,7 @@ When access credentials are changed or compromised, updating a cloud credential 1. Choose the cloud credential you want to edit and click the **⋮ > Edit Config**. 1. Update the credential information and click **Save**. -**Result:** The cloud credential is updated with the new access credentials. All existing node templates using this cloud credential will automatically use the updated information whenever [new nodes are added](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The cloud credential is updated with the new access credentials. All existing node templates using this cloud credential will automatically use the updated information whenever [new nodes are added](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Deleting a Cloud Credential diff --git a/versioned_docs/version-2.7/reference-guides/user-settings/manage-node-templates.md b/versioned_docs/version-2.7/reference-guides/user-settings/manage-node-templates.md index fab13f80ffc..2d83b899104 100644 --- a/versioned_docs/version-2.7/reference-guides/user-settings/manage-node-templates.md +++ b/versioned_docs/version-2.7/reference-guides/user-settings/manage-node-templates.md @@ -6,10 +6,10 @@ title: Managing Node Templates -When you provision a cluster [hosted by an infrastructure provider](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), [node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. You can create node templates in two contexts: +When you provision a cluster [hosted by an infrastructure provider](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), [node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. You can create node templates in two contexts: -- While [provisioning a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). -- At any time, from your [user settings](../../pages-for-subheaders/user-settings.md). +- While [provisioning a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). +- At any time, from your [user settings](user-settings.md). When you create a node template, it is bound to your user profile. Node templates cannot be shared among users. You can delete stale node templates that you no longer user from your user settings. @@ -20,7 +20,7 @@ When you create a node template, it is bound to your user profile. Node template 1. Click **Add Template**. 1. Select one of the cloud providers available. Then follow the instructions on screen to configure the template. -**Result:** The template is configured. You can use the template later when you [provision a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The template is configured. You can use the template later when you [provision a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Updating a Node Template @@ -30,7 +30,7 @@ When you create a node template, it is bound to your user profile. Node template :::note - The default `active` [node drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md) and any node driver, that has fields marked as `password`, are required to use [cloud credentials](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#cloud-credentials). + The default `active` [node drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md) and any node driver, that has fields marked as `password`, are required to use [cloud credentials](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#cloud-credentials). ::: @@ -47,7 +47,7 @@ When creating new node templates from your user settings, you can clone an exist 1. Find the template you want to clone. Then select **⋮ > Clone**. 1. Complete the rest of the form. -**Result:** The template is cloned and configured. You can use the template later when you [provision a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The template is cloned and configured. You can use the template later when you [provision a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Deleting a Node Template diff --git a/versioned_docs/version-2.7/reference-guides/user-settings/user-settings.md b/versioned_docs/version-2.7/reference-guides/user-settings/user-settings.md new file mode 100644 index 00000000000..496fde5638c --- /dev/null +++ b/versioned_docs/version-2.7/reference-guides/user-settings/user-settings.md @@ -0,0 +1,19 @@ +--- +title: User Settings +--- + + + + + +Within Rancher, each user has a number of settings associated with their login: personal preferences, API keys, etc. You can configure these settings by choosing from the **User Settings** menu. You can open this menu by clicking your avatar, located within the main menu. + +![User Settings Menu](/img/user-settings.png) + +The available user settings are: + +- [API & Keys](api-keys.md): If you want to interact with Rancher programmatically, you need an API key. Follow the directions in this section to obtain a key. +- [Cloud Credentials](manage-cloud-credentials.md): Manage cloud credentials [used by node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) to [provision nodes for clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). +- [Node Templates](manage-node-templates.md): Manage templates [used by Rancher to provision nodes for clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). +- [Preferences](user-preferences.md): Sets superficial preferences for the Rancher UI. +- Log Out: Ends your user session. diff --git a/versioned_docs/version-2.7/security/security-scan/security-scan.md b/versioned_docs/version-2.7/security/security-scan/security-scan.md index 061d0af8edd..cacabb6266d 100644 --- a/versioned_docs/version-2.7/security/security-scan/security-scan.md +++ b/versioned_docs/version-2.7/security/security-scan/security-scan.md @@ -6,4 +6,4 @@ title: Security Scans -The documentation about CIS security scans has moved [here.](../../pages-for-subheaders/cis-scan-guides.md) +The documentation about CIS security scans has moved [here.](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) diff --git a/versioned_docs/version-2.7/shared-files/_cluster-capabilities-table.md b/versioned_docs/version-2.7/shared-files/_cluster-capabilities-table.md index b74973f5a67..6cffdba23c4 100644 --- a/versioned_docs/version-2.7/shared-files/_cluster-capabilities-table.md +++ b/versioned_docs/version-2.7/shared-files/_cluster-capabilities-table.md @@ -2,13 +2,13 @@ | --- | --- | ---| ---|----| | [Using kubectl and a kubeconfig file to Access a Cluster](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md) | ✓ | ✓ | ✓ | ✓ | | [Managing Cluster Members](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) | ✓ | ✓ | ✓ | ✓ | -| [Editing and Upgrading Clusters](../pages-for-subheaders/cluster-configuration.md) | ✓ | ✓ | ✓ | ✓2 | +| [Editing and Upgrading Clusters](../reference-guides/cluster-configuration/cluster-configuration.md) | ✓ | ✓ | ✓ | ✓2 | | [Managing Nodes](../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md) | ✓ | ✓ | ✓ | ✓3 | -| [Managing Persistent Volumes and Storage Classes](../pages-for-subheaders/create-kubernetes-persistent-storage.md) | ✓ | ✓ | ✓ | ✓ | +| [Managing Persistent Volumes and Storage Classes](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) | ✓ | ✓ | ✓ | ✓ | | [Managing Projects, Namespaces and Workloads](../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) | ✓ | ✓ | ✓ | ✓ | -| [Using App Catalogs](../pages-for-subheaders/helm-charts-in-rancher.md) | ✓ | ✓ | ✓ | ✓ | -| Configuring Tools ([Alerts, Notifiers, Monitoring](../pages-for-subheaders/monitoring-and-alerting.md), [Logging](../pages-for-subheaders/logging.md), [Istio](../pages-for-subheaders/istio.md)) | ✓ | ✓ | ✓ | ✓ | -| [Running Security Scans](../pages-for-subheaders/cis-scan-guides.md) | ✓ | ✓ | ✓ | ✓ | +| [Using App Catalogs](../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md) | ✓ | ✓ | ✓ | ✓ | +| Configuring Tools ([Alerts, Notifiers, Monitoring](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md), [Logging](../integrations-in-rancher/logging/logging.md), [Istio](../integrations-in-rancher/istio/istio.md)) | ✓ | ✓ | ✓ | ✓ | +| [Running Security Scans](../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) | ✓ | ✓ | ✓ | ✓ | | [Ability to rotate certificates](../how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md) | ✓ | ✓ | | | | Ability to [backup](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md) and [restore](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md) Rancher-launched clusters | ✓ | ✓ | | ✓4 | | [Cleaning Kubernetes components when clusters are no longer reachable from Rancher](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) | ✓ | | | | diff --git a/versioned_docs/version-2.7/troubleshooting/general-troubleshooting.md b/versioned_docs/version-2.7/troubleshooting/general-troubleshooting.md index 77ab7e24806..d162d499805 100644 --- a/versioned_docs/version-2.7/troubleshooting/general-troubleshooting.md +++ b/versioned_docs/version-2.7/troubleshooting/general-troubleshooting.md @@ -8,7 +8,7 @@ title: General Troubleshooting This section contains information to help you troubleshoot issues when using Rancher. -- [Kubernetes components](../pages-for-subheaders/kubernetes-components.md) +- [Kubernetes components](kubernetes-components/kubernetes-components.md) If you need help troubleshooting core Kubernetes cluster components like: * `etcd` @@ -33,7 +33,7 @@ This section contains information to help you troubleshoot issues when using Ran - [Troubleshooting Rancher installed on Kubernetes](other-troubleshooting-tips/rancher-ha.md) - If you experience issues with your [Rancher server installed on Kubernetes](../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) + If you experience issues with your [Rancher server installed on Kubernetes](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) - [Logging](other-troubleshooting-tips/logging.md) diff --git a/versioned_docs/version-2.7/troubleshooting/kubernetes-components/kubernetes-components.md b/versioned_docs/version-2.7/troubleshooting/kubernetes-components/kubernetes-components.md new file mode 100644 index 00000000000..53863435277 --- /dev/null +++ b/versioned_docs/version-2.7/troubleshooting/kubernetes-components/kubernetes-components.md @@ -0,0 +1,21 @@ +--- +title: Kubernetes Components +--- + + + + + +The commands and steps listed in this section apply to the core Kubernetes components on [Rancher Launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters. + +This section includes troubleshooting tips in the following categories: + +- [Troubleshooting etcd Nodes](troubleshooting-etcd-nodes.md) +- [Troubleshooting Controlplane Nodes](troubleshooting-controlplane-nodes.md) +- [Troubleshooting nginx-proxy Nodes](troubleshooting-nginx-proxy.md) +- [Troubleshooting Worker Nodes and Generic Components](troubleshooting-worker-nodes-and-generic-components.md) + +## Kubernetes Component Diagram + +![Cluster diagram](/img/clusterdiagram.svg)
    +Lines show the traffic flow between components. Colors are used purely for visual aid \ No newline at end of file diff --git a/versioned_docs/version-2.7/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md b/versioned_docs/version-2.7/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md index f1e6b8f8594..635e4d07371 100644 --- a/versioned_docs/version-2.7/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md +++ b/versioned_docs/version-2.7/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md @@ -6,7 +6,7 @@ title: Kubernetes Resources -The commands/steps listed on this page can be used to check the most important Kubernetes resources and apply to [Rancher Launched Kubernetes](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. +The commands/steps listed on this page can be used to check the most important Kubernetes resources and apply to [Rancher Launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters. Make sure you configured the correct kubeconfig (for example, `export KUBECONFIG=$PWD/kube_config_cluster.yml` for Rancher HA) or are using the embedded kubectl via the UI. diff --git a/versioned_sidebars/version-2.7-sidebars.json b/versioned_sidebars/version-2.7-sidebars.json index e0667c55d24..8ff69b7de05 100644 --- a/versioned_sidebars/version-2.7-sidebars.json +++ b/versioned_sidebars/version-2.7-sidebars.json @@ -11,7 +11,7 @@ "label": "Quick Start Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/quick-start-guides" + "id": "getting-started/quick-start-guides/quick-start-guides" }, "items": [ { @@ -19,7 +19,7 @@ "label": "Deploying Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/deploy-rancher-manager" + "id": "getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager" }, "items": [ "getting-started/quick-start-guides/deploy-rancher-manager/aws", @@ -40,7 +40,7 @@ "label": "Deploying Workloads", "link": { "type": "doc", - "id": "pages-for-subheaders/deploy-rancher-workloads" + "id": "getting-started/quick-start-guides/deploy-workloads/deploy-workloads" }, "items": [ "getting-started/quick-start-guides/deploy-workloads/workload-ingress", @@ -54,7 +54,7 @@ "label": "Installation and Upgrade", "link": { "type": "doc", - "id": "pages-for-subheaders/installation-and-upgrade" + "id": "getting-started/installation-and-upgrade/installation-and-upgrade" }, "items": [ { @@ -62,7 +62,7 @@ "label": "Installation Requirements", "link": { "type": "doc", - "id": "pages-for-subheaders/installation-requirements" + "id": "getting-started/installation-and-upgrade/installation-requirements/installation-requirements" }, "items": [ "getting-started/installation-and-upgrade/installation-requirements/install-docker", @@ -75,7 +75,7 @@ "label": "Installation References", "link": { "type": "doc", - "id": "pages-for-subheaders/installation-references" + "id": "getting-started/installation-and-upgrade/installation-references/installation-references" }, "items": [ "getting-started/installation-and-upgrade/installation-references/helm-chart-options", @@ -88,7 +88,7 @@ "label": "Install/Upgrade on a Kubernetes Cluster", "link": { "type": "doc", - "id": "pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster" + "id": "getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster" }, "items": [ "getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks", @@ -106,7 +106,7 @@ "label": "Other Installation Methods", "link": { "type": "doc", - "id": "pages-for-subheaders/other-installation-methods" + "id": "getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods" }, "items": [ { @@ -114,7 +114,7 @@ "label": "Air-Gapped Helm CLI Install", "link": { "type": "doc", - "id": "pages-for-subheaders/air-gapped-helm-cli-install" + "id": "getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install" }, "items": [ "getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry", @@ -129,7 +129,7 @@ "label": "Rancher on a Single Node with Docker", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-on-a-single-node-with-docker" + "id": "getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker" }, "items": [ "getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher", @@ -142,7 +142,7 @@ "label": "Rancher Behind an HTTP Proxy", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-behind-an-http-proxy" + "id": "getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy" }, "items": [ "getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure", @@ -157,7 +157,7 @@ "label": "Resources", "link": { "type": "doc", - "id": "pages-for-subheaders/resources" + "id": "getting-started/installation-and-upgrade/resources/resources" }, "items": [ "getting-started/installation-and-upgrade/resources/choose-a-rancher-version", @@ -185,7 +185,7 @@ "label": "New User Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/new-user-guides" + "id": "how-to-guides/new-user-guides/new-user-guides/new-user-guides" }, "items": [ { @@ -193,7 +193,7 @@ "label": "Authentication, Permissions, and Global Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/authentication-permissions-and-global-configuration" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration" }, "items": [ { @@ -201,7 +201,7 @@ "label": "Configuring Authentication", "link": { "type": "doc", - "id": "pages-for-subheaders/authentication-config" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups", @@ -222,7 +222,7 @@ "label": "Configuring OpenLDAP", "link": { "type": "doc", - "id": "pages-for-subheaders/configure-openldap" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference" @@ -233,7 +233,7 @@ "label": "Configuring Microsoft AD Federation Service (SAML)", "link": { "type": "doc", - "id": "pages-for-subheaders/configure-microsoft-ad-federation-service-saml" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher", @@ -245,7 +245,7 @@ "label": "Configuring Shibboleth (SAML)", "link": { "type": "doc", - "id": "pages-for-subheaders/configure-shibboleth-saml" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/about-group-permissions" @@ -256,7 +256,7 @@ "label": "Managing Role-Based Access Control (RBAC)", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-role-based-access-control-rbac" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions", @@ -270,7 +270,7 @@ "label": "About Provisioning Drivers", "link": { "type": "doc", - "id": "pages-for-subheaders/about-provisioning-drivers" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers", @@ -282,7 +282,7 @@ "label": "About RKE1 Templates", "link": { "type": "doc", - "id": "pages-for-subheaders/about-rke1-templates" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/creator-permissions", @@ -307,7 +307,7 @@ "label": "Cluster Administration", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-clusters" + "id": "how-to-guides/new-user-guides/manage-clusters/manage-clusters" }, "items": [ { @@ -315,7 +315,7 @@ "label": "Access Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/access-clusters" + "id": "how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig", @@ -328,7 +328,7 @@ "label": "Install Cluster Autoscaler", "link": { "type": "doc", - "id": "pages-for-subheaders/install-cluster-autoscaler" + "id": "how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups" @@ -339,7 +339,7 @@ "label": "Create Kubernetes Persistent Storage", "link": { "type": "doc", - "id": "pages-for-subheaders/create-kubernetes-persistent-storage" + "id": "how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-persistent-storage", @@ -355,7 +355,7 @@ "label": "Provisioning Storage Examples", "link": { "type": "doc", - "id": "pages-for-subheaders/provisioning-storage-examples" + "id": "how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs", @@ -378,7 +378,7 @@ "label": "Kubernetes Cluster Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-cluster-setup" + "id": "how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup" }, "items": [ "how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs", @@ -392,7 +392,7 @@ "label": "Infrastructure Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/infrastructure-setup" + "id": "how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup" }, "items": [ "how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster", @@ -409,7 +409,7 @@ "label": "Kubernetes Clusters in Rancher Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-clusters-in-rancher-setup" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters", @@ -418,7 +418,7 @@ "label": "Checklist for Production-Ready Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/checklist-for-production-ready-clusters" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture", @@ -430,7 +430,7 @@ "label": "Setting up Clusters from Hosted Kubernetes Providers", "link": { "type": "doc", - "id": "pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks", @@ -446,7 +446,7 @@ "label": "Launching Kubernetes on Windows Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/use-windows-clusters" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/azure-storageclass-configuration", @@ -460,7 +460,7 @@ "label": "Setting up Cloud Providers", "link": { "type": "doc", - "id": "pages-for-subheaders/set-up-cloud-providers" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon", @@ -479,7 +479,7 @@ "label": "Launching Kubernetes with Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/launch-kubernetes-with-rancher" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher" }, "items": [ { @@ -487,7 +487,7 @@ "label": "Launching New Nodes in an Infra Provider", "link": { "type": "doc", - "id": "pages-for-subheaders/use-new-nodes-in-an-infra-provider" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider" }, "items": [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster", @@ -498,7 +498,7 @@ "label": "vSphere", "link": { "type": "doc", - "id": "pages-for-subheaders/vsphere" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere" }, "items": [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere", @@ -511,7 +511,7 @@ "label": "Nutanix", "link": { "type": "doc", - "id": "pages-for-subheaders/nutanix" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix" }, "items": [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos" @@ -528,7 +528,7 @@ "label": "Kubernetes Resources Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-resources-setup" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup" }, "items": [ { @@ -536,7 +536,7 @@ "label": "Workloads and Pods", "link": { "type": "doc", - "id": "pages-for-subheaders/workloads-and-pods" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods" }, "items": [ "how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads", @@ -550,7 +550,7 @@ "label": "Horizontal Pod Autoscaler", "link": { "type": "doc", - "id": "pages-for-subheaders/horizontal-pod-autoscaler" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler" }, "items": [ "how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/about-hpas", @@ -564,7 +564,7 @@ "label": "Load Balancer and Ingress Controller", "link": { "type": "doc", - "id": "pages-for-subheaders/load-balancer-and-ingress-controller" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller" }, "items": [ "how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing", @@ -584,7 +584,7 @@ "label": "Helm Charts in Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/helm-charts-in-rancher" + "id": "how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher" }, "items": [ "how-to-guides/new-user-guides/helm-charts-in-rancher/create-apps" @@ -595,7 +595,7 @@ "label": "Deploying Apps Across Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/deploy-apps-across-clusters" + "id": "how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters" }, "items": [ "how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet", @@ -607,7 +607,7 @@ "label": "Backup, Restore, and Disaster Recovery", "link": { "type": "doc", - "id": "pages-for-subheaders/backup-restore-and-disaster-recovery" + "id": "how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery" }, "items": [ "how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-restore-usage-guide", @@ -629,7 +629,7 @@ "label": "Advanced User Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/advanced-user-guides" + "id": "how-to-guides/advanced-user-guides/advanced-user-guides" }, "items": [ { @@ -637,7 +637,7 @@ "label": "Project Administration", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-projects" + "id": "how-to-guides/advanced-user-guides/manage-projects/manage-projects" }, "items": [ "how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies", @@ -646,7 +646,7 @@ "label": "Project Resource Quotas", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-project-resource-quotas" + "id": "how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas" }, "items": [ "how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas", @@ -662,7 +662,7 @@ "label": "Monitoring/Alerting Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-alerting-guides" + "id": "how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides" }, "items": [ "how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring", @@ -676,7 +676,7 @@ "label": "Prometheus Federator Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/prometheus-federator-guides" + "id": "how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides" }, "items": [ "how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator", @@ -693,7 +693,7 @@ "label": "Monitoring V2 Configuration Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-v2-configuration-guides" + "id": "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides" }, "items": [ { @@ -701,7 +701,7 @@ "label": "Advanced Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/advanced-configuration" + "id": "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration" }, "items": [ "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager", @@ -716,7 +716,7 @@ "label": "Istio Setup Guide", "link": { "type": "doc", - "id": "pages-for-subheaders/istio-setup-guide" + "id": "how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide" }, "items": [ "how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster", @@ -732,7 +732,7 @@ "label": "CIS Scan Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/cis-scan-guides" + "id": "how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides" }, "items": [ "how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark", @@ -751,7 +751,7 @@ "label": "Enabling Experimental Features", "link": { "type": "doc", - "id": "pages-for-subheaders/enable-experimental-features" + "id": "how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features" }, "items": [ "how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64", @@ -778,7 +778,7 @@ "label": "Best Practices", "link": { "type": "doc", - "id": "pages-for-subheaders/best-practices" + "id": "reference-guides/best-practices/best-practices" }, "items": [ { @@ -786,7 +786,7 @@ "label": "Rancher Server", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-server" + "id": "reference-guides/best-practices/rancher-server/rancher-server" }, "items": [ "reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere", @@ -800,7 +800,7 @@ "label": "Rancher-Managed Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-managed-clusters" + "id": "reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters" }, "items": [ "reference-guides/best-practices/rancher-managed-clusters/logging-best-practices", @@ -816,7 +816,7 @@ "label": "Rancher Architecture", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-manager-architecture" + "id": "reference-guides/rancher-manager-architecture/rancher-manager-architecture" }, "items": [ "reference-guides/rancher-manager-architecture/rancher-server-and-components", @@ -829,7 +829,7 @@ "label": "Cluster Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/cluster-configuration" + "id": "reference-guides/cluster-configuration/cluster-configuration" }, "items": [ { @@ -837,7 +837,7 @@ "label": "Rancher Server Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-server-configuration" + "id": "reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration" }, "items": [ "reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration", @@ -850,7 +850,7 @@ "label": "GKE Cluster Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/gke-cluster-configuration" + "id": "reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration" }, "items": [ "reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters" @@ -861,7 +861,7 @@ "label": "Use Existing Nodes", "link": { "type": "doc", - "id": "pages-for-subheaders/use-existing-nodes" + "id": "reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes" }, "items": [ "reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options" @@ -875,7 +875,7 @@ "label": "Downstream Cluster Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/downstream-cluster-configuration" + "id": "reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration" }, "items": [ { @@ -883,7 +883,7 @@ "label": "Node Template Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/node-template-configuration" + "id": "reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration" }, "items": [ "reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2", @@ -898,7 +898,7 @@ "label": "Machine Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/machine-configuration" + "id": "reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration" }, "items": [ "reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2", @@ -915,7 +915,7 @@ "label": "Single-Node Rancher in Docker", "link": { "type": "doc", - "id": "pages-for-subheaders/single-node-rancher-in-docker" + "id": "reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker" }, "items": [ "reference-guides/single-node-rancher-in-docker/http-proxy-configuration", @@ -927,7 +927,7 @@ "label": "Backup & Restore Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/backup-restore-configuration" + "id": "reference-guides/backup-restore-configuration/backup-restore-configuration" }, "items": [ "reference-guides/backup-restore-configuration/backup-configuration", @@ -942,7 +942,7 @@ "label": "Monitoring V2 Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-v2-configuration" + "id": "reference-guides/monitoring-v2-configuration/monitoring-v2-configuration" }, "items": [ "reference-guides/monitoring-v2-configuration/receivers", @@ -957,7 +957,7 @@ "label": "Prometheus Federator", "link": { "type": "doc", - "id": "pages-for-subheaders/prometheus-federator" + "id": "reference-guides/prometheus-federator/prometheus-federator" }, "items": [ "reference-guides/prometheus-federator/rbac" @@ -968,7 +968,7 @@ "label": "User Settings", "link": { "type": "doc", - "id": "pages-for-subheaders/user-settings" + "id": "reference-guides/user-settings/user-settings" }, "items": [ "reference-guides/user-settings/api-keys", @@ -982,7 +982,7 @@ "label": "CLI with Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/cli-with-rancher" + "id": "reference-guides/cli-with-rancher/cli-with-rancher" }, "items": [ "reference-guides/cli-with-rancher/rancher-cli", @@ -994,7 +994,7 @@ "label": "About the API", "link": { "type": "doc", - "id": "pages-for-subheaders/about-the-api" + "id": "reference-guides/about-the-api/about-the-api" }, "items": [ "reference-guides/about-the-api/api-tokens" @@ -1010,7 +1010,7 @@ "label": "Rancher Security", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-security" + "id": "reference-guides/rancher-security/rancher-security" }, "items": [ { @@ -1018,7 +1018,7 @@ "label": "Hardening Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-hardening-guides" + "id": "reference-guides/rancher-security/hardening-guides/hardening-guides" }, "items": [ { @@ -1026,7 +1026,7 @@ "label": "RKE Hardening Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/rke1-hardening-guide" + "id": "reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-hardening-guide" }, "items": [ "reference-guides/rancher-security/hardening-guides/rke1-hardening-guide/rke1-self-assessment-guide-with-cis-v1.23-k8s-v1.23", @@ -1039,7 +1039,7 @@ "label": "RKE2 Hardening Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/rke2-hardening-guide" + "id": "reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-hardening-guide" }, "items": [ "reference-guides/rancher-security/hardening-guides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.23-k8s-v1.23", @@ -1052,7 +1052,7 @@ "label": "K3s Hardening Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/k3s-hardening-guide" + "id": "reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-hardening-guide" }, "items": [ "reference-guides/rancher-security/hardening-guides/k3s-hardening-guide/k3s-self-assessment-guide-with-cis-v1.23-k8s-v1.23", @@ -1067,7 +1067,7 @@ "label": "SELinux RPM", "link": { "type": "doc", - "id": "pages-for-subheaders/selinux-rpm" + "id": "reference-guides/rancher-security/selinux-rpm/selinux-rpm" }, "items": [ "reference-guides/rancher-security/selinux-rpm/about-rancher-selinux", @@ -1091,7 +1091,7 @@ "label": "Cloud Marketplace Integration", "link": { "type": "doc", - "id": "pages-for-subheaders/cloud-marketplace" + "id": "integrations-in-rancher/cloud-marketplace/cloud-marketplace" }, "items": [ { @@ -1099,7 +1099,7 @@ "label": "AWS Marketplace Integration", "link": { "type": "doc", - "id": "pages-for-subheaders/aws-cloud-marketplace" + "id": "integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace" }, "items": [ "integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements", @@ -1116,7 +1116,7 @@ "label": "CIS Scans", "link": { "type": "doc", - "id": "pages-for-subheaders/cis-scans" + "id": "integrations-in-rancher/cis-scans/cis-scans" }, "items": [ "integrations-in-rancher/cis-scans/configuration-reference", @@ -1130,7 +1130,7 @@ "label": "Continuous Delivery with Fleet", "link": { "type": "doc", - "id": "pages-for-subheaders/fleet-gitops-at-scale" + "id": "integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale" }, "items": [ "integrations-in-rancher/fleet-gitops-at-scale/architecture", @@ -1144,7 +1144,7 @@ "label": "Istio", "link": { "type": "doc", - "id": "pages-for-subheaders/istio" + "id": "integrations-in-rancher/istio/istio" }, "items": [ "integrations-in-rancher/istio/cpu-and-memory-allocations", @@ -1155,7 +1155,7 @@ "label": "Configuration Options", "link": { "type": "doc", - "id": "pages-for-subheaders/configuration-options" + "id": "integrations-in-rancher/istio/configuration-options/configuration-options" }, "items": [ "integrations-in-rancher/istio/configuration-options/pod-security-policies", @@ -1172,7 +1172,7 @@ "label": "Logging", "link": { "type": "doc", - "id": "pages-for-subheaders/logging" + "id": "integrations-in-rancher/logging/logging" }, "items": [ "integrations-in-rancher/logging/logging-architecture", @@ -1184,7 +1184,7 @@ "label": "Custom Resource Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/custom-resource-configuration" + "id": "integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration" }, "items": [ "integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows", @@ -1198,7 +1198,7 @@ "label": "Monitoring and Alerting", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-and-alerting" + "id": "integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting" }, "items": [ "integrations-in-rancher/monitoring-and-alerting/how-monitoring-works", @@ -1238,7 +1238,7 @@ "label": "Kubernetes Components", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-components" + "id": "troubleshooting/kubernetes-components/kubernetes-components" }, "items": [ "troubleshooting/kubernetes-components/troubleshooting-etcd-nodes", From 45835ea9a13abfd32f631a6837bcd13eb5449b63 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 11 Jan 2024 15:10:30 -0800 Subject: [PATCH 45/77] [2.7] Fix links to 'shared-files' module import --- .../kubernetes-clusters-in-rancher-setup.md | 2 +- .../new-user-guides/manage-clusters/manage-clusters.md | 2 +- .../cluster-configuration/cluster-configuration.md | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md index bb5e556d5c2..f088c16e1c4 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md @@ -19,7 +19,7 @@ For a conceptual overview of how the Rancher server provisions clusters and what The following table summarizes the options and settings available for each cluster type: -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../../shared-files/_cluster-capabilities-table.md'; diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md index 23fc13f7b51..fc05cfd581b 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md @@ -18,7 +18,7 @@ This section assumes a basic familiarity with Docker and Kubernetes. For a brief After clusters have been [provisioned into Rancher](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md), [cluster owners](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../../shared-files/_cluster-capabilities-table.md'; diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/cluster-configuration.md index 04264ce4b2d..7b15f647a03 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/cluster-configuration.md @@ -27,7 +27,6 @@ The options and settings available for an existing cluster change based on the m The following table summarizes the options and settings available for each cluster type: -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../shared-files/_cluster-capabilities-table.md'; - From 03347f79a21b93be49049de5a91d96ec6d5d1491 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 11 Jan 2024 15:12:32 -0800 Subject: [PATCH 46/77] [2.7] Add redirects for pages-for-subheaders removal --- docusaurus.config.js | 352 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 352 insertions(+) diff --git a/docusaurus.config.js b/docusaurus.config.js index 83c147f9c0f..30bff93f07a 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -245,6 +245,358 @@ module.exports = { { fromExtensions: ['html', 'htm'], redirects: [ + { // Redirects for pages-for-subheaders removal [2.7] + to: '/v2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers', + from: '/v2.7/pages-for-subheaders/about-provisioning-drivers' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates', + from: '/v2.7/pages-for-subheaders/about-rke1-templates' + }, + { + to: '/v2.7/reference-guides/about-the-api', + from: '/v2.7/pages-for-subheaders/about-the-api' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/manage-clusters/access-clusters', + from: '/v2.7/pages-for-subheaders/access-clusters' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration', + from: '/v2.7/pages-for-subheaders/advanced-configuration' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides', + from: '/v2.7/pages-for-subheaders/advanced-user-guides' + }, + { + to: '/v2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install', + from: '/v2.7/pages-for-subheaders/air-gapped-helm-cli-install' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config', + from: '/v2.7/pages-for-subheaders/authentication-config' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration', + from: '/v2.7/pages-for-subheaders/authentication-permissions-and-global-configuration' + }, + { + to: '/v2.7/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace', + from: '/v2.7/pages-for-subheaders/aws-cloud-marketplace' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery', + from: '/v2.7/pages-for-subheaders/backup-restore-and-disaster-recovery' + }, + { + to: '/v2.7/reference-guides/backup-restore-configuration', + from: '/v2.7/pages-for-subheaders/backup-restore-configuration' + }, + { + to: '/v2.7/reference-guides/best-practices', + from: '/v2.7/pages-for-subheaders/best-practices' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters', + from: '/v2.7/pages-for-subheaders/checklist-for-production-ready-clusters' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides/cis-scan-guides', + from: '/v2.7/pages-for-subheaders/cis-scan-guides' + }, + { + to: '/v2.7/integrations-in-rancher/cis-scans', + from: '/v2.7/pages-for-subheaders/cis-scans' + }, + { + to: '/v2.7/reference-guides/cli-with-rancher', + from: '/v2.7/pages-for-subheaders/cli-with-rancher' + }, + { + to: '/v2.7/integrations-in-rancher/cloud-marketplace', + from: '/v2.7/pages-for-subheaders/cloud-marketplace' + }, + { + to: '/v2.7/reference-guides/cluster-configuration', + from: '/v2.7/pages-for-subheaders/cluster-configuration' + }, + { + to: '/v2.7/integrations-in-rancher/istio/configuration-options', + from: '/v2.7/pages-for-subheaders/configuration-options' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml', + from: '/v2.7/pages-for-subheaders/configure-microsoft-ad-federation-service-saml' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap', + from: '/v2.7/pages-for-subheaders/configure-openldap' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml', + from: '/v2.7/pages-for-subheaders/configure-shibboleth-saml' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage', + from: '/v2.7/pages-for-subheaders/create-kubernetes-persistent-storage' + }, + { + to: '/v2.7/integrations-in-rancher/logging/custom-resource-configuration', + from: '/v2.7/pages-for-subheaders/custom-resource-configuration' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/deploy-apps-across-clusters', + from: '/v2.7/pages-for-subheaders/deploy-apps-across-clusters' + }, + { + to: '/v2.7/getting-started/quick-start-guides/deploy-rancher-manager', + from: '/v2.7/pages-for-subheaders/deploy-rancher-manager' + }, + { + to: '/v2.7/getting-started/quick-start-guides/deploy-workloads', + from: '/v2.7/pages-for-subheaders/deploy-rancher-workloads' + }, + { + to: '/v2.7/reference-guides/cluster-configuration/downstream-cluster-configuration', + from: '/v2.7/pages-for-subheaders/downstream-cluster-configuration' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides/enable-experimental-features', + from: '/v2.7/pages-for-subheaders/enable-experimental-features' + }, + { + to: '/v2.7/integrations-in-rancher/fleet-gitops-at-scale', + from: '/v2.7/pages-for-subheaders/fleet-gitops-at-scale' + }, + { + to: '/v2.7/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration', + from: '/v2.7/pages-for-subheaders/gke-cluster-configuration' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/helm-charts-in-rancher', + from: '/v2.7/pages-for-subheaders/helm-charts-in-rancher' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler', + from: '/v2.7/pages-for-subheaders/horizontal-pod-autoscaler' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/infrastructure-setup', + from: '/v2.7/pages-for-subheaders/infrastructure-setup' + }, + { + to: '/v2.7/getting-started/installation-and-upgrade', + from: '/v2.7/pages-for-subheaders/installation-and-upgrade' + }, + { + to: '/v2.7/getting-started/installation-and-upgrade/installation-references', + from: '/v2.7/pages-for-subheaders/installation-references' + }, + { + to: '/v2.7/getting-started/installation-and-upgrade/installation-requirements', + from: '/v2.7/pages-for-subheaders/installation-requirements' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler', + from: '/v2.7/pages-for-subheaders/install-cluster-autoscaler' + }, + { + to: '/v2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster', + from: '/v2.7/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster' + }, + { + to: '/v2.7/integrations-in-rancher/istio', + from: '/v2.7/pages-for-subheaders/istio' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides/istio-setup-guide', + from: '/v2.7/pages-for-subheaders/istio-setup-guide' + }, + { + to: '/v2.7/reference-guides/rancher-security/hardening-guides/k3s-hardening-guide', + from: '/v2.7/pages-for-subheaders/k3s-hardening-guide' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-cluster-setup', + from: '/v2.7/pages-for-subheaders/kubernetes-cluster-setup' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup', + from: '/v2.7/pages-for-subheaders/kubernetes-clusters-in-rancher-setup' + }, + { + to: '/v2.7/troubleshooting/kubernetes-components', + from: '/v2.7/pages-for-subheaders/kubernetes-components' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-resources-setup', + from: '/v2.7/pages-for-subheaders/kubernetes-resources-setup' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher', + from: '/v2.7/pages-for-subheaders/launch-kubernetes-with-rancher' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller', + from: '/v2.7/pages-for-subheaders/load-balancer-and-ingress-controller' + }, + { + to: '/v2.7/integrations-in-rancher/logging', + from: '/v2.7/pages-for-subheaders/logging' + }, + { + to: '/v2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration', + from: '/v2.7/pages-for-subheaders/machine-configuration' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/manage-clusters', + from: '/v2.7/pages-for-subheaders/manage-clusters' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas', + from: '/v2.7/pages-for-subheaders/manage-project-resource-quotas' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides/manage-projects', + from: '/v2.7/pages-for-subheaders/manage-projects' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac', + from: '/v2.7/pages-for-subheaders/manage-role-based-access-control-rbac' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides', + from: '/v2.7/pages-for-subheaders/monitoring-alerting-guides' + }, + { + to: '/v2.7/integrations-in-rancher/monitoring-and-alerting', + from: '/v2.7/pages-for-subheaders/monitoring-and-alerting' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides', + from: '/v2.7/pages-for-subheaders/monitoring-v2-configuration-guides' + }, + { + to: '/v2.7/reference-guides/monitoring-v2-configuration', + from: '/v2.7/pages-for-subheaders/monitoring-v2-configuration' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/new-user-guides', + from: '/v2.7/pages-for-subheaders/new-user-guides' + }, + { + to: '/v2.7/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration', + from: '/v2.7/pages-for-subheaders/node-template-configuration' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix', + from: '/v2.7/pages-for-subheaders/nutanix' + }, + { + to: '/v2.7/getting-started/installation-and-upgrade/other-installation-methods', + from: '/v2.7/pages-for-subheaders/other-installation-methods' + }, + { + to: '/v2.7/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides', + from: '/v2.7/pages-for-subheaders/prometheus-federator-guides' + }, + { + to: '/v2.7/reference-guides/prometheus-federator', + from: '/v2.7/pages-for-subheaders/prometheus-federator' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples', + from: '/v2.7/pages-for-subheaders/provisioning-storage-examples' + }, + { + to: '/v2.7/getting-started/quick-start-guides', + from: '/v2.7/pages-for-subheaders/quick-start-guides' + }, + { + to: '/v2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy', + from: '/v2.7/pages-for-subheaders/rancher-behind-an-http-proxy' + }, + { + to: '/v2.7/reference-guides/rancher-security/hardening-guides/', + from: '/v2.7/pages-for-subheaders/rancher-hardening-guides' + }, + { + to: '/v2.7/reference-guides/best-practices/rancher-managed-clusters', + from: '/v2.7/pages-for-subheaders/rancher-managed-clusters' + }, + { + to: '/v2.7/reference-guides/rancher-manager-architecture', + from: '/v2.7/pages-for-subheaders/rancher-manager-architecture' + }, + { + to: '/v2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker', + from: '/v2.7/pages-for-subheaders/rancher-on-a-single-node-with-docker' + }, + { + to: '/v2.7/reference-guides/rancher-security', + from: '/v2.7/pages-for-subheaders/rancher-security' + }, + { + to: '/v2.7/reference-guides/cluster-configuration/rancher-server-configuration', + from: '/v2.7/pages-for-subheaders/rancher-server-configuration' + }, + { + to: '/v2.7/reference-guides/best-practices/rancher-server', + from: '/v2.7/pages-for-subheaders/rancher-server' + }, + { + to: '/v2.7/getting-started/installation-and-upgrade/resources', + from: '/v2.7/pages-for-subheaders/resources' + }, + { + to: '/v2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide', + from: '/v2.7/pages-for-subheaders/rke1-hardening-guide' + }, + { + to: '/v2.7/reference-guides/rancher-security/hardening-guides/rke2-hardening-guide', + from: '/v2.7/pages-for-subheaders/rke2-hardening-guide' + }, + { + to: '/v2.7/reference-guides/rancher-security/selinux-rpm', + from: '/v2.7/pages-for-subheaders/selinux-rpm' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers', + from: '/v2.7/pages-for-subheaders/set-up-cloud-providers' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers', + from: '/v2.7/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers' + }, + { + to: '/v2.7/reference-guides/single-node-rancher-in-docker', + from: '/v2.7/pages-for-subheaders/single-node-rancher-in-docker' + }, + { + to: '/v2.7/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes', + from: '/v2.7/pages-for-subheaders/use-existing-nodes' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider', + from: '/v2.7/pages-for-subheaders/use-new-nodes-in-an-infra-provider' + }, + { + to: '/v2.7/reference-guides/user-settings', + from: '/v2.7/pages-for-subheaders/user-settings' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters', + from: '/v2.7/pages-for-subheaders/use-windows-clusters' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere', + from: '/v2.7/pages-for-subheaders/vsphere' + }, + { + to: '/v2.7/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods', + from: '/v2.7/pages-for-subheaders/workloads-and-pods' + }, // Redirects for pages-for-subheaders removal [2.7] (end) { // Redirects for dashboard#9970 to: '/v2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/rke1-vs-rke2-differences', from: '/v2.8/cluster-provisioning/rke-clusters/behavior-differences-between-rke1-and-rke2/' From 0513177b76c71742ea82fc213493cd0d756b925a Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 11 Jan 2024 15:39:11 -0800 Subject: [PATCH 47/77] [2.6] Move files out of pages-for-subheaders --- versioned_docs/version-2.6/faq/general-faq.md | 6 +- .../faq/rancher-is-no-longer-needed.md | 4 +- versioned_docs/version-2.6/faq/security.md | 4 +- .../version-2.6/faq/technical-items.md | 2 +- ...install-upgrade-on-a-kubernetes-cluster.md | 42 ++--- .../rancher-on-aks.md | 8 +- .../rancher-on-amazon-eks.md | 6 +- .../rancher-on-gke.md | 8 +- .../rollbacks.md | 2 +- .../upgrades.md | 2 +- .../installation-and-upgrade.md | 40 ++-- .../installation-references/feature-flags.md | 2 +- .../helm-chart-options.md | 8 +- .../installation-references.md | 9 + .../installation-requirements.md | 36 ++-- .../port-requirements.md | 10 +- .../air-gapped-helm-cli-install.md | 14 +- .../infrastructure-private-registry.md | 8 +- .../publish-images.md | 4 +- .../other-installation-methods.md | 6 +- .../rancher-behind-an-http-proxy.md | 8 +- .../set-up-infrastructure.md | 2 +- .../rancher-on-a-single-node-with-docker.md | 28 +-- .../roll-back-docker-installed-rancher.md | 2 +- .../upgrade-docker-installed-rancher.md | 16 +- .../resources/add-tls-secrets.md | 2 +- .../resources/choose-a-rancher-version.md | 4 +- .../resources/local-system-charts.md | 2 +- .../resources/resources.md | 29 +++ .../resources/update-rancher-certificate.md | 2 +- .../resources/upgrade-cert-manager.md | 2 +- .../upgrade-and-roll-back-kubernetes.md | 4 +- ...de-kubernetes-without-upgrading-rancher.md | 2 +- .../version-2.6/getting-started/overview.md | 20 +- .../deploy-rancher-manager/aws.md | 4 +- .../deploy-rancher-manager/azure.md | 4 +- .../deploy-rancher-manager.md | 24 +++ .../deploy-rancher-manager/digitalocean.md | 4 +- .../deploy-rancher-manager/equinix-metal.md | 6 +- .../deploy-rancher-manager/gcp.md | 4 +- .../deploy-rancher-manager/helm-cli.md | 6 +- .../deploy-rancher-manager/hetzner-cloud.md | 4 +- .../deploy-rancher-manager/outscale-qs.md | 4 +- .../deploy-rancher-manager/vagrant.md | 4 +- .../deploy-workloads/deploy-workloads.md} | 4 +- .../deploy-workloads/workload-ingress.md | 2 +- .../quick-start-guides}/quick-start-guides.md | 6 +- .../advanced-user-guides.md | 0 .../cis-scan-guides/cis-scan-guides.md | 17 ++ .../configure-layer-7-nginx-load-balancer.md | 10 +- .../enable-api-audit-log.md | 2 +- .../continuous-delivery.md | 2 +- .../enable-experimental-features.md | 6 +- .../istio-traffic-management-features.md | 4 +- .../rancher-on-arm64.md | 2 +- .../unsupported-storage-drivers.md | 2 +- .../enable-istio-in-cluster.md | 6 +- .../istio-setup-guide/istio-setup-guide.md | 34 ++++ .../manage-projects/ci-cd-pipelines.md | 2 +- .../manage-pod-security-policies.md | 2 +- .../manage-project-resource-quotas.md | 6 +- .../manage-projects}/manage-projects.md | 18 +- .../migrate-to-rancher-v2.5+-monitoring.md | 4 +- .../monitoring-alerting-guides.md | 15 ++ .../prometheus-federator-guides.md | 12 ++ .../advanced-configuration.md | 6 +- .../monitoring-v2-configuration-guides.md | 14 +- .../open-ports-with-firewalld.md | 2 +- .../tune-etcd-for-large-installs.md | 2 +- .../about-provisioning-drivers.md | 51 ++++++ .../manage-cluster-drivers.md | 2 +- .../about-rke1-templates.md | 42 ++--- .../about-rke1-templates/apply-templates.md | 4 +- .../about-rke1-templates/infrastructure.md | 2 +- .../manage-rke1-templates.md | 2 +- .../authentication-config.md | 30 +-- .../configure-active-directory.md | 4 +- .../configure-azure-ad.md | 2 +- .../configure-freeipa.md | 2 +- .../authentication-config/configure-github.md | 2 +- .../manage-users-and-groups.md | 2 +- ...on-permissions-and-global-configuration.md | 20 +- ...re-microsoft-ad-federation-service-saml.md | 6 +- .../configure-openldap}/configure-openldap.md | 6 +- .../openldap-config-reference.md | 2 +- .../configure-shibboleth-saml.md | 8 +- .../create-pod-security-policies.md | 4 +- .../global-default-private-registry.md | 2 +- .../custom-roles.md | 2 +- .../global-permissions.md | 4 +- .../manage-role-based-access-control-rbac.md | 6 +- ...up-rancher-launched-kubernetes-clusters.md | 8 +- .../backup-restore-and-disaster-recovery.md | 20 +- .../migrate-rancher-to-new-cluster.md | 2 +- ...aunched-kubernetes-clusters-from-backup.md | 6 +- .../deploy-apps-across-clusters.md | 4 +- .../multi-cluster-apps.md | 2 +- .../helm-charts-in-rancher.md | 2 +- .../ha-k3s-kubernetes-cluster.md | 4 +- .../ha-rke1-kubernetes-cluster.md | 2 +- .../ha-rke2-kubernetes-cluster.md | 2 +- .../infrastructure-setup.md | 4 +- .../nodes-in-amazon-ec2.md | 8 +- .../high-availability-installs.md | 2 +- .../kubernetes-cluster-setup.md | 0 .../rke1-for-rancher.md | 4 +- ...checklist-for-production-ready-clusters.md | 12 +- .../recommended-cluster-architecture.md | 2 +- .../roles-for-nodes-in-kubernetes.md | 2 +- .../kubernetes-clusters-in-rancher-setup.md | 18 +- ...quirements-for-rancher-managed-clusters.md | 12 +- .../register-existing-clusters.md | 10 +- .../set-up-cloud-providers/amazon.md | 2 +- .../set-up-cloud-providers.md | 8 +- .../aks.md | 2 +- .../gke.md | 6 +- ...usters-from-hosted-kubernetes-providers.md | 12 +- .../use-windows-clusters.md | 28 +-- .../horizontal-pod-autoscaler.md | 6 +- .../kubernetes-resources-setup.md | 32 ++-- .../load-balancer-and-ingress-controller.md | 12 +- .../workloads-and-pods/deploy-workloads.md | 4 +- .../workloads-and-pods}/workloads-and-pods.md | 6 +- .../about-rancher-agents.md | 8 +- .../launch-kubernetes-with-rancher.md | 10 +- .../create-a-digitalocean-cluster.md | 6 +- .../create-an-amazon-ec2-cluster.md | 12 +- .../create-an-azure-cluster.md | 6 +- .../nutanix}/nutanix.md | 6 +- .../provision-kubernetes-clusters-in-aos.md | 4 +- .../use-new-nodes-in-an-infra-provider.md | 8 +- ...rovision-kubernetes-clusters-in-vsphere.md | 6 +- .../vsphere}/vsphere.md | 10 +- .../access-clusters}/access-clusters.md | 14 +- .../access-clusters/add-users-to-clusters.md | 4 +- .../authorized-cluster-endpoint.md | 4 +- .../use-kubectl-and-kubeconfig.md | 2 +- .../add-a-pod-security-policy.md | 4 +- .../manage-clusters/clean-cluster-nodes.md | 6 +- .../create-kubernetes-persistent-storage.md | 20 +- .../about-glusterfs-volumes.md | 2 +- .../dynamically-provision-new-storage.md | 2 +- .../install-iscsi-volumes.md | 2 +- .../install-cluster-autoscaler.md | 2 +- .../use-aws-ec2-auto-scaling-groups.md | 2 +- .../manage-clusters}/manage-clusters.md | 4 +- .../manage-clusters/nodes-and-node-pools.md | 28 +-- .../projects-and-namespaces.md | 8 +- .../nfs-storage.md | 2 +- .../provisioning-storage-examples.md | 6 +- .../vsphere-storage.md | 2 +- .../new-user-guides/manage-namespaces.md | 10 +- .../new-user-guides}/new-user-guides.md | 0 .../cis-scans}/cis-scans.md | 14 +- .../aws-cloud-marketplace.md | 6 +- .../cloud-marketplace}/cloud-marketplace.md | 0 .../fleet-gitops-at-scale.md | 8 +- .../integrations-in-rancher/harvester.md | 4 +- .../configuration-options.md | 8 +- .../istio/cpu-and-memory-allocations.md | 4 +- .../istio}/istio.md | 20 +- .../custom-resource-configuration.md | 4 +- .../flows-and-clusterflows.md | 2 +- .../outputs-and-clusteroutputs.md | 2 +- .../logging/logging-helm-chart-options.md | 2 +- .../logging}/logging.md | 20 +- .../migrate-to-rancher-v2.5+-logging.md | 2 +- .../monitoring-and-alerting.md | 44 ++--- .../integrations-in-rancher/neuvector.md | 2 +- .../about-provisioning-drivers.md | 51 ------ .../backup-restore-configuration.md | 12 -- .../pages-for-subheaders/cis-scan-guides.md | 17 -- .../deploy-rancher-manager.md | 24 --- .../downstream-cluster-configuration.md | 9 - .../installation-references.md | 9 - .../pages-for-subheaders/istio-setup-guide.md | 34 ---- .../kubernetes-components.md | 21 --- .../machine-configuration.md | 9 - .../monitoring-alerting-guides.md | 15 -- .../monitoring-v2-configuration.md | 15 -- .../node-template-configuration.md | 9 - .../prometheus-federator-guides.md | 12 -- .../rancher-managed-clusters.md | 23 --- .../rancher-server-configuration.md | 16 -- .../pages-for-subheaders/rancher-server.md | 21 --- .../pages-for-subheaders/resources.md | 29 --- .../single-node-rancher-in-docker.md | 9 - .../pages-for-subheaders/user-settings.md | 19 -- .../about-the-api}/about-the-api.md | 4 +- .../about-the-api/api-tokens.md | 2 +- .../backup-restore-configuration.md | 12 ++ .../best-practices}/best-practices.md | 2 +- .../monitoring-best-practices.md | 6 +- .../rancher-managed-clusters.md | 23 +++ .../on-premises-rancher-in-vsphere.md | 2 +- .../rancher-server/rancher-server.md | 21 +++ .../tips-for-running-rancher.md | 4 +- ...and-best-practices-for-rancher-at-scale.md | 4 +- .../cli-with-rancher}/cli-with-rancher.md | 2 +- .../cli-with-rancher/rancher-cli.md | 10 +- .../cluster-configuration.md | 14 +- .../downstream-cluster-configuration.md | 9 + .../machine-configuration.md | 9 + .../node-template-configuration/amazon-ec2.md | 4 +- .../node-template-configuration.md | 9 + .../aks-cluster-configuration.md | 2 +- .../gke-cluster-configuration.md | 6 +- .../rancher-server-configuration.md | 16 ++ .../rke1-cluster-configuration.md | 10 +- .../rke2-cluster-configuration.md | 4 +- .../rancher-agent-options.md | 2 +- .../use-existing-nodes}/use-existing-nodes.md | 20 +- .../reference-guides/kubernetes-concepts.md | 2 +- .../monitoring-v2-configuration.md | 15 ++ .../pipelines/configure-persistent-data.md | 2 +- .../pipelines}/pipelines.md | 16 +- .../prometheus-federator.md | 4 +- .../prometheus-federator/rbac.md | 2 +- .../reference-guides/rancher-cluster-tools.md | 8 +- .../architecture-recommendations.md | 4 +- .../rancher-manager-architecture.md | 10 +- .../rancher-server-and-components.md | 4 +- .../reference-guides/rancher-project-tools.md | 4 +- .../rancher-security}/rancher-security.md | 12 +- .../rancher-v2.6-hardening-guides.md | 6 +- ...hardening-guide-with-cis-v1.6-benchmark.md | 2 +- .../selinux-rpm}/selinux-rpm.md | 2 +- .../advanced-options.md | 10 +- .../http-proxy-configuration.md | 4 +- .../single-node-rancher-in-docker.md | 9 + .../user-settings/api-keys.md | 2 +- .../user-settings/manage-cloud-credentials.md | 8 +- .../user-settings/manage-node-templates.md | 12 +- .../user-settings/user-settings.md | 19 ++ .../security/security-scan/security-scan.md | 2 +- .../_cluster-capabilities-table.md | 10 +- .../general-troubleshooting.md | 4 +- .../kubernetes-components.md | 21 +++ .../kubernetes-resources.md | 2 +- versioned_sidebars/version-2.6-sidebars.json | 172 +++++++++--------- 240 files changed, 1149 insertions(+), 1149 deletions(-) rename versioned_docs/version-2.6/{pages-for-subheaders => getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster}/install-upgrade-on-a-kubernetes-cluster.md (80%) rename versioned_docs/version-2.6/{pages-for-subheaders => getting-started/installation-and-upgrade}/installation-and-upgrade.md (59%) create mode 100644 versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/installation-references.md rename versioned_docs/version-2.6/{pages-for-subheaders => getting-started/installation-and-upgrade/installation-requirements}/installation-requirements.md (85%) rename versioned_docs/version-2.6/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install}/air-gapped-helm-cli-install.md (53%) rename versioned_docs/version-2.6/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods}/other-installation-methods.md (61%) rename versioned_docs/version-2.6/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy}/rancher-behind-an-http-proxy.md (55%) rename versioned_docs/version-2.6/{pages-for-subheaders => getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker}/rancher-on-a-single-node-with-docker.md (82%) create mode 100644 versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/resources.md create mode 100644 versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md rename versioned_docs/version-2.6/{pages-for-subheaders/deploy-rancher-workloads.md => getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md} (60%) rename versioned_docs/version-2.6/{pages-for-subheaders => getting-started/quick-start-guides}/quick-start-guides.md (60%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/advanced-user-guides}/advanced-user-guides.md (100%) create mode 100644 versioned_docs/version-2.6/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/advanced-user-guides/enable-experimental-features}/enable-experimental-features.md (88%) create mode 100644 versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas}/manage-project-resource-quotas.md (90%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/advanced-user-guides/manage-projects}/manage-projects.md (53%) create mode 100644 versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md create mode 100644 versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration}/advanced-configuration.md (51%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides}/monitoring-v2-configuration-guides.md (74%) create mode 100644 versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates}/about-rke1-templates.md (58%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config}/authentication-config.md (78%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration}/authentication-permissions-and-global-configuration.md (65%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml}/configure-microsoft-ad-federation-service-saml.md (76%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap}/configure-openldap.md (90%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml}/configure-shibboleth-saml.md (91%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac}/manage-role-based-access-control-rbac.md (73%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/backup-restore-and-disaster-recovery}/backup-restore-and-disaster-recovery.md (75%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/deploy-apps-across-clusters}/deploy-apps-across-clusters.md (72%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/helm-charts-in-rancher}/helm-charts-in-rancher.md (97%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/infrastructure-setup}/infrastructure-setup.md (58%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-cluster-setup}/kubernetes-cluster-setup.md (100%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters}/checklist-for-production-ready-clusters.md (77%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup}/kubernetes-clusters-in-rancher-setup.md (78%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers}/set-up-cloud-providers.md (73%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers}/set-up-clusters-from-hosted-kubernetes-providers.md (67%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters}/use-windows-clusters.md (84%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler}/horizontal-pod-autoscaler.md (70%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup}/kubernetes-resources-setup.md (52%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller}/load-balancer-and-ingress-controller.md (78%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods}/workloads-and-pods.md (92%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher}/launch-kubernetes-with-rancher.md (85%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix}/nutanix.md (65%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider}/use-new-nodes-in-an-infra-provider.md (92%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere}/vsphere.md (64%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/access-clusters}/access-clusters.md (61%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage}/create-kubernetes-persistent-storage.md (66%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler}/install-cluster-autoscaler.md (91%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters}/manage-clusters.md (70%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples}/provisioning-storage-examples.md (64%) rename versioned_docs/version-2.6/{pages-for-subheaders => how-to-guides/new-user-guides}/new-user-guides.md (100%) rename versioned_docs/version-2.6/{pages-for-subheaders => integrations-in-rancher/cis-scans}/cis-scans.md (84%) rename versioned_docs/version-2.6/{pages-for-subheaders => integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace}/aws-cloud-marketplace.md (75%) rename versioned_docs/version-2.6/{pages-for-subheaders => integrations-in-rancher/cloud-marketplace}/cloud-marketplace.md (100%) rename versioned_docs/version-2.6/{pages-for-subheaders => integrations-in-rancher/fleet-gitops-at-scale}/fleet-gitops-at-scale.md (86%) rename versioned_docs/version-2.6/{pages-for-subheaders => integrations-in-rancher/istio/configuration-options}/configuration-options.md (81%) rename versioned_docs/version-2.6/{pages-for-subheaders => integrations-in-rancher/istio}/istio.md (88%) rename versioned_docs/version-2.6/{pages-for-subheaders => integrations-in-rancher/logging/custom-resource-configuration}/custom-resource-configuration.md (51%) rename versioned_docs/version-2.6/{pages-for-subheaders => integrations-in-rancher/logging}/logging.md (83%) rename versioned_docs/version-2.6/{pages-for-subheaders => integrations-in-rancher/monitoring-and-alerting}/monitoring-and-alerting.md (65%) delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/about-provisioning-drivers.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/backup-restore-configuration.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/cis-scan-guides.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/deploy-rancher-manager.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/downstream-cluster-configuration.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/installation-references.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/istio-setup-guide.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/kubernetes-components.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/machine-configuration.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/monitoring-alerting-guides.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/monitoring-v2-configuration.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/node-template-configuration.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/prometheus-federator-guides.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/rancher-managed-clusters.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/rancher-server-configuration.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/rancher-server.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/resources.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/single-node-rancher-in-docker.md delete mode 100644 versioned_docs/version-2.6/pages-for-subheaders/user-settings.md rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/about-the-api}/about-the-api.md (92%) create mode 100644 versioned_docs/version-2.6/reference-guides/backup-restore-configuration/backup-restore-configuration.md rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/best-practices}/best-practices.md (95%) create mode 100644 versioned_docs/version-2.6/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md create mode 100644 versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/rancher-server.md rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/cli-with-rancher}/cli-with-rancher.md (67%) rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/cluster-configuration}/cluster-configuration.md (50%) create mode 100644 versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md create mode 100644 versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md create mode 100644 versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration}/gke-cluster-configuration.md (96%) create mode 100644 versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes}/use-existing-nodes.md (67%) create mode 100644 versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/pipelines}/pipelines.md (90%) rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/prometheus-federator}/prometheus-federator.md (97%) rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/rancher-manager-architecture}/rancher-manager-architecture.md (50%) rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/rancher-security}/rancher-security.md (89%) rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/rancher-security/rancher-v2.6-hardening-guides}/rancher-v2.6-hardening-guides.md (79%) rename versioned_docs/version-2.6/{pages-for-subheaders => reference-guides/rancher-security/selinux-rpm}/selinux-rpm.md (85%) create mode 100644 versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md create mode 100644 versioned_docs/version-2.6/reference-guides/user-settings/user-settings.md create mode 100644 versioned_docs/version-2.6/troubleshooting/kubernetes-components/kubernetes-components.md diff --git a/versioned_docs/version-2.6/faq/general-faq.md b/versioned_docs/version-2.6/faq/general-faq.md index 93c58e2ab93..146761ac85f 100644 --- a/versioned_docs/version-2.6/faq/general-faq.md +++ b/versioned_docs/version-2.6/faq/general-faq.md @@ -16,15 +16,15 @@ Swarm and Mesos are no longer selectable options when you create a new environme ## Is it possible to manage Azure Kubernetes Services with Rancher v2.x? -Yes. See our [Cluster Administration](../pages-for-subheaders/manage-clusters.md) guide for what Rancher features are available on AKS, as well as our [documentation on AKS](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md). +Yes. See our [Cluster Administration](../how-to-guides/new-user-guides/manage-clusters/manage-clusters.md) guide for what Rancher features are available on AKS, as well as our [documentation on AKS](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md). ## Does Rancher support Windows? -Yes. Rancher supports Windows Server 1809 containers. For details on how to set up a cluster with Windows worker nodes, refer to the section on [configuring custom clusters for Windows.](../pages-for-subheaders/use-windows-clusters.md) +Yes. Rancher supports Windows Server 1809 containers. For details on how to set up a cluster with Windows worker nodes, refer to the section on [configuring custom clusters for Windows.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md) ## Does Rancher support Istio? -Yes. Rancher supports [Istio](../pages-for-subheaders/istio.md). +Yes. Rancher supports [Istio](../integrations-in-rancher/istio/istio.md). ## Will Rancher v2.x support Hashicorp's Vault for storing secrets? diff --git a/versioned_docs/version-2.6/faq/rancher-is-no-longer-needed.md b/versioned_docs/version-2.6/faq/rancher-is-no-longer-needed.md index 7c74b3946b6..f1fd2701d5d 100644 --- a/versioned_docs/version-2.6/faq/rancher-is-no-longer-needed.md +++ b/versioned_docs/version-2.6/faq/rancher-is-no-longer-needed.md @@ -19,7 +19,7 @@ The capability to access a downstream cluster without Rancher depends on the typ - **Registered clusters:** The cluster will be unaffected and you can access the cluster using the same methods that you did before the cluster was registered into Rancher. - **Hosted Kubernetes clusters:** If you created the cluster in a cloud-hosted Kubernetes provider such as EKS, GKE, or AKS, you can continue to manage the cluster using your provider's cloud credentials. -- **RKE clusters:** To access an [RKE cluster,](../pages-for-subheaders/launch-kubernetes-with-rancher.md) the cluster must have the [authorized cluster endpoint](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled, and you must have already downloaded the cluster's kubeconfig file from the Rancher UI. (The authorized cluster endpoint is enabled by default for RKE clusters.) With this endpoint, you can access your cluster with kubectl directly instead of communicating through the Rancher server's [authentication proxy.](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#1-the-authentication-proxy) For instructions on how to configure kubectl to use the authorized cluster endpoint, refer to the section about directly accessing clusters with [kubectl and the kubeconfig file.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) These clusters will use a snapshot of the authentication as it was configured when Rancher was removed. +- **RKE clusters:** To access an [RKE cluster,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) the cluster must have the [authorized cluster endpoint](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled, and you must have already downloaded the cluster's kubeconfig file from the Rancher UI. (The authorized cluster endpoint is enabled by default for RKE clusters.) With this endpoint, you can access your cluster with kubectl directly instead of communicating through the Rancher server's [authentication proxy.](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#1-the-authentication-proxy) For instructions on how to configure kubectl to use the authorized cluster endpoint, refer to the section about directly accessing clusters with [kubectl and the kubeconfig file.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) These clusters will use a snapshot of the authentication as it was configured when Rancher was removed. ### What if I don't want Rancher anymore? @@ -29,7 +29,7 @@ The previously recommended [System Tools](../reference-guides/system-tools.md) h ::: -If you [installed Rancher on a Kubernetes cluster,](../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) remove Rancher by using the [Rancher Cleanup](https://github.com/rancher/rancher-cleanup) tool. +If you [installed Rancher on a Kubernetes cluster,](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) remove Rancher by using the [Rancher Cleanup](https://github.com/rancher/rancher-cleanup) tool. As of Rancher v2.5.8, uninstalling Rancher in high-availability (HA) mode will also remove all `helm-operation-*` pods and the following apps: diff --git a/versioned_docs/version-2.6/faq/security.md b/versioned_docs/version-2.6/faq/security.md index 447fb53d7de..684444e7303 100644 --- a/versioned_docs/version-2.6/faq/security.md +++ b/versioned_docs/version-2.6/faq/security.md @@ -9,10 +9,10 @@ title: Security **Is there a Hardening Guide?** -The Hardening Guide is now located in the main [Security](../pages-for-subheaders/rancher-security.md) section. +The Hardening Guide is now located in the main [Security](../reference-guides/rancher-security/rancher-security.md) section.
    **What are the results of Rancher's Kubernetes cluster when it is CIS benchmarked?** -We have run the CIS Kubernetes benchmark against a hardened Rancher Kubernetes cluster. The results of that assessment can be found in the main [Security](../pages-for-subheaders/rancher-security.md) section. +We have run the CIS Kubernetes benchmark against a hardened Rancher Kubernetes cluster. The results of that assessment can be found in the main [Security](../reference-guides/rancher-security/rancher-security.md) section. diff --git a/versioned_docs/version-2.6/faq/technical-items.md b/versioned_docs/version-2.6/faq/technical-items.md index 8437ee3995c..db2500b7fbf 100644 --- a/versioned_docs/version-2.6/faq/technical-items.md +++ b/versioned_docs/version-2.6/faq/technical-items.md @@ -55,7 +55,7 @@ Node Templates can be accessed by opening your account menu (top right) and sele ### Why is my Layer-4 Load Balancer in `Pending` state? -The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers](../pages-for-subheaders/set-up-cloud-providers.md) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) +The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) ### Where is the state of Rancher stored? diff --git a/versioned_docs/version-2.6/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md similarity index 80% rename from versioned_docs/version-2.6/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md rename to versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md index cccb399eeae..650cbc32f80 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md @@ -24,12 +24,12 @@ Rancher can be installed on any Kubernetes cluster. This cluster can use upstrea For help setting up a Kubernetes cluster, we provide these tutorials: -- **RKE:** For the tutorial to install an RKE Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md) For help setting up the infrastructure for a high-availability RKE cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) -- **K3s:** For the tutorial to install a K3s Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/k3s-for-rancher.md) For help setting up the infrastructure for a high-availability K3s cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) -- **RKE2:** For the tutorial to install an RKE2 Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke2-for-rancher.md) For help setting up the infrastructure for a high-availability RKE2 cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md) -- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) -- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) -- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) GKE has two modes of operation when creating a Kubernetes cluster, Autopilot and Standard mode. The cluster configuration for Autopilot mode has restrictions on editing the kube-system namespace. However, Rancher needs to create resources in the kube-system namespace during installation. As a result, you will not be able to install Rancher on a GKE cluster created in Autopilot mode. +- **RKE:** For the tutorial to install an RKE Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md) For help setting up the infrastructure for a high-availability RKE cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) +- **K3s:** For the tutorial to install a K3s Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/k3s-for-rancher.md) For help setting up the infrastructure for a high-availability K3s cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) +- **RKE2:** For the tutorial to install an RKE2 Kubernetes cluster, refer to [this page.](../../../how-to-guides/new-user-guides/kubernetes-cluster-setup/rke2-for-rancher.md) For help setting up the infrastructure for a high-availability RKE2 cluster, refer to [this page.](../../../how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md) +- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-amazon-eks.md) +- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-aks.md) +- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an Ingress controller so that the Rancher server can be accessed, refer to [this page.](rancher-on-gke.md) GKE has two modes of operation when creating a Kubernetes cluster, Autopilot and Standard mode. The cluster configuration for Autopilot mode has restrictions on editing the kube-system namespace. However, Rancher needs to create resources in the kube-system namespace during installation. As a result, you will not be able to install Rancher on a GKE cluster created in Autopilot mode. ### Ingress Controller @@ -46,17 +46,17 @@ Examples are included in the **Amazon EKS**, **AKS**, and **GKE** tutorials abov The following CLI tools are required for setting up the Kubernetes cluster. Please make sure these tools are installed and available in your `$PATH`. - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) - Kubernetes command-line tool. -- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements](../getting-started/installation-and-upgrade/resources/helm-version-requirements.md) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. +- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements](../resources/helm-version-requirements.md) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. ## Install the Rancher Helm Chart Rancher is installed using the [Helm](https://helm.sh/) package manager for Kubernetes. Helm charts provide templating syntax for Kubernetes YAML manifest documents. With Helm, we can create configurable deployments instead of just using static files. -For systems without direct internet access, see [Air Gap: Kubernetes install](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md). +For systems without direct internet access, see [Air Gap: Kubernetes install](../other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md). -To choose a Rancher version to install, refer to [Choosing a Rancher Version.](../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md) +To choose a Rancher version to install, refer to [Choosing a Rancher Version.](../resources/choose-a-rancher-version.md) -To choose a version of Helm to install Rancher with, refer to the [Helm version requirements](../getting-started/installation-and-upgrade/resources/helm-version-requirements.md) +To choose a version of Helm to install Rancher with, refer to the [Helm version requirements](../resources/helm-version-requirements.md) :::note @@ -76,7 +76,7 @@ To set up Rancher, ### 1. Add the Helm Chart Repository -Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Rancher Version](../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md). +Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Rancher Version](../resources/choose-a-rancher-version.md). - Latest: Recommended for trying out the newest features ``` @@ -106,7 +106,7 @@ The Rancher management server is designed to be secure by default and requires S :::note -If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination). +If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer](../installation-references/helm-chart-options.md#external-tls-termination). ::: @@ -131,7 +131,7 @@ New in v2.6.4, cert-manager versions 1.6.2 and 1.7.1 are compatible. We recommen ::: -> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination). +> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer](../installation-references/helm-chart-options.md#external-tls-termination). This step is only required to use certificates issued by Rancher's generated CA (`ingress.tls.source=rancher`) or to request Let's Encrypt issued certificates (`ingress.tls.source=letsEncrypt`). @@ -140,7 +140,7 @@ This step is only required to use certificates issued by Rancher's generated CA :::note Important: -Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation](../getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md). +Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation](../resources/upgrade-cert-manager.md). ::: @@ -279,7 +279,7 @@ Although an entry in the `Subject Alternative Names` is technically required, ha :::note -If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?](../faq/technical-items.md#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate) +If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?](../../../faq/technical-items.md#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate) ::: @@ -311,18 +311,18 @@ helm install rancher rancher-/rancher \ --set privateCA=true ``` -Now that Rancher is deployed, see [Adding TLS Secrets](../getting-started/installation-and-upgrade/resources/add-tls-secrets.md) to publish the certificate files so Rancher and the Ingress controller can use them. +Now that Rancher is deployed, see [Adding TLS Secrets](../resources/add-tls-secrets.md) to publish the certificate files so Rancher and the Ingress controller can use them.     The Rancher chart configuration has many options for customizing the installation to suit your specific environment. Here are some common advanced scenarios. -- [HTTP Proxy](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#http-proxy) -- [Private container image Registry](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#private-registry-and-air-gap-installs) -- [TLS Termination on an External Load Balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination) +- [HTTP Proxy](../installation-references/helm-chart-options.md#http-proxy) +- [Private container image Registry](../installation-references/helm-chart-options.md#private-registry-and-air-gap-installs) +- [TLS Termination on an External Load Balancer](../installation-references/helm-chart-options.md#external-tls-termination) -See the [Chart Options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md) for the full list of options. +See the [Chart Options](../installation-references/helm-chart-options.md) for the full list of options. ### 6. Verify that the Rancher Server is Successfully Deployed @@ -355,4 +355,4 @@ That's it. You should have a functional Rancher server. In a web browser, go to the DNS name that forwards traffic to your load balancer. Then you should be greeted by the colorful login page. -Doesn't work? Take a look at the [Troubleshooting](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md) Page +Doesn't work? Take a look at the [Troubleshooting](troubleshooting.md) Page diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md index 1d6a099fd9f..328e1aa7863 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md @@ -10,7 +10,7 @@ This page covers how to install Rancher on Microsoft's Azure Kubernetes Service The guide uses command line tools to provision an AKS cluster with an ingress. If you prefer to provision your cluster using the Azure portal, refer to the [official documentation](https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal). -If you already have an AKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have an AKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Prerequisites @@ -23,7 +23,7 @@ Deploying to Microsoft Azure will incur charges. - [Microsoft Azure Account](https://azure.microsoft.com/en-us/free/): A Microsoft Azure Account is required to create resources for deploying Rancher and Kubernetes. - [Microsoft Azure Subscription](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal): Use this link to follow a tutorial to create a Microsoft Azure subscription if you don't have one yet. - [Micsoroft Azure Tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant): Use this link and follow instructions to create a Microsoft Azure tenant. -- Your subscription has sufficient quota for at least 2 vCPUs. For details on Rancher server resource requirements, refer to [this section](../../../pages-for-subheaders/installation-requirements.md) +- Your subscription has sufficient quota for at least 2 vCPUs. For details on Rancher server resource requirements, refer to [this section](../installation-requirements/installation-requirements.md) - When installing Rancher with Helm in Azure, use the L7 load balancer to avoid networking issues. For more information, refer to the documentation on [Azure load balancer limitations](https://docs.microsoft.com/en-us/azure/load-balancer/components#limitations). ## 1. Prepare your Workstation @@ -137,7 +137,7 @@ There are many valid ways to set up the DNS. For help, refer to the [Azure DNS d ## 8. Install the Rancher Helm Chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use that DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -149,4 +149,4 @@ When installing Rancher on top of this setup, you will also need to pass the val --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md index 8cfd6d24b98..f4207987a54 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md @@ -8,7 +8,7 @@ title: Installing Rancher on Amazon EKS This page covers installing Rancher on an Amazon EKS cluster. You can also [install Rancher through the AWS Marketplace](../../quick-start-guides/deploy-rancher-manager/aws-marketplace.md). -If you already have an EKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have an EKS Kubernetes cluster, skip to the step about [installing an ingress.](#5-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Creating an EKS Cluster for the Rancher Server @@ -142,7 +142,7 @@ There are many valid ways to set up the DNS. For help, refer to the AWS document ### 8. Install the Rancher Helm Chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use that DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -154,4 +154,4 @@ When installing Rancher on top of this setup, you will also need to pass the val --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md index 5a1988fa8ca..08b2623ee5a 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md @@ -8,13 +8,13 @@ title: Installing Rancher on a Google Kubernetes Engine Cluster In this section, you'll learn how to install Rancher using Google Kubernetes Engine. -If you already have a GKE Kubernetes cluster, skip to the step about [installing an ingress.](#7-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) +If you already have a GKE Kubernetes cluster, skip to the step about [installing an ingress.](#7-install-an-ingress) Then install the Rancher Helm chart following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) ## Prerequisites - You will need a Google account. - You will need a Google Cloud billing account. You can manage your Cloud Billing accounts using the Google Cloud Console. For more information about the Cloud Console, visit [General guide to the console.](https://support.google.com/cloud/answer/3465889?hl=en&ref_topic=3340599) -- You will need a cloud quota for at least one in-use IP address and at least 2 CPUs. For more details about hardware requirements for the Rancher server, refer to [this section.](../../../pages-for-subheaders/installation-requirements.md) +- You will need a cloud quota for at least one in-use IP address and at least 2 CPUs. For more details about hardware requirements for the Rancher server, refer to [this section.](../installation-requirements/installation-requirements.md) ## 1. Enable the Kubernetes Engine API @@ -184,7 +184,7 @@ There are many valid ways to set up the DNS. For help, refer to the Google Cloud ## 10. Install the Rancher Helm chart -Next, install the Rancher Helm chart by following the instructions on [this page.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. +Next, install the Rancher Helm chart by following the instructions on [this page.](install-upgrade-on-a-kubernetes-cluster.md#install-the-rancher-helm-chart) The Helm instructions are the same for installing Rancher on any Kubernetes distribution. Use the DNS name from the previous step as the Rancher server URL when you install Rancher. It can be passed in as a Helm option. For example, if the DNS name is `rancher.my.org`, you could run the Helm installation command with the option `--set hostname=rancher.my.org`. @@ -196,4 +196,4 @@ When installing Rancher on top of this setup, you will also need to pass the val --set ingress.ingressClassName=nginx ``` -Refer [here for the Helm install command](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. +Refer [here for the Helm install command](install-upgrade-on-a-kubernetes-cluster.md#5-install-rancher-with-helm-and-your-chosen-certificate-option) for your chosen certificate option. diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md index 5280cbdee32..09ba8e7b904 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks.md @@ -29,7 +29,7 @@ A restore is performed by creating a Restore custom resource. 1. In the left navigation bar, click **Rancher Backups > Restore**. :::note - If the Rancher Backups app is not visible, you will need to install it from the Charts page in **Apps & Marketplace** (Rancher before v2.6.5) or **Apps** (Rancher v2.6.5+). Refer [here](../../../pages-for-subheaders/helm-charts-in-rancher.md#charts) for more information. + If the Rancher Backups app is not visible, you will need to install it from the Charts page in **Apps & Marketplace** (Rancher before v2.6.5) or **Apps** (Rancher v2.6.5+). Refer [here](../../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md#charts) for more information. ::: diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index 64e314a5a9b..913df3d96c4 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -36,7 +36,7 @@ For migration of installs started with Helm 2, refer to the official [Helm 2 to ### For air-gapped installs: Populate private registry -For [air-gapped installs only,](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version. Follow the guide to [populate your private registry](../other-installation-methods/air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. +For [air-gapped installs only,](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version. Follow the guide to [populate your private registry](../other-installation-methods/air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. ### For upgrades with cert-manager older than 0.8.0 diff --git a/versioned_docs/version-2.6/pages-for-subheaders/installation-and-upgrade.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-and-upgrade.md similarity index 59% rename from versioned_docs/version-2.6/pages-for-subheaders/installation-and-upgrade.md rename to versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-and-upgrade.md index 3077b14edc2..f9067e831b7 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/installation-and-upgrade.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-and-upgrade.md @@ -18,7 +18,7 @@ In this section, - **K3s (Lightweight Kubernetes)** is also a fully compliant Kubernetes distribution. It is newer than RKE, easier to use, and more lightweight, with a binary size of less than 100 MB. - **RKE2** is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector. -Note the `restrictedAdmin` Helm chart option available for **the Rancher Server**. When this option is set to true, the initial Rancher user has restricted access to the local Kubernetes cluster to prevent privilege escalation. For more information, see the section about the [restricted-admin role.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) +Note the `restrictedAdmin` Helm chart option available for **the Rancher Server**. When this option is set to true, the initial Rancher user has restricted access to the local Kubernetes cluster to prevent privilege escalation. For more information, see the section about the [restricted-admin role.](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) ## Overview of Installation Options @@ -30,7 +30,7 @@ We recommend using Helm, a Kubernetes package manager, to install Rancher on mul ### Rancher on EKS Install with the AWS Marketplace -Rancher can be installed on to Amazon Elastic Kubernetes Service (EKS) [through the AWS Marketplace](../getting-started/quick-start-guides/deploy-rancher-manager/aws-marketplace.md). The EKS cluster deployed is production-ready and follows AWS best practices. +Rancher can be installed on to Amazon Elastic Kubernetes Service (EKS) [through the AWS Marketplace](../quick-start-guides/deploy-rancher-manager/aws-marketplace.md). The EKS cluster deployed is production-ready and follows AWS best practices. ### Single-node Kubernetes Install @@ -42,7 +42,7 @@ However, this option is useful if you want to save resources by using a single n For test and demonstration purposes, Rancher can be installed with Docker on a single node. A local Kubernetes cluster is installed in the single Docker container, and Rancher is installed on the local cluster. -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) ### Other Options @@ -50,9 +50,9 @@ There are also separate instructions for installing Rancher in an air gap enviro | Level of Internet Access | Kubernetes Installation - Strongly Recommended | Docker Installation | | ---------------------------------- | ------------------------------ | ---------- | -| With direct access to the Internet | [Docs](install-upgrade-on-a-kubernetes-cluster.md) | [Docs](rancher-on-a-single-node-with-docker.md) | -| Behind an HTTP proxy | [Docs](rancher-behind-an-http-proxy.md) | These [docs,](rancher-on-a-single-node-with-docker.md) plus this [configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) | -| In an air gap environment | [Docs](air-gapped-helm-cli-install.md) | [Docs](air-gapped-helm-cli-install.md) | +| With direct access to the Internet | [Docs](install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) | [Docs](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) | +| Behind an HTTP proxy | [Docs](other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md) | These [docs,](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) plus this [configuration](../../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) | +| In an air gap environment | [Docs](other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) | [Docs](other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) | We recommend installing Rancher on a Kubernetes cluster, because in a multi-node cluster, the Rancher management server becomes highly available. This high-availability configuration helps maintain consistent access to the downstream Kubernetes clusters that Rancher will manage. @@ -60,29 +60,29 @@ For that reason, we recommend that for a production-grade architecture, you shou For testing or demonstration purposes, you can install Rancher in single Docker container. In this Docker install, you can use Rancher to set up Kubernetes clusters out-of-the-box. The Docker install allows you to explore the Rancher server functionality, but it is intended to be used for development and testing purposes only. -Our [instructions for installing Rancher on Kubernetes](install-upgrade-on-a-kubernetes-cluster.md) describe how to first use K3s or RKE to create and manage a Kubernetes cluster, then install Rancher onto that cluster. +Our [instructions for installing Rancher on Kubernetes](install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) describe how to first use K3s or RKE to create and manage a Kubernetes cluster, then install Rancher onto that cluster. -When the nodes in your Kubernetes cluster are running and fulfill the [node requirements,](installation-requirements.md) you will use Helm to deploy Rancher onto Kubernetes. Helm uses Rancher's Helm chart to install a replica of Rancher on each node in the Kubernetes cluster. We recommend using a load balancer to direct traffic to each replica of Rancher in the cluster. +When the nodes in your Kubernetes cluster are running and fulfill the [node requirements,](installation-requirements/installation-requirements.md) you will use Helm to deploy Rancher onto Kubernetes. Helm uses Rancher's Helm chart to install a replica of Rancher on each node in the Kubernetes cluster. We recommend using a load balancer to direct traffic to each replica of Rancher in the cluster. -For a longer discussion of Rancher architecture, refer to the [architecture overview,](rancher-manager-architecture.md) [recommendations for production-grade architecture,](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) or our [best practices guide.](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) +For a longer discussion of Rancher architecture, refer to the [architecture overview,](../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) [recommendations for production-grade architecture,](../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) or our [best practices guide.](../../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) ## Prerequisites -Before installing Rancher, make sure that your nodes fulfill all of the [installation requirements.](installation-requirements.md) +Before installing Rancher, make sure that your nodes fulfill all of the [installation requirements.](installation-requirements/installation-requirements.md) ## Architecture Tip -For the best performance and greater security, we recommend a separate, dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and greater security, we recommend a separate, dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. -For more architecture recommendations, refer to [this page.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +For more architecture recommendations, refer to [this page.](../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) ### More Options for Installations on a Kubernetes Cluster -Refer to the [Helm chart options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md) for details on installing Rancher on a Kubernetes cluster with other configurations, including: +Refer to the [Helm chart options](installation-references/helm-chart-options.md) for details on installing Rancher on a Kubernetes cluster with other configurations, including: -- With [API auditing to record all transactions](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#api-audit-log) -- With [TLS termination on a load balancer](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#external-tls-termination) -- With a [custom Ingress](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md#customizing-your-ingress) +- With [API auditing to record all transactions](installation-references/helm-chart-options.md#api-audit-log) +- With [TLS termination on a load balancer](installation-references/helm-chart-options.md#external-tls-termination) +- With a [custom Ingress](installation-references/helm-chart-options.md#customizing-your-ingress) In the Rancher installation instructions, we recommend using K3s or RKE to set up a Kubernetes cluster before installing Rancher on the cluster. Both K3s and RKE have many configuration options for customizing the Kubernetes cluster to suit your specific environment. For the full list of their capabilities, refer to their documentation: @@ -91,8 +91,8 @@ In the Rancher installation instructions, we recommend using K3s or RKE to set u ### More Options for Installations with Docker -Refer to the [docs about options for Docker installs](rancher-on-a-single-node-with-docker.md) for details about other configurations including: +Refer to the [docs about options for Docker installs](other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) for details about other configurations including: -- With [API auditing to record all transactions](../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) -- With an [external load balancer](../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) -- With a [persistent data store](../reference-guides/single-node-rancher-in-docker/advanced-options.md#persistent-data) +- With [API auditing to record all transactions](../../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) +- With an [external load balancer](../../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) +- With a [persistent data store](../../reference-guides/single-node-rancher-in-docker/advanced-options.md#persistent-data) diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/feature-flags.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/feature-flags.md index 5aa6014362d..6a4f092a014 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/feature-flags.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/feature-flags.md @@ -8,7 +8,7 @@ title: Feature Flags With feature flags, you can try out optional or experimental features, and enable legacy features that are being phased out. -To learn more about feature values and how to enable them, see [Enabling Experimental Features](../../../pages-for-subheaders/enable-experimental-features.md). +To learn more about feature values and how to enable them, see [Enabling Experimental Features](../../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md). :::note diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index b9f659aea3e..db62680bc5a 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -11,7 +11,7 @@ This page is a configuration reference for the Rancher Helm chart. For help choosing a Helm chart version, refer to [this page.](../../../getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md) -For information on enabling experimental features, refer to [this page.](../../../pages-for-subheaders/enable-experimental-features.md) +For information on enabling experimental features, refer to [this page.](../../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md) ## Common Options @@ -82,13 +82,13 @@ kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{ Enabling the [API Audit Log](../../../how-to-guides/advanced-user-guides/enable-api-audit-log.md). -You can collect this log as you would any container log. Enable [logging](../../../pages-for-subheaders/logging.md) for the `System` Project on the Rancher server cluster. +You can collect this log as you would any container log. Enable [logging](../../../integrations-in-rancher/logging/logging.md) for the `System` Project on the Rancher server cluster. ```plain --set auditLog.level=1 ``` -By default enabling Audit Logging will create a sidecar container in the Rancher pod. This container (`rancher-audit-log`) will stream the log to `stdout`. You can collect this log as you would any container log. When using the sidecar as the audit log destination, the `hostPath`, `maxAge`, `maxBackups`, and `maxSize` options do not apply. It's advised to use your OS or Docker daemon's log rotation features to control disk space use. Enable [logging](../../../pages-for-subheaders/logging.md) for the Rancher server cluster or System Project. +By default enabling Audit Logging will create a sidecar container in the Rancher pod. This container (`rancher-audit-log`) will stream the log to `stdout`. You can collect this log as you would any container log. When using the sidecar as the audit log destination, the `hostPath`, `maxAge`, `maxBackups`, and `maxSize` options do not apply. It's advised to use your OS or Docker daemon's log rotation features to control disk space use. Enable [logging](../../../integrations-in-rancher/logging/logging.md) for the Rancher server cluster or System Project. Set the `auditLog.destination` to `hostPath` to forward logs to volume shared with the host system instead of streaming to a sidecar container. When setting the destination to `hostPath` you may want to adjust the other auditLog parameters for log rotation. @@ -203,7 +203,7 @@ kubectl -n cattle-system create secret generic tls-ca-additional --from-file=ca- ### Private Registry and Air Gap Installs -For details on installing Rancher with a private registry, see the [air gap installation docs.](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) +For details on installing Rancher with a private registry, see the [air gap installation docs.](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) ## External TLS Termination diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/installation-references.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/installation-references.md new file mode 100644 index 00000000000..67a379702cd --- /dev/null +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-references/installation-references.md @@ -0,0 +1,9 @@ +--- +title: Installation References +--- + + + + + +Please see the following reference guides for other installation resources: [Rancher Helm chart options](helm-chart-options.md), [TLS settings](tls-settings.md), and [feature flags](feature-flags.md). \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/installation-requirements.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md similarity index 85% rename from versioned_docs/version-2.6/pages-for-subheaders/installation-requirements.md rename to versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md index 2c49efaa834..403489ad548 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/installation-requirements.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md @@ -11,13 +11,13 @@ This page describes the software, hardware, and networking requirements for the :::note Important: -If you install Rancher on a Kubernetes cluster, requirements are different from the [node requirements for downstream user clusters,](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) which will run your apps and services. +If you install Rancher on a Kubernetes cluster, requirements are different from the [node requirements for downstream user clusters,](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) which will run your apps and services. ::: The Rancher UI works best in Firefox or Chromium based browsers (Chrome, Edge, Opera, Brave, etc). -See our page on [best practices](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for a list of recommendations for running a Rancher server in production. +See our page on [best practices](../../../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for a list of recommendations for running a Rancher server in production. ## Kubernetes Compatibility with Rancher @@ -37,7 +37,7 @@ Some distributions of Linux may have default firewall rules that block communica If you don't feel comfortable doing so, you might check suggestions in the [respective issue](https://github.com/rancher/rancher/issues/28840). Some users were successful [creating a separate firewalld zone with a policy of ACCEPT for the Pod CIDR](https://github.com/rancher/rancher/issues/28840#issuecomment-787404822). -If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).](../how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md) +If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).](../../../how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md) ### RKE2 Specific Requirements @@ -59,7 +59,7 @@ If you are installing Rancher on a K3s cluster with Alpine Linux, follow [these RKE requires a Docker container runtime. Supported Docker versions are specified in the [Support Matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) page. -For more information, see [Installing Docker](../getting-started/installation-and-upgrade/installation-requirements/install-docker.md). +For more information, see [Installing Docker](install-docker.md). ## Hardware Requirements @@ -98,7 +98,7 @@ If you find that your Rancher deployment no longer complies with the listed reco ### RKE2 Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -109,7 +109,7 @@ Please note that a highly available setup with at least three nodes is required | Large (*) | 500 | 5000 | 16 | 64 GB | | Larger (†) | (†) | (†) | (†) | (†) | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. (†): Larger deployment sizes are generally possible with ad-hoc hardware recommendations and tuning. You can [contact Rancher](https://rancher.com/contact/) for a custom evaluation. @@ -117,7 +117,7 @@ Refer to RKE2 documentation for more detailed information on [RKE2 general requi ### K3s Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -129,13 +129,13 @@ Please note that a highly available setup with at least three nodes is required (*): External Database Host refers to hosting the K3s cluster data store on an [dedicated external host](https://docs.k3s.io/datastore). This is optional. Exact requirements depend on the external data store. -(†): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(†): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. Refer to the K3s documentation for more detailed information on [general requirements](https://docs.k3s.io/installation/requirements). ### Hosted Kubernetes -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -147,11 +147,11 @@ These requirements apply to hosted Kubernetes clusters such as Amazon Elastic Ku | Medium | 300 | 3000 | 8 | 32 GB | | Large (*) | 500 | 5000 | 16 | 64 GB | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. ### RKE -The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](install-upgrade-on-a-kubernetes-cluster.md). +The following table lists minimum CPU and memory requirements for each node in the [upstream cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md). Please note that a highly available setup with at least three nodes is required for production. @@ -161,13 +161,13 @@ Please note that a highly available setup with at least three nodes is required | Medium | 300 | 3000 | 8 | 32 GB | | Large (*) | 500 | 5000 | 16 | 64 GB | -(*): Large deployments require that you [follow best practices](../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. +(*): Large deployments require that you [follow best practices](../../../reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md) for adequate performance. Refer to the RKE documentation for more detailed information on [general requirements](https://rke.docs.rancher.com/os). ### Docker -The following table lists minimum CPU and memory requirements for a [single Docker node installation of Rancher](rancher-on-a-single-node-with-docker.md). +The following table lists minimum CPU and memory requirements for a [single Docker node installation of Rancher](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md). Please note that a Docker installation is only suitable for development or testing purposes and is not meant to be used in production environments. @@ -186,9 +186,9 @@ For RKE, RKE2 and K3s installations, you don't have to install the Ingress manua For hosted Kubernetes clusters (EKS, GKE, AKS), you will need to set up the ingress. -- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) -- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) -- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) +- **Amazon EKS:** For details on how to install Rancher on Amazon EKS, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) +- **AKS:** For details on how to install Rancher with Azure Kubernetes Service, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md) +- **GKE:** For details on how to install Rancher with Google Kubernetes Engine, including how to install an ingress so that the Rancher server can be accessed, refer to [this page.](../install-upgrade-on-a-kubernetes-cluster/rancher-on-gke.md) ## Disks @@ -210,8 +210,8 @@ Each node used should have a static IP configured, regardless of whether you are ### Port Requirements -To operate properly, Rancher requires a number of ports to be open on Rancher nodes and on downstream Kubernetes cluster nodes. [Port Requirements](../getting-started/installation-and-upgrade/installation-requirements/port-requirements.md) lists all the necessary ports for Rancher and Downstream Clusters for the different cluster types. +To operate properly, Rancher requires a number of ports to be open on Rancher nodes and on downstream Kubernetes cluster nodes. [Port Requirements](port-requirements.md) lists all the necessary ports for Rancher and Downstream Clusters for the different cluster types. ## Dockershim Support -For more information on Dockershim support, refer to [this page](../getting-started/installation-and-upgrade/installation-requirements/dockershim.md). +For more information on Dockershim support, refer to [this page](dockershim.md). diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md index 3290f1f62d3..26bbe9c29cc 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md @@ -181,9 +181,9 @@ The following tables break down the port requirements for Rancher nodes, for inb Downstream Kubernetes clusters run your apps and services. This section describes what ports need to be opened on the nodes in downstream clusters so that Rancher can communicate with them. -The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). -The following diagram depicts the ports that are opened for each [cluster type](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The following diagram depicts the ports that are opened for each [cluster type](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md).
    Port Requirements for the Rancher Management Plane
    @@ -200,7 +200,7 @@ If security isn't a large concern and you're okay with opening a few additional
    Click to expand -The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) with nodes created in an [Infrastructure Provider](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) with nodes created in an [Infrastructure Provider](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). :::note @@ -217,7 +217,7 @@ The required ports are automatically opened by Rancher during creation of cluste
    Click to expand -The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) with [Custom Nodes](../../../pages-for-subheaders/use-existing-nodes.md). +The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) with [Custom Nodes](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md). @@ -228,7 +228,7 @@ The following table depicts the port requirements for [Rancher Launched Kubernet
    Click to expand -The following table depicts the port requirements for [hosted clusters](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md). +The following table depicts the port requirements for [hosted clusters](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md). diff --git a/versioned_docs/version-2.6/pages-for-subheaders/air-gapped-helm-cli-install.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md similarity index 53% rename from versioned_docs/version-2.6/pages-for-subheaders/air-gapped-helm-cli-install.md rename to versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md index d6fbc09698f..792a49a26a4 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/air-gapped-helm-cli-install.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md @@ -10,7 +10,7 @@ This section is about using the Helm CLI to install the Rancher server in an air The installation steps differ depending on whether Rancher is installed on an RKE Kubernetes cluster, a K3s Kubernetes cluster, or a single Docker container. -For more information on each installation option, refer to [this page.](installation-and-upgrade.md) +For more information on each installation option, refer to [this page.](../../installation-and-upgrade.md) Throughout the installation instructions, there will be _tabs_ for each installation option. @@ -22,13 +22,13 @@ If you install Rancher following the Docker installation guide, there is no upgr ## Installation Outline -1. [Set up infrastructure and private registry](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md) -2. [Collect and publish images to your private registry](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md) -3. [Set up a Kubernetes cluster (Skip this step for Docker installations)](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-kubernetes.md) -4. [Install Rancher](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md) +1. [Set up infrastructure and private registry](infrastructure-private-registry.md) +2. [Collect and publish images to your private registry](publish-images.md) +3. [Set up a Kubernetes cluster (Skip this step for Docker installations)](install-kubernetes.md) +4. [Install Rancher](install-rancher-ha.md) ## Upgrades -To upgrade Rancher with Helm CLI in an air gap environment, follow [this procedure.](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md) +To upgrade Rancher with Helm CLI in an air gap environment, follow [this procedure.](../../install-upgrade-on-a-kubernetes-cluster/upgrades.md) -### [Next: Prepare your Node(s)](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md) +### [Next: Prepare your Node(s)](infrastructure-private-registry.md) diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md index a0403439881..53dd8408f5c 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry.md @@ -10,7 +10,7 @@ In this section, you will provision the underlying infrastructure for your Ranch An air gapped environment is an environment where the Rancher server is installed offline or behind a firewall. -The infrastructure depends on whether you are installing Rancher on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. For more information on each installation option, refer to [this page.](../../../../pages-for-subheaders/installation-and-upgrade.md) +The infrastructure depends on whether you are installing Rancher on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. For more information on each installation option, refer to [this page.](../../installation-and-upgrade.md) Rancher can be installed on any Kubernetes cluster. The RKE and K3s Kubernetes infrastructure tutorials below are still included for convenience. @@ -29,7 +29,7 @@ We recommend setting up the following infrastructure for a high-availability ins These hosts will be disconnected from the internet, but require being able to connect with your private registry. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. @@ -112,7 +112,7 @@ The etcd database requires an odd number of nodes so that it can always elect a These hosts will be disconnected from the internet, but require being able to connect with your private registry. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. @@ -172,7 +172,7 @@ If you need help with creating a private registry, please refer to the [official This host will be disconnected from the Internet, but needs to be able to connect to your private registry. -Make sure that your node fulfills the general installation requirements for [OS, Docker, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your node fulfills the general installation requirements for [OS, Docker, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md index 68a5225d42c..7d101c4eeea 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images.md @@ -8,11 +8,11 @@ title: '2. Collect and Publish Images to your Private Registry' This section describes how to set up your private registry so that when you install Rancher, Rancher will pull all the required images from this registry. -By default, all images used to [provision Kubernetes clusters](../../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) or launch any tools in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. +By default, all images used to [provision Kubernetes clusters](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) or launch any tools in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. Populating the private registry with images is the same process for installing Rancher with Docker and for installing Rancher on a Kubernetes cluster. -The steps in this section differ depending on whether or not you are planning to use Rancher to provision a downstream cluster with Windows nodes or not. By default, we provide the steps of how to populate your private registry assuming that Rancher will provision downstream Kubernetes clusters with only Linux nodes. But if you plan on provisioning any [downstream Kubernetes clusters using Windows nodes](../../../../pages-for-subheaders/use-windows-clusters.md), there are separate instructions to support the images needed. +The steps in this section differ depending on whether or not you are planning to use Rancher to provision a downstream cluster with Windows nodes or not. By default, we provide the steps of how to populate your private registry assuming that Rancher will provision downstream Kubernetes clusters with only Linux nodes. But if you plan on provisioning any [downstream Kubernetes clusters using Windows nodes](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md), there are separate instructions to support the images needed. :::note Prerequisites: diff --git a/versioned_docs/version-2.6/pages-for-subheaders/other-installation-methods.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md similarity index 61% rename from versioned_docs/version-2.6/pages-for-subheaders/other-installation-methods.md rename to versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md index 7cd497a8d48..c5bd443da43 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/other-installation-methods.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods.md @@ -8,16 +8,16 @@ title: Other Installation Methods ### Air Gapped Installations -Follow [these steps](air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. +Follow [these steps](air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. ### Docker Installations -The [single-node Docker installation](rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. +The [single-node Docker installation](rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. The Docker installation is for development and testing environments only. Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/rancher-behind-an-http-proxy.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md similarity index 55% rename from versioned_docs/version-2.6/pages-for-subheaders/rancher-behind-an-http-proxy.md rename to versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md index fd8a41b8e08..39b75558e22 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/rancher-behind-an-http-proxy.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy.md @@ -8,10 +8,10 @@ title: Installing Rancher behind an HTTP Proxy In a lot of enterprise environments, servers or VMs running on premise do not have direct Internet access, but must connect to external services through a HTTP(S) proxy for security reasons. This tutorial shows step by step how to set up a highly available Rancher installation in such an environment. -Alternatively, it is also possible to set up Rancher completely air-gapped without any Internet access. This process is described in detail in the [Rancher docs](air-gapped-helm-cli-install.md). +Alternatively, it is also possible to set up Rancher completely air-gapped without any Internet access. This process is described in detail in the [Rancher docs](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md). ## Installation Outline -1. [Set up infrastructure](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md) -2. [Set up a Kubernetes cluster](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-kubernetes.md) -3. [Install Rancher](../getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md) +1. [Set up infrastructure](set-up-infrastructure.md) +2. [Set up a Kubernetes cluster](install-kubernetes.md) +3. [Install Rancher](install-rancher.md) diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md index 7822fa065cd..1cb41c54fbf 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure.md @@ -26,7 +26,7 @@ The etcd database requires an odd number of nodes so that it can always elect a These hosts will connect to the internet through an HTTP proxy. -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](../../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/rancher-on-a-single-node-with-docker.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md similarity index 82% rename from versioned_docs/version-2.6/pages-for-subheaders/rancher-on-a-single-node-with-docker.md rename to versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md index da5b39209cf..049bf762a2a 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/rancher-on-a-single-node-with-docker.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md @@ -13,13 +13,13 @@ In this installation scenario, you'll install Docker on a single Linux host, and :::note Want to use an external load balancer? -See [Docker Install with an External Load Balancer](../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) instead. +See [Docker Install with an External Load Balancer](../../../../how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md) instead. ::: A Docker installation of Rancher is recommended only for development and testing purposes. The ability to migrate Rancher to a high-availability cluster depends on the Rancher version: -The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on [migrating Rancher to a new cluster.](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) ## Privileged Access for Rancher @@ -27,11 +27,11 @@ When the Rancher server is deployed in the Docker container, a local Kubernetes ## Requirements for OS, Docker, Hardware, and Networking -Make sure that your node fulfills the general [installation requirements.](installation-requirements.md) +Make sure that your node fulfills the general [installation requirements.](../../installation-requirements/installation-requirements.md) ## 1. Provision Linux Host -Provision a single Linux host according to our [Requirements](installation-requirements.md) to launch your Rancher server. +Provision a single Linux host according to our [Requirements](../../installation-requirements/installation-requirements.md) to launch your Rancher server. ## 2. Choose an SSL Option and Install Rancher @@ -39,10 +39,10 @@ For security purposes, SSL (Secure Sockets Layer) is required when using Rancher :::tip Do you want to.. -- Use a proxy? See [HTTP Proxy Configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) -- Configure custom CA root certificate to access your services? See [Custom CA root certificate](../reference-guides/single-node-rancher-in-docker/advanced-options.md#custom-ca-certificate/) -- Complete an Air Gap Installation? See [Air Gap: Docker Install](air-gapped-helm-cli-install.md) -- Record all transactions with the Rancher API? See [API Auditing](../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) +- Use a proxy? See [HTTP Proxy Configuration](../../../../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) +- Configure custom CA root certificate to access your services? See [Custom CA root certificate](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md#custom-ca-certificate/) +- Complete an Air Gap Installation? See [Air Gap: Docker Install](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) +- Record all transactions with the Rancher API? See [API Auditing](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md#api-audit-log) ::: @@ -75,7 +75,7 @@ In development or testing environments where your team will access your Rancher Create a self-signed certificate using [OpenSSL](https://www.openssl.org/) or another method of your choice. - The certificate files must be in PEM format. -- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) +- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](certificate-troubleshooting.md) ::: @@ -109,7 +109,7 @@ The Docker install is not recommended for production. These instructions are pro :::note Prerequisites: - The certificate files must be in PEM format. -- In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) +- In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.](certificate-troubleshooting.md) ::: @@ -199,13 +199,13 @@ When installing Rancher on a single node with Docker, there are several advanced - Persistent Data - Running `rancher/rancher` and `rancher/rancher-agent` on the Same Node -Refer to [this page](../reference-guides/single-node-rancher-in-docker/advanced-options.md) for details. +Refer to [this page](../../../../reference-guides/single-node-rancher-in-docker/advanced-options.md) for details. ## Troubleshooting -Refer to [this page](../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/certificate-troubleshooting.md) for frequently asked questions and troubleshooting tips. +Refer to [this page](certificate-troubleshooting.md) for frequently asked questions and troubleshooting tips. ## What's Next? -- **Recommended:** Review Single Node [Backup](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. -- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](kubernetes-clusters-in-rancher-setup.md). +- **Recommended:** Review Single Node [Backup](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. +- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md index 1ec111444b9..1a4519e1bfe 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md @@ -82,7 +82,7 @@ Rolling back to a previous version of Rancher destroys any changes made to Ranch --privileged \ rancher/rancher: ``` - Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) + Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) :::danger diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md index 492eb63308f..6d51ee592fe 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher.md @@ -17,7 +17,7 @@ The following instructions will guide you through upgrading a Rancher server tha ## Prerequisites - **Review the [known upgrade issues](../../install-upgrade-on-a-kubernetes-cluster/upgrades.md#known-upgrade-issues)** section in the Rancher documentation for the most noteworthy issues to consider when upgrading Rancher. A more complete list of known issues for each Rancher version can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums](https://forums.rancher.com/c/announcements/12). Note that upgrades to or from any chart in the [rancher-alpha repository](../../resources/choose-a-rancher-version.md#helm-chart-repositories) aren’t supported. -- **For [air gap installs only,](../../../../pages-for-subheaders/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version**. Follow the guide to [populate your private registry](../air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. +- **For [air gap installs only,](../air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) collect and populate images for the new Rancher server version**. Follow the guide to [populate your private registry](../air-gapped-helm-cli-install/publish-images.md) with the images for the Rancher version that you want to upgrade to. ## Placeholder Review @@ -151,7 +151,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
    @@ -187,7 +187,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
    @@ -222,7 +222,7 @@ docker run -d --volumes-from rancher-data \ --no-cacerts ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)
    #### Option D: Let's Encrypt Certificate @@ -259,7 +259,7 @@ docker run -d --volumes-from rancher-data \ --acme-domain ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) @@ -292,7 +292,7 @@ Placeholder | Description /rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) #### Option B: Bring Your Own Certificate: Self-Signed @@ -328,7 +328,7 @@ docker run -d --restart=unless-stopped \ --privileged \ /rancher/rancher: ``` -Privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) #### Option C: Bring Your Own Certificate: Signed by Recognized CA @@ -370,7 +370,7 @@ docker run -d --volumes-from rancher-data \ --privileged /rancher/rancher: ``` -privileged access is [required.](../../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +privileged access is [required.](rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher)     diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/add-tls-secrets.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/add-tls-secrets.md index 290f180adfd..3bd6babc719 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/add-tls-secrets.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/add-tls-secrets.md @@ -46,4 +46,4 @@ The configured `tls-ca` secret is retrieved when Rancher starts. On a running Ra ## Updating a Private CA Certificate -Follow the steps on [this page](update-rancher-certificate.md) to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. \ No newline at end of file +Follow the steps on [this page](update-rancher-certificate.md) to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. \ No newline at end of file diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md index d7051def448..b38afda6a62 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md @@ -15,7 +15,7 @@ For Docker installations of Rancher, which is used for development and testing, -When installing, upgrading, or rolling back Rancher Server when it is [installed on a Kubernetes cluster](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md), Rancher server is installed using a Helm chart on a Kubernetes cluster. Therefore, as you prepare to install or upgrade a high availability Rancher configuration, you must add a Helm chart repository that contains the charts for installing Rancher. +When installing, upgrading, or rolling back Rancher Server when it is [installed on a Kubernetes cluster](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md), Rancher server is installed using a Helm chart on a Kubernetes cluster. Therefore, as you prepare to install or upgrade a high availability Rancher configuration, you must add a Helm chart repository that contains the charts for installing Rancher. Refer to the [Helm version requirements](helm-version-requirements.md) to choose a version of Helm to install Rancher. @@ -99,7 +99,7 @@ Because the rancher-alpha repository contains only alpha charts, switching betwe -When performing [Docker installs](../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. +When performing [Docker installs](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. ### Server Tags diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/local-system-charts.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/local-system-charts.md index e48012d6af4..4e07236b0fe 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/local-system-charts.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/local-system-charts.md @@ -14,4 +14,4 @@ In an air gapped installation of Rancher, you will need to configure Rancher to A local copy of `system-charts` has been packaged into the `rancher/rancher` container. To be able to use these features in an air gap install, you will need to run the Rancher install command with an extra environment variable, `CATTLE_SYSTEM_CATALOG=bundled`, which tells Rancher to use the local copy of the charts instead of attempting to fetch them from GitHub. -Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap installation](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) instructions for Docker and Helm installs. +Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap installation](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) instructions for Docker and Helm installs. diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/resources.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/resources.md new file mode 100644 index 00000000000..5d4fbf24fc1 --- /dev/null +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/resources.md @@ -0,0 +1,29 @@ +--- +title: Resources +--- + + + + + +### Docker Installations + +The [single-node Docker installation](../other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. + +Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. + +### Air-Gapped Installations + +Follow [these steps](../other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. + +An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. + +### Advanced Options + +When installing Rancher, there are several advanced options that can be enabled during installation. Within each install guide, these options are presented. Learn more about these options: + +- [Custom CA Certificate](custom-ca-root-certificates.md) +- [API Audit Log](../../../how-to-guides/advanced-user-guides/enable-api-audit-log.md) +- [TLS Settings](../installation-references/tls-settings.md) +- [etcd configuration](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md) +- [Local System Charts for Air Gap Installations](local-system-charts.md) | v2.3.0 | diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md index 2487cadf4d6..584bea46b16 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/update-rancher-certificate.md @@ -8,7 +8,7 @@ title: Updating the Rancher Certificate ## Updating a Private CA Certificate -Follow these steps to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. +Follow these steps to update the SSL certificate of the ingress in a Rancher [high availability Kubernetes installation](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) or to switch from the default self-signed certificate to a custom certificate. A summary of the steps is as follows: diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md index 314ef79972b..061688cd60f 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md @@ -266,7 +266,7 @@ cert-manager-webhook-787858fcdb-nlzsq 1/1 Running 0 2m --- _New in v2.6.4_ -Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the [cert-manager docs](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager). For instructions on upgrading cert-manager from version 1.5 to 1.6, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.5-1.6/). For instructions on upgrading cert-manager from version 1.6 to 1.7, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.6-1.7/). +Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the [cert-manager docs](../install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager). For instructions on upgrading cert-manager from version 1.5 to 1.6, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.5-1.6/). For instructions on upgrading cert-manager from version 1.6 to 1.7, see the upstream cert-manager documentation [here](https://cert-manager.io/docs/installation/upgrading/upgrading-1.6-1.7/). --- diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md index 9e95820dffd..f406793efd3 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/upgrade-and-roll-back-kubernetes.md @@ -36,9 +36,9 @@ The restore operation will work on a cluster that is not in a healthy or active :::note Prerequisites: -- The options below are available for [Rancher-launched Kubernetes clusters](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) and [Registered K3s Kubernetes clusters.](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md#additional-features-for-registered-k3s-clusters). +- The options below are available for [Rancher-launched Kubernetes clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) and [Registered K3s Kubernetes clusters.](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md#additional-features-for-registered-k3s-clusters). - The following options also apply to imported RKE2 clusters that you have registered. If you import a cluster from an external cloud platform but don't register it, you won't be able to upgrade the Kubernetes version from Rancher. -- Before upgrading Kubernetes, [back up your cluster.](../../pages-for-subheaders/backup-restore-and-disaster-recovery.md) +- Before upgrading Kubernetes, [back up your cluster.](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md) ::: diff --git a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md index 9d1e7bc3acb..89a3b7549f1 100644 --- a/versioned_docs/version-2.6/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md +++ b/versioned_docs/version-2.6/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md @@ -14,7 +14,7 @@ The Kubernetes API can change between minor versions. Therefore, we don't suppor ::: -Rancher's Kubernetes metadata contains information specific to the Kubernetes version that Rancher uses to provision [RKE clusters](../../pages-for-subheaders/launch-kubernetes-with-rancher.md). Rancher syncs the data periodically and creates custom resource definitions (CRDs) for **system images,** **service options** and **addon templates**. Consequently, when a new Kubernetes version is compatible with the Rancher server version, the Kubernetes metadata makes the new version available to Rancher for provisioning clusters. The metadata gives you an overview of the information that the [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/) (RKE) uses for deploying various Kubernetes versions. +Rancher's Kubernetes metadata contains information specific to the Kubernetes version that Rancher uses to provision [RKE clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). Rancher syncs the data periodically and creates custom resource definitions (CRDs) for **system images,** **service options** and **addon templates**. Consequently, when a new Kubernetes version is compatible with the Rancher server version, the Kubernetes metadata makes the new version available to Rancher for provisioning clusters. The metadata gives you an overview of the information that the [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/) (RKE) uses for deploying various Kubernetes versions. This table below describes the CRDs that are affected by the periodic data sync. diff --git a/versioned_docs/version-2.6/getting-started/overview.md b/versioned_docs/version-2.6/getting-started/overview.md index 759603610b7..7de04693a50 100644 --- a/versioned_docs/version-2.6/getting-started/overview.md +++ b/versioned_docs/version-2.6/getting-started/overview.md @@ -34,21 +34,21 @@ The Rancher API server is built on top of an embedded Kubernetes API server and ### Authorization and Role-Based Access Control -- **User management:** The Rancher API server [manages user identities](../pages-for-subheaders/authentication-config.md) that correspond to external authentication providers like Active Directory or GitHub, in addition to local users. -- **Authorization:** The Rancher API server manages [access control](../pages-for-subheaders/manage-role-based-access-control-rbac.md) and [security](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) policies. +- **User management:** The Rancher API server [manages user identities](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) that correspond to external authentication providers like Active Directory or GitHub, in addition to local users. +- **Authorization:** The Rancher API server manages [access control](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) and [security](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) policies. ### Working with Kubernetes -- **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes](../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) on existing nodes, or perform [Kubernetes upgrades.](installation-and-upgrade/upgrade-and-roll-back-kubernetes.md) -- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts](../pages-for-subheaders/helm-charts-in-rancher.md) that make it easy to repeatedly deploy applications. -- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration](../pages-for-subheaders/manage-projects.md) and for [managing applications within projects.](../pages-for-subheaders/kubernetes-resources-setup.md) -- **Fleet Continuous Delivery:** Within Rancher, you can leverage [Fleet Continuous Delivery](../pages-for-subheaders/fleet-gitops-at-scale.md) to deploy applications from git repositories, without any manual operation, to targeted downstream Kubernetes clusters. -- **Istio:** Our [integration with Istio](../pages-for-subheaders/istio.md) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. +- **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) on existing nodes, or perform [Kubernetes upgrades.](installation-and-upgrade/upgrade-and-roll-back-kubernetes.md) +- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts](../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md) that make it easy to repeatedly deploy applications. +- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration](../how-to-guides/advanced-user-guides/manage-projects/manage-projects.md) and for [managing applications within projects.](../how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md) +- **Fleet Continuous Delivery:** Within Rancher, you can leverage [Fleet Continuous Delivery](../integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md) to deploy applications from git repositories, without any manual operation, to targeted downstream Kubernetes clusters. +- **Istio:** Our [integration with Istio](../integrations-in-rancher/istio/istio.md) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. ### Working with Cloud Infrastructure - **Tracking nodes:** The Rancher API server tracks identities of all the [nodes](../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md) in all clusters. -- **Setting up infrastructure:** When configured to use a cloud provider, Rancher can dynamically provision [new nodes](../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) and [persistent storage](../pages-for-subheaders/create-kubernetes-persistent-storage.md) in the cloud. +- **Setting up infrastructure:** When configured to use a cloud provider, Rancher can dynamically provision [new nodes](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) and [persistent storage](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in the cloud. ### Cluster Visibility @@ -58,9 +58,9 @@ The Rancher API server is built on top of an embedded Kubernetes API server and ## Editing Downstream Clusters with Rancher -The options and settings available for an existing cluster change based on the method that you used to provision it. For example, only clusters [provisioned by RKE](../pages-for-subheaders/launch-kubernetes-with-rancher.md) have **Cluster Options** available for editing. +The options and settings available for an existing cluster change based on the method that you used to provision it. For example, only clusters [provisioned by RKE](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) have **Cluster Options** available for editing. -After a cluster is created with Rancher, a cluster administrator can manage cluster membership, enable pod security policies, and manage node pools, among [other options.](../pages-for-subheaders/cluster-configuration.md) +After a cluster is created with Rancher, a cluster administrator can manage cluster membership, enable pod security policies, and manage node pools, among [other options.](../reference-guides/cluster-configuration/cluster-configuration.md) The following table summarizes the options and settings available for each cluster type: diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/aws.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/aws.md index a3fd249d35e..91b82597680 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/aws.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/aws.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on AWS in a single-node :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -90,7 +90,7 @@ Two Kubernetes clusters are deployed into your AWS account, one running Rancher ## What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/azure.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/azure.md index c9b968077ab..82917ee7857 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/azure.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/azure.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Azure in a single-no :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -76,7 +76,7 @@ Two Kubernetes clusters are deployed into your Azure account, one running Ranche ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md new file mode 100644 index 00000000000..dfc76b25049 --- /dev/null +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager.md @@ -0,0 +1,24 @@ +--- +title: Deploying Rancher Server +--- + + + + + +Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice. + +- [AWS](aws.md) (uses Terraform) +- [AWS Marketplace](aws-marketplace.md) (uses Amazon EKS) +- [Azure](azure.md) (uses Terraform) +- [DigitalOcean](digitalocean.md) (uses Terraform) +- [GCP](gcp.md) (uses Terraform) +- [Hetzner Cloud](hetzner-cloud.md) (uses Terraform) +- [Vagrant](vagrant.md) +- [Equinix Metal](equinix-metal.md) +- [Outscale](outscale-qs.md) (uses Terraform) + + +If you prefer, the following guide will take you through the same process in individual steps. Use this if you want to run Rancher in a different provider, on prem, or if you would just like to see how easy it is. + +- [Manual Install](helm-cli.md) diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md index 81442f401b9..5d3be8eeda1 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on DigitalOcean in a si :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -69,7 +69,7 @@ Two Kubernetes clusters are deployed into your DigitalOcean account, one running ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 8a8d483492f..f063118acc9 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -15,7 +15,7 @@ title: Rancher Equinix Metal Quick Start :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. The Docker install is not recommended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. The Docker install is not recommended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -42,7 +42,7 @@ Begin deploying an Equinix Metal Host. Equinix Metal Servers can be provisioned - When provisioning a new Equinix Metal Server via the CLI or API you will need to provide the following information: project-id, plan, metro, and operating-system. - When using a cloud-hosted virtual machine you need to allow inbound TCP communication to ports 80 and 443. Please see your cloud host's documentation for information regarding port configuration. - For a full list of port requirements, refer to [Docker Installation](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md). -- Provision the host according to our [Requirements](../../../pages-for-subheaders/installation-requirements.md). +- Provision the host according to our [Requirements](../../installation-and-upgrade/installation-requirements/installation-requirements.md). ::: ### 2. Install Rancher @@ -107,4 +107,4 @@ Congratulations! You have created your first cluster. #### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md index 22ef8bb7ec9..ef465375c60 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/gcp.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on GCP in a single-node :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -72,7 +72,7 @@ Two Kubernetes clusters are deployed into your GCP account, one running Rancher ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md index 7f55c26845d..2232371a091 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md @@ -14,7 +14,7 @@ We don't recommend installing Rancher locally because it creates a networking pr Your Linux machine can be anywhere. It could be an Amazon EC2 instance, a Digital Ocean droplet, or an Azure virtual machine, to name a few examples. Other Rancher docs often use 'node' as a generic term for all of these. One possible way to deploy a Linux machine is by setting up an Amazon EC2 instance as shown in [this tutorial](../../../how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md). -The full installation requirements are [here](../../../pages-for-subheaders/installation-requirements.md). +The full installation requirements are [here](../../installation-and-upgrade/installation-requirements/installation-requirements.md). ## Install K3s on Linux @@ -150,6 +150,6 @@ Now if you navigate to `.sslip.io` in a web browser, you shoul To make these instructions simple, we used a fake domain name and self-signed certificates to do this installation. Therefore, you will probably need to add a security exception to your web browser to see the Rancher UI. Note that for production installs, you would need a high-availability setup with a load balancer, a real domain name and real certificates. -These instructions also left out the full installation requirements and other installation options. If you have any issues with these steps, refer to the full [Helm CLI installation docs.](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) +These instructions also left out the full installation requirements and other installation options. If you have any issues with these steps, refer to the full [Helm CLI installation docs.](../../installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) -To launch new Kubernetes clusters with your new Rancher server, you may need to set up cloud credentials in Rancher. For more information, see [Launching Kubernetes clusters with Rancher.](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +To launch new Kubernetes clusters with your new Rancher server, you may need to set up cloud credentials in Rancher. For more information, see [Launching Kubernetes clusters with Rancher.](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md index 73774d54f0b..eb56bfbe452 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Hetzner Cloud in a s :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -71,7 +71,7 @@ Two Kubernetes clusters are deployed into your Hetzner account, one running Ranc ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md index 587da5e2011..5d4e03fc6b9 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md @@ -11,7 +11,7 @@ The following steps will quickly deploy a Rancher server on Outscale in a single :::note -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -71,7 +71,7 @@ Two Kubernetes clusters are deployed into your Outscale account, one running Ran ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index d45b57fc169..556350c8cd3 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -10,7 +10,7 @@ The following steps quickly deploy a Rancher Server with a single node cluster a :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../../pages-for-subheaders/installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -46,7 +46,7 @@ The intent of these guides is to quickly launch a sandbox that you can use to ev ### What's Next? -Use Rancher to create a deployment. For more information, see [Creating Deployments](../../../pages-for-subheaders/deploy-rancher-workloads.md). +Use Rancher to create a deployment. For more information, see [Creating Deployments](../deploy-workloads/deploy-workloads.md). ## Destroying the Environment diff --git a/versioned_docs/version-2.6/pages-for-subheaders/deploy-rancher-workloads.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md similarity index 60% rename from versioned_docs/version-2.6/pages-for-subheaders/deploy-rancher-workloads.md rename to versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md index b2898cd513b..e6042decd34 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/deploy-rancher-workloads.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-workloads/deploy-workloads.md @@ -8,5 +8,5 @@ title: Deploying Workloads These guides walk you through the deployment of an application, including how to expose the application for use outside of the cluster. -- [Workload with Ingress](../getting-started/quick-start-guides/deploy-workloads/workload-ingress.md) -- [Workload with NodePort](../getting-started/quick-start-guides/deploy-workloads/nodeports.md) +- [Workload with Ingress](workload-ingress.md) +- [Workload with NodePort](nodeports.md) diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md index 92e71d701c5..a1624912313 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-workloads/workload-ingress.md @@ -23,7 +23,7 @@ For this workload, you'll be deploying the application Rancher Hello-World. 1. Click **Deployment**. 1. Enter a **Name** for your workload. 1. From the **Container Image** field, enter `rancher/hello-world`. This field is case-sensitive. -1. Click **Add Port** and `Cluster IP` for the `Service Type` and enter `80` in the **Private Container Port** field. You may leave the `Name` blank or specify any name that you wish. Adding a port enables access to the application inside and outside of the cluster. For more information, see [Services](../../../pages-for-subheaders/workloads-and-pods.md#services). +1. Click **Add Port** and `Cluster IP` for the `Service Type` and enter `80` in the **Private Container Port** field. You may leave the `Name` blank or specify any name that you wish. Adding a port enables access to the application inside and outside of the cluster. For more information, see [Services](../../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md#services). 1. Click **Create**. **Result:** diff --git a/versioned_docs/version-2.6/pages-for-subheaders/quick-start-guides.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/quick-start-guides.md similarity index 60% rename from versioned_docs/version-2.6/pages-for-subheaders/quick-start-guides.md rename to versioned_docs/version-2.6/getting-started/quick-start-guides/quick-start-guides.md index d4f0f9e26b9..955135a1d48 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/quick-start-guides.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/quick-start-guides.md @@ -8,7 +8,7 @@ title: Rancher Deployment Quick Start Guides :::caution -The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](installation-and-upgrade.md). +The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation](../installation-and-upgrade/installation-and-upgrade.md). ::: @@ -16,6 +16,6 @@ Use this section of the docs to jump start your deployment and testing of Ranche We have Quick Start Guides for: -- [Deploying Rancher Server](deploy-rancher-manager.md): Get started running Rancher using the method most convenient for you. +- [Deploying Rancher Server](deploy-rancher-manager/deploy-rancher-manager.md): Get started running Rancher using the method most convenient for you. -- [Deploying Workloads](deploy-rancher-workloads.md): Deploy a simple [workload](https://kubernetes.io/docs/concepts/workloads/) and expose it, letting you access it from outside the cluster. +- [Deploying Workloads](deploy-workloads/deploy-workloads.md): Deploy a simple [workload](https://kubernetes.io/docs/concepts/workloads/) and expose it, letting you access it from outside the cluster. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/advanced-user-guides.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/advanced-user-guides.md similarity index 100% rename from versioned_docs/version-2.6/pages-for-subheaders/advanced-user-guides.md rename to versioned_docs/version-2.6/how-to-guides/advanced-user-guides/advanced-user-guides.md diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md new file mode 100644 index 00000000000..790b7e1b6c1 --- /dev/null +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md @@ -0,0 +1,17 @@ +--- +title: CIS Scan Guides +--- + + + + + +- [Install rancher-cis-benchmark](install-rancher-cis-benchmark.md) +- [Uninstall rancher-cis-benchmark](uninstall-rancher-cis-benchmark.md) +- [Run a Scan](run-a-scan.md) +- [Run a Scan Periodically on a Schedule](run-a-scan-periodically-on-a-schedule.md) +- [Skip Tests](skip-tests.md) +- [View Reports](view-reports.md) +- [Enable Alerting for rancher-cis-benchmark](enable-alerting-for-rancher-cis-benchmark.md) +- [Configure Alerts for Periodic Scan on a Schedule](configure-alerts-for-periodic-scan-on-a-schedule.md) +- [Create a Custom Benchmark Version to Run](create-a-custom-benchmark-version-to-run.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md index ce785ccee1c..1271e6ba669 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md @@ -14,14 +14,14 @@ This install procedure walks you through deployment of Rancher using a single co ## Requirements for OS, Docker, Hardware, and Networking -Make sure that your node fulfills the general [installation requirements.](../../pages-for-subheaders/installation-requirements.md) +Make sure that your node fulfills the general [installation requirements.](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) ## Installation Outline ## 1. Provision Linux Host -Provision a single Linux host according to our [Requirements](../../pages-for-subheaders/installation-requirements.md) to launch your Rancher Server. +Provision a single Linux host according to our [Requirements](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) to launch your Rancher Server. ## 2. Choose an SSL Option and Install Rancher @@ -170,7 +170,7 @@ http { ## What's Next? - **Recommended:** Review Single Node [Backup](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) and [Restore](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. -- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +- Create a Kubernetes cluster: [Provisioning Kubernetes Clusters](../new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md).
    @@ -192,7 +192,7 @@ If you want to record all transactions with the Rancher API, enable the [API Aud ### Air Gap -If you are visiting this page to complete an [Air Gap Installation](../../pages-for-subheaders/air-gapped-helm-cli-install.md), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. +If you are visiting this page to complete an [Air Gap Installation](../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. **Example:** @@ -212,7 +212,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -As of Rancher v2.5, privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +As of Rancher v2.5, privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) This layer 7 NGINX configuration is tested on NGINX version 1.13 (mainline) and 1.14 (stable). diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-api-audit-log.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-api-audit-log.md index 297c24946ec..f0795669975 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-api-audit-log.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-api-audit-log.md @@ -63,7 +63,7 @@ kubectl -n cattle-system logs -f rancher-84d886bdbb-s4s69 rancher-audit-log #### Shipping the Audit Log -You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging](../../pages-for-subheaders/logging.md) for details. +You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging](../../integrations-in-rancher/logging/logging.md) for details. ## Audit Log Samples diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md index c954513cbc6..67066cfc62d 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md @@ -8,7 +8,7 @@ title: Continuous Delivery As of Rancher v2.5, [Fleet](../../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md) comes preinstalled in Rancher, and as of Rancher v2.6, Fleet can no longer be fully disabled. However, the Fleet feature for GitOps continuous delivery may be disabled using the `continuous-delivery` feature flag. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/versioned_docs/version-2.6/pages-for-subheaders/enable-experimental-features.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md similarity index 88% rename from versioned_docs/version-2.6/pages-for-subheaders/enable-experimental-features.md rename to versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md index 30d1d178b2e..e633292728b 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/enable-experimental-features.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md @@ -6,7 +6,7 @@ title: Enabling Experimental Features -Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type](../how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. +Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type](unsupported-storage-drivers.md) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. The features can be enabled in three ways: @@ -23,7 +23,7 @@ If no value has been set, Rancher uses the default value. Because the API sets the actual value and the command line sets the default value, that means that if you enable or disable a feature with the API or UI, it will override any value set with the command line. -For example, if you install Rancher, then set a feature flag to true with the Rancher API, then upgrade Rancher with a command that sets the feature flag to false, the default value will still be false, but the feature will still be enabled because it was set with the Rancher API. If you then deleted the set value (true) with the Rancher API, setting it to NULL, the default value (false) would take effect. See the [feature flags page](../getting-started/installation-and-upgrade/installation-references/feature-flags.md) for more information. +For example, if you install Rancher, then set a feature flag to true with the Rancher API, then upgrade Rancher with a command that sets the feature flag to false, the default value will still be false, but the feature will still be enabled because it was set with the Rancher API. If you then deleted the set value (true) with the Rancher API, setting it to NULL, the default value (false) would take effect. See the [feature flags page](../../../getting-started/installation-and-upgrade/installation-references/feature-flags.md) for more information. ## Enabling Features when Starting Rancher @@ -55,7 +55,7 @@ If you are installing an alpha version, Helm requires adding the `--devel` optio ### Enabling Features for Air Gap Installs -To perform an [air gap installation of Rancher](../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md), add a Helm chart repository and download a Helm chart, then install Rancher with Helm. +To perform an [air gap installation of Rancher](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md), add a Helm chart repository and download a Helm chart, then install Rancher with Helm. When you install the Helm chart, you should pass in feature flag names in a comma separated list, as in the following example: diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md index d34b03f676d..ac7861a0d83 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md @@ -8,9 +8,9 @@ title: UI for Istio Virtual Services and Destination Rules This feature enables a UI that lets you create, read, update and delete virtual services and destination rules, which are traffic management features of Istio. -> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster](../../../pages-for-subheaders/istio-setup-guide.md) in order to use the feature. +> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster](../istio-setup-guide/istio-setup-guide.md) in order to use the feature. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Status | Available as of ---|---|---|--- diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md index 5c86ee60a66..4811efbae33 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md @@ -15,7 +15,7 @@ Running on an ARM64 platform is currently an experimental feature and is not yet The following options are available when using an ARM64 platform: - Running Rancher on ARM64 based node(s) - - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install link](../../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md): + - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install link](../../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md): ``` # In the last line `rancher/rancher:vX.Y.Z`, be certain to replace "X.Y.Z" with a released version in which ARM64 builds exist. For example, if your matching version is v2.5.8, you would fill in this line with `rancher/rancher:v2.5.8`. diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md index 96fdd1b8845..3670d00e39b 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md @@ -8,7 +8,7 @@ title: Allowing Unsupported Storage Drivers This feature allows you to use types for storage providers and provisioners that are not enabled by default. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](enable-experimental-features.md) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index bb81cb623f5..d33ba646ec0 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -26,7 +26,7 @@ title: 1. Enable Istio in the Cluster 1. If you have not already installed your own monitoring app, you will be prompted to install the rancher-monitoring app. Optional: Set your Selector or Scrape config options on rancher-monitoring app install. 1. Optional: Configure member access and [resource limits](../../../integrations-in-rancher/istio/cpu-and-memory-allocations.md) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. 1. Optional: Make additional configuration changes to values.yaml if needed. -1. Optional: Add further resources or configuration via the [overlay file](../../../pages-for-subheaders/configuration-options.md#overlay-file). +1. Optional: Add further resources or configuration via the [overlay file](../../../integrations-in-rancher/istio/configuration-options/configuration-options.md#overlay-file). 1. Click **Install**.     @@ -40,7 +40,7 @@ title: 1. Enable Istio in the Cluster 1. If you have not already installed your own monitoring app, you will be prompted to install the rancher-monitoring app. Optional: Set your Selector or Scrape config options on rancher-monitoring app install. 1. Optional: Configure member access and [resource limits](../../../integrations-in-rancher/istio/cpu-and-memory-allocations.md) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. 1. Optional: Make additional configuration changes to values.yaml if needed. -1. Optional: Add further resources or configuration via the [overlay file](../../../pages-for-subheaders/configuration-options.md#overlay-file). +1. Optional: Add further resources or configuration via the [overlay file](../../../integrations-in-rancher/istio/configuration-options/configuration-options.md#overlay-file). 1. Click **Install**. @@ -50,4 +50,4 @@ title: 1. Enable Istio in the Cluster ## Additional Config Options -For more information on configuring Istio, refer to the [configuration reference.](../../../pages-for-subheaders/configuration-options.md) +For more information on configuring Istio, refer to the [configuration reference.](../../../integrations-in-rancher/istio/configuration-options/configuration-options.md) diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md new file mode 100644 index 00000000000..4682e638ed0 --- /dev/null +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md @@ -0,0 +1,34 @@ +--- +title: Setup Guide +--- + + + + + +This section describes how to enable Istio and start using it in your projects. + +If you use Istio for traffic management, you will need to allow external traffic to the cluster. In that case, you will need to follow all of the steps below. + +## Prerequisites + +This guide assumes you have already [installed Rancher,](../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) and you have already [provisioned a separate Kubernetes cluster](../../new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) on which you will install Istio. + +The nodes in your cluster must meet the [CPU and memory requirements.](../../../integrations-in-rancher/istio/cpu-and-memory-allocations.md) + +The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) + +## Install + +:::tip Quick Setup Tip: + +If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway](set-up-istio-gateway.md) and [setting up Istio's components for traffic management.](set-up-traffic-management.md) + +::: + +1. [Enable Istio in the cluster.](enable-istio-in-cluster.md) +1. [Enable Istio in all the namespaces where you want to use it.](enable-istio-in-namespace.md) +1. [Add deployments and services that have the Istio sidecar injected.](use-istio-sidecar.md) +1. [Set up the Istio gateway. ](set-up-istio-gateway.md) +1. [Set up Istio's components for traffic management.](set-up-traffic-management.md) +1. [Generate traffic and see Istio in action.](generate-and-view-traffic.md) diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/ci-cd-pipelines.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/ci-cd-pipelines.md index a52e1cb135c..937d9e3e46e 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/ci-cd-pipelines.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/ci-cd-pipelines.md @@ -12,4 +12,4 @@ After configuring Rancher and GitHub, you can deploy containers running Jenkins - Run unit tests. - Run regression tests. -For details, refer to the [pipelines](../../../pages-for-subheaders/pipelines.md) section. \ No newline at end of file +For details, refer to the [pipelines](../../../reference-guides/pipelines/pipelines.md) section. \ No newline at end of file diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md index 9ea614fcb95..f23197fa02b 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md @@ -8,7 +8,7 @@ title: Applying Pod Security Policies to Projects :::note -These cluster options are only available for [clusters in which Rancher has launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +These cluster options are only available for [clusters in which Rancher has launched Kubernetes](../../new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ::: diff --git a/versioned_docs/version-2.6/pages-for-subheaders/manage-project-resource-quotas.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md similarity index 90% rename from versioned_docs/version-2.6/pages-for-subheaders/manage-project-resource-quotas.md rename to versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md index a3bc8183b57..ca734c02b26 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/manage-project-resource-quotas.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md @@ -10,9 +10,9 @@ In situations where several teams share a cluster, one team may overconsume the This page is a how-to guide for creating resource quotas in existing projects. -Resource quotas can also be set when a new project is created. For details, refer to the section on [creating new projects.](../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md#creating-projects) +Resource quotas can also be set when a new project is created. For details, refer to the section on [creating new projects.](../../../new-user-guides/manage-clusters/projects-and-namespaces.md#creating-projects) -Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to projects. For details on how resource quotas work with projects in Rancher, refer to [this page.](../how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas.md) +Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to projects. For details on how resource quotas work with projects in Rancher, refer to [this page.](about-project-resource-quotas.md) ### Applying Resource Quotas to Existing Projects @@ -34,7 +34,7 @@ Edit resource quotas when: 1. Expand **Resource Quotas** and click **Add Resource**. Alternatively, you can edit existing quotas. -1. Select a Resource Type. For more information on types, see the [quota type reference.](../how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/resource-quota-types.md) +1. Select a Resource Type. For more information on types, see the [quota type reference.](resource-quota-types.md) 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/manage-projects.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md similarity index 53% rename from versioned_docs/version-2.6/pages-for-subheaders/manage-projects.md rename to versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md index fdb12ee544c..3d606e52911 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/manage-projects.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/manage-projects/manage-projects.md @@ -19,19 +19,19 @@ Rancher projects resolve this issue by allowing you to apply resources and acces You can use projects to perform actions like: -- [Assign users access to a group of namespaces](../how-to-guides/new-user-guides/add-users-to-projects.md) -- Assign users [specific roles in a project](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). A role can be owner, member, read-only, or [custom](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md) -- [Set resource quotas](manage-project-resource-quotas.md) -- [Manage namespaces](../how-to-guides/new-user-guides/manage-namespaces.md) -- [Configure tools](../reference-guides/rancher-project-tools.md) -- [Set up pipelines for continuous integration and deployment](../how-to-guides/advanced-user-guides/manage-projects/ci-cd-pipelines.md) -- [Configure pod security policies](../how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md) +- [Assign users access to a group of namespaces](../../new-user-guides/add-users-to-projects.md) +- Assign users [specific roles in a project](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). A role can be owner, member, read-only, or [custom](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md) +- [Set resource quotas](manage-project-resource-quotas/manage-project-resource-quotas.md) +- [Manage namespaces](../../new-user-guides/manage-namespaces.md) +- [Configure tools](../../../reference-guides/rancher-project-tools.md) +- [Set up pipelines for continuous integration and deployment](ci-cd-pipelines.md) +- [Configure pod security policies](manage-pod-security-policies.md) ### Authorization -Non-administrative users are only authorized for project access after an [administrator](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owner or member](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) adds them to the project's **Members** tab. +Non-administrative users are only authorized for project access after an [administrator](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owner or member](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owner](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) adds them to the project's **Members** tab. -Whoever creates the project automatically becomes a [project owner](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). +Whoever creates the project automatically becomes a [project owner](../../new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles). ## Switching between Projects diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/migrate-to-rancher-v2.5+-monitoring.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/migrate-to-rancher-v2.5+-monitoring.md index a2f266b875f..b9ded6feff5 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/migrate-to-rancher-v2.5+-monitoring.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/migrate-to-rancher-v2.5+-monitoring.md @@ -23,7 +23,7 @@ Unlike in Monitoring & Alerting V1, both features are packaged in a single Helm Monitoring V2 can only be configured on the cluster level. Project-level monitoring and alerting is no longer supported. -For more information on how to configure Monitoring & Alerting V2, see [this page.](../../../pages-for-subheaders/monitoring-v2-configuration-guides.md) +For more information on how to configure Monitoring & Alerting V2, see [this page.](../monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md) ## Changes to Role-based Access Control @@ -117,7 +117,7 @@ or add the Prometheus Rule through the Cluster Explorer ![](/img/monitoring/migration/alert_2.4_to_2.5_target.png) -For more details on how to configure PrometheusRules in Monitoring V2 see [Monitoring Configuration](../../../pages-for-subheaders/monitoring-v2-configuration-guides.md). +For more details on how to configure PrometheusRules in Monitoring V2 see [Monitoring Configuration](../monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md). ### Migrating Notifiers diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md new file mode 100644 index 00000000000..348cf62df1c --- /dev/null +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides.md @@ -0,0 +1,15 @@ +--- +title: Monitoring/Alerting Guides +--- + + + + + +- [Enable monitoring](enable-monitoring.md) +- [Uninstall monitoring](uninstall-monitoring.md) +- [Monitoring workloads](set-up-monitoring-for-workloads.md) +- [Customizing Grafana dashboards](customize-grafana-dashboard.md) +- [Persistent Grafana dashboards](create-persistent-grafana-dashboard.md) +- [Debugging high memory usage](debug-high-memory-usage.md) +- [Migrating from Monitoring V1 to V2](migrate-to-rancher-v2.5+-monitoring.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md new file mode 100644 index 00000000000..4651e682528 --- /dev/null +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides.md @@ -0,0 +1,12 @@ +--- +title: Prometheus Federator Guides +--- + + + + + +- [Enable Prometheus Operator](enable-prometheus-federator.md) +- [Uninstall Prometheus Operator](uninstall-prometheus-federator.md) +- [Customize Grafana Dashboards](customize-grafana-dashboards.md) +- [Set Up Workloads](set-up-workloads.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/advanced-configuration.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md similarity index 51% rename from versioned_docs/version-2.6/pages-for-subheaders/advanced-configuration.md rename to versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md index 87efa2a0f9e..35de246d3de 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/advanced-configuration.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration.md @@ -8,12 +8,12 @@ title: Advanced Configuration ### Alertmanager -For information on configuring the Alertmanager custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +For information on configuring the Alertmanager custom resource, see [this page.](alertmanager.md) ### Prometheus -For information on configuring the Prometheus custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +For information on configuring the Prometheus custom resource, see [this page.](prometheus.md) ### PrometheusRules -For information on configuring the Prometheus custom resource, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) \ No newline at end of file +For information on configuring the Prometheus custom resource, see [this page.](prometheusrules.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/monitoring-v2-configuration-guides.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md similarity index 74% rename from versioned_docs/version-2.6/pages-for-subheaders/monitoring-v2-configuration-guides.md rename to versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md index 61453b5a8cd..f400f720459 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/monitoring-v2-configuration-guides.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides.md @@ -12,7 +12,7 @@ For information on configuring custom scrape targets and rules for Prometheus, p ## Setting Resource Limits and Requests -The resource requests and limits for the monitoring application can be configured when installing `rancher-monitoring`. For more information about the default limits, see [this page.](../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) +The resource requests and limits for the monitoring application can be configured when installing `rancher-monitoring`. For more information about the default limits, see [this page.](../../../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) :::note @@ -29,11 +29,11 @@ Instead, to configure Prometheus to scrape custom metrics, you will only need to ### ServiceMonitor and PodMonitor Configuration -For details, see [this page.](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) +For details, see [this page.](../../../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) ### Advanced Prometheus Configuration -For more information about directly editing the Prometheus custom resource, which may be helpful in advanced use cases, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +For more information about directly editing the Prometheus custom resource, which may be helpful in advanced use cases, see [this page.](advanced-configuration/prometheus.md) ## Alertmanager Configuration @@ -41,15 +41,15 @@ The Alertmanager custom resource usually doesn't need to be edited directly. For Routes and receivers are part of the configuration of the alertmanager custom resource. In the Rancher UI, Routes and Receivers are not true custom resources, but pseudo-custom resources that the Prometheus Operator uses to synchronize your configuration with the Alertmanager custom resource. When routes and receivers are updated, the monitoring application will automatically update Alertmanager to reflect those changes. -For some advanced use cases, you may want to configure alertmanager directly. For more information, refer to [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +For some advanced use cases, you may want to configure alertmanager directly. For more information, refer to [this page.](advanced-configuration/alertmanager.md) ### Receivers -Receivers are used to set up notifications. For details on how to configure receivers, see [this page.](../reference-guides/monitoring-v2-configuration/receivers.md) +Receivers are used to set up notifications. For details on how to configure receivers, see [this page.](../../../reference-guides/monitoring-v2-configuration/receivers.md) ### Routes -Routes filter notifications before they reach receivers. Each route needs to refer to a receiver that has already been configured. For details on how to configure routes, see [this page.](../reference-guides/monitoring-v2-configuration/routes.md) +Routes filter notifications before they reach receivers. Each route needs to refer to a receiver that has already been configured. For details on how to configure routes, see [this page.](../../../reference-guides/monitoring-v2-configuration/routes.md) ### Advanced -For more information about directly editing the Alertmanager custom resource, which may be helpful in advanced use cases, see [this page.](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) \ No newline at end of file +For more information about directly editing the Alertmanager custom resource, which may be helpful in advanced use cases, see [this page.](advanced-configuration/alertmanager.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md index 90ba4bd4e8c..2369abe3948 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/open-ports-with-firewalld.md @@ -35,7 +35,7 @@ You can check the default firewall rules with this command: sudo iptables --list ``` -This section describes how to use `firewalld` to apply the [firewall port rules](../../pages-for-subheaders/installation-requirements.md#port-requirements) for nodes in a high-availability Rancher server cluster. +This section describes how to use `firewalld` to apply the [firewall port rules](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) for nodes in a high-availability Rancher server cluster. ## Prerequisite diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md index 7d803ff697e..59757908a7b 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md @@ -6,7 +6,7 @@ title: Tuning etcd for Large Installations -When Rancher is used to manage [a large infrastructure](../../pages-for-subheaders/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. +When Rancher is used to manage [a large infrastructure](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. The etcd data set is automatically cleaned up on a five minute interval by Kubernetes. There are situations, e.g. deployment thrashing, where enough events could be written to etcd and deleted before garbage collection occurs and cleans things up causing the keyspace to fill up. If you see `mvcc: database space exceeded` errors, in the etcd logs or Kubernetes API server logs, you should consider increasing the keyspace size. This can be accomplished by setting the [quota-backend-bytes](https://etcd.io/docs/v3.4.0/op-guide/maintenance/#space-quota) setting on the etcd servers. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md new file mode 100644 index 00000000000..6f6ed6821da --- /dev/null +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md @@ -0,0 +1,51 @@ +--- +title: About Provisioning Drivers +--- + + + + + +Drivers in Rancher allow you to manage which providers can be used to deploy [hosted Kubernetes clusters](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. + +### Rancher Drivers + +With Rancher drivers, you can enable/disable existing built-in drivers that are packaged in Rancher. Alternatively, you can add your own driver if Rancher has not yet implemented it. + +There are two types of drivers within Rancher: + +* [Cluster Drivers](#cluster-drivers) +* [Node Drivers](#node-drivers) + +### Cluster Drivers + +Cluster drivers are used to provision [hosted Kubernetes clusters](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md), such as GKE, EKS, AKS, etc.. The availability of which cluster driver to display when creating a cluster is defined based on the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters for hosted Kubernetes clusters. By default, Rancher is packaged with several existing cluster drivers, but you can also create custom cluster drivers to add to Rancher. + +By default, Rancher has activated several hosted Kubernetes cloud providers including: + +* [Amazon EKS](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) +* [Google GKE](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) +* [Azure AKS](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) + +There are several other hosted Kubernetes cloud providers that are disabled by default, but are packaged in Rancher: + +* [Alibaba ACK](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) +* [Huawei CCE](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) +* [Tencent](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) + +### Node Drivers + +Node drivers are used to provision hosts, which Rancher uses to launch and manage Kubernetes clusters. A node driver is the same as a [Docker Machine driver](https://docs.docker.com/machine/drivers/). The availability of which node driver to display when creating node templates is defined based on the node driver's status. Only `active` node drivers will be displayed as an option for creating node templates. By default, Rancher is packaged with many existing Docker Machine drivers, but you can also create custom node drivers to add to Rancher. + +If there are specific node drivers that you don't want to show to your users, you would need to de-activate these node drivers. + +Rancher supports several major cloud providers, but by default, these node drivers are active and available for deployment: + +* [Amazon EC2](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) +* [Azure](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md) +* [Digital Ocean](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md) +* [vSphere](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md) + +There are several other node drivers that are disabled by default, but are packaged in Rancher: + +* [Harvester](../../../../integrations-in-rancher/harvester.md#harvester-node-driver/), available in Rancher v2.6.1 diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md index 8d265e034f8..4e0819074a8 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers.md @@ -6,7 +6,7 @@ title: Cluster Drivers -Cluster drivers are used to create clusters in a [hosted Kubernetes provider](../../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md), such as Google GKE. The availability of which cluster driver to display when creating clusters is defined by the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters. By default, Rancher is packaged with several existing cloud provider cluster drivers, but you can also add custom cluster drivers to Rancher. +Cluster drivers are used to create clusters in a [hosted Kubernetes provider](../../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md), such as Google GKE. The availability of which cluster driver to display when creating clusters is defined by the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters. By default, Rancher is packaged with several existing cloud provider cluster drivers, but you can also add custom cluster drivers to Rancher. If there are specific cluster drivers that you do not want to show your users, you may deactivate those cluster drivers within Rancher and they will not appear as an option for cluster creation. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/about-rke1-templates.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md similarity index 58% rename from versioned_docs/version-2.6/pages-for-subheaders/about-rke1-templates.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md index 601a622a581..eab13feb274 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/about-rke1-templates.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates.md @@ -18,7 +18,7 @@ Admins control which cluster options can be changed by end users. RKE templates If a cluster was created with an RKE template, you can't change it to a different RKE template. You can only update the cluster to a new revision of the same template. -You can [save the configuration of an existing cluster as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. The new template can also be used to launch new clusters. +You can [save the configuration of an existing cluster as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. The new template can also be used to launch new clusters. The core features of RKE templates allow DevOps and security teams to: @@ -49,24 +49,24 @@ The [add-on section](#add-ons) of an RKE template is especially powerful because RKE templates are supported for Rancher-provisioned clusters. The templates can be used to provision custom clusters or clusters that are launched by an infrastructure provider. -RKE templates are for defining Kubernetes and Rancher settings. Node templates are responsible for configuring nodes. For tips on how to use RKE templates in conjunction with hardware, refer to [RKE Templates and Hardware](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md). +RKE templates are for defining Kubernetes and Rancher settings. Node templates are responsible for configuring nodes. For tips on how to use RKE templates in conjunction with hardware, refer to [RKE Templates and Hardware](infrastructure.md). RKE templates can be created from scratch to pre-define cluster configuration. They can be applied to launch new clusters, or templates can also be exported from existing running clusters. -The settings of an existing cluster can be [saved as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) This creates a new template and binds the cluster settings to the template, so that the cluster can only be upgraded if the [template is updated](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#updating-a-template), and the cluster is upgraded to [use a newer version of the template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) The new template can also be used to create new clusters. +The settings of an existing cluster can be [saved as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) This creates a new template and binds the cluster settings to the template, so that the cluster can only be upgraded if the [template is updated](manage-rke1-templates.md#updating-a-template), and the cluster is upgraded to [use a newer version of the template.](manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) The new template can also be used to create new clusters. ## Example Scenarios When an organization has both basic and advanced Rancher users, administrators might want to give the advanced users more options for cluster creation, while restricting the options for basic users. -These [example scenarios](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md) describe how an organization could use templates to standardize cluster creation. +These [example scenarios](example-use-cases.md) describe how an organization could use templates to standardize cluster creation. Some of the example scenarios include the following: -- **Enforcing templates:** Administrators might want to [enforce one or more template settings for everyone](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#enforcing-a-template-setting-for-everyone) if they want all new Rancher-provisioned clusters to have those settings. -- **Sharing different templates with different users:** Administrators might give [different templates to basic and advanced users,](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#templates-for-basic-and-advanced-users) so that basic users can have more restricted options and advanced users can use more discretion when creating clusters. -- **Updating template settings:** If an organization's security and DevOps teams decide to embed best practices into the required settings for new clusters, those best practices could change over time. If the best practices change, [a template can be updated to a new revision](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#updating-templates-and-clusters-created-with-them) and clusters created from the template can [upgrade to the new version](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) of the template. -- **Sharing ownership of a template:** When a template owner no longer wants to maintain a template, or wants to share ownership of the template, this scenario describes how [template ownership can be shared.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/example-use-cases.md#allowing-other-users-to-control-and-share-a-template) +- **Enforcing templates:** Administrators might want to [enforce one or more template settings for everyone](example-use-cases.md#enforcing-a-template-setting-for-everyone) if they want all new Rancher-provisioned clusters to have those settings. +- **Sharing different templates with different users:** Administrators might give [different templates to basic and advanced users,](example-use-cases.md#templates-for-basic-and-advanced-users) so that basic users can have more restricted options and advanced users can use more discretion when creating clusters. +- **Updating template settings:** If an organization's security and DevOps teams decide to embed best practices into the required settings for new clusters, those best practices could change over time. If the best practices change, [a template can be updated to a new revision](example-use-cases.md#updating-templates-and-clusters-created-with-them) and clusters created from the template can [upgrade to the new version](manage-rke1-templates.md#upgrading-a-cluster-to-use-a-new-template-revision) of the template. +- **Sharing ownership of a template:** When a template owner no longer wants to maintain a template, or wants to share ownership of the template, this scenario describes how [template ownership can be shared.](example-use-cases.md#allowing-other-users-to-control-and-share-a-template) ## Template Management @@ -82,34 +82,34 @@ For the settings that cannot be overridden, the end user will not be able to dir The documents in this section explain the details of RKE template management: -- [Getting permission to create templates](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/creator-permissions.md) -- [Creating and revising templates](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md) -- [Enforcing template settings](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/enforce-templates.md#requiring-new-clusters-to-use-an-rke-template) -- [Overriding template settings](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/override-template-settings.md) -- [Sharing templates with cluster creators](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) -- [Sharing ownership of a template](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md#sharing-ownership-of-templates) +- [Getting permission to create templates](creator-permissions.md) +- [Creating and revising templates](manage-rke1-templates.md) +- [Enforcing template settings](enforce-templates.md#requiring-new-clusters-to-use-an-rke-template) +- [Overriding template settings](override-template-settings.md) +- [Sharing templates with cluster creators](access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) +- [Sharing ownership of a template](access-or-share-templates.md#sharing-ownership-of-templates) -An [example YAML configuration file for a template](../reference-guides/rke1-template-example-yaml.md) is provided for reference. +An [example YAML configuration file for a template](../../../../reference-guides/rke1-template-example-yaml.md) is provided for reference. ## Applying Templates -You can [create a cluster from a template](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#creating-a-cluster-from-an-rke-template) that you created, or from a template that has been [shared with you.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/access-or-share-templates.md) +You can [create a cluster from a template](apply-templates.md#creating-a-cluster-from-an-rke-template) that you created, or from a template that has been [shared with you.](access-or-share-templates.md) -If the RKE template owner creates a new revision of the template, you can [upgrade your cluster to that revision.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#updating-a-cluster-created-with-an-rke-template) +If the RKE template owner creates a new revision of the template, you can [upgrade your cluster to that revision.](apply-templates.md#updating-a-cluster-created-with-an-rke-template) RKE templates can be created from scratch to pre-define cluster configuration. They can be applied to launch new clusters, or templates can also be exported from existing running clusters. -You can [save the configuration of an existing cluster as an RKE template.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. +You can [save the configuration of an existing cluster as an RKE template.](apply-templates.md#converting-an-existing-cluster-to-use-an-rke-template) Then the cluster's settings can only be changed if the template is updated. ## Standardizing Hardware -RKE templates are designed to standardize Kubernetes and Rancher settings. If you want to standardize your infrastructure as well, one option is to use RKE templates [in conjunction with other tools](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md). +RKE templates are designed to standardize Kubernetes and Rancher settings. If you want to standardize your infrastructure as well, one option is to use RKE templates [in conjunction with other tools](infrastructure.md). -Another option is to use [cluster templates,](../how-to-guides/new-user-guides/manage-clusters/manage-cluster-templates.md) which include node pool configuration options, but don't provide configuration enforcement. +Another option is to use [cluster templates,](../../manage-clusters/manage-cluster-templates.md) which include node pool configuration options, but don't provide configuration enforcement. ## YAML Customization -If you define an RKE template as a YAML file, you can modify this [example RKE template YAML](../reference-guides/rke1-template-example-yaml.md). The YAML in the RKE template uses the same customization that Rancher uses when creating an RKE cluster, but since the YAML is located within the context of a Rancher provisioned cluster, you will need to nest the RKE template customization under the `rancher_kubernetes_engine_config` directive in the YAML. +If you define an RKE template as a YAML file, you can modify this [example RKE template YAML](../../../../reference-guides/rke1-template-example-yaml.md). The YAML in the RKE template uses the same customization that Rancher uses when creating an RKE cluster, but since the YAML is located within the context of a Rancher provisioned cluster, you will need to nest the RKE template customization under the `rancher_kubernetes_engine_config` directive in the YAML. The RKE documentation also has [annotated](https://rancher.com/docs/rke/latest/en/example-yamls/) `cluster.yml` files that you can use for reference. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md index 1818e9076ff..7f95ca305be 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/apply-templates.md @@ -17,7 +17,7 @@ You can't change a cluster to use a different RKE template. You can only update ### Creating a Cluster from an RKE Template -To add a cluster [hosted by an infrastructure provider](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) using an RKE template, use these steps: +To add a cluster [hosted by an infrastructure provider](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) using an RKE template, use these steps: 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create** and choose the infrastructure provider. @@ -31,7 +31,7 @@ To add a cluster [hosted by an infrastructure provider](../../../../pages-for-su When the template owner creates a template, each setting has a switch in the Rancher UI that indicates if users can override the setting. -- If the setting allows a user override, you can update these settings in the cluster by [editing the cluster.](../../../../pages-for-subheaders/cluster-configuration.md) +- If the setting allows a user override, you can update these settings in the cluster by [editing the cluster.](../../../../reference-guides/cluster-configuration/cluster-configuration.md) - If the switch is turned off, you cannot change these settings unless the cluster owner creates a template revision that lets you override them. If there are settings that you want to change, but don't have the option to, you will need to contact the template owner to get a new revision of the template. If a cluster was created from an RKE template, you can edit the cluster to update the cluster to a new revision of the template. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md index 0b2b6f8b8eb..54a2897d38c 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/infrastructure.md @@ -58,7 +58,7 @@ When you need to make changes to your infrastructure, instead of manually updati This section describes one way that you can make security and compliance-related config files standard in your clusters. -When you create a [CIS benchmark compliant cluster,](../../../../pages-for-subheaders/rancher-security.md) you have an encryption config file and an audit log config file. +When you create a [CIS benchmark compliant cluster,](../../../../reference-guides/rancher-security/rancher-security.md) you have an encryption config file and an audit log config file. Your infrastructure provisioning system can write those files to disk. Then in your RKE template, you would specify where those files will be, then add your encryption config file and audit log config file as extra mounts to the `kube-api-server`. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md index e9eac6fe7f6..6e8c75fe8d7 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/manage-rke1-templates.md @@ -30,7 +30,7 @@ You can revise, share, and delete a template if you are an owner of the template 1. Optional: Share the template with other users or groups by [adding them as members.](access-or-share-templates.md#sharing-templates-with-specific-users-or-groups) You can also make the template public to share with everyone in the Rancher setup. 1. Then follow the form on screen to save the cluster configuration parameters as part of the template's revision. The revision can be marked as default for this template. -**Result:** An RKE template with one revision is configured. You can use this RKE template revision later when you [provision a Rancher-launched cluster](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). After a cluster is managed by an RKE template, it cannot be disconnected and the option to uncheck **Use an existing RKE Template and Revision** will be unavailable. +**Result:** An RKE template with one revision is configured. You can use this RKE template revision later when you [provision a Rancher-launched cluster](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). After a cluster is managed by an RKE template, it cannot be disconnected and the option to uncheck **Use an existing RKE Template and Revision** will be unavailable. ### Updating a Template diff --git a/versioned_docs/version-2.6/pages-for-subheaders/authentication-config.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md similarity index 78% rename from versioned_docs/version-2.6/pages-for-subheaders/authentication-config.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md index a864baf42b9..6278f99fd5a 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/authentication-config.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md @@ -17,26 +17,26 @@ The Rancher authentication proxy integrates with the following external authenti | Auth Service | | ------------------------------------------------------------------------------------------------ | -| [Microsoft Active Directory](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md) | -| [GitHub](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md) | -| [Microsoft Azure AD](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md) | -| [FreeIPA](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md) | -| [OpenLDAP](configure-openldap.md) | -| [Microsoft AD FS](configure-microsoft-ad-federation-service-saml.md) | -| [PingIdentity](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-pingidentity.md) | -| [Keycloak (OIDC)](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-oidc.md) | -| [Keycloak (SAML)](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-saml.md) | -| [Okta](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml.md) | -| [Google OAuth](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-google-oauth.md) | -| [Shibboleth](configure-shibboleth-saml.md) | +| [Microsoft Active Directory](configure-active-directory.md) | +| [GitHub](configure-github.md) | +| [Microsoft Azure AD](configure-azure-ad.md) | +| [FreeIPA](configure-freeipa.md) | +| [OpenLDAP](../configure-openldap/configure-openldap.md) | +| [Microsoft AD FS](../configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md) | +| [PingIdentity](configure-pingidentity.md) | +| [Keycloak (OIDC)](configure-keycloak-oidc.md) | +| [Keycloak (SAML)](configure-keycloak-saml.md) | +| [Okta](configure-okta-saml.md) | +| [Google OAuth](configure-google-oauth.md) | +| [Shibboleth](../configure-shibboleth-saml/configure-shibboleth-saml.md) | -However, Rancher also provides [local authentication](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/create-local-users.md). +However, Rancher also provides [local authentication](create-local-users.md). In most cases, you should use an external authentication service over local authentication, as external authentication allows user management from a central location. However, you may want a few local authentication users for managing Rancher under rare circumstances, such as if your external authentication provider is unavailable or undergoing maintenance. ## Users and Groups -Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When authenticating with an external provider, groups are provided from the external provider based on the user. These users and groups are given specific roles to resources like clusters, projects, multi-cluster apps, and global DNS providers and entries. When you give access to a group, all users who are a member of that group in the authentication provider will be able to access the resource with the permissions that you've specified. For more information on roles and permissions, see [Role Based Access Control](manage-role-based-access-control-rbac.md). +Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When authenticating with an external provider, groups are provided from the external provider based on the user. These users and groups are given specific roles to resources like clusters, projects, multi-cluster apps, and global DNS providers and entries. When you give access to a group, all users who are a member of that group in the authentication provider will be able to access the resource with the permissions that you've specified. For more information on roles and permissions, see [Role Based Access Control](../manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). :::note @@ -44,7 +44,7 @@ Local authentication does not support creating or managing groups. ::: -For more information, see [Users and Groups](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md) +For more information, see [Users and Groups](manage-users-and-groups.md) ## Scope of Rancher Authorization diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md index 10614f07c6e..c98a89864fa 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory.md @@ -8,11 +8,11 @@ title: Configure Active Directory (AD) If your organization uses Microsoft Active Directory as central user repository, you can configure Rancher to communicate with an Active Directory server to authenticate users. This allows Rancher admins to control access to clusters and projects based on users and groups managed externally in the Active Directory, while allowing end-users to authenticate with their AD credentials when logging in to the Rancher UI. -Rancher uses LDAP to communicate with the Active Directory server. The authentication flow for Active Directory is therefore the same as for the [OpenLDAP authentication](../../../../pages-for-subheaders/configure-openldap.md) integration. +Rancher uses LDAP to communicate with the Active Directory server. The authentication flow for Active Directory is therefore the same as for the [OpenLDAP authentication](../configure-openldap/configure-openldap.md) integration. :::note -Before you start, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +Before you start, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md index 3690f51008e..94ca0e5b46b 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad.md @@ -331,7 +331,7 @@ Token Endpoint | https://login.partner.microsoftonline.cn/{tenantID}/oauth2/v2 > >- If you don't wish to upgrade to v2.6.7+ after the Azure AD Graph API is retired, you'll need to either: - Use the built-in Rancher auth or - - Use another third-party auth system and set that up in Rancher. Please see the [authentication docs](../../../../pages-for-subheaders/authentication-config.md) to learn how to configure other open authentication providers. + - Use another third-party auth system and set that up in Rancher. Please see the [authentication docs](authentication-config.md) to learn how to configure other open authentication providers.     diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md index 0fe6995d4ae..1b1526bca7d 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa.md @@ -12,7 +12,7 @@ If your organization uses FreeIPA for user authentication, you can configure Ran - You must have a [FreeIPA Server](https://www.freeipa.org/) configured. - Create a service account in FreeIPA with `read-only` access. Rancher uses this account to verify group membership when a user makes a request using an API key. -- Read [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +- Read [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md index 960d968de8d..c36d087ab5d 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github.md @@ -10,7 +10,7 @@ In environments using GitHub, you can configure Rancher to allow sign on using G :::note Prerequisites: -Read [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +Read [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md index 38fc2a6403c..ec39be1f01b 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md @@ -8,7 +8,7 @@ title: Users and Groups Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When you configure an external authentication provider, users from that provider will be able to log in to your Rancher server. When a user logs in, the authentication provider will supply your Rancher server with a list of groups to which the user belongs. -Access to clusters, projects, multi-cluster apps, and global DNS providers and entries can be controlled by adding either individual users or groups to these resources. When you add a group to a resource, all users who are members of that group in the authentication provider, will be able to access the resource with the permissions that you've specified for the group. For more information on roles and permissions, see [Role Based Access Control](../../../../pages-for-subheaders/manage-role-based-access-control-rbac.md). +Access to clusters, projects, multi-cluster apps, and global DNS providers and entries can be controlled by adding either individual users or groups to these resources. When you add a group to a resource, all users who are members of that group in the authentication provider, will be able to access the resource with the permissions that you've specified for the group. For more information on roles and permissions, see [Role Based Access Control](../manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). ## Managing Members diff --git a/versioned_docs/version-2.6/pages-for-subheaders/authentication-permissions-and-global-configuration.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md similarity index 65% rename from versioned_docs/version-2.6/pages-for-subheaders/authentication-permissions-and-global-configuration.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md index 2df94806af9..4623dd0c202 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/authentication-permissions-and-global-configuration.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration.md @@ -6,7 +6,7 @@ title: Authentication, Permissions and Global Configuration -After installation, the [system administrator](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md) should configure Rancher to configure authentication, authorization, security, default settings, security policies, drivers and global DNS entries. +After installation, the [system administrator](manage-role-based-access-control-rbac/global-permissions.md) should configure Rancher to configure authentication, authorization, security, default settings, security policies, drivers and global DNS entries. ## First Log In @@ -22,36 +22,36 @@ After you set the Rancher Server URL, we do not support updating it. Set the URL One of the key features that Rancher adds to Kubernetes is centralized user authentication. This feature allows to set up local users and/or connect to an external authentication provider. By connecting to an external authentication provider, you can leverage that provider's user and groups. -For more information how authentication works and how to configure each provider, see [Authentication](authentication-config.md). +For more information how authentication works and how to configure each provider, see [Authentication](authentication-config/authentication-config.md). ## Authorization Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. Once the user logs in to Rancher, their _authorization_, or their access rights within the system, is determined by the user's role. Rancher provides built-in roles to allow you to easily configure a user's permissions to resources, but Rancher also provides the ability to customize the roles for each Kubernetes resource. -For more information how authorization works and how to customize roles, see [Roles Based Access Control (RBAC)](manage-role-based-access-control-rbac.md). +For more information how authorization works and how to customize roles, see [Roles Based Access Control (RBAC)](manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md). ## Pod Security Policies _Pod Security Policies_ (or PSPs) are objects that control security-sensitive aspects of pod specification, e.g. root privileges. If a pod does not meet the conditions specified in the PSP, Kubernetes will not allow it to start, and Rancher will display an error message. -For more information how to create and use PSPs, see [Pod Security Policies](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md). +For more information how to create and use PSPs, see [Pod Security Policies](create-pod-security-policies.md). ## Provisioning Drivers -Drivers in Rancher allow you to manage which providers can be used to provision [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. +Drivers in Rancher allow you to manage which providers can be used to provision [hosted Kubernetes clusters](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. -For more information, see [Provisioning Drivers](about-provisioning-drivers.md). +For more information, see [Provisioning Drivers](about-provisioning-drivers/about-provisioning-drivers.md). ## Adding Kubernetes Versions into Rancher With this feature, you can upgrade to the latest version of Kubernetes as soon as it is released, without upgrading Rancher. This feature allows you to easily upgrade Kubernetes patch versions (i.e. `v1.15.X`), but not intended to upgrade Kubernetes minor versions (i.e. `v1.X.0`) as Kubernetes tends to deprecate or add APIs between minor versions. -The information that Rancher uses to provision [RKE clusters](launch-kubernetes-with-rancher.md) is now located in the Rancher Kubernetes Metadata. For details on metadata configuration and how to change the Kubernetes version used for provisioning RKE clusters, see [Rancher Kubernetes Metadata.](../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md) +The information that Rancher uses to provision [RKE clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) is now located in the Rancher Kubernetes Metadata. For details on metadata configuration and how to change the Kubernetes version used for provisioning RKE clusters, see [Rancher Kubernetes Metadata.](../../../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md) -Rancher Kubernetes Metadata contains Kubernetes version information which Rancher uses to provision [RKE clusters](launch-kubernetes-with-rancher.md). +Rancher Kubernetes Metadata contains Kubernetes version information which Rancher uses to provision [RKE clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). -For more information on how metadata works and how to configure metadata config, see [Rancher Kubernetes Metadata](../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md). +For more information on how metadata works and how to configure metadata config, see [Rancher Kubernetes Metadata](../../../getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md). ## Enabling Experimental Features -Rancher includes some features that are experimental and disabled by default. Feature flags were introduced to allow you to try these features. For more information, refer to the section about [feature flags.](enable-experimental-features.md) +Rancher includes some features that are experimental and disabled by default. Feature flags were introduced to allow you to try these features. For more information, refer to the section about [feature flags.](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md similarity index 76% rename from versioned_docs/version-2.6/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md index 8662bf782fb..e10056cc0ae 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml.md @@ -24,8 +24,8 @@ You must have a [Microsoft AD FS Server](https://docs.microsoft.com/en-us/window Setting up Microsoft AD FS with Rancher Server requires configuring AD FS on your Active Directory server, and configuring Rancher to utilize your AD FS server. The following pages serve as guides for setting up Microsoft AD FS authentication on your Rancher installation. -- [1. Configuring Microsoft AD FS for Rancher](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) -- [2. Configuring Rancher for Microsoft AD FS](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-rancher-for-ms-adfs.md) +- [1. Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md) +- [2. Configuring Rancher for Microsoft AD FS](configure-rancher-for-ms-adfs.md) :::note SAML Provider Caveats: @@ -37,4 +37,4 @@ Setting up Microsoft AD FS with Rancher Server requires configuring AD FS on you ::: -### [Next: Configuring Microsoft AD FS for Rancher](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) +### [Next: Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/configure-openldap.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md similarity index 90% rename from versioned_docs/version-2.6/pages-for-subheaders/configure-openldap.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md index 9eb5fc7db2a..9285e08ef8b 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/configure-openldap.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap.md @@ -18,9 +18,9 @@ Rancher must be configured with a LDAP bind account (aka service account) to sea ## Configure OpenLDAP in Rancher -Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md) +Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](openldap-config-reference.md) -> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). 1. In the top left corner, click **☰ > Users & Authentication**. 1. In the left navigation menu, click **Auth Provider**. @@ -53,4 +53,4 @@ You will still be able to login using the locally configured `admin` account and ## Annex: Troubleshooting -If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. +If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../../../../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md index bd6f5454ba2..54d62bb9dd1 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md @@ -8,7 +8,7 @@ title: OpenLDAP Configuration Reference For further details on configuring OpenLDAP authentication, refer to the [official documentation.](https://www.openldap.org/doc/) -> Before you proceed with the configuration, please familiarize yourself with the concepts of [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarize yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). ## Background: OpenLDAP Authentication Flow diff --git a/versioned_docs/version-2.6/pages-for-subheaders/configure-shibboleth-saml.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md similarity index 91% rename from versioned_docs/version-2.6/pages-for-subheaders/configure-shibboleth-saml.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md index 1dd59a2a807..a72b36e3120 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/configure-shibboleth-saml.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml.md @@ -8,7 +8,7 @@ In this configuration, when Rancher users log in, they will be redirected to the If you also configure OpenLDAP as the back end to Shibboleth, it will return a SAML assertion to Rancher with user attributes that include groups. Then the authenticated user will be able to access resources in Rancher that their groups have permissions for. -> The instructions in this section assume that you understand how Rancher, Shibboleth, and OpenLDAP work together. For a more detailed explanation of how it works, refer to [this page.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/about-group-permissions.md) +> The instructions in this section assume that you understand how Rancher, Shibboleth, and OpenLDAP work together. For a more detailed explanation of how it works, refer to [this page.](about-group-permissions.md) ## Setting up Shibboleth in Rancher @@ -87,9 +87,9 @@ Rancher must be configured with a LDAP bind account (aka service account) to sea ### Configure OpenLDAP in Rancher -Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference.md) Note that nested group membership is not available for Shibboleth. +Configure the settings for the OpenLDAP server, groups and users. For help filling out each field, refer to the [configuration reference.](../configure-openldap/openldap-config-reference.md) Note that nested group membership is not available for Shibboleth. -> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](authentication-config.md#external-authentication-configuration-and-principal-users). +> Before you proceed with the configuration, please familiarise yourself with the concepts of [External Authentication Configuration and Principal Users](../authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). 1. Log into the Rancher UI using the initial local `admin` account. 1. In the top left corner, click **☰ > Users & Authentication**. @@ -98,4 +98,4 @@ Configure the settings for the OpenLDAP server, groups and users. For help filli ## Troubleshooting -If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. +If you are experiencing issues while testing the connection to the OpenLDAP server, first double-check the credentials entered for the service account as well as the search base configuration. You may also inspect the Rancher logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the error. Please refer to [How can I enable debug logging](../../../../faq/technical-items.md#how-can-i-enable-debug-logging) in this documentation. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md index 06e6b582942..b9214b0f852 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md @@ -50,9 +50,9 @@ Using Rancher, you can create a Pod Security Policy using our GUI rather than cr ### Requirements -Rancher can only assign PSPs for clusters that are [launched using RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +Rancher can only assign PSPs for clusters that are [launched using RKE](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). -You must enable PSPs at the cluster level before you can assign them to a project. This can be configured by [editing the cluster](../../../pages-for-subheaders/cluster-configuration.md). +You must enable PSPs at the cluster level before you can assign them to a project. This can be configured by [editing the cluster](../../../reference-guides/cluster-configuration/cluster-configuration.md). It is a best practice to set PSP at the cluster level. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md index 20f234bff41..d486109c992 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry.md @@ -12,7 +12,7 @@ There are two main ways to set up private registries in Rancher: by setting up t This section is about configuring the global default private registry, and focuses on how to configure the registry from the Rancher UI after Rancher is installed. -For instructions on setting up a private registry with command line options during the installation of Rancher, refer to the [air-gapped installation guide](../../../pages-for-subheaders/air-gapped-helm-cli-install.md). +For instructions on setting up a private registry with command line options during the installation of Rancher, refer to the [air-gapped installation guide](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md). If your private registry requires credentials, it cannot be used as the default registry. There is no global way to set up a private registry with authorization for every Rancher-provisioned cluster. Therefore, if you want a Rancher-provisioned cluster to pull images from a private registry with credentials, you will have to [pass in the registry credentials through the advanced cluster options](#setting-a-private-registry-with-credentials-when-deploying-a-cluster) every time you create a new cluster. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md index de61e0f4fb7..5e9c6c7a96d 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/custom-roles.md @@ -102,7 +102,7 @@ If a user is removed from the external authentication provider group, they would You can only assign a global role to a group if: -* You have set up an [external authentication provider](../../../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication) +* You have set up an [external authentication provider](../authentication-config/authentication-config.md#external-vs-local-authentication) * The external authentication provider supports [user groups](../../authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups.md) * You have already set up at least one user group with the authentication provider diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md index 8c6e329ca7a..77dcfc217a9 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md @@ -130,7 +130,7 @@ You can [assign a role to everyone in the group at the same time](#configuring-g Using custom permissions is convenient for providing users with narrow or specialized access to Rancher. -When a user from an [external authentication source](../../../../pages-for-subheaders/authentication-config.md) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in for the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters. +When a user from an [external authentication source](../authentication-config/authentication-config.md) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in for the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters. However, in some organizations, these permissions may extend too much access. Rather than assigning users the default global permissions of `Administrator` or `Standard User`, you can assign them a more restrictive set of custom global permissions. @@ -221,7 +221,7 @@ If a user is removed from the external authentication provider group, they would You can only assign a global role to a group if: -* You have set up an [external authentication provider](../../../../pages-for-subheaders/authentication-config.md#external-vs-local-authentication) +* You have set up an [external authentication provider](../authentication-config/authentication-config.md#external-vs-local-authentication) * The external authentication provider supports [user groups](../authentication-config/manage-users-and-groups.md) * You have already set up at least one user group with the authentication provider diff --git a/versioned_docs/version-2.6/pages-for-subheaders/manage-role-based-access-control-rbac.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md similarity index 73% rename from versioned_docs/version-2.6/pages-for-subheaders/manage-role-based-access-control-rbac.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md index 3bb5d0170c6..82038ecfc7e 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/manage-role-based-access-control-rbac.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md @@ -6,7 +6,7 @@ title: Managing Role-Based Access Control (RBAC) -Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. As mentioned in [Authentication](authentication-config.md), users can either be local or external. +Within Rancher, each person authenticates as a _user_, which is a login that grants you access to Rancher. As mentioned in [Authentication](../authentication-config/authentication-config.md), users can either be local or external. After you configure external authentication, the users that display on the **Users** page changes. @@ -18,11 +18,11 @@ After you configure external authentication, the users that display on the **Use Once the user logs in to Rancher, their _authorization_, or their access rights within the system, is determined by _global permissions_, and _cluster and project roles_. -- [Global Permissions](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md): +- [Global Permissions](global-permissions.md): Define user authorization outside the scope of any particular cluster. -- [Cluster and Project Roles](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md): +- [Cluster and Project Roles](cluster-and-project-roles.md): Define user authorization inside the specific cluster or project where they are assigned the role. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md index 6b014a46ff2..669c5083582 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md @@ -6,7 +6,7 @@ title: Backing up a Cluster -In the Rancher UI, etcd backup and recovery for [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) can be easily performed. +In the Rancher UI, etcd backup and recovery for [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) can be easily performed. Rancher recommends configuring recurrent `etcd` snapshots for all production clusters. Additionally, one-time snapshots can easily be taken as well. @@ -72,7 +72,7 @@ On restore, the following process is used: Select how often you want recurring snapshots to be taken as well as how many snapshots to keep. The amount of time is measured in hours. With timestamped snapshots, the user has the ability to do a point-in-time recovery. -By default, [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk). To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. +By default, [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) are configured to take recurring snapshots (saved to local disk). To protect against local disk failure, using the [S3 Target](#s3-backup-target) or replicating the path on disk is advised. During cluster provisioning or editing the cluster, the configuration for snapshots can be found in the advanced section for **Cluster Options**. Click on **Show advanced options**. @@ -104,7 +104,7 @@ Rancher supports two different backup targets: ### Local Backup Target -By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) in `/opt/rke/etcd-snapshots`. All recurring snapshots are taken at configured intervals. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. +By default, the `local` backup target is selected. The benefits of this option is that there is no external configuration. Snapshots are automatically saved locally to the etcd nodes in the [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) in `/opt/rke/etcd-snapshots`. All recurring snapshots are taken at configured intervals. The downside of using the `local` backup target is that if there is a total disaster and _all_ etcd nodes are lost, there is no ability to restore the cluster. ### S3 Backup Target @@ -152,4 +152,4 @@ This option is not available directly in the UI, and is only available through t ## Enabling Snapshot Features for Clusters Created Before Rancher v2.2.0 -If you have any Rancher launched Kubernetes clusters that were created before v2.2.0, after upgrading Rancher, you must [edit the cluster](../../../pages-for-subheaders/cluster-configuration.md) and _save_ it, in order to enable the updated snapshot features. Even if you were already creating snapshots before v2.2.0, you must do this step as the older snapshots will not be available to use to [back up and restore etcd through the UI](restore-rancher-launched-kubernetes-clusters-from-backup.md). +If you have any Rancher launched Kubernetes clusters that were created before v2.2.0, after upgrading Rancher, you must [edit the cluster](../../../reference-guides/cluster-configuration/cluster-configuration.md) and _save_ it, in order to enable the updated snapshot features. Even if you were already creating snapshots before v2.2.0, you must do this step as the older snapshots will not be available to use to [back up and restore etcd through the UI](restore-rancher-launched-kubernetes-clusters-from-backup.md). diff --git a/versioned_docs/version-2.6/pages-for-subheaders/backup-restore-and-disaster-recovery.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md similarity index 75% rename from versioned_docs/version-2.6/pages-for-subheaders/backup-restore-and-disaster-recovery.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md index c9ba92fb3e5..2384c8723f5 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/backup-restore-and-disaster-recovery.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery.md @@ -16,7 +16,7 @@ The backup-restore operator needs to be installed in the local cluster, and only ## Backup and Restore for Rancher installed with Docker -For Rancher installed with Docker, refer to [this page](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-docker-installed-rancher.md) to perform backups and [this page](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-docker-installed-rancher.md) to perform restores. +For Rancher installed with Docker, refer to [this page](back-up-docker-installed-rancher.md) to perform backups and [this page](restore-docker-installed-rancher.md) to perform restores. ## How Backups and Restores Work @@ -38,7 +38,7 @@ The Backup and Restore custom resources can be created in the Rancher UI, or by :::note -Refer [here](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md#2-restore-from-backup-using-a-restore-custom-resource) for help on restoring an existing backup file into a v1.22 cluster in Rancher v2.6.3. +Refer [here](migrate-rancher-to-new-cluster.md#2-restore-from-backup-using-a-restore-custom-resource) for help on restoring an existing backup file into a v1.22 cluster in Rancher v2.6.3. ::: @@ -48,7 +48,7 @@ The `rancher-backup` operator can be installed from the Rancher UI, or with the :::note -There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer [here](./fleet-gitops-at-scale.md#troubleshooting) for a workaround. +There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer [here](../../../integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md#troubleshooting) for a workaround. ::: @@ -62,7 +62,7 @@ There is a known issue in Fleet that occurs after performing a restoration using 1. In the left navigation bar, **Apps > Charts**. 1. Click **Rancher Backups**. 1. Click **Install**. -1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../reference-guides/backup-restore-configuration/storage-configuration.md) +1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../../../reference-guides/backup-restore-configuration/storage-configuration.md) 1. Click **Install**. @@ -73,7 +73,7 @@ There is a known issue in Fleet that occurs after performing a restoration using 1. In the left navigation bar, **Apps & Marketplace > Charts**. 1. Click **Rancher Backups**. 1. Click **Install**. -1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../reference-guides/backup-restore-configuration/storage-configuration.md) +1. Optional: Configure the default storage location. For help, refer to the [configuration section.](../../../reference-guides/backup-restore-configuration/storage-configuration.md) 1. Click **Install**. @@ -96,22 +96,22 @@ Only the rancher admins and the local cluster’s cluster-owner can: ## Backing up Rancher -A backup is performed by creating a Backup custom resource. For a tutorial, refer to [this page.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher.md) +A backup is performed by creating a Backup custom resource. For a tutorial, refer to [this page.](back-up-rancher.md) ## Restoring Rancher -A restore is performed by creating a Restore custom resource. For a tutorial, refer to [this page.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher.md) +A restore is performed by creating a Restore custom resource. For a tutorial, refer to [this page.](restore-rancher.md) ## Migrating Rancher to a New Cluster -A migration is performed by following [these steps.](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md) +A migration is performed by following [these steps.](migrate-rancher-to-new-cluster.md) ## Default Storage Location Configuration Configure a storage location where all backups are saved by default. You will have the option to override this with each backup, but will be limited to using an S3-compatible or Minio object store. -For information on configuring these options, refer to [this page.](../reference-guides/backup-restore-configuration/storage-configuration.md) +For information on configuring these options, refer to [this page.](../../../reference-guides/backup-restore-configuration/storage-configuration.md) ### Example values.yaml for the rancher-backup Helm Chart -The example [values.yaml file](../reference-guides/backup-restore-configuration/storage-configuration.md#example-valuesyaml-for-the-rancher-backup-helm-chart) can be used to configure the `rancher-backup` operator when the Helm CLI is used to install it. +The example [values.yaml file](../../../reference-guides/backup-restore-configuration/storage-configuration.md#example-valuesyaml-for-the-rancher-backup-helm-chart) can be used to configure the `rancher-backup` operator when the Helm CLI is used to install it. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index aef2bca7ef5..a4d0f330927 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -158,7 +158,7 @@ Kubernetes v1.22, available as an experimental feature of v2.6.3, does not suppo ### 3. Install cert-manager -Follow the steps to [install cert-manager](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager) in the documentation about installing cert-manager on Kubernetes. +Follow the steps to [install cert-manager](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md#4-install-cert-manager) in the documentation about installing cert-manager on Kubernetes. ### 4. Bring up Rancher with Helm diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md index 5172998f9e1..2743c27e17b 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md @@ -6,7 +6,7 @@ title: Restoring a Cluster from Backup -Etcd backup and recovery for [Rancher launched Kubernetes clusters](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) can be easily performed. Snapshots of the etcd database are taken and saved either locally onto the etcd nodes or to a S3 compatible target. The advantages of configuring S3 is that if all etcd nodes are lost, your snapshot is saved remotely and can be used to restore the cluster. +Etcd backup and recovery for [Rancher launched Kubernetes clusters](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) can be easily performed. Snapshots of the etcd database are taken and saved either locally onto the etcd nodes or to a S3 compatible target. The advantages of configuring S3 is that if all etcd nodes are lost, your snapshot is saved remotely and can be used to restore the cluster. Rancher recommends enabling the [ability to set up recurring snapshots of etcd](back-up-rancher-launched-kubernetes-clusters.md#configuring-recurring-snapshots), but [one-time snapshots](back-up-rancher-launched-kubernetes-clusters.md#one-time-snapshots) can easily be taken as well. Rancher allows restore from [saved snapshots](#restoring-a-cluster-from-a-snapshot) or if you don't have any snapshots, you can still [restore etcd](#recovering-etcd-without-a-snapshot). @@ -74,8 +74,8 @@ If the group of etcd nodes loses quorum, the Kubernetes cluster will report a fa 5. Run the revised command. -6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster](../../../pages-for-subheaders/use-existing-nodes.md) and you want to reuse an old node, you are required to [clean up the nodes](../manage-clusters/clean-cluster-nodes.md) before attempting to add them back into a cluster. +6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) and you want to reuse an old node, you are required to [clean up the nodes](../manage-clusters/clean-cluster-nodes.md) before attempting to add them back into a cluster. ## Enabling Snapshot Features for Clusters Created Before Rancher v2.2.0 -If you have any Rancher launched Kubernetes clusters that were created before v2.2.0, after upgrading Rancher, you must [edit the cluster](../../../pages-for-subheaders/cluster-configuration.md) and _save_ it, in order to enable the updated snapshot features. Even if you were already creating snapshots before v2.2.0, you must do this step as the older snapshots will not be available to use to [back up and restore etcd through the UI](restore-rancher-launched-kubernetes-clusters-from-backup.md). +If you have any Rancher launched Kubernetes clusters that were created before v2.2.0, after upgrading Rancher, you must [edit the cluster](../../../reference-guides/cluster-configuration/cluster-configuration.md) and _save_ it, in order to enable the updated snapshot features. Even if you were already creating snapshots before v2.2.0, you must do this step as the older snapshots will not be available to use to [back up and restore etcd through the UI](restore-rancher-launched-kubernetes-clusters-from-backup.md). diff --git a/versioned_docs/version-2.6/pages-for-subheaders/deploy-apps-across-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md similarity index 72% rename from versioned_docs/version-2.6/pages-for-subheaders/deploy-apps-across-clusters.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md index 03fa1d1f586..3ac107d94a6 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/deploy-apps-across-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters.md @@ -12,10 +12,10 @@ Rancher offers several ways to deploy applications across clusters, depending on Rancher v2.5 introduced Fleet, a new way to deploy applications across clusters. -Continuous Delivery with Fleet is GitOps at scale. For more information, refer to the [Fleet section](../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md). +Continuous Delivery with Fleet is GitOps at scale. For more information, refer to the [Fleet section](fleet.md). ### Multi-cluster Apps In Rancher before v2.5, the multi-cluster apps feature was used to deploy applications across clusters. The multi-cluster apps feature is deprecated, but still available as a legacy feature. -See the [multi-cluster app documentation](../how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md) for more details. \ No newline at end of file +See the [multi-cluster app documentation](multi-cluster-apps.md) for more details. \ No newline at end of file diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md index 64c852c3629..61952f9dca3 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/deploy-apps-across-clusters/multi-cluster-apps.md @@ -62,7 +62,7 @@ In the **Upgrades** section, select the upgrade strategy to use, when you decide ### Roles -In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications](../../../pages-for-subheaders/helm-charts-in-rancher.md), that specific user's permissions are used for creation of all workloads/resources that is required by the app. +In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications](../helm-charts-in-rancher/helm-charts-in-rancher.md), that specific user's permissions are used for creation of all workloads/resources that is required by the app. For multi-cluster applications, the application is deployed by a _system user_ and is assigned as the creator of all underlying resources. A _system user_ is used instead of the actual user due to the fact that the actual user could be removed from one of the target projects. If the actual user was removed from one of the projects, then that user would no longer be able to manage the application for the other projects. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/helm-charts-in-rancher.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md similarity index 97% rename from versioned_docs/version-2.6/pages-for-subheaders/helm-charts-in-rancher.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md index 1169c0299da..1aa87914c9e 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/helm-charts-in-rancher.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md @@ -156,7 +156,7 @@ The upgrade button has been removed for legacy apps from the **Apps & Marketplac If you have a legacy app installed and want to upgrade it: -- The legacy [feature flag](enable-experimental-features.md) must be turned on (if it's not turned on automatically because of having a legacy app before upgrading) +- The legacy [feature flag](../../advanced-user-guides/enable-experimental-features/enable-experimental-features.md) must be turned on (if it's not turned on automatically because of having a legacy app before upgrading) - You can upgrade the app from cluster explorer, from the left nav section **Legacy > Project > Apps** - For multi-cluster apps, you can go to **≡ > Multi-cluster Apps** and upgrade the app from there diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md index c01c4af7823..7c7d1b10a15 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md @@ -10,7 +10,7 @@ This tutorial is intended to help you provision the underlying infrastructure fo The recommended infrastructure for the Rancher-only Kubernetes cluster differs depending on whether Rancher will be installed on a K3s Kubernetes cluster, an RKE Kubernetes cluster, or a single Docker container. -For more information about each installation option, refer to [this page.](../../../pages-for-subheaders/installation-and-upgrade.md) +For more information about each installation option, refer to [this page.](../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) :::note Important: @@ -27,7 +27,7 @@ To install the Rancher management server on a high-availability K3s cluster, we ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md index da8a1aec080..d1bd489bd16 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md @@ -30,7 +30,7 @@ The etcd database requires an odd number of nodes so that it can always elect a ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md index 5ff0add4879..ddc85f764a8 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/ha-rke2-kubernetes-cluster.md @@ -24,7 +24,7 @@ To install the Rancher management server on a high-availability RKE2 cluster, we ### 1. Set up Linux Nodes -Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) For an example of one way to set up Linux nodes, refer to this [tutorial](nodes-in-amazon-ec2.md) for setting up nodes as instances in Amazon EC2. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/infrastructure-setup.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md similarity index 58% rename from versioned_docs/version-2.6/pages-for-subheaders/infrastructure-setup.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md index fabdc72e975..ccdca3126b8 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/infrastructure-setup.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup.md @@ -6,7 +6,7 @@ title: Don't have infrastructure for your Kubernetes cluster? Try one of these t -To set up infrastructure for a high-availability K3s Kubernetes cluster with an external DB, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster.md) +To set up infrastructure for a high-availability K3s Kubernetes cluster with an external DB, refer to [this page.](ha-k3s-kubernetes-cluster.md) -To set up infrastructure for a high-availability RKE Kubernetes cluster, refer to [this page.](../how-to-guides/new-user-guides/infrastructure-setup/ha-rke1-kubernetes-cluster.md) +To set up infrastructure for a high-availability RKE Kubernetes cluster, refer to [this page.](ha-rke1-kubernetes-cluster.md) diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md index 9c7f55b9443..bcc1337121a 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/infrastructure-setup/nodes-in-amazon-ec2.md @@ -6,7 +6,7 @@ title: Setting up Nodes in Amazon EC2 -In this tutorial, you will learn one way to set up Linux nodes for the Rancher management server. These nodes will fulfill the node requirements for [OS, Docker, hardware, and networking.](../../../pages-for-subheaders/installation-requirements.md) +In this tutorial, you will learn one way to set up Linux nodes for the Rancher management server. These nodes will fulfill the node requirements for [OS, Docker, hardware, and networking.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) If the Rancher server will be installed on an RKE Kubernetes cluster, you should provision three instances. @@ -16,8 +16,8 @@ If the Rancher server is installed in a single Docker container, you only need o ### 1. Optional Preparation -- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.](../../../pages-for-subheaders/set-up-cloud-providers.md) -- **Create security group:** We also recommend setting up a security group for the Rancher nodes that complies with the [port requirements for Rancher nodes.](../../../pages-for-subheaders/installation-requirements.md#port-requirements) +- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.](../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) +- **Create security group:** We also recommend setting up a security group for the Rancher nodes that complies with the [port requirements for Rancher nodes.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) ### 2. Provision Instances @@ -30,7 +30,7 @@ If the Rancher server is installed in a single Docker container, you only need o 1. In the **Number of instances** field, enter the number of instances. A high-availability K3s cluster requires only two instances, while a high-availability RKE cluster requires three instances. 1. Optional: If you created an IAM role for Rancher to manipulate AWS resources, select the new IAM role in the **IAM role** field. 1. Click **Next: Add Storage,** **Next: Add Tags,** and **Next: Configure Security Group**. -1. In **Step 6: Configure Security Group,** select a security group that complies with the [port requirements](../../../pages-for-subheaders/installation-requirements.md#port-requirements) for Rancher nodes. +1. In **Step 6: Configure Security Group,** select a security group that complies with the [port requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#port-requirements) for Rancher nodes. 1. Click **Review and Launch**. 1. Click **Launch**. 1. Choose a new or existing key pair that you will use to connect to your instance later. If you are using an existing key pair, make sure you already have access to the private key. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md index a5d69ed221d..a287c374fe3 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs.md @@ -14,7 +14,7 @@ Then Helm is used to install Rancher on top of the Kubernetes cluster. Helm uses The Rancher server data is stored on etcd. This etcd database also runs on all three nodes, and requires an odd number of nodes so that it can always elect a leader with a majority of the etcd cluster. If the etcd database cannot elect a leader, etcd can fail, requiring the cluster to be restored from backup. -For information on how Rancher works, regardless of the installation method, refer to the [architecture section.](../../../pages-for-subheaders/rancher-manager-architecture.md) +For information on how Rancher works, regardless of the installation method, refer to the [architecture section.](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) ### Recommended Architecture diff --git a/versioned_docs/version-2.6/pages-for-subheaders/kubernetes-cluster-setup.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup.md similarity index 100% rename from versioned_docs/version-2.6/pages-for-subheaders/kubernetes-cluster-setup.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup.md diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md index 4a53266b785..c01e5d9d61d 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher.md @@ -14,7 +14,7 @@ Rancher can run on any Kubernetes cluster, included hosted Kubernetes solutions ::: -For systems without direct internet access, refer to [Air Gap: Kubernetes install.](../../../pages-for-subheaders/air-gapped-helm-cli-install.md) +For systems without direct internet access, refer to [Air Gap: Kubernetes install.](../../../getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install.md) :::tip Single-node Installation Tip: @@ -192,5 +192,5 @@ The "rancher-cluster" parts of the two latter file names are dependent on how yo See the [Troubleshooting](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md) page. -### [Next: Install Rancher](../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) +### [Next: Install Rancher](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/checklist-for-production-ready-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md similarity index 77% rename from versioned_docs/version-2.6/pages-for-subheaders/checklist-for-production-ready-clusters.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md index f5816af3c48..d3609540e2a 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/checklist-for-production-ready-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md @@ -8,15 +8,15 @@ title: Checklist for Production-Ready Clusters In this section, we recommend best practices for creating the production-ready Kubernetes clusters that will run your apps and services. -For a list of requirements for your cluster, including the requirements for OS/Docker, hardware, and networking, refer to the section on [node requirements.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) +For a list of requirements for your cluster, including the requirements for OS/Docker, hardware, and networking, refer to the section on [node requirements.](../node-requirements-for-rancher-managed-clusters.md) This is a shortlist of best practices that we strongly recommend for all production clusters. -For a full list of all the best practices that we recommend, refer to the [best practices section.](best-practices.md) +For a full list of all the best practices that we recommend, refer to the [best practices section.](../../../../reference-guides/best-practices/best-practices.md) ### Node Requirements -* Make sure your nodes fulfill all of the [node requirements,](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) including the port requirements. +* Make sure your nodes fulfill all of the [node requirements,](../node-requirements-for-rancher-managed-clusters.md) including the port requirements. ### Back up etcd @@ -33,10 +33,10 @@ For a full list of all the best practices that we recommend, refer to the [best * Assign two or more nodes the `controlplane` role for master component high availability. * Assign two or more nodes the `worker` role for workload rescheduling upon node failure. -For more information on what each role is used for, refer to the [section on roles for nodes in Kubernetes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md) +For more information on what each role is used for, refer to the [section on roles for nodes in Kubernetes.](roles-for-nodes-in-kubernetes.md) For more information about the -number of nodes for each Kubernetes role, refer to the section on [recommended architecture.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +number of nodes for each Kubernetes role, refer to the section on [recommended architecture.](../../../../reference-guides/rancher-manager-architecture/architecture-recommendations.md) ### Logging and Monitoring @@ -50,4 +50,4 @@ number of nodes for each Kubernetes role, refer to the section on [recommended a ### Networking * Minimize network latency. Rancher recommends minimizing latency between the etcd nodes. The default setting for `heartbeat-interval` is `500`, and the default setting for `election-timeout` is `5000`. These [settings for etcd tuning](https://coreos.com/etcd/docs/latest/tuning.html) allow etcd to run in most networks (except really high latency networks). -* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider](set-up-cloud-providers.md) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). +* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider](../set-up-cloud-providers/set-up-cloud-providers.md) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md index 7c5e21424ea..c709d847ae3 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md @@ -66,7 +66,7 @@ Adding more than one node with the `worker` role will make sure your workloads c ### Why Production Requirements are Different for the Rancher Cluster and the Clusters Running Your Applications -You may have noticed that our [Kubernetes Install](../../../../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) instructions do not meet our definition of a production-ready cluster, as there are no dedicated nodes for the `worker` role. However, for your Rancher installation, this three node cluster is valid, because: +You may have noticed that our [Kubernetes Install](../../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) instructions do not meet our definition of a production-ready cluster, as there are no dedicated nodes for the `worker` role. However, for your Rancher installation, this three node cluster is valid, because: * It allows one `etcd` node failure. * It maintains multiple instances of the master components by having multiple `controlplane` nodes. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md index 04eeb4466d4..1c627844659 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/roles-for-nodes-in-kubernetes.md @@ -8,7 +8,7 @@ title: Roles for Nodes in Kubernetes This section describes the roles for etcd nodes, controlplane nodes, and worker nodes in Kubernetes, and how the roles work together in a cluster. -This diagram is applicable to Kubernetes clusters [launched with Rancher using RKE.](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). +This diagram is applicable to Kubernetes clusters [launched with Rancher using RKE.](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ![Cluster diagram](/img/clusterdiagram.svg)
    Lines show the traffic flow between components. Colors are used purely for visual aid diff --git a/versioned_docs/version-2.6/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md similarity index 78% rename from versioned_docs/version-2.6/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md index 899d4bb5937..bb5e556d5c2 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md @@ -9,9 +9,9 @@ description: Provisioning Kubernetes Clusters Rancher simplifies the creation of clusters by allowing you to create them through the Rancher UI rather than more complex alternatives. Rancher provides multiple options for launching a cluster. Use the option that best fits your use case. -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../../../reference-guides/kubernetes-concepts.md) page. -For a conceptual overview of how the Rancher server provisions clusters and what tools it uses to provision them, refer to the [architecture](rancher-manager-architecture.md) page. +For a conceptual overview of how the Rancher server provisions clusters and what tools it uses to provision them, refer to the [architecture](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md) page. @@ -29,7 +29,7 @@ In this scenario, Rancher does not provision Kubernetes because it is installed If you use a Kubernetes provider such as Google GKE, Rancher integrates with its cloud APIs, allowing you to create and manage role-based access control for the hosted cluster from the Rancher UI. -For more information, refer to the section on [hosted Kubernetes clusters.](set-up-clusters-from-hosted-kubernetes-providers.md) +For more information, refer to the section on [hosted Kubernetes clusters.](set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) ## Launching Kubernetes with Rancher @@ -41,23 +41,23 @@ These nodes can be dynamically provisioned through Rancher's UI, which calls [Do If you already have a node that you want to add to an RKE cluster, you can add it to the cluster by running a Rancher agent container on it. -For more information, refer to the section on [RKE clusters.](../pages-for-subheaders/launch-kubernetes-with-rancher.md) +For more information, refer to the section on [RKE clusters.](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ### Launching Kubernetes and Provisioning Nodes in an Infrastructure Provider Rancher can dynamically provision nodes in infrastructure providers such as Amazon EC2, DigitalOcean, Azure, or vSphere, then install Kubernetes on them. -Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider.md#node-templates). This template defines the parameters used to launch nodes in your cloud providers. +Using Rancher, you can create pools of nodes based on a [node template](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). This template defines the parameters used to launch nodes in your cloud providers. One benefit of using nodes hosted by an infrastructure provider is that if a node loses connectivity with the cluster, Rancher can automatically replace it, thus maintaining the expected cluster configuration. -The cloud providers available for creating a node template are decided based on the [node drivers](use-new-nodes-in-an-infra-provider.md#node-drivers) active in the Rancher UI. +The cloud providers available for creating a node template are decided based on the [node drivers](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-drivers) active in the Rancher UI. -For more information, refer to the section on [nodes hosted by an infrastructure provider](use-new-nodes-in-an-infra-provider.md) +For more information, refer to the section on [nodes hosted by an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### Launching Kubernetes on Existing Custom Nodes -When setting up this type of cluster, Rancher installs Kubernetes on existing [custom nodes,](use-existing-nodes.md) which creates a custom cluster. +When setting up this type of cluster, Rancher installs Kubernetes on existing [custom nodes,](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) which creates a custom cluster. You can bring any nodes you want to Rancher and use them to create a cluster. @@ -71,7 +71,7 @@ Registering EKS clusters now provides additional benefits. For the most part, re When you delete an EKS cluster that was created in Rancher, the cluster is destroyed. When you delete an EKS cluster that was registered in Rancher, it is disconnected from the Rancher server, but it still exists and you can still access it in the same way you did before it was registered in Rancher. -For more information, see [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md) +For more information, see [this page.](register-existing-clusters.md) ## Programmatically Creating Clusters diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md index b958efcf981..0a9e8c0dd05 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md @@ -10,7 +10,7 @@ This page describes the requirements for the Rancher managed Kubernetes clusters :::note -If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.](../../../pages-for-subheaders/installation-requirements.md) +If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) ::: @@ -47,7 +47,7 @@ SUSE Linux may have a firewall that blocks all ports by default. In that situati ### Flatcar Container Linux Nodes -When [Launching Kubernetes with Rancher](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) using Flatcar Container Linux nodes, it is required to use the following configuration in the [Cluster Config File](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md#rke-cluster-config-file-reference) +When [Launching Kubernetes with Rancher](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) using Flatcar Container Linux nodes, it is required to use the following configuration in the [Cluster Config File](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md#rke-cluster-config-file-reference) @@ -92,13 +92,13 @@ It is also required to enable the Docker service, you can enable the Docker serv systemctl enable docker.service ``` -The Docker service is enabled automatically when using [Node Drivers](../../../pages-for-subheaders/about-provisioning-drivers.md#node-drivers). +The Docker service is enabled automatically when using [Node Drivers](../authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md#node-drivers). ### Windows Nodes Nodes with Windows Server must run Docker Enterprise Edition. -Windows nodes can be used for worker nodes only. See [Configuring Custom Clusters for Windows](../../../pages-for-subheaders/use-windows-clusters.md) +Windows nodes can be used for worker nodes only. See [Configuring Custom Clusters for Windows](use-windows-clusters/use-windows-clusters.md) ## Hardware Requirements @@ -114,7 +114,7 @@ For hardware recommendations for etcd clusters in production, refer to the offic For a production cluster, we recommend that you restrict traffic by opening only the ports defined in the port requirements below. -The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). +The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options](kubernetes-clusters-in-rancher-setup.md). For a breakdown of the port requirements for etcd nodes, controlplane nodes, and worker nodes in a Kubernetes cluster, refer to the [port requirements for the Rancher Kubernetes Engine.](https://rancher.com/docs/rke/latest/en/os/#ports) @@ -124,4 +124,4 @@ Details on which ports are used in each situation are found under [Downstream Cl If you want to provision a Kubernetes cluster that is compliant with the CIS (Center for Internet Security) Kubernetes Benchmark, we recommend to following our hardening guide to configure your nodes before installing Kubernetes. -For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.](../../../pages-for-subheaders/rancher-security.md#rancher-hardening-guide) +For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.](../../../reference-guides/rancher-security/rancher-security.md#rancher-hardening-guide) diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 65754a98e06..e7248d4e2b5 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -17,7 +17,7 @@ The control that Rancher has to manage a registered cluster depends on the type Registered RKE Kubernetes clusters must have all three node roles - etcd, controlplane and worker. A cluster with only controlplane components cannot be registered in Rancher. -For more information on RKE node roles, see the [best practices.](../../../pages-for-subheaders/checklist-for-production-ready-clusters.md#cluster-architecture) +For more information on RKE node roles, see the [best practices.](checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md#cluster-architecture) ### Permissions @@ -132,9 +132,9 @@ The control that Rancher has to manage a registered cluster depends on the type After registering a cluster, the cluster owner can: - [Manage cluster access](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) through role-based access control -- Enable [monitoring, alerts and notifiers](../../../pages-for-subheaders/monitoring-and-alerting.md) -- Enable [logging](../../../pages-for-subheaders/logging.md) -- Enable [Istio](../../../pages-for-subheaders/istio.md) +- Enable [monitoring, alerts and notifiers](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) +- Enable [logging](../../../integrations-in-rancher/logging/logging.md) +- Enable [Istio](../../../integrations-in-rancher/istio/istio.md) - Use [pipelines](../../advanced-user-guides/manage-projects/ci-cd-pipelines.md) - Manage projects and workloads @@ -159,7 +159,7 @@ Rancher handles registered EKS, AKS, or GKE clusters similarly to clusters creat When you create an EKS, AKS, or GKE cluster in Rancher, then delete it, Rancher destroys the cluster. When you delete a registered cluster through Rancher, the Rancher server _disconnects_ from the cluster. The cluster remains live, although it's no longer in Rancher. You can still access the deregistered cluster in the same way you did before you registered it. -See [Cluster Management Capabilities by Cluster Type](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for more information about what features are available for managing registered clusters. +See [Cluster Management Capabilities by Cluster Type](kubernetes-clusters-in-rancher-setup.md) for more information about what features are available for managing registered clusters. ## Configuring K3s Cluster Upgrades diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md index e72de8b8b03..3fac34dfff5 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md @@ -34,7 +34,7 @@ All nodes added to the cluster must be able to interact with EC2 so that they ca While creating an [Amazon EC2 cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md), you must fill in the **IAM Instance Profile Name** (not ARN) of the created IAM role when creating the **Node Template**. -While creating a [Custom cluster](../../../../pages-for-subheaders/use-existing-nodes.md), you must manually attach the IAM role to the instance(s). +While creating a [Custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md), you must manually attach the IAM role to the instance(s). IAM Policy for nodes with the `controlplane` role: diff --git a/versioned_docs/version-2.6/pages-for-subheaders/set-up-cloud-providers.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md similarity index 73% rename from versioned_docs/version-2.6/pages-for-subheaders/set-up-cloud-providers.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md index 9a02515dba9..11c5e5590e3 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/set-up-cloud-providers.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md @@ -23,19 +23,19 @@ The following cloud providers can be enabled: ### Setting up the Amazon Cloud Provider -For details on enabling the Amazon cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md) +For details on enabling the Amazon cloud provider, refer to [this page.](amazon.md) ### Setting up the Azure Cloud Provider -For details on enabling the Azure cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/azure.md) +For details on enabling the Azure cloud provider, refer to [this page.](azure.md) ### Setting up the GCE Cloud Provider -For details on enabling the Google Compute Engine cloud provider, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/google-compute-engine.md) +For details on enabling the Google Compute Engine cloud provider, refer to [this page.](google-compute-engine.md) ### Setting up the vSphere Cloud Provider -For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](configure-in-tree-vsphere.md) and [out-of-tree vSphere config](configure-out-of-tree-vsphere.md). ### Setting up a Custom Cloud Provider diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md index b65d7aa9b4b..99b3ce1d3a1 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md @@ -150,7 +150,7 @@ For more information about connecting to an AKS private cluster, see the [AKS do The AKS provisioner can synchronize the state of an AKS cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) -For information on configuring the refresh interval, see [this section.](../../../../pages-for-subheaders/gke-cluster-configuration.md#configuring-the-refresh-interval) +For information on configuring the refresh interval, see [this section.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md#configuring-the-refresh-interval) ## Programmatically Creating AKS Clusters diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index c3078c77795..1554dae4303 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -62,7 +62,7 @@ Use Rancher to set up and configure your Kubernetes cluster. To successfully cre 1. Optional: Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Optional: Add Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to the cluster. 1. Enter your Google project ID and your Google cloud credentials. -1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](../../../../pages-for-subheaders/gke-cluster-configuration.md) +1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) 1. Click **Create**. **Result:** You have successfully deployed a GKE cluster. @@ -82,7 +82,7 @@ Private GKE clusters are supported. Note: This advanced setup can require more s ## Configuration Reference -For details on configuring GKE clusters in Rancher, see [this page.](../../../../pages-for-subheaders/gke-cluster-configuration.md) +For details on configuring GKE clusters in Rancher, see [this page.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) ## Updating Kubernetes Version The Kubernetes version of a cluster can be upgraded to any version available in the region or zone for the GKE cluster. Upgrading the master Kubernetes version does not automatically upgrade worker nodes. Nodes can be upgraded independently. @@ -97,7 +97,7 @@ GKE has removed basic authentication in 1.19+. In order to upgrade a cluster to The GKE provisioner can synchronize the state of a GKE cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) -For information on configuring the refresh interval, see [this section.](../../../../pages-for-subheaders/gke-cluster-configuration.md#configuring-the-refresh-interval) +For information on configuring the refresh interval, see [this section.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md#configuring-the-refresh-interval) ## Programmatically Creating GKE Clusters diff --git a/versioned_docs/version-2.6/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md similarity index 67% rename from versioned_docs/version-2.6/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md index fd4f4ed5bda..070c16dc420 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md @@ -25,9 +25,9 @@ Rancher supports the following Kubernetes providers: When using Rancher to create a cluster hosted by a provider, you are prompted for authentication information. This information is required to access the provider's API. For more information on how to obtain this information, see the following procedures: -- [Creating a GKE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) -- [Creating an EKS Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) -- [Creating an AKS Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) -- [Creating an ACK Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) -- [Creating a TKE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) -- [Creating a CCE Cluster](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) +- [Creating a GKE Cluster](gke.md) +- [Creating an EKS Cluster](eks.md) +- [Creating an AKS Cluster](aks.md) +- [Creating an ACK Cluster](alibaba.md) +- [Creating a TKE Cluster](tencent.md) +- [Creating a CCE Cluster](huawei.md) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/use-windows-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md similarity index 84% rename from versioned_docs/version-2.6/pages-for-subheaders/use-windows-clusters.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md index 1bd0d802d61..0bbab68d9ae 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/use-windows-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md @@ -6,7 +6,7 @@ title: Launching Kubernetes on Windows Clusters -When provisioning a [custom cluster](use-existing-nodes.md) using Rancher, Rancher uses RKE (the Rancher Kubernetes Engine) to install Kubernetes on your existing nodes. +When provisioning a [custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) using Rancher, Rancher uses RKE (the Rancher Kubernetes Engine) to install Kubernetes on your existing nodes. In a Windows cluster provisioned with Rancher, the cluster must contain both Linux and Windows nodes. The Kubernetes controlplane can only run on Linux nodes, and the Windows nodes can only have the worker role. Windows nodes can only be used for deploying workloads. @@ -51,7 +51,7 @@ Rancher will allow Windows workload pods to deploy on both Windows and Linux wor ## Requirements for Windows Clusters -The general node requirements for networking, operating systems, and Docker are the same as the node requirements for a [Rancher installation](installation-requirements.md). +The general node requirements for networking, operating systems, and Docker are the same as the node requirements for a [Rancher installation](../../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md). ### OS and Docker Requirements @@ -77,13 +77,13 @@ Rancher will not provision the node if the node does not meet these requirements ### Networking Requirements -Before provisioning a new cluster, be sure that you have already installed Rancher on a device that accepts inbound network traffic. This is required in order for the cluster nodes to communicate with Rancher. If you have not already installed Rancher, please refer to the [installation documentation](installation-and-upgrade.md) before proceeding with this guide. +Before provisioning a new cluster, be sure that you have already installed Rancher on a device that accepts inbound network traffic. This is required in order for the cluster nodes to communicate with Rancher. If you have not already installed Rancher, please refer to the [installation documentation](../../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) before proceeding with this guide. Rancher only supports Windows using Flannel as the network provider. There are two network options: [**Host Gateway (L2bridge)**](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#host-gw) and [**VXLAN (Overlay)**](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#vxlan). The default option is **VXLAN (Overlay)** mode. -For **Host Gateway (L2bridge)** networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. +For **Host Gateway (L2bridge)** networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. For **VXLAN (Overlay)** networking, the [KB4489899](https://support.microsoft.com/en-us/help/4489899) hotfix must be installed. Most cloud-hosted VMs already have this hotfix. @@ -143,18 +143,18 @@ Windows requires that containers must be built on the same Windows Server versio ### Cloud Provider Specific Requirements -If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page](../pages-for-subheaders/set-up-cloud-providers.md) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. +If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page](../set-up-cloud-providers/set-up-cloud-providers.md) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. If you are using the GCE (Google Compute Engine) cloud provider, you must do the following: -- Enable the GCE cloud provider in the `cluster.yml` by following [these steps.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/google-compute-engine.md) +- Enable the GCE cloud provider in the `cluster.yml` by following [these steps.](../set-up-cloud-providers/google-compute-engine.md) - When provisioning the cluster in Rancher, choose **Custom cloud provider** as the cloud provider in the Rancher UI. ## Tutorial: How to Create a Cluster with Windows Support This tutorial describes how to create a Rancher-provisioned cluster with the three nodes in the [recommended architecture.](#recommended-architecture) -When you provision a cluster with Rancher on existing nodes, you will add nodes to the cluster by installing the [Rancher agent](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) on each one. When you create or edit your cluster from the Rancher UI, you will see a **Customize Node Run Command** that you can run on each server to add it to your cluster. +When you provision a cluster with Rancher on existing nodes, you will add nodes to the cluster by installing the [Rancher agent](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) on each one. When you create or edit your cluster from the Rancher UI, you will see a **Customize Node Run Command** that you can run on each server to add it to your cluster. To set up a cluster with support for Windows nodes and containers, you will need to complete the tasks below. @@ -181,11 +181,11 @@ You will provision three nodes: | Node 2 | Linux (Ubuntu Server 18.04 recommended) | | Node 3 | Windows (Windows Server core version 1809 or above required) | -If your nodes are hosted by a **Cloud Provider** and you want automation support such as loadbalancers or persistent storage devices, your nodes have additional configuration requirements. For details, see [Selecting Cloud Providers.](../pages-for-subheaders/set-up-cloud-providers.md) +If your nodes are hosted by a **Cloud Provider** and you want automation support such as loadbalancers or persistent storage devices, your nodes have additional configuration requirements. For details, see [Selecting Cloud Providers.](../set-up-cloud-providers/set-up-cloud-providers.md) ### 2. Create the Cluster on Existing Nodes -The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster](use-existing-nodes.md) with some Windows-specific requirements. +The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) with some Windows-specific requirements. 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create**. @@ -199,7 +199,7 @@ The instructions for creating a Windows cluster on existing nodes are very simil :::note Important: -For Host Gateway (L2bridge) networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. +For Host Gateway (L2bridge) networking, it's best to use the same Layer 2 network for all nodes. Otherwise, you need to configure the route rules for them. For details, refer to the [documentation on configuring cloud-hosted VM routes.](network-requirements-for-host-gateway.md#cloud-hosted-vm-routes-configuration) You will also need to [disable private IP address checks](network-requirements-for-host-gateway.md#disabling-private-ip-address-checks) if you are using Amazon EC2, Google GCE, or Azure VM. ::: @@ -215,7 +215,7 @@ The first node in your cluster should be a Linux host has both the **Control Pla 1. In the **Node Operating System** section, click **Linux**. 1. In the **Node Role** section, choose at least **etcd** and **Control Plane**. We recommend selecting all three. -1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) 1. Copy the command displayed on the screen to your clipboard. 1. SSH into your Linux host and run the command that you copied to your clipboard. 1. When you are finished provisioning your Linux node(s), select **Done**. @@ -282,9 +282,9 @@ You can add Windows hosts to the cluster by editing the cluster and choosing the After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster: -- **Access your cluster with the kubectl CLI:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. -- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through the Rancher server. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. +- **Access your cluster with the kubectl CLI:** Follow [these steps](../../manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. +- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through the Rancher server. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. ## Configuration for Storage Classes in Azure -If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. For details, refer to [this section.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/azure-storageclass-configuration.md) +If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. For details, refer to [this section.](azure-storageclass-configuration.md) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/horizontal-pod-autoscaler.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md similarity index 70% rename from versioned_docs/version-2.6/pages-for-subheaders/horizontal-pod-autoscaler.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md index d18ce147d06..e0f5e51e4b4 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/horizontal-pod-autoscaler.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler.md @@ -20,11 +20,11 @@ The way that you manage HPAs is different based on your version of the Kubernete - **For Kubernetes API version autoscaling/V2beta1:** This version of the Kubernetes API lets you autoscale your pods based on the CPU and memory utilization of your application. - **For Kubernetes API Version autoscaling/V2beta2:** This version of the Kubernetes API lets you autoscale your pods based on CPU and memory utilization, in addition to custom metrics. -You can create, manage, and delete HPAs using the Rancher UI. From the Rancher UI you can configure the HPA to scale based on CPU and memory utilization. For more information, refer to [Managing HPAs with the Rancher UI](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-ui.md). To scale the HPA based on custom metrics, you still need to use `kubectl`. For more information, refer to [Configuring HPA to Scale Using Custom Metrics with Prometheus](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-kubectl.md#configuring-hpa-to-scale-using-custom-metrics-with-prometheus). +You can create, manage, and delete HPAs using the Rancher UI. From the Rancher UI you can configure the HPA to scale based on CPU and memory utilization. For more information, refer to [Managing HPAs with the Rancher UI](manage-hpas-with-ui.md). To scale the HPA based on custom metrics, you still need to use `kubectl`. For more information, refer to [Configuring HPA to Scale Using Custom Metrics with Prometheus](manage-hpas-with-kubectl.md#configuring-hpa-to-scale-using-custom-metrics-with-prometheus). Clusters created in Rancher v2.0.7 and higher automatically have all the requirements needed (metrics-server and Kubernetes cluster configuration) to use HPA. ## Testing HPAs with a Service Deployment -You can see your HPA's current number of replicas by going to your project and clicking **Resources > HPA**. For more information, refer to [Get HPA Metrics and Status](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/manage-hpas-with-ui.md). +You can see your HPA's current number of replicas by going to your project and clicking **Resources > HPA**. For more information, refer to [Get HPA Metrics and Status](manage-hpas-with-ui.md). -You can also use `kubectl` to get the status of HPAs that you test with your load testing tool. For more information, refer to [Testing HPAs with kubectl](../how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/test-hpas-with-kubectl.md). +You can also use `kubectl` to get the status of HPAs that you test with your load testing tool. For more information, refer to [Testing HPAs with kubectl](test-hpas-with-kubectl.md). diff --git a/versioned_docs/version-2.6/pages-for-subheaders/kubernetes-resources-setup.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md similarity index 52% rename from versioned_docs/version-2.6/pages-for-subheaders/kubernetes-resources-setup.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md index 3b84270592c..12d111b15b5 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/kubernetes-resources-setup.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup.md @@ -10,15 +10,15 @@ You can view and manipulate all of the custom resources and CRDs in a Kubernetes ## Workloads -Deploy applications to your cluster nodes using [workloads](workloads-and-pods.md), which are objects that contain pods that run your apps, along with metadata that set rules for the deployment's behavior. Workloads can be deployed within the scope of the entire clusters or within a namespace. +Deploy applications to your cluster nodes using [workloads](workloads-and-pods/workloads-and-pods.md), which are objects that contain pods that run your apps, along with metadata that set rules for the deployment's behavior. Workloads can be deployed within the scope of the entire clusters or within a namespace. -When deploying a workload, you can deploy from any image. There are a variety of [workload types](workloads-and-pods.md#workload-types) to choose from which determine how your application should run. +When deploying a workload, you can deploy from any image. There are a variety of [workload types](workloads-and-pods/workloads-and-pods.md#workload-types) to choose from which determine how your application should run. Following a workload deployment, you can continue working with it. You can: -- [Upgrade](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/upgrade-workloads.md) the workload to a newer version of the application it's running. -- [Roll back](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/roll-back-workloads.md) a workload to a previous version, if an issue occurs during upgrade. -- [Add a sidecar](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/add-a-sidecar.md), which is a workload that supports a primary workload. +- [Upgrade](workloads-and-pods/upgrade-workloads.md) the workload to a newer version of the application it's running. +- [Roll back](workloads-and-pods/roll-back-workloads.md) a workload to a previous version, if an issue occurs during upgrade. +- [Add a sidecar](workloads-and-pods/add-a-sidecar.md), which is a workload that supports a primary workload. ## Load Balancing and Ingress @@ -30,10 +30,10 @@ If you want your applications to be externally accessible, you must add a load b Rancher supports two types of load balancers: -- [Layer-4 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) -- [Layer-7 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) +- [Layer-4 Load Balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) +- [Layer-7 Load Balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) -For more information, see [load balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). +For more information, see [load balancers](load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). #### Ingress @@ -41,7 +41,7 @@ Load Balancers can only handle one IP address per service, which means if you ru Ingress is a set of rules that act as a load balancer. Ingress works in conjunction with one or more ingress controllers to dynamically route service requests. When the ingress receives a request, the ingress controller(s) in your cluster program the load balancer to direct the request to the correct service based on service subdomains or path rules that you've configured. -For more information, see [Ingress](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/add-ingresses.md). +For more information, see [Ingress](load-balancer-and-ingress-controller/add-ingresses.md). When using ingresses in a project, you can program the ingress hostname to an external DNS by setting up a Global DNS entry. @@ -49,13 +49,13 @@ When using ingresses in a project, you can program the ingress hostname to an ex After you expose your cluster to external requests using a load balancer and/or ingress, it's only available by IP address. To create a resolveable hostname, you must create a service record, which is a record that maps an IP address, external hostname, DNS record alias, workload(s), or labelled pods to a specific hostname. -For more information, see [Service Discovery](../how-to-guides/new-user-guides/kubernetes-resources-setup/create-services.md). +For more information, see [Service Discovery](create-services.md). ## Pipelines -After your project has been [configured to a version control provider](../pages-for-subheaders/pipelines.md#1-configure-version-control-providers), you can add the repositories and start configuring a pipeline for each repository. +After your project has been [configured to a version control provider](../../../reference-guides/pipelines/pipelines.md#1-configure-version-control-providers), you can add the repositories and start configuring a pipeline for each repository. -For more information, see [Pipelines](pipelines.md). +For more information, see [Pipelines](../../../reference-guides/pipelines/pipelines.md). ## Applications @@ -67,7 +67,7 @@ Within the context of a Rancher project or namespace, _resources_ are files and Resources include: -- [Certificates](../how-to-guides/new-user-guides/kubernetes-resources-setup/encrypt-http-communication.md): Files used to encrypt/decrypt data entering or leaving the cluster. -- [ConfigMaps](../how-to-guides/new-user-guides/kubernetes-resources-setup/configmaps.md): Files that store general configuration information, such as a group of config files. -- [Secrets](../how-to-guides/new-user-guides/kubernetes-resources-setup/secrets.md): Files that store sensitive data like passwords, tokens, or keys. -- [Registries](../how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries.md): Files that carry credentials used to authenticate with private registries. +- [Certificates](encrypt-http-communication.md): Files used to encrypt/decrypt data entering or leaving the cluster. +- [ConfigMaps](configmaps.md): Files that store general configuration information, such as a group of config files. +- [Secrets](secrets.md): Files that store sensitive data like passwords, tokens, or keys. +- [Registries](kubernetes-and-docker-registries.md): Files that carry credentials used to authenticate with private registries. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/load-balancer-and-ingress-controller.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md similarity index 78% rename from versioned_docs/version-2.6/pages-for-subheaders/load-balancer-and-ingress-controller.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md index 41bdf40a323..b3f3976e6e3 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/load-balancer-and-ingress-controller.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md @@ -17,10 +17,10 @@ If you want your applications to be externally accessible, you must add a load b Rancher supports two types of load balancers: -- [Layer-4 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) -- [Layer-7 Load Balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) +- [Layer-4 Load Balancers](layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) +- [Layer-7 Load Balancers](layer-4-and-layer-7-load-balancing.md#layer-7-load-balancer) -For more information, see [load balancers](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md). +For more information, see [load balancers](layer-4-and-layer-7-load-balancing.md). ### Load Balancer Limitations @@ -30,9 +30,9 @@ Load Balancers have a couple of limitations you should be aware of: - If you want to use a load balancer with a Hosted Kubernetes cluster (i.e., clusters hosted in GKE, EKS, or AKS), the load balancer must be running within that cloud provider's infrastructure. Please review the compatibility tables regarding support for load balancers based on how you've provisioned your clusters: -- [Support for Layer-4 Load Balancing](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#support-for-layer-4-load-balancing) +- [Support for Layer-4 Load Balancing](layer-4-and-layer-7-load-balancing.md#support-for-layer-4-load-balancing) -- [Support for Layer-7 Load Balancing](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#support-for-layer-7-load-balancing) +- [Support for Layer-7 Load Balancing](layer-4-and-layer-7-load-balancing.md#support-for-layer-7-load-balancing) ## Ingress @@ -60,6 +60,6 @@ Refrain from adding an Ingress to the `local` cluster. The Nginx Ingress Control ::: -- For more information on how to set up ingress in Rancher, see [Ingress](../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/add-ingresses.md). +- For more information on how to set up ingress in Rancher, see [Ingress](add-ingresses.md). - For complete information about ingress and ingress controllers, see the [Kubernetes Ingress Documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - When using ingresses in a project, you can program the ingress hostname to an external DNS by setting up a Global DNS entry. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md index e63edcef74a..b3c89b90949 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md @@ -21,7 +21,7 @@ Deploy a workload to run an application in one or more containers. 1. Either select an existing namespace, or click **Add to a new namespace** and enter a new namespace. -1. Click **Add Port** to enter a port mapping, which enables access to the application inside and outside of the cluster . For more information, see [Services](../../../../pages-for-subheaders/workloads-and-pods.md#services). +1. Click **Add Port** to enter a port mapping, which enables access to the application inside and outside of the cluster . For more information, see [Services](workloads-and-pods.md#services). 1. Configure the remaining options: @@ -45,7 +45,7 @@ Deploy a workload to run an application in one or more containers. - In [Amazon AWS](https://aws.amazon.com/), the nodes must be in the same Availability Zone and possess IAM permissions to attach/unattach volumes. - - The cluster must be using the [AWS cloud provider](https://github.com/kubernetes/website/blob/release-1.18/content/en/docs/concepts/cluster-administration/cloud-providers.md#aws) option. For more information on enabling this option see [Creating an Amazon EC2 Cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) or [Creating a Custom Cluster](../../../../pages-for-subheaders/use-existing-nodes.md). + - The cluster must be using the [AWS cloud provider](https://github.com/kubernetes/website/blob/release-1.18/content/en/docs/concepts/cluster-administration/cloud-providers.md#aws) option. For more information on enabling this option see [Creating an Amazon EC2 Cluster](../../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) or [Creating a Custom Cluster](../../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md). ::: diff --git a/versioned_docs/version-2.6/pages-for-subheaders/workloads-and-pods.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md similarity index 92% rename from versioned_docs/version-2.6/pages-for-subheaders/workloads-and-pods.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md index 5cfe84668af..c20787712ae 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/workloads-and-pods.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md @@ -71,9 +71,9 @@ There are several types of services available in Rancher. The descriptions below This section of the documentation contains instructions for deploying workloads and using workload options. -- [Deploy Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads.md) -- [Upgrade Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/upgrade-workloads.md) -- [Rollback Workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/roll-back-workloads.md) +- [Deploy Workloads](deploy-workloads.md) +- [Upgrade Workloads](upgrade-workloads.md) +- [Rollback Workloads](roll-back-workloads.md) ## Related Links diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md index 27f1e9d2954..3ec4587e8eb 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/about-rancher-agents.md @@ -11,15 +11,15 @@ There are two different agent resources deployed on Rancher managed clusters: - [cattle-cluster-agent](#cattle-cluster-agent) - [cattle-node-agent](#cattle-node-agent) -For a conceptual overview of how the Rancher server provisions clusters and communicates with them, refer to the [architecture](../../../pages-for-subheaders/rancher-manager-architecture.md). +For a conceptual overview of how the Rancher server provisions clusters and communicates with them, refer to the [architecture](../../../reference-guides/rancher-manager-architecture/rancher-manager-architecture.md). ### cattle-cluster-agent -The `cattle-cluster-agent` is used to connect to the Kubernetes API of [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. The `cattle-cluster-agent` is deployed using a Deployment resource. It will always prefer control plane nodes over workers. +The `cattle-cluster-agent` is used to connect to the Kubernetes API of [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) clusters. The `cattle-cluster-agent` is deployed using a Deployment resource. It will always prefer control plane nodes over workers. ### cattle-node-agent -The `cattle-node-agent` is used to interact with nodes in a [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) cluster when performing cluster operations. Examples of cluster operations are upgrading Kubernetes version and creating/restoring etcd snapshots. The `cattle-node-agent` is used as fallback option to connect to the Kubernetes API of [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters when `cattle-cluster-agent` is unavailable. The `cattle-node-agent` is deployed using a DaemonSet resource to make sure it runs on every node. +The `cattle-node-agent` is used to interact with nodes in a [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) cluster when performing cluster operations. Examples of cluster operations are upgrading Kubernetes version and creating/restoring etcd snapshots. The `cattle-node-agent` is used as fallback option to connect to the Kubernetes API of [Rancher Launched Kubernetes](launch-kubernetes-with-rancher.md) clusters when `cattle-cluster-agent` is unavailable. The `cattle-node-agent` is deployed using a DaemonSet resource to make sure it runs on every node. ### Scheduling rules @@ -30,7 +30,7 @@ The `cattle-cluster-agent` uses a fixed set of tolerations (listed below, if no | `cattle-cluster-agent` | `beta.kubernetes.io/os:NotIn:windows` | none | **Note:** These are the default tolerations, and will be replaced by tolerations matching taints applied to controlplane nodes.

    `effect:NoSchedule`
    `key:node-role.kubernetes.io/controlplane`
    `value:true`

    `effect:NoSchedule`
    `key:node-role.kubernetes.io/control-plane`
    `operator:Exists`

    `effect:NoSchedule`
    `key:node-role.kubernetes.io/master`
    `operator:Exists` | | `cattle-node-agent` | `beta.kubernetes.io/os:NotIn:windows` | none | `operator:Exists` | -The `cattle-cluster-agent` Deployment has preferred scheduling rules using `preferredDuringSchedulingIgnoredDuringExecution`, favoring to be scheduled on nodes with the `controlplane` node. When there are no controlplane nodes visible in the cluster (this is usually the case when using [Clusters from Hosted Kubernetes Providers](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md)), you can add the label `cattle.io/cluster-agent=true` on a node to prefer scheduling the `cattle-cluster-agent` pod to that node. +The `cattle-cluster-agent` Deployment has preferred scheduling rules using `preferredDuringSchedulingIgnoredDuringExecution`, favoring to be scheduled on nodes with the `controlplane` node. When there are no controlplane nodes visible in the cluster (this is usually the case when using [Clusters from Hosted Kubernetes Providers](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md)), you can add the label `cattle.io/cluster-agent=true` on a node to prefer scheduling the `cattle-cluster-agent` pod to that node. See [Kubernetes: Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) to find more information about scheduling rules. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/launch-kubernetes-with-rancher.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md similarity index 85% rename from versioned_docs/version-2.6/pages-for-subheaders/launch-kubernetes-with-rancher.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md index 5b7f4363bab..e62d67c8323 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/launch-kubernetes-with-rancher.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md @@ -20,23 +20,23 @@ Rancher can also create pools of nodes. One benefit of installing Kubernetes on ### Requirements -If you use RKE to set up a cluster, your nodes must meet the [requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) for nodes in downstream user clusters. +If you use RKE to set up a cluster, your nodes must meet the [requirements](../kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) for nodes in downstream user clusters. ### Launching Kubernetes on New Nodes in an Infrastructure Provider -Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider.md#node-templates). This node template defines the parameters you want to use to launch nodes in your cloud providers. +Using Rancher, you can create pools of nodes based on a [node template](use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). This node template defines the parameters you want to use to launch nodes in your cloud providers. One benefit of installing Kubernetes on node pools hosted by an infrastructure provider is that if a node loses connectivity with the cluster, Rancher can automatically create another node to join the cluster to ensure that the count of the node pool is as expected. -For more information, refer to the section on [launching Kubernetes on new nodes.](use-new-nodes-in-an-infra-provider.md) +For more information, refer to the section on [launching Kubernetes on new nodes.](use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### Launching Kubernetes on Existing Custom Nodes In this scenario, you want to install Kubernetes on bare-metal servers, on-prem virtual machines, or virtual machines that already exist in a cloud provider. With this option, you will run a Rancher agent Docker container on the machine. -If you want to reuse a node from a previous custom cluster, [clean the node](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node](../manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. -For more information, refer to the section on [custom nodes.](use-existing-nodes.md) +For more information, refer to the section on [custom nodes.](../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md) ### Programmatically Creating RKE Clusters diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index bef31ab3f23..6f64d0abb70 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -32,7 +32,7 @@ Then you will create a DigitalOcean cluster in Rancher, and when configuring the ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for DigitalOcean will allow Rancher to provision new nodes in DigitalOcean. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for DigitalOcean will allow Rancher to provision new nodes in DigitalOcean. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -46,7 +46,7 @@ Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an- 1. On the **Clusters** page, click **Create**. 1. Click **DigitalOcean**. 1. Enter a **Cluster Name**. -1. Add one or more node pools to your cluster. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Add one or more node pools to your cluster. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. **In the Cluster Configuration** section, choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Click **Create**. @@ -75,7 +75,7 @@ Use Rancher to create a Kubernetes cluster in DigitalOcean. 1. Click **DigitalOcean**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to the [DigitalOcean machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 5bc7d109825..3a4db1d0a73 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -18,7 +18,7 @@ Then you will create an EC2 cluster in Rancher, and when configuring the new clu - **AWS EC2 Access Key and Secret Key** that will be used to create the instances. See [Amazon Documentation: Creating Access Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) how to create an Access Key and Secret Key. - **IAM Policy created** to add to the user of the Access Key And Secret Key. See [Amazon Documentation: Creating IAM Policies (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start) how to create an IAM policy. See our three example JSON policies below: - [Example IAM Policy](#example-iam-policy) - - [Example IAM Policy with PassRole](#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) + - [Example IAM Policy with PassRole](#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) - [Example IAM Policy to allow encrypted EBS volumes](#example-iam-policy-to-allow-encrypted-ebs-volumes) - **IAM Policy added as Permission** to the user. See [Amazon Documentation: Adding Permissions to a User (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) how to attach it to an user. @@ -48,7 +48,7 @@ The steps to create a cluster differ based on your Rancher version. ### 2. Create a node template with your cloud credentials and information from EC2 -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for EC2 will allow Rancher to provision new nodes in EC2. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for EC2 will allow Rancher to provision new nodes in EC2. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates** @@ -64,14 +64,14 @@ Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an- ### 3. Create a cluster with node pools using the node template -Add one or more node pools to your cluster. For more information about node pools, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +Add one or more node pools to your cluster. For more information about node pools, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. Click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create**. 1. Click **Amazon EC2**. -1. Create a node pool for each Kubernetes role. For each node pool, choose a node template that you created. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Create a node pool for each Kubernetes role. For each node pool, choose a node template that you created. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers](../../../../pages-for-subheaders/set-up-cloud-providers.md) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) +1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) :::note @@ -107,7 +107,7 @@ If you already have a set of cloud credentials to use, skip this section. 1. Click **Amazon EC2**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to [the EC2 machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 758616b057d..2b9e2e10cdd 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -69,7 +69,7 @@ The creation of this service principal returns three pieces of identification in ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for Azure will allow Rancher to provision new nodes in Azure. Node templates can be reused for other clusters. +Creating a [node template](use-new-nodes-in-an-infra-provider.md#node-templates) for Azure will allow Rancher to provision new nodes in Azure. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -85,7 +85,7 @@ Use Rancher to create a Kubernetes cluster in Azure. 1. On the **Clusters** page, click **Create**. 1. Click **Azure**. 1. Enter a **Cluster Name**. -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices, see [this section.](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices, see [this section.](use-new-nodes-in-an-infra-provider.md) 1. In the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Click **Create**. @@ -116,7 +116,7 @@ Use Rancher to create a Kubernetes cluster in Azure. 1. Click **Azure**. 1. Select a **Cloud Credential**, if more than one exists. Otherwise, it's preselected. 1. Enter a **Cluster Name**. -1. Create a machine pool for each Kubernetes role. Refer to the [best practices](../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. +1. Create a machine pool for each Kubernetes role. Refer to the [best practices](use-new-nodes-in-an-infra-provider.md#node-roles) for recommendations on role assignments and counts. 1. For each machine pool, define the machine configuration. Refer to the [Azure machine configuration reference](../../../../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure.md) for information on configuration options. 1. Use the **Cluster Configuration** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. For help configuring the cluster, refer to the [RKE2 cluster configuration reference.](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/nutanix.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md similarity index 65% rename from versioned_docs/version-2.6/pages-for-subheaders/nutanix.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md index b626cf2bd12..9c761b50475 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/nutanix.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix.md @@ -13,9 +13,9 @@ Rancher can provision nodes in AOS (AHV) and install Kubernetes on them. When cr A Nutanix cluster may consist of multiple groups of VMs with distinct properties, such as the amount of memory or the number of vCPUs. This grouping allows for fine-grained control over the sizing of nodes for each Kubernetes role. -- [Creating a Nutanix Cluster](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md#creating-a-nutanix-aos-cluster) -- [Provisioning Storage](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md) +- [Creating a Nutanix Cluster](provision-kubernetes-clusters-in-aos.md#creating-a-nutanix-aos-cluster) +- [Provisioning Storage](provision-kubernetes-clusters-in-aos.md) ## Creating a Nutanix Cluster -In [this section,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in Nutanix AOS. \ No newline at end of file +In [this section,](provision-kubernetes-clusters-in-aos.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in Nutanix AOS. \ No newline at end of file diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index ded99b0679c..df67f078ac3 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -55,7 +55,7 @@ Setting up [VM-VM Anti-Affinity Policies](https://portal.nutanix.com/page/docume ### 1. Create a node template -Creating a [node template](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for Nutanix AOS will allow Rancher to provision new nodes in Nutanix AOS. Node templates can be reused for other clusters. +Creating a [node template](../use-new-nodes-in-an-infra-provider.md#node-templates) for Nutanix AOS will allow Rancher to provision new nodes in Nutanix AOS. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -75,7 +75,7 @@ Use Rancher to create a Kubernetes cluster in Nutanix AOS. 1. Enter a **Cluster Name**, then click **Continue**. 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users who can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used, and whether you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../use-new-nodes-in-an-infra-provider.md#node-pools) 1. Review your options to confirm they're correct. Then click **Create**. **Result:** Your cluster is created and assigned a state of **Provisioning**. Rancher is standing up your cluster. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md similarity index 92% rename from versioned_docs/version-2.6/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md index d3ddb306edc..e539adbb699 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/use-new-nodes-in-an-infra-provider.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md @@ -125,11 +125,11 @@ Node templates can use cloud credentials to store credentials for launching node - Multiple node templates can share the same cloud credential to create node pools. If your key is compromised or expired, the cloud credential can be updated in a single place, which allows all node templates that are using it to be updated at once. -After cloud credentials are created, the user can start [managing the cloud credentials that they created](../reference-guides/user-settings/manage-cloud-credentials.md). +After cloud credentials are created, the user can start [managing the cloud credentials that they created](../../../../reference-guides/user-settings/manage-cloud-credentials.md). ### Node Drivers -If you don't find the node driver that you want to use, you can see if it is available in Rancher's built-in [node drivers and activate it](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#activatingdeactivating-node-drivers), or you can [add your own custom node driver](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#adding-custom-node-drivers). +If you don't find the node driver that you want to use, you can see if it is available in Rancher's built-in [node drivers and activate it](../../authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#activatingdeactivating-node-drivers), or you can [add your own custom node driver](../../authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md#adding-custom-node-drivers). ## RKE2 Clusters @@ -137,7 +137,7 @@ Rancher v2.6 introduces provisioning for [RKE2](https://docs.rke2.io/) clusters :::note -For RKE2 cluster templates, please refer to [this page](../how-to-guides/new-user-guides/manage-clusters/manage-cluster-templates.md#rke2-cluster-template) for additional information. +For RKE2 cluster templates, please refer to [this page](../../manage-clusters/manage-cluster-templates.md#rke2-cluster-template) for additional information. ::: @@ -149,7 +149,7 @@ The same functionality of using `etcd`, `controlplane` and `worker` nodes is pos The implementation of the three node roles in Rancher means that Rancher managed RKE2 clusters are able to easily leverage all of the same architectural best practices that are recommended for RKE clusters. -In our [recommended cluster architecture](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md), we outline how many nodes of each role clusters should have: +In our [recommended cluster architecture](../../kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture.md), we outline how many nodes of each role clusters should have: - At least three nodes with the role etcd to survive losing one node - At least two nodes with the role controlplane for master component high availability diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index 90f094ee5e7..9aec21efdf6 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -69,7 +69,7 @@ If you have a cluster with DRS enabled, setting up [VM-VM Affinity Rules](https: ### 2. Create a node template with your cloud credentials -Creating a [node template](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for vSphere will allow Rancher to provision new nodes in vSphere. Node templates can be reused for other clusters. +Creating a [node template](../use-new-nodes-in-an-infra-provider.md#node-templates) for vSphere will allow Rancher to provision new nodes in vSphere. Node templates can be reused for other clusters. 1. Click **☰ > Cluster Management**. 1. Click **RKE1 Configuration > Node Templates**. @@ -90,7 +90,7 @@ Use Rancher to create a Kubernetes cluster in vSphere. 1. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on **Show advanced options**. For help configuring the cluster, refer to the [RKE cluster configuration reference.](../../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) 1. If you want to dynamically provision persistent storage or other infrastructure later, you will need to enable the vSphere cloud provider by modifying the cluster YAML file. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). -1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../../../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) +1. Add one or more node pools to your cluster. Each node pool uses a node template to provision new nodes. For more information about node pools, including best practices for assigning Kubernetes roles to the nodes, see [this section.](../use-new-nodes-in-an-infra-provider.md#node-pools) 1. Review your options to confirm they're correct. Then click **Create**. **Result:** @@ -111,4 +111,4 @@ After creating your cluster, you can access it through the Rancher UI. As a best - **Access your cluster with the kubectl CLI:** Follow [these steps](../../../../new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. - **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../../../new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. -- **Provision Storage:** For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../../../pages-for-subheaders/provisioning-storage-examples.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). \ No newline at end of file +- **Provision Storage:** For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. For details, refer to [in-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere cloud provider docs](../../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/vsphere.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md similarity index 64% rename from versioned_docs/version-2.6/pages-for-subheaders/vsphere.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md index 634a037c1cd..9890f087ece 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/vsphere.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere.md @@ -21,7 +21,7 @@ The vSphere node templates have been updated, allowing you to bring cloud operat ### Self-healing Node Pools -One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,](use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. +One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,](../use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. :::caution @@ -33,7 +33,7 @@ It is not recommended to enable node auto-replace on a node pool of master nodes Node templates for vSphere have been updated so that when you create a node template with your vSphere credentials, the template is automatically populated with the same options for provisioning VMs that you have access to in the vSphere console. -For the fields to be populated, your setup needs to fulfill the [prerequisites.](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md#preparation-in-vsphere) +For the fields to be populated, your setup needs to fulfill the [prerequisites.](provision-kubernetes-clusters-in-vsphere.md#preparation-in-vsphere) ### More Supported Operating Systems @@ -47,14 +47,14 @@ In this YouTube video, we demonstrate how to set up a node template with the new ## Creating a vSphere Cluster -In [this section,](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in vSphere. +In [this section,](provision-kubernetes-clusters-in-vsphere.md) you'll learn how to use Rancher to install an [RKE](https://rancher.com/docs/rke/latest/en/) Kubernetes cluster in vSphere. ## Provisioning Storage -For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. Refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For an example of how to provision storage in vSphere using Rancher, refer to [this section.](../../../manage-clusters/provisioning-storage-examples/vsphere-storage.md) In order to dynamically provision storage in vSphere, the vSphere provider must be enabled. Refer to [in-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). ## Enabling the vSphere Cloud Provider When a cloud provider is set up in Rancher, the Rancher server can automatically provision new infrastructure for the cluster, including new nodes or persistent storage devices. -For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). +For details on enabling the vSphere cloud provider, refer to [in-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-in-tree-vsphere.md) and [out-of-tree vSphere config](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md). diff --git a/versioned_docs/version-2.6/pages-for-subheaders/access-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md similarity index 61% rename from versioned_docs/version-2.6/pages-for-subheaders/access-clusters.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md index 04edb86702c..874a3475916 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/access-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters.md @@ -8,11 +8,11 @@ title: Cluster Access This section is about what tools can be used to access clusters managed by Rancher. -For information on how to give users permission to access a cluster, see the section on [adding users to clusters.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) +For information on how to give users permission to access a cluster, see the section on [adding users to clusters.](add-users-to-clusters.md) -For more information on roles-based access control, see [this section.](manage-role-based-access-control-rbac.md) +For more information on roles-based access control, see [this section.](../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) -For information on how to set up an authentication system, see [this section.](authentication-config.md) +For information on how to set up an authentication system, see [this section.](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) ### Rancher UI @@ -23,13 +23,13 @@ Rancher provides an intuitive user interface for interacting with your clusters. You can use the Kubernetes command-line tool, [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), to manage your clusters. You have two options for using kubectl: -- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md). -- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md). +- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell](use-kubectl-and-kubeconfig.md). +- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](use-kubectl-and-kubeconfig.md). ### Rancher CLI -You can control your clusters by downloading Rancher's own command-line interface, [Rancher CLI](cli-with-rancher.md). This CLI tool can interact directly with different clusters and projects or pass them `kubectl` commands. +You can control your clusters by downloading Rancher's own command-line interface, [Rancher CLI](../../../../reference-guides/cli-with-rancher/cli-with-rancher.md). This CLI tool can interact directly with different clusters and projects or pass them `kubectl` commands. ### Rancher API -Finally, you can interact with your clusters over the Rancher API. Before you use the API, you must obtain an [API key](../reference-guides/user-settings/api-keys.md). To view the different resource fields and actions for an API object, open the API UI, which can be accessed by clicking on **View in API** for any Rancher UI object. \ No newline at end of file +Finally, you can interact with your clusters over the Rancher API. Before you use the API, you must obtain an [API key](../../../../reference-guides/user-settings/api-keys.md). To view the different resource fields and actions for an API object, open the API UI, which can be accessed by clicking on **View in API** for any Rancher UI object. \ No newline at end of file diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md index 148715a31de..ebb64045d5c 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md @@ -35,7 +35,7 @@ Cluster administrators can edit the membership for a cluster, controlling which If external authentication is configured: - - Rancher returns users from your [external authentication](../../../../pages-for-subheaders/authentication-config.md) source as you type. + - Rancher returns users from your [external authentication](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md) source as you type. :::note Using AD but can't find your users? @@ -47,7 +47,7 @@ Cluster administrators can edit the membership for a cluster, controlling which :::note - If you are logged in as a local user, external users do not display in your search results. For more information, see [External Authentication Configuration and Principal Users](../../../../pages-for-subheaders/authentication-config.md#external-authentication-configuration-and-principal-users). + If you are logged in as a local user, external users do not display in your search results. For more information, see [External Authentication Configuration and Principal Users](../../authentication-permissions-and-global-configuration/authentication-config/authentication-config.md#external-authentication-configuration-and-principal-users). ::: diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md index bc2b667a57f..6139ac69150 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/authorized-cluster-endpoint.md @@ -20,7 +20,7 @@ If admins have [kubeconfig token generation turned off](../../../../reference-gu ### Two Authentication Methods for RKE Clusters -If the cluster is not an [RKE cluster,](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) the kubeconfig file allows you to access the cluster in only one way: it lets you be authenticated with the Rancher server, then Rancher allows you to run kubectl commands on the cluster. +If the cluster is not an [RKE cluster,](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) the kubeconfig file allows you to access the cluster in only one way: it lets you be authenticated with the Rancher server, then Rancher allows you to run kubectl commands on the cluster. For RKE clusters, the kubeconfig file allows you to be authenticated in two ways: @@ -35,7 +35,7 @@ These methods of communicating with downstream Kubernetes clusters are also expl ### About the kube-api-auth Authentication Webhook -The `kube-api-auth` microservice is deployed to provide the user authentication functionality for the [authorized cluster endpoint,](../../../../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) which is only available for [RKE clusters.](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) When you access the user cluster using `kubectl`, the cluster's Kubernetes API server authenticates you by using the `kube-api-auth` service as a webhook. +The `kube-api-auth` microservice is deployed to provide the user authentication functionality for the [authorized cluster endpoint,](../../../../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) which is only available for [RKE clusters.](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) When you access the user cluster using `kubectl`, the cluster's Kubernetes API server authenticates you by using the `kube-api-auth` service as a webhook. During cluster provisioning, the file `/etc/kubernetes/kube-api-authn-webhook.yaml` is deployed and `kube-apiserver` is configured with `--authentication-token-webhook-config-file=/etc/kubernetes/kube-api-authn-webhook.yaml`. This configures the `kube-apiserver` to query `http://127.0.0.1:6440/v1/authenticate` to determine authentication for bearer tokens. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md index 5281ac6de09..2af0258ace9 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md @@ -47,7 +47,7 @@ Rancher will discover and show resources created by `kubectl`. However, these re ## Authenticating Directly with a Downstream Cluster -This section intended to help you set up an alternative method to access an [RKE cluster.](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +This section intended to help you set up an alternative method to access an [RKE cluster.](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) This method is only available for RKE, RKE2, and K3s clusters that have the [authorized cluster endpoint](../../../../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md#4-authorized-cluster-endpoint) enabled. When Rancher creates the cluster, it generates a kubeconfig file that includes additional kubectl context(s) for accessing your cluster. This additional context allows you to use kubectl to authenticate with the downstream cluster without authenticating through Rancher. For a longer explanation of how the authorized cluster endpoint works, refer to [this page](authorized-cluster-endpoint.md). diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md index 9b9c30d32cb..a705b202f2f 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/add-a-pod-security-policy.md @@ -8,7 +8,7 @@ title: Adding a Pod Security Policy :::note Prerequisite: -The options below are available only for clusters that are [launched using RKE.](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +The options below are available only for clusters that are [launched using RKE.](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ::: @@ -22,7 +22,7 @@ You can assign a pod security policy when you provision a cluster. However, if y :::note - This option is only available for clusters [provisioned by RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md). + This option is only available for clusters [provisioned by RKE](../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). ::: diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md index db18aee21d6..fa3e4f59fc2 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md @@ -27,9 +27,9 @@ When cleaning nodes provisioned using Rancher, the following components are dele | All resources create under the `management.cattle.io` API Group | ✓ | ✓ | ✓ | | | All CRDs created by Rancher v2.x | ✓ | ✓ | ✓ | | -[1]: ../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md -[2]: ../../../pages-for-subheaders/use-existing-nodes.md -[3]: ../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +[1]: ../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md +[2]: ../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +[3]: ../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md [4]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md ## Removing a Node from a Cluster by Rancher UI diff --git a/versioned_docs/version-2.6/pages-for-subheaders/create-kubernetes-persistent-storage.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md similarity index 66% rename from versioned_docs/version-2.6/pages-for-subheaders/create-kubernetes-persistent-storage.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md index 6bda26af36e..dc7e5cd56ac 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/create-kubernetes-persistent-storage.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md @@ -9,15 +9,15 @@ description: "Learn about the two ways with which you can create persistent stor When deploying an application that needs to retain data, you'll need to create persistent storage. Persistent storage allows you to store application data external from the pod running your application. This storage practice allows you to maintain application data, even if the application's pod fails. -The documents in this section assume that you understand the Kubernetes concepts of persistent volumes, persistent volume claims, and storage classes. For more information, refer to the section on [how storage works.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-persistent-storage.md) +The documents in this section assume that you understand the Kubernetes concepts of persistent volumes, persistent volume claims, and storage classes. For more information, refer to the section on [how storage works.](manage-persistent-storage/about-persistent-storage.md) ### Prerequisites -To set up persistent storage, the `Manage Volumes` [role](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. +To set up persistent storage, the `Manage Volumes` [role](../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../pages-for-subheaders/set-up-cloud-providers.md) +For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) For attaching existing persistent storage to a cluster, the cloud provider does not need to be enabled. @@ -30,7 +30,7 @@ The overall workflow for setting up existing storage is as follows: 3. Add a persistent volume claim (PVC) that refers to the PV. 4. Mount the PVC as a volume in your workload. -For details and prerequisites, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/set-up-existing-storage.md) +For details and prerequisites, refer to [this page.](manage-persistent-storage/set-up-existing-storage.md) ### Dynamically Provisioning New Storage in Rancher @@ -40,7 +40,7 @@ The overall workflow for provisioning new storage is as follows: 2. Add a persistent volume claim (PVC) that refers to the storage class. 3. Mount the PVC as a volume for your workload. -For details and prerequisites, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md) +For details and prerequisites, refer to [this page.](manage-persistent-storage/dynamically-provision-new-storage.md) ### Longhorn Storage @@ -50,19 +50,19 @@ Longhorn is free, open source software. Originally developed by Rancher Labs, it If you have a pool of block storage, Longhorn can help you provide persistent storage to your Kubernetes cluster without relying on cloud providers. For more information about Longhorn features, refer to the [documentation.](https://longhorn.io/docs/latest/what-is-longhorn/) -Rancher v2.5 simplified the process of installing Longhorn on a Rancher-managed cluster. For more information, see [this page.](../integrations-in-rancher/longhorn.md) +Rancher v2.5 simplified the process of installing Longhorn on a Rancher-managed cluster. For more information, see [this page.](../../../../integrations-in-rancher/longhorn.md) ### Provisioning Storage Examples -We provide examples of how to provision storage with [NFS,](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md) [vSphere,](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) and [Amazon's EBS.](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) +We provide examples of how to provision storage with [NFS,](../provisioning-storage-examples/nfs-storage.md) [vSphere,](../provisioning-storage-examples/vsphere-storage.md) and [Amazon's EBS.](../provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) ### GlusterFS Volumes -In clusters that store data on GlusterFS volumes, you may experience an issue where pods fail to mount volumes after restarting the `kubelet`. For details on preventing this from happening, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md) +In clusters that store data on GlusterFS volumes, you may experience an issue where pods fail to mount volumes after restarting the `kubelet`. For details on preventing this from happening, refer to [this page.](manage-persistent-storage/about-glusterfs-volumes.md) ### iSCSI Volumes -In [Rancher Launched Kubernetes clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. For details on resolving this issue, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md) +In [Rancher Launched Kubernetes clusters](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. For details on resolving this issue, refer to [this page.](manage-persistent-storage/install-iscsi-volumes.md) ### hostPath Volumes Before you create a hostPath volume, you need to set up an [extra_bind](https://rancher.com/docs/rke/latest/en/config-options/services/services-extras/#extra-binds/) in your cluster configuration. This will mount the path as a volume in your kubelets, which can then be used for hostPath volumes in your workloads. @@ -71,7 +71,7 @@ Before you create a hostPath volume, you need to set up an [extra_bind](https:// Kubernetes is moving away from maintaining cloud providers in-tree. vSphere has an out-of-tree cloud provider that can be used by installing the vSphere cloud provider and cloud storage plugins. -For instructions on how to migrate from the in-tree vSphere cloud provider to out-of-tree, and manage the existing VMs post migration, refer to [this page.](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md) +For instructions on how to migrate from the in-tree vSphere cloud provider to out-of-tree, and manage the existing VMs post migration, refer to [this page.](../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/configure-out-of-tree-vsphere.md) ### Related Links diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md index aef5e622446..6c0b1c1d0d2 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-glusterfs-volumes.md @@ -8,7 +8,7 @@ title: GlusterFS Volumes :::note -This section only applies to [RKE clusters.](../../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) +This section only applies to [RKE clusters.](../../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) ::: diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md index 5ad0b03cd45..18ed7d49f29 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/dynamically-provision-new-storage.md @@ -23,7 +23,7 @@ To provision new storage for your workloads, follow these steps: - To set up persistent storage, the `Manage Volumes` [role](../../../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-role-reference) is required. - If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../../../../pages-for-subheaders/set-up-cloud-providers.md) +- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.](../../../kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) - Make sure your storage provisioner is available to be enabled. The following storage provisioners are enabled by default: diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md index 44b0f544f2c..0ca041fdf45 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/install-iscsi-volumes.md @@ -6,7 +6,7 @@ title: iSCSI Volumes -In [Rancher Launched Kubernetes clusters](../../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. This failure is likely due to an incompatibility issue involving the iSCSI initiator tool. You can resolve this issue by installing the iSCSI initiator tool on each of your cluster nodes. +In [Rancher Launched Kubernetes clusters](../../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) that store data on iSCSI volumes, you may experience an issue where kubelets fail to automatically connect with iSCSI volumes. This failure is likely due to an incompatibility issue involving the iSCSI initiator tool. You can resolve this issue by installing the iSCSI initiator tool on each of your cluster nodes. Rancher Launched Kubernetes clusters storing data on iSCSI volumes leverage the [iSCSI initiator tool](http://www.open-iscsi.com/), which is embedded in the kubelet's `rancher/hyperkube` Docker image. From each kubelet (i.e., the _initiator_), the tool discovers and launches sessions with an iSCSI volume (i.e., the _target_). However, in some instances, the versions of the iSCSI initiator tool installed on the initiator and the target may not match, resulting in a connection failure. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/install-cluster-autoscaler.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md similarity index 91% rename from versioned_docs/version-2.6/pages-for-subheaders/install-cluster-autoscaler.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md index 8b749aae5ee..127153dd06b 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/install-cluster-autoscaler.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler.md @@ -25,4 +25,4 @@ Cluster Autoscaler provides support to distinct cloud providers. For more inform ### Setting up Cluster Autoscaler on Amazon Cloud Provider -For details on running the cluster autoscaler on Amazon cloud provider, refer to [this page.](../how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md) +For details on running the cluster autoscaler on Amazon cloud provider, refer to [this page.](use-aws-ec2-auto-scaling-groups.md) diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md index c8debb174ad..7daaab8504b 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups.md @@ -238,7 +238,7 @@ More info is at [RKE clusters on AWS](../../../new-user-guides/kubernetes-cluste Once we've configured AWS, let's create VMs to bootstrap our cluster: -* master (etcd+controlplane): Depending your needs, deploy three master instances with proper size. More info is at [the recommendations for production-ready clusters.](../../../../pages-for-subheaders/checklist-for-production-ready-clusters.md) +* master (etcd+controlplane): Depending your needs, deploy three master instances with proper size. More info is at [the recommendations for production-ready clusters.](../../kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) * IAM role: `K8sMasterRole` * Security group: `K8sMasterSg` * Tags: diff --git a/versioned_docs/version-2.6/pages-for-subheaders/manage-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md similarity index 70% rename from versioned_docs/version-2.6/pages-for-subheaders/manage-clusters.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md index 5494fc03709..ae29256b235 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/manage-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md @@ -10,13 +10,13 @@ After you provision a cluster in Rancher, you can begin using powerful Kubernete :::note -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../../../reference-guides/kubernetes-concepts.md) page. ::: ## Managing Clusters in Rancher -After clusters have been [provisioned into Rancher](kubernetes-clusters-in-rancher-setup.md), [cluster owners](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. +After clusters have been [provisioned into Rancher](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md), [cluster owners](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md index e76f3694228..ae4644197d1 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md @@ -6,11 +6,11 @@ title: Nodes and Node Pools -After you launch a Kubernetes cluster in Rancher, you can manage individual nodes from the cluster's **Node** tab. Depending on the [option used](../../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) to provision the cluster, there are different node options available. +After you launch a Kubernetes cluster in Rancher, you can manage individual nodes from the cluster's **Node** tab. Depending on the [option used](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) to provision the cluster, there are different node options available. :::note -If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters](../../../pages-for-subheaders/cluster-configuration.md). +If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters](../../../reference-guides/cluster-configuration/cluster-configuration.md). ::: @@ -29,9 +29,9 @@ The following table lists which node options are available for each type of clus | [Download Keys](#ssh-into-a-node-hosted-by-an-infrastructure-provider) | ✓ | | | | | Download SSH key in order to SSH into the node. | | [Node Scaling](#scaling-nodes) | ✓ | | | ✓ | | Scale the number of nodes in the node pool up or down. | -[1]: ../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md -[2]: ../../../pages-for-subheaders/use-existing-nodes.md -[3]: ../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md +[1]: ../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md +[2]: ../../../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +[3]: ../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md [4]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md [5]: ../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -40,17 +40,17 @@ The following table lists which node options are available for each type of clus ### Nodes Hosted by an Infrastructure Provider -Node pools are available when you provision Rancher-launched Kubernetes clusters on nodes that are [hosted in an infrastructure provider.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +Node pools are available when you provision Rancher-launched Kubernetes clusters on nodes that are [hosted in an infrastructure provider.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) -Clusters provisioned using [one of the node pool options](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) can be scaled up or down if the node pool is edited. +Clusters provisioned using [one of the node pool options](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-pools) can be scaled up or down if the node pool is edited. -A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. +A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. -Rancher uses [node templates](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) to replace nodes in the node pool. Each node template uses cloud provider credentials to allow Rancher to set up the node in the infrastructure provider. +Rancher uses [node templates](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) to replace nodes in the node pool. Each node template uses cloud provider credentials to allow Rancher to set up the node in the infrastructure provider. ### Nodes Provisioned by Hosted Kubernetes Providers -Options for managing nodes [hosted by a Kubernetes provider](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md) are somewhat limited in Rancher. Rather than using the Rancher UI to make edits such as scaling the number of nodes up or down, edit the cluster directly. +Options for managing nodes [hosted by a Kubernetes provider](../kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) are somewhat limited in Rancher. Rather than using the Rancher UI to make edits such as scaling the number of nodes up or down, edit the cluster directly. ### Registered Nodes @@ -69,13 +69,13 @@ To manage individual nodes, browse to the cluster that you want to manage and th ## Viewing a Node in the Rancher API -Select this option to view the node's [API endpoints](../../../pages-for-subheaders/about-the-api.md). +Select this option to view the node's [API endpoints](../../../reference-guides/about-the-api/about-the-api.md). ## Deleting a Node Use **Delete** to remove defective nodes from the cloud provider. -When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) +When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#about-node-auto-replace) :::tip @@ -85,11 +85,11 @@ If your cluster is hosted by an infrastructure provider, and you want to scale y ## Scaling Nodes -For nodes hosted by an infrastructure provider, you can scale the number of nodes in each [node pool](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-pools) by using the scale controls. This option isn't available for other cluster types. +For nodes hosted by an infrastructure provider, you can scale the number of nodes in each [node pool](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-pools) by using the scale controls. This option isn't available for other cluster types. ## SSH into a Node Hosted by an Infrastructure Provider -For [nodes hosted by an infrastructure provider](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), you have the option of downloading its SSH key so that you can connect to it remotely from your desktop. +For [nodes hosted by an infrastructure provider](../launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), you have the option of downloading its SSH key so that you can connect to it remotely from your desktop. 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, go to the cluster where you want to SSH into a node and click the name of the cluster. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md index eb767f28f1d..601f7a33949 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md @@ -38,10 +38,10 @@ You can assign resources at the project level so that each namespace in the proj You can assign the following resources directly to namespaces: -- [Workloads](../../../pages-for-subheaders/workloads-and-pods.md) -- [Load Balancers/Ingress](../../../pages-for-subheaders/load-balancer-and-ingress-controller.md) +- [Workloads](../kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) +- [Load Balancers/Ingress](../kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md) - [Service Discovery Records](../../new-user-guides/kubernetes-resources-setup/create-services.md) -- [Persistent Volume Claims](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) +- [Persistent Volume Claims](create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) - [Certificates](../../new-user-guides/kubernetes-resources-setup/encrypt-http-communication.md) - [ConfigMaps](../../new-user-guides/kubernetes-resources-setup/configmaps.md) - [Registries](../../new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries.md) @@ -180,7 +180,7 @@ To add a resource quota, 1. In the **Resource Quotas** tab, click **Add Resource**. 1. Select a **Resource Type**. For more information, see [Resource Quotas.](projects-and-namespaces.md). 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. -1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit](../../../pages-for-subheaders/manage-project-resource-quotas.md) +1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit](../../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md) 1. Click **Create**. **Result:** Your project is created. You can view it from the cluster's **Projects/Namespaces** view. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md index 9898df21025..b5fd1fee669 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md @@ -10,7 +10,7 @@ Before you can use the NFS storage volume plug-in with Rancher deployments, you :::note -- If you already have an NFS share, you don't need to provision a new NFS server to use the NFS volume plugin within Rancher. Instead, skip the rest of this procedure and complete [adding storage](../../../../pages-for-subheaders/create-kubernetes-persistent-storage.md). +- If you already have an NFS share, you don't need to provision a new NFS server to use the NFS volume plugin within Rancher. Instead, skip the rest of this procedure and complete [adding storage](../create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md). - This procedure demonstrates how to set up an NFS server using Ubuntu, although you should be able to use these instructions for other Linux distros (e.g. Debian, RHEL, Arch Linux, etc.). For official instruction on how to create an NFS server using another Linux distro, consult the distro's documentation. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/provisioning-storage-examples.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md similarity index 64% rename from versioned_docs/version-2.6/pages-for-subheaders/provisioning-storage-examples.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md index 44fd9593fba..b1d89e54c05 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/provisioning-storage-examples.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples.md @@ -10,6 +10,6 @@ Rancher supports persistent storage with a variety of volume plugins. However, b For your convenience, Rancher offers documentation on how to configure some of the popular storage methods: -- [NFS](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/nfs-storage.md) -- [vSphere](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md) -- [EBS](../how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs.md) +- [NFS](nfs-storage.md) +- [vSphere](vsphere-storage.md) +- [EBS](persistent-storage-in-amazon-ebs.md) diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md index b13cee6512d..0bede8b10ae 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/vsphere-storage.md @@ -13,7 +13,7 @@ In order to dynamically provision storage in vSphere, the vSphere provider must ### Prerequisites -In order to provision vSphere volumes in a cluster created with the [Rancher Kubernetes Engine (RKE)](../../../../pages-for-subheaders/launch-kubernetes-with-rancher.md), the [vSphere cloud provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/vsphere) must be explicitly enabled in the [cluster options](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md). +In order to provision vSphere volumes in a cluster created with the [Rancher Kubernetes Engine (RKE)](../../launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md), the [vSphere cloud provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/vsphere) must be explicitly enabled in the [cluster options](../../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md). ### Creating a StorageClass diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-namespaces.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-namespaces.md index 0419be358a6..48ae6879c01 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-namespaces.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-namespaces.md @@ -12,10 +12,10 @@ Although you assign resources at the project level so that each namespace in the Resources that you can assign directly to namespaces include: -- [Workloads](../../pages-for-subheaders/workloads-and-pods.md) -- [Load Balancers/Ingress](../../pages-for-subheaders/load-balancer-and-ingress-controller.md) +- [Workloads](kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) +- [Load Balancers/Ingress](kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller.md) - [Service Discovery Records](kubernetes-resources-setup/create-services.md) -- [Persistent Volume Claims](../../pages-for-subheaders/create-kubernetes-persistent-storage.md) +- [Persistent Volume Claims](manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) - [Certificates](kubernetes-resources-setup/encrypt-http-communication.md) - [ConfigMaps](kubernetes-resources-setup/configmaps.md) - [Registries](kubernetes-resources-setup/kubernetes-and-docker-registries.md) @@ -44,7 +44,7 @@ When working with project resources that you can assign to a namespace (i.e., [w 1. Click **Cluster > Projects/Namespaces**. 1. Go to the project where you want to add a namespace and click **Create Namespace**. Alternately, go to **Not in a Project** to create a namespace not associated with a project. -1. **Optional:** If your project has [Resource Quotas](../../pages-for-subheaders/manage-project-resource-quotas.md) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). +1. **Optional:** If your project has [Resource Quotas](../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). 1. Enter a **Name** and then click **Create**. @@ -64,7 +64,7 @@ Cluster admins and members may occasionally need to move a namespace to another :::note Notes: - Don't move the namespaces in the `System` project. Moving these namespaces can adversely affect cluster networking. - - You cannot move a namespace into a project that already has a [resource quota](../../pages-for-subheaders/manage-project-resource-quotas.md)configured. + - You cannot move a namespace into a project that already has a [resource quota](../advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas.md)configured. - If you move a namespace from a project that has a quota set to a project with no quota set, the quota is removed from the namespace. 1. Choose a new project for the new namespace and then click **Move**. Alternatively, you can remove the namespace from all projects by selecting **None**. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/new-user-guides.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/new-user-guides.md similarity index 100% rename from versioned_docs/version-2.6/pages-for-subheaders/new-user-guides.md rename to versioned_docs/version-2.6/how-to-guides/new-user-guides/new-user-guides.md diff --git a/versioned_docs/version-2.6/pages-for-subheaders/cis-scans.md b/versioned_docs/version-2.6/integrations-in-rancher/cis-scans/cis-scans.md similarity index 84% rename from versioned_docs/version-2.6/pages-for-subheaders/cis-scans.md rename to versioned_docs/version-2.6/integrations-in-rancher/cis-scans/cis-scans.md index 1a59c999988..7ab3cf4e9ee 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/cis-scans.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/cis-scans/cis-scans.md @@ -30,7 +30,7 @@ The Benchmark version is included in the generated report. The Benchmark provides recommendations of two types: Automated and Manual. Recommendations marked as Manual in the Benchmark are not included in the generated report. -Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](./rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version. +Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](../../reference-guides/rancher-security/rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version. The report contains the following information: @@ -49,7 +49,7 @@ The report contains the following information: | `actual_value` | The test's actual value, present if reported by `kube-bench`. | | `expected_result` | The test's expected result, present if reported by `kube-bench`. | -Refer to [the table in the cluster hardening guide](./rancher-security.md) for information on which versions of Kubernetes, the Benchmark, Rancher, and our cluster hardening guide correspond to each other. Also refer to the hardening guide for configuration files of CIS-compliant clusters and information on remediating failed tests. +Refer to [the table in the cluster hardening guide](../../reference-guides/rancher-security/rancher-security.md) for information on which versions of Kubernetes, the Benchmark, Rancher, and our cluster hardening guide correspond to each other. Also refer to the hardening guide for configuration files of CIS-compliant clusters and information on remediating failed tests. ## Test Profiles @@ -80,7 +80,7 @@ There are two types of RKE cluster scan profiles: The EKS and GKE cluster scan profiles are based on CIS Benchmark versions that are specific to those types of clusters. -In order to pass the "Hardened" profile, you will need to follow the steps on the [hardening guide](./rancher-security.md#rancher-hardening-guide) and use the `cluster.yml` defined in the hardening guide to provision a hardened cluster. +In order to pass the "Hardened" profile, you will need to follow the steps on the [hardening guide](../../reference-guides/rancher-security/rancher-security.md#rancher-hardening-guide) and use the `cluster.yml` defined in the hardening guide to provision a hardened cluster. The default profile and the supported CIS benchmark version depends on the type of cluster that will be scanned: @@ -93,7 +93,7 @@ The `rancher-cis-benchmark` supports the CIS 1.6 Benchmark version. ## About Skipped and Not Applicable Tests -For a list of skipped and not applicable tests, refer to [this page](../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md). +For a list of skipped and not applicable tests, refer to [this page](../../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md). For now, only user-defined skipped tests are marked as skipped in the generated report. @@ -101,12 +101,12 @@ Any skipped tests that are defined as being skipped by one of the default profil ## Roles-based Access Control -For information about permissions, refer to [this page](../integrations-in-rancher/cis-scans/rbac-for-cis-scans.md) +For information about permissions, refer to [this page](rbac-for-cis-scans.md) ## Configuration -For more information about configuring the custom resources for the scans, profiles, and benchmark versions, refer to [this page](../integrations-in-rancher/cis-scans/configuration-reference.md) +For more information about configuring the custom resources for the scans, profiles, and benchmark versions, refer to [this page](configuration-reference.md) ## How-to Guides -Please refer [here](../pages-for-subheaders/cis-scan-guides.md) for how-to guides on CIS scans. \ No newline at end of file +Please refer [here](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) for how-to guides on CIS scans. \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/aws-cloud-marketplace.md b/versioned_docs/version-2.6/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md similarity index 75% rename from versioned_docs/version-2.6/pages-for-subheaders/aws-cloud-marketplace.md rename to versioned_docs/version-2.6/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md index c487e1d6f92..13b1398077e 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/aws-cloud-marketplace.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace.md @@ -16,12 +16,12 @@ Rancher offers an integration with the AWS Marketplace which allows users to pur - Rancher must be deployed with additional metrics enabled. - Rancher must be installed on an EKS cluster. - You must purchase at least one entitlement to Rancher support through AWS Marketplace. -- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md) for more information. +- You may need additional setup to support proxy/airgap use cases. See the [prerequisites](adapter-requirements.md) for more information. ## How to Use -1. Complete the [prerequisite steps](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements.md). -2. [Install the CSP Adapter](../integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md). +1. Complete the [prerequisite steps](adapter-requirements.md). +2. [Install the CSP Adapter](install-adapter.md). ## FAQ diff --git a/versioned_docs/version-2.6/pages-for-subheaders/cloud-marketplace.md b/versioned_docs/version-2.6/integrations-in-rancher/cloud-marketplace/cloud-marketplace.md similarity index 100% rename from versioned_docs/version-2.6/pages-for-subheaders/cloud-marketplace.md rename to versioned_docs/version-2.6/integrations-in-rancher/cloud-marketplace/cloud-marketplace.md diff --git a/versioned_docs/version-2.6/pages-for-subheaders/fleet-gitops-at-scale.md b/versioned_docs/version-2.6/integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md similarity index 86% rename from versioned_docs/version-2.6/pages-for-subheaders/fleet-gitops-at-scale.md rename to versioned_docs/version-2.6/integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md index a898f413057..9d98fed9e10 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/fleet-gitops-at-scale.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale.md @@ -13,7 +13,7 @@ Fleet is a separate project from Rancher, and can be installed on any Kubernetes ## Architecture -For information about how Fleet works, see [this page](../integrations-in-rancher/fleet-gitops-at-scale/architecture.md). +For information about how Fleet works, see [this page](architecture.md). ## Accessing Fleet in the Rancher UI @@ -41,7 +41,7 @@ Follow the steps below to access Continuous Delivery in the Rancher UI: ## Windows Support -For details on support for clusters with Windows nodes, see [this page](../integrations-in-rancher/fleet-gitops-at-scale/windows-support.md). +For details on support for clusters with Windows nodes, see [this page](windows-support.md). ## GitHub Repository @@ -49,7 +49,7 @@ The Fleet Helm charts are available [here](https://github.com/rancher/fleet/rele ## Using Fleet Behind a Proxy -For details on using Fleet behind a proxy, see [this page](../integrations-in-rancher/fleet-gitops-at-scale/use-fleet-behind-a-proxy.md). +For details on using Fleet behind a proxy, see [this page](use-fleet-behind-a-proxy.md). ## Helm Chart Dependencies @@ -59,7 +59,7 @@ The Helm chart in the git repository must include its dependencies in the charts ## Troubleshooting -- **Known Issue**: clientSecretName and helmSecretName secrets for Fleet gitrepos are not included in the backup nor restore created by the [backup-restore-operator](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher.md#1-install-the-rancher-backups-operator). We will update the community once a permanent solution is in place. +- **Known Issue**: clientSecretName and helmSecretName secrets for Fleet gitrepos are not included in the backup nor restore created by the [backup-restore-operator](../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher.md#1-install-the-rancher-backups-operator). We will update the community once a permanent solution is in place. - **Temporary Workaround**: By default, user-defined secrets are not backed up in Fleet. It is necessary to recreate secrets if performing a disaster recovery restore or migration of Rancher into a fresh cluster. To modify resourceSet to include extra resources you want to backup, refer to docs [here](https://github.com/rancher/backup-restore-operator#user-flow). diff --git a/versioned_docs/version-2.6/integrations-in-rancher/harvester.md b/versioned_docs/version-2.6/integrations-in-rancher/harvester.md index c5ec813db87..68fcb5c922a 100644 --- a/versioned_docs/version-2.6/integrations-in-rancher/harvester.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/harvester.md @@ -16,7 +16,7 @@ Harvester is GA. Please refer to the [Harvester release notes](https://github.co --- ### Feature Flag -The Harvester feature flag is used to manage access to the Virtualization Management (VM) page in Rancher where users can navigate directly to Harvester clusters and access the Harvester UI. The Harvester feature flag is enabled by default. Click [here](../pages-for-subheaders/enable-experimental-features.md) for more information on feature flags in Rancher. +The Harvester feature flag is used to manage access to the Virtualization Management (VM) page in Rancher where users can navigate directly to Harvester clusters and access the Harvester UI. The Harvester feature flag is enabled by default. Click [here](../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md) for more information on feature flags in Rancher. To navigate to the Harvester cluster, click **☰ > Virtualization Management**. From Harvester Clusters page, click one of the clusters listed to go to the single Harvester cluster view. @@ -34,7 +34,7 @@ As of Rancher v2.6.3, the [Harvester node driver](https://docs.harvesterhci.io/v Harvester allows `.ISO` images to be uploaded and displayed through the Harvester UI, but this is not supported in the Rancher UI. This is because `.ISO` images usually require additional setup that interferes with a clean deployment (without requiring user intervention), and they are not typically used in cloud environments. -Click [here](../pages-for-subheaders/about-provisioning-drivers.md#node-drivers) for more information on node drivers in Rancher. +Click [here](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers.md#node-drivers) for more information on node drivers in Rancher. ### Limitations diff --git a/versioned_docs/version-2.6/pages-for-subheaders/configuration-options.md b/versioned_docs/version-2.6/integrations-in-rancher/istio/configuration-options/configuration-options.md similarity index 81% rename from versioned_docs/version-2.6/pages-for-subheaders/configuration-options.md rename to versioned_docs/version-2.6/integrations-in-rancher/istio/configuration-options/configuration-options.md index fdfc51d41bc..35546a12f03 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/configuration-options.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/istio/configuration-options/configuration-options.md @@ -28,16 +28,16 @@ The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=fals If you would like to limit Prometheus to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true`. Once you do this, you must perform some additional configuration to continue to monitor your resources. -For details, refer to [this section.](../integrations-in-rancher/istio/configuration-options/selectors-and-scrape-configurations.md) +For details, refer to [this section.](selectors-and-scrape-configurations.md) ### Enable Istio with Pod Security Policies -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/pod-security-policies.md) +Refer to [this section.](pod-security-policies.md) ### Additional Steps for Installing Istio on an RKE2 Cluster -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/install-istio-on-rke2-cluster.md) +Refer to [this section.](install-istio-on-rke2-cluster.md) ### Additional Steps for Project Network Isolation -Refer to [this section.](../integrations-in-rancher/istio/configuration-options/project-network-isolation.md) \ No newline at end of file +Refer to [this section.](project-network-isolation.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/integrations-in-rancher/istio/cpu-and-memory-allocations.md b/versioned_docs/version-2.6/integrations-in-rancher/istio/cpu-and-memory-allocations.md index fd6baf3a4a3..ae894ec5b1e 100644 --- a/versioned_docs/version-2.6/integrations-in-rancher/istio/cpu-and-memory-allocations.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/istio/cpu-and-memory-allocations.md @@ -48,7 +48,7 @@ To configure the resources allocated to an Istio component, 1. In the left navigation bar, click **Apps**. 1. Click **Installed Apps**. 1. Go to the `istio-system` namespace. In one of the Istio workloads, such as `rancher-istio`, click **⋮ > Edit/Upgrade**. -1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](../../pages-for-subheaders/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) +1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](configuration-options/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) 1. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations. 1. Click **Upgrade**. to rollout changes @@ -60,7 +60,7 @@ To configure the resources allocated to an Istio component, 1. In the left navigation bar, click **Apps & Marketplace**. 1. Click **Installed Apps**. 1. Go to the `istio-system` namespace. In one of the Istio workloads, such as `rancher-istio`, click **⋮ > Edit/Upgrade**. -1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](../../pages-for-subheaders/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) +1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file](configuration-options/configuration-options.md#overlay-file). For more information about editing the overlay file, see [this section.](cpu-and-memory-allocations.md#editing-the-overlay-file) 1. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations. 1. Click **Upgrade**. to rollout changes diff --git a/versioned_docs/version-2.6/pages-for-subheaders/istio.md b/versioned_docs/version-2.6/integrations-in-rancher/istio/istio.md similarity index 88% rename from versioned_docs/version-2.6/pages-for-subheaders/istio.md rename to versioned_docs/version-2.6/integrations-in-rancher/istio/istio.md index 50c9e616ebe..d8001214de9 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/istio.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/istio/istio.md @@ -18,7 +18,7 @@ This core service mesh provides features that include but are not limited to the - **Security** with resources to authenticate and authorize traffic and users, mTLS included. - **Observability** of logs, metrics, and distributed traffic flows. -After [setting up istio](istio-setup-guide.md) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. +After [setting up istio](../../how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. Istio needs to be set up by a `cluster-admin` before it can be used in a project. @@ -29,7 +29,7 @@ The overall architecture of Istio has been simplified. A single component, Istio Addons that were previously installed by Istio (cert-manager, Grafana, Jaeger, Kiali, Prometheus, Zipkin) will now need to be installed separately. Istio will support installation of integrations that are from the Istio Project and will maintain compatibility with those that are not. -A Prometheus integration will still be available through an installation of [Rancher Monitoring](monitoring-and-alerting.md), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. +A Prometheus integration will still be available through an installation of [Rancher Monitoring](../monitoring-and-alerting/monitoring-and-alerting.md), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. Istio has migrated away from Helm as a way to install Istio and now provides installation through the istioctl binary or Istio Operator. To ensure the easiest interaction with Istio, Rancher's Istio will maintain a Helm chart that utilizes the istioctl binary to manage your Istio installation. @@ -55,7 +55,7 @@ Note that this is not a production-qualified deployment of Jaeger. This deployme ## Prerequisites -Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](../integrations-in-rancher/istio/cpu-and-memory-allocations.md) to run all of the components of Istio. +Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory](cpu-and-memory-allocations.md) to run all of the components of Istio. If you are installing Istio on RKE2 cluster, some additional steps are required. For details, see [this section.](#additional-steps-for-installing-istio-on-an-rke2-cluster) @@ -63,11 +63,11 @@ Note that Istio v2 (upstream Istio v1.7+) cannot be upgraded in an air gapped en ## Setup Guide -Refer to the [setup guide](istio-setup-guide.md) for instructions on how to set up Istio and use it in a project. +Refer to the [setup guide](../../how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide.md) for instructions on how to set up Istio and use it in a project. ## Remove Istio -To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.](../integrations-in-rancher/istio/disable-istio.md) +To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.](disable-istio.md) ## Migrate From Previous Istio Version @@ -79,7 +79,7 @@ Another option is to manually uninstall istio resources one at a time, but leave ## Accessing Visualizations -> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.](../integrations-in-rancher/istio/rbac-for-istio.md) +> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.](rbac-for-istio.md) After Istio is set up in a cluster, Grafana, Prometheus, and Kiali are available in the Rancher UI. @@ -97,7 +97,7 @@ To access the Kiali visualization, 1. In the left navigation bar, click **Istio**. 1. Click **Kiali**. From here you can access the **Traffic Graph** tab or the **Traffic Metrics** tab to see network visualizations and metrics. -By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](../integrations-in-rancher/istio/configuration-options/selectors-and-scrape-configurations.md) if you would like to use a different configuration for prometheus data scraping. +By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](configuration-options/selectors-and-scrape-configurations.md) if you would like to use a different configuration for prometheus data scraping. Your access to the visualizations depend on your role. Grafana and Prometheus are only available for `cluster-admin` roles. The Kiali UI is available only to `cluster-admin` by default, but `cluster-admin` can allow other roles to access them by editing the Istio values.yaml. @@ -117,15 +117,15 @@ By default, each Rancher-provisioned cluster has one NGINX ingress controller al ![In an Istio-enabled cluster, you can have two ingresses: the default Nginx ingress, and the default Istio controller.](/img/istio-ingress.svg) - Additional Istio Ingress gateways can be enabled via the [overlay file](configuration-options.md#overlay-file). + Additional Istio Ingress gateways can be enabled via the [overlay file](configuration-options/configuration-options.md#overlay-file). ### Egress Support -By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](configuration-options.md#overlay-file). +By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](configuration-options/configuration-options.md#overlay-file). ## Additional Steps for Installing Istio on an RKE2 Cluster -To install Istio on an RKE2 cluster, follow the steps in [this section.](../integrations-in-rancher/istio/configuration-options/install-istio-on-rke2-cluster.md) +To install Istio on an RKE2 cluster, follow the steps in [this section.](configuration-options/install-istio-on-rke2-cluster.md) ## Upgrading Istio in an Air-Gapped Environment diff --git a/versioned_docs/version-2.6/pages-for-subheaders/custom-resource-configuration.md b/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md similarity index 51% rename from versioned_docs/version-2.6/pages-for-subheaders/custom-resource-configuration.md rename to versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md index 37c2f337d78..eb1020ac1a2 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/custom-resource-configuration.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration.md @@ -8,5 +8,5 @@ title: Custom Resource Configuration The following Custom Resource Definitions are used to configure logging: -- [Flow and ClusterFlow](../integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md) -- [Output and ClusterOutput](../integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md) \ No newline at end of file +- [Flow and ClusterFlow](flows-and-clusterflows.md) +- [Output and ClusterOutput](outputs-and-clusteroutputs.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md b/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md index 65707e0980a..66f1614b045 100644 --- a/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md @@ -8,7 +8,7 @@ title: Flows and ClusterFlows See the [Logging operator documentation](https://kube-logging.github.io/docs/configuration/flow/) for the full details on how to configure `Flows` and `ClusterFlows`. -See [Rancher Integration with Logging Services: Troubleshooting](../../../pages-for-subheaders/logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. +See [Rancher Integration with Logging Services: Troubleshooting](../logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. ## Flows diff --git a/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md b/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md index 09553971250..a06d49a6bda 100644 --- a/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md @@ -8,7 +8,7 @@ title: Outputs and ClusterOutputs See the [Logging operator documentation](https://kube-logging.github.io/docs/configuration/flow/) for the full details on how to configure `Flows` and `ClusterFlows`. -See [Rancher Integration with Logging Services: Troubleshooting](../../../pages-for-subheaders/logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. +See [Rancher Integration with Logging Services: Troubleshooting](../logging.md#The-Logging-Buffer-Overloads-Pods) for how to resolve memory problems with the logging buffer. ## Outputs diff --git a/versioned_docs/version-2.6/integrations-in-rancher/logging/logging-helm-chart-options.md b/versioned_docs/version-2.6/integrations-in-rancher/logging/logging-helm-chart-options.md index 02adb890d74..ea93d80118f 100644 --- a/versioned_docs/version-2.6/integrations-in-rancher/logging/logging-helm-chart-options.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/logging/logging-helm-chart-options.md @@ -45,7 +45,7 @@ Logging v2 was tested with SELinux on RHEL/CentOS 7 and 8. [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8. -To use Logging v2 with SELinux, we recommend installing the `rancher-selinux` RPM according to these [instructions.](../../pages-for-subheaders/selinux-rpm.md) +To use Logging v2 with SELinux, we recommend installing the `rancher-selinux` RPM according to these [instructions.](../../reference-guides/rancher-security/selinux-rpm/selinux-rpm.md) Then, when installing the logging application, configure the chart to be SELinux aware by changing `global.seLinux.enabled` to `true` in the `values.yaml`. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/logging.md b/versioned_docs/version-2.6/integrations-in-rancher/logging/logging.md similarity index 83% rename from versioned_docs/version-2.6/pages-for-subheaders/logging.md rename to versioned_docs/version-2.6/integrations-in-rancher/logging/logging.md index 4ed1084dd10..5f6fd024184 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/logging.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/logging/logging.md @@ -59,13 +59,13 @@ You can enable the logging for a Rancher managed cluster by going to the Apps pa ## Architecture -For more information about how the logging application works, see [this section.](../integrations-in-rancher/logging/logging-architecture.md) +For more information about how the logging application works, see [this section.](logging-architecture.md) ## Role-based Access Control -Rancher logging has two roles, `logging-admin` and `logging-view`. For more information on how and when to use these roles, see [this page.](../integrations-in-rancher/logging/rbac-for-logging.md) +Rancher logging has two roles, `logging-admin` and `logging-view`. For more information on how and when to use these roles, see [this page.](rbac-for-logging.md) ## Configuring Logging Custom Resources @@ -77,39 +77,39 @@ To manage `Flows,` `ClusterFlows`, `Outputs`, and `ClusterOutputs`, ### Flows and ClusterFlows -For help with configuring `Flows` and `ClusterFlows`, see [this page.](../integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows.md) +For help with configuring `Flows` and `ClusterFlows`, see [this page.](custom-resource-configuration/flows-and-clusterflows.md) ### Outputs and ClusterOutputs -For help with configuring `Outputs` and `ClusterOutputs`, see [this page.](../integrations-in-rancher/logging/custom-resource-configuration/outputs-and-clusteroutputs.md) +For help with configuring `Outputs` and `ClusterOutputs`, see [this page.](custom-resource-configuration/outputs-and-clusteroutputs.md) ## Configuring the Logging Helm Chart -For a list of options that can be configured when the logging application is installed or upgraded, see [this page.](../integrations-in-rancher/logging/logging-helm-chart-options.md) +For a list of options that can be configured when the logging application is installed or upgraded, see [this page.](logging-helm-chart-options.md) ### Windows Support Logging support for Windows clusters is available and logs can be collected from Windows nodes. -For details on how to enable or disable Windows node logging, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#enabledisable-windows-node-logging) +For details on how to enable or disable Windows node logging, see [this section.](logging-helm-chart-options.md#enabledisable-windows-node-logging) ### Working with a Custom Docker Root Directory -For details on using a custom Docker root directory, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#working-with-a-custom-docker-root-directory) +For details on using a custom Docker root directory, see [this section.](logging-helm-chart-options.md#working-with-a-custom-docker-root-directory) ### Working with Taints and Tolerations -For information on how to use taints and tolerations with the logging application, see [this page.](../integrations-in-rancher/logging/taints-and-tolerations.md) +For information on how to use taints and tolerations with the logging application, see [this page.](taints-and-tolerations.md) ### Logging V2 with SELinux -For information on enabling the logging application for SELinux-enabled nodes, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#enabling-the-logging-application-to-work-with-selinux) +For information on enabling the logging application for SELinux-enabled nodes, see [this section.](logging-helm-chart-options.md#enabling-the-logging-application-to-work-with-selinux) ### Additional Logging Sources -By default, Rancher collects logs for control plane components and node components for all cluster types. In some cases additional logs can be collected. For details, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#additional-logging-sources) +By default, Rancher collects logs for control plane components and node components for all cluster types. In some cases additional logs can be collected. For details, see [this section.](logging-helm-chart-options.md#additional-logging-sources) ## Troubleshooting diff --git a/versioned_docs/version-2.6/integrations-in-rancher/logging/migrate-to-rancher-v2.5+-logging.md b/versioned_docs/version-2.6/integrations-in-rancher/logging/migrate-to-rancher-v2.5+-logging.md index 7bcf55b7f6e..b8d320e6619 100644 --- a/versioned_docs/version-2.6/integrations-in-rancher/logging/migrate-to-rancher-v2.5+-logging.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/logging/migrate-to-rancher-v2.5+-logging.md @@ -7,7 +7,7 @@ Among the many features and changes in the new logging functionality is the remo ## Installation -To install logging in Rancher v2.5+, refer to the [installation instructions](../../pages-for-subheaders/logging.md#enabling-logging). +To install logging in Rancher v2.5+, refer to the [installation instructions](logging.md#enabling-logging). ### Terminology diff --git a/versioned_docs/version-2.6/pages-for-subheaders/monitoring-and-alerting.md b/versioned_docs/version-2.6/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md similarity index 65% rename from versioned_docs/version-2.6/pages-for-subheaders/monitoring-and-alerting.md rename to versioned_docs/version-2.6/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index f47fca300a7..f76814cb3a0 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/monitoring-and-alerting.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -29,7 +29,7 @@ The monitoring application allows you to: ## How Monitoring Works -For an explanation of how the monitoring components work together, see [this page.](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md) +For an explanation of how the monitoring components work together, see [this page.](how-monitoring-works.md) ## Default Components and Deployments @@ -37,7 +37,7 @@ For an explanation of how the monitoring components work together, see [this pag By default, the monitoring application deploys Grafana dashboards (curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project) onto a cluster. -It also deploys an Alertmanager UI and a Prometheus UI. For more information about these tools, see [Built-in Dashboards.](../integrations-in-rancher/monitoring-and-alerting/built-in-dashboards.md) +It also deploys an Alertmanager UI and a Prometheus UI. For more information about these tools, see [Built-in Dashboards.](built-in-dashboards.md) ### Default Metrics Exporters By default, Rancher Monitoring deploys exporters (such as [node-exporter](https://github.com/prometheus/node_exporter) and [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics)). @@ -46,42 +46,42 @@ These default exporters automatically scrape metrics for CPU and memory from all ### Default Alerts -The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](../integrations-in-rancher/monitoring-and-alerting/built-in-dashboards.md#alertmanager-ui) and click **Expand all groups.** +The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](built-in-dashboards.md#alertmanager-ui) and click **Expand all groups.** ### Components Exposed in the Rancher UI -For a list of monitoring components exposed in the Rancher UI, along with common use cases for editing them, see [this section.](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md#components-exposed-in-the-rancher-ui) +For a list of monitoring components exposed in the Rancher UI, along with common use cases for editing them, see [this section.](how-monitoring-works.md#components-exposed-in-the-rancher-ui) ## Role-based Access Control -For information on configuring access to monitoring, see [this page.](../integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md) +For information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) ## Guides -- [Enable monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) -- [Uninstall monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) -- [Monitoring workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) -- [Customizing Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) -- [Persistent Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) -- [Debugging high memory usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) -- [Migrating from Monitoring V1 to V2](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/migrate-to-rancher-v2.5+-monitoring.md) +- [Enable monitoring](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) +- [Uninstall monitoring](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) +- [Monitoring workloads](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) +- [Customizing Grafana dashboards](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) +- [Persistent Grafana dashboards](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) +- [Debugging high memory usage](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) +- [Migrating from Monitoring V1 to V2](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/migrate-to-rancher-v2.5+-monitoring.md) ## Configuration ### Configuring Monitoring Resources in Rancher -> The configuration reference assumes familiarity with how monitoring components work together. For more information, see [How Monitoring Works.](../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md) +> The configuration reference assumes familiarity with how monitoring components work together. For more information, see [How Monitoring Works.](how-monitoring-works.md) -- [ServiceMonitor and PodMonitor](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) -- [Receiver](../reference-guides/monitoring-v2-configuration/receivers.md) -- [Route](../reference-guides/monitoring-v2-configuration/routes.md) -- [PrometheusRule](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) -- [Prometheus](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) -- [Alertmanager](../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) +- [ServiceMonitor and PodMonitor](../../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) +- [Receiver](../../reference-guides/monitoring-v2-configuration/receivers.md) +- [Route](../../reference-guides/monitoring-v2-configuration/routes.md) +- [PrometheusRule](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheusrules.md) +- [Prometheus](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/prometheus.md) +- [Alertmanager](../../how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager.md) ### Configuring Helm Chart Options -For more information on `rancher-monitoring` chart options, including options to set resource limits and requests, see [this page.](../reference-guides/monitoring-v2-configuration/helm-chart-options.md) +For more information on `rancher-monitoring` chart options, including options to set resource limits and requests, see [this page.](../../reference-guides/monitoring-v2-configuration/helm-chart-options.md) ## Windows Cluster Support @@ -89,11 +89,11 @@ When deployed onto an RKE1 Windows cluster, Monitoring V2 will now automatically To be able to fully deploy Monitoring V2 for Windows, all of your Windows hosts must have a minimum [wins](https://github.com/rancher/wins) version of v0.1.0. -For more details on how to upgrade wins on existing Windows hosts, refer to the section on [Windows cluster support for Monitoring V2.](../integrations-in-rancher/monitoring-and-alerting/windows-support.md) +For more details on how to upgrade wins on existing Windows hosts, refer to the section on [Windows cluster support for Monitoring V2.](windows-support.md) ## Known Issues There is a [known issue](https://github.com/rancher/rancher/issues/28787#issuecomment-693611821) that K3s clusters require more default memory. If you are enabling monitoring on a K3s cluster, we recommend to setting `prometheus.prometheusSpec.resources.memory.limit` to 2500 Mi and `prometheus.prometheusSpec.resources.memory.request` to 1750 Mi. -For tips on debugging high memory usage, see [this page.](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) +For tips on debugging high memory usage, see [this page.](../../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) diff --git a/versioned_docs/version-2.6/integrations-in-rancher/neuvector.md b/versioned_docs/version-2.6/integrations-in-rancher/neuvector.md index 6afe9c9a270..e5a8c7ee36c 100644 --- a/versioned_docs/version-2.6/integrations-in-rancher/neuvector.md +++ b/versioned_docs/version-2.6/integrations-in-rancher/neuvector.md @@ -8,7 +8,7 @@ title: NeuVector Integration ### NeuVector Integration in Rancher -New in Rancher v2.6.5, [NeuVector 5.x](https://open-docs.neuvector.com/) is an open-source container-centric security platform that is now integrated into Rancher. NeuVector offers real-time compliance, visibility, and protection for critical applications and data during runtime. NeuVector provides a firewall, container process/file system monitoring, security auditing with CIS benchmarks, and vulnerability scanning. For more information on Rancher security, please see the [security documentation](../pages-for-subheaders/rancher-security.md). +New in Rancher v2.6.5, [NeuVector 5.x](https://open-docs.neuvector.com/) is an open-source container-centric security platform that is now integrated into Rancher. NeuVector offers real-time compliance, visibility, and protection for critical applications and data during runtime. NeuVector provides a firewall, container process/file system monitoring, security auditing with CIS benchmarks, and vulnerability scanning. For more information on Rancher security, please see the [security documentation](../reference-guides/rancher-security/rancher-security.md). NeuVector can be enabled through a Helm chart that may be installed either through **Apps & Marketplace** or through the **Cluster Tools** button in the Rancher UI. Once the Helm chart is installed, users can easily [deploy and manage NeuVector clusters within Rancher](https://open-docs.neuvector.com/deploying/rancher#deploy-and-manage-neuvector-through-rancher-apps-marketplace). diff --git a/versioned_docs/version-2.6/pages-for-subheaders/about-provisioning-drivers.md b/versioned_docs/version-2.6/pages-for-subheaders/about-provisioning-drivers.md deleted file mode 100644 index 30c1cbeff74..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/about-provisioning-drivers.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: About Provisioning Drivers ---- - - - - - -Drivers in Rancher allow you to manage which providers can be used to deploy [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md) or [nodes in an infrastructure provider](use-new-nodes-in-an-infra-provider.md) to allow Rancher to deploy and manage Kubernetes. - -### Rancher Drivers - -With Rancher drivers, you can enable/disable existing built-in drivers that are packaged in Rancher. Alternatively, you can add your own driver if Rancher has not yet implemented it. - -There are two types of drivers within Rancher: - -* [Cluster Drivers](#cluster-drivers) -* [Node Drivers](#node-drivers) - -### Cluster Drivers - -Cluster drivers are used to provision [hosted Kubernetes clusters](set-up-clusters-from-hosted-kubernetes-providers.md), such as GKE, EKS, AKS, etc.. The availability of which cluster driver to display when creating a cluster is defined based on the cluster driver's status. Only `active` cluster drivers will be displayed as an option for creating clusters for hosted Kubernetes clusters. By default, Rancher is packaged with several existing cluster drivers, but you can also create custom cluster drivers to add to Rancher. - -By default, Rancher has activated several hosted Kubernetes cloud providers including: - -* [Amazon EKS](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md) -* [Google GKE](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md) -* [Azure AKS](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/aks.md) - -There are several other hosted Kubernetes cloud providers that are disabled by default, but are packaged in Rancher: - -* [Alibaba ACK](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/alibaba.md) -* [Huawei CCE](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/huawei.md) -* [Tencent](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/tencent.md) - -### Node Drivers - -Node drivers are used to provision hosts, which Rancher uses to launch and manage Kubernetes clusters. A node driver is the same as a [Docker Machine driver](https://docs.docker.com/machine/drivers/). The availability of which node driver to display when creating node templates is defined based on the node driver's status. Only `active` node drivers will be displayed as an option for creating node templates. By default, Rancher is packaged with many existing Docker Machine drivers, but you can also create custom node drivers to add to Rancher. - -If there are specific node drivers that you don't want to show to your users, you would need to de-activate these node drivers. - -Rancher supports several major cloud providers, but by default, these node drivers are active and available for deployment: - -* [Amazon EC2](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md) -* [Azure](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md) -* [Digital Ocean](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md) -* [vSphere](vsphere.md) - -There are several other node drivers that are disabled by default, but are packaged in Rancher: - -* [Harvester](../integrations-in-rancher/harvester.md#harvester-node-driver/), available in Rancher v2.6.1 diff --git a/versioned_docs/version-2.6/pages-for-subheaders/backup-restore-configuration.md b/versioned_docs/version-2.6/pages-for-subheaders/backup-restore-configuration.md deleted file mode 100644 index 104584f741d..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/backup-restore-configuration.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Rancher Backup Configuration Reference ---- - - - - - -- [Backup configuration](../reference-guides/backup-restore-configuration/backup-configuration.md) -- [Restore configuration](../reference-guides/backup-restore-configuration/restore-configuration.md) -- [Storage location configuration](../reference-guides/backup-restore-configuration/storage-configuration.md) -- [Example Backup and Restore Custom Resources](../reference-guides/backup-restore-configuration/examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/cis-scan-guides.md b/versioned_docs/version-2.6/pages-for-subheaders/cis-scan-guides.md deleted file mode 100644 index e76d47504e6..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/cis-scan-guides.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: CIS Scan Guides ---- - - - - - -- [Install rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark.md) -- [Uninstall rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/uninstall-rancher-cis-benchmark.md) -- [Run a Scan](../how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan.md) -- [Run a Scan Periodically on a Schedule](../how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan-periodically-on-a-schedule.md) -- [Skip Tests](../how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md) -- [View Reports](../how-to-guides/advanced-user-guides/cis-scan-guides/view-reports.md) -- [Enable Alerting for rancher-cis-benchmark](../how-to-guides/advanced-user-guides/cis-scan-guides/enable-alerting-for-rancher-cis-benchmark.md) -- [Configure Alerts for Periodic Scan on a Schedule](../how-to-guides/advanced-user-guides/cis-scan-guides/configure-alerts-for-periodic-scan-on-a-schedule.md) -- [Create a Custom Benchmark Version to Run](../how-to-guides/advanced-user-guides/cis-scan-guides/create-a-custom-benchmark-version-to-run.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/deploy-rancher-manager.md b/versioned_docs/version-2.6/pages-for-subheaders/deploy-rancher-manager.md deleted file mode 100644 index 9914926b2d6..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/deploy-rancher-manager.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: Deploying Rancher Server ---- - - - - - -Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice. - -- [AWS](../getting-started/quick-start-guides/deploy-rancher-manager/aws.md) (uses Terraform) -- [AWS Marketplace](../getting-started/quick-start-guides/deploy-rancher-manager/aws-marketplace.md) (uses Amazon EKS) -- [Azure](../getting-started/quick-start-guides/deploy-rancher-manager/azure.md) (uses Terraform) -- [DigitalOcean](../getting-started/quick-start-guides/deploy-rancher-manager/digitalocean.md) (uses Terraform) -- [GCP](../getting-started/quick-start-guides/deploy-rancher-manager/gcp.md) (uses Terraform) -- [Hetzner Cloud](../getting-started/quick-start-guides/deploy-rancher-manager/hetzner-cloud.md) (uses Terraform) -- [Vagrant](../getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md) -- [Equinix Metal](../getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md) -- [Outscale](../getting-started/quick-start-guides/deploy-rancher-manager/outscale-qs.md) (uses Terraform) - - -If you prefer, the following guide will take you through the same process in individual steps. Use this if you want to run Rancher in a different provider, on prem, or if you would just like to see how easy it is. - -- [Manual Install](../getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/downstream-cluster-configuration.md b/versioned_docs/version-2.6/pages-for-subheaders/downstream-cluster-configuration.md deleted file mode 100644 index b9fbad0b966..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/downstream-cluster-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Downstream Cluster Configuration ---- - - - - - -The following docs will discuss [node template configuration](./node-template-configuration.md) and [machine configuration](./machine-configuration.md). \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/installation-references.md b/versioned_docs/version-2.6/pages-for-subheaders/installation-references.md deleted file mode 100644 index 6108728b04f..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/installation-references.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Installation References ---- - - - - - -Please see the following reference guides for other installation resources: [Rancher Helm chart options](../getting-started/installation-and-upgrade/installation-references/helm-chart-options.md), [TLS settings](../getting-started/installation-and-upgrade/installation-references/tls-settings.md), and [feature flags](../getting-started/installation-and-upgrade/installation-references/feature-flags.md). \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/istio-setup-guide.md b/versioned_docs/version-2.6/pages-for-subheaders/istio-setup-guide.md deleted file mode 100644 index 24475f7ffea..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/istio-setup-guide.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Setup Guide ---- - - - - - -This section describes how to enable Istio and start using it in your projects. - -If you use Istio for traffic management, you will need to allow external traffic to the cluster. In that case, you will need to follow all of the steps below. - -## Prerequisites - -This guide assumes you have already [installed Rancher,](installation-and-upgrade.md) and you have already [provisioned a separate Kubernetes cluster](kubernetes-clusters-in-rancher-setup.md) on which you will install Istio. - -The nodes in your cluster must meet the [CPU and memory requirements.](../integrations-in-rancher/istio/cpu-and-memory-allocations.md) - -The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) - -## Install - -:::tip Quick Setup Tip: - -If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md) and [setting up Istio's components for traffic management.](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md) - -::: - -1. [Enable Istio in the cluster.](../how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md) -1. [Enable Istio in all the namespaces where you want to use it.](../how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md) -1. [Add deployments and services that have the Istio sidecar injected.](../how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md) -1. [Set up the Istio gateway. ](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md) -1. [Set up Istio's components for traffic management.](../how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md) -1. [Generate traffic and see Istio in action.](../how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/kubernetes-components.md b/versioned_docs/version-2.6/pages-for-subheaders/kubernetes-components.md deleted file mode 100644 index f048b5ba19b..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/kubernetes-components.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Kubernetes Components ---- - - - - - -The commands and steps listed in this section apply to the core Kubernetes components on [Rancher Launched Kubernetes](../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. - -This section includes troubleshooting tips in the following categories: - -- [Troubleshooting etcd Nodes](../troubleshooting/kubernetes-components/troubleshooting-etcd-nodes.md) -- [Troubleshooting Controlplane Nodes](../troubleshooting/kubernetes-components/troubleshooting-controlplane-nodes.md) -- [Troubleshooting nginx-proxy Nodes](../troubleshooting/kubernetes-components/troubleshooting-nginx-proxy.md) -- [Troubleshooting Worker Nodes and Generic Components](../troubleshooting/kubernetes-components/troubleshooting-worker-nodes-and-generic-components.md) - -## Kubernetes Component Diagram - -![Cluster diagram](/img/clusterdiagram.svg)
    -Lines show the traffic flow between components. Colors are used purely for visual aid \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/machine-configuration.md b/versioned_docs/version-2.6/pages-for-subheaders/machine-configuration.md deleted file mode 100644 index e1b9bb72f0a..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/machine-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Machine Configuration ---- - - - - - -Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2.md), [DigitalOcean](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean.md), and [Azure](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure.md) to learn more. \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/monitoring-alerting-guides.md b/versioned_docs/version-2.6/pages-for-subheaders/monitoring-alerting-guides.md deleted file mode 100644 index 3815cd4f0ef..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/monitoring-alerting-guides.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Monitoring/Alerting Guides ---- - - - - - -- [Enable monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md) -- [Uninstall monitoring](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/uninstall-monitoring.md) -- [Monitoring workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/set-up-monitoring-for-workloads.md) -- [Customizing Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/customize-grafana-dashboard.md) -- [Persistent Grafana dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/create-persistent-grafana-dashboard.md) -- [Debugging high memory usage](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/debug-high-memory-usage.md) -- [Migrating from Monitoring V1 to V2](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/migrate-to-rancher-v2.5+-monitoring.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/monitoring-v2-configuration.md b/versioned_docs/version-2.6/pages-for-subheaders/monitoring-v2-configuration.md deleted file mode 100644 index 79f97d9513d..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/monitoring-v2-configuration.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Monitoring V2 Configuration ---- - - - - - -The following sections will explain important options essential to configuring Monitoring V2 in Rancher: - -- [Receiver Configuration](../reference-guides/monitoring-v2-configuration/receivers.md) -- [Route Configuration](../reference-guides/monitoring-v2-configuration/routes.md) -- [ServiceMonitor and PodMonitor Configuration](../reference-guides/monitoring-v2-configuration/servicemonitors-and-podmonitors.md) -- [Helm Chart Options](../reference-guides/monitoring-v2-configuration/helm-chart-options.md) -- [Examples](../reference-guides/monitoring-v2-configuration/examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/node-template-configuration.md b/versioned_docs/version-2.6/pages-for-subheaders/node-template-configuration.md deleted file mode 100644 index e6c22d5e852..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/node-template-configuration.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Node Template Configuration ---- - - - - - -To learn about node template config, refer to [EC2 Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md), [DigitalOcean Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/digitalocean.md), [Azure Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/azure.md), [vSphere Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/vsphere.md), and [Nutanix Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/nutanix.md). diff --git a/versioned_docs/version-2.6/pages-for-subheaders/prometheus-federator-guides.md b/versioned_docs/version-2.6/pages-for-subheaders/prometheus-federator-guides.md deleted file mode 100644 index 2d1c0ae8224..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/prometheus-federator-guides.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Prometheus Federator Guides ---- - - - - - -- [Enable Prometheus Operator](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator.md) -- [Uninstall Prometheus Operator](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/uninstall-prometheus-federator.md) -- [Customize Grafana Dashboards](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/customize-grafana-dashboards.md) -- [Set Up Workloads](../how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/set-up-workloads.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/rancher-managed-clusters.md b/versioned_docs/version-2.6/pages-for-subheaders/rancher-managed-clusters.md deleted file mode 100644 index 2cdb03fd909..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/rancher-managed-clusters.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Best Practices for Rancher Managed Clusters ---- - - - - - -### Logging - -Refer to [this guide](../reference-guides/best-practices/rancher-managed-clusters/logging-best-practices.md) for our recommendations for cluster-level logging and application logging. - -### Monitoring - -Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. Refer to this [guide](../reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md) for our recommendations. - -### Tips for Setting Up Containers - -Running well-built containers can greatly impact the overall performance and security of your environment. Refer to this [guide](../reference-guides/best-practices/rancher-managed-clusters/tips-to-set-up-containers.md) for tips. - -### Best Practices for Rancher Managed vSphere Clusters - -This [guide](../reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters-in-vsphere.md) outlines a reference architecture for provisioning downstream Rancher clusters in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/rancher-server-configuration.md b/versioned_docs/version-2.6/pages-for-subheaders/rancher-server-configuration.md deleted file mode 100644 index 5e18f69e740..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/rancher-server-configuration.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Rancher Server Configuration ---- - - - - - -- [RKE1 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -- [RKE2 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) -- [K3s Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) -- [EKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/eks-cluster-configuration.md) -- [AKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md) -- [GKE Cluster Configuration](../pages-for-subheaders/gke-cluster-configuration.md) -- [Use Existing Nodes](../pages-for-subheaders/use-existing-nodes.md) -- [Sync Clusters](../reference-guides/cluster-configuration/rancher-server-configuration/sync-clusters.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/rancher-server.md b/versioned_docs/version-2.6/pages-for-subheaders/rancher-server.md deleted file mode 100644 index 45c3917cd58..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/rancher-server.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Best Practices for the Rancher Server ---- - - - - - -This guide contains our recommendations for running the Rancher server, and is intended to be used in situations in which Rancher manages downstream Kubernetes clusters. - -### Recommended Architecture and Infrastructure - -Refer to this [guide](../reference-guides/best-practices/rancher-server/tips-for-running-rancher.md) for our general advice for setting up the Rancher server on a high-availability Kubernetes cluster. - -### Deployment Strategies - -This [guide](../reference-guides/best-practices/rancher-server/rancher-deployment-strategy.md) is designed to help you choose whether a regional deployment strategy or a hub-and-spoke deployment strategy is better for a Rancher server that manages downstream Kubernetes clusters. - -### Installing Rancher in a vSphere Environment - -This [guide](../reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md) outlines a reference architecture for installing Rancher in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/resources.md b/versioned_docs/version-2.6/pages-for-subheaders/resources.md deleted file mode 100644 index 52e61353441..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/resources.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Resources ---- - - - - - -### Docker Installations - -The [single-node Docker installation](rancher-on-a-single-node-with-docker.md) is for Rancher users that are wanting to test out Rancher. Instead of running on a Kubernetes cluster using Helm, you install the Rancher server component on a single node using a `docker run` command. - -Since there is only one node and a single Docker container, if the node goes down, there is no copy of the etcd data available on other nodes and you will lose all the data of your Rancher server. - -### Air-Gapped Installations - -Follow [these steps](air-gapped-helm-cli-install.md) to install the Rancher server in an air gapped environment. - -An air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. - -### Advanced Options - -When installing Rancher, there are several advanced options that can be enabled during installation. Within each install guide, these options are presented. Learn more about these options: - -- [Custom CA Certificate](../getting-started/installation-and-upgrade/resources/custom-ca-root-certificates.md) -- [API Audit Log](../how-to-guides/advanced-user-guides/enable-api-audit-log.md) -- [TLS Settings](../getting-started/installation-and-upgrade/installation-references/tls-settings.md) -- [etcd configuration](../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md) -- [Local System Charts for Air Gap Installations](../getting-started/installation-and-upgrade/resources/local-system-charts.md) | v2.3.0 | diff --git a/versioned_docs/version-2.6/pages-for-subheaders/single-node-rancher-in-docker.md b/versioned_docs/version-2.6/pages-for-subheaders/single-node-rancher-in-docker.md deleted file mode 100644 index 91072d2b3b4..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/single-node-rancher-in-docker.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Single Node Rancher in Docker ---- - - - - - -The following docs will discuss [HTTP proxy configuration](../reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md) and [advanced options](../reference-guides/single-node-rancher-in-docker/advanced-options.md) for Docker installs. \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/user-settings.md b/versioned_docs/version-2.6/pages-for-subheaders/user-settings.md deleted file mode 100644 index a9ed1c72d92..00000000000 --- a/versioned_docs/version-2.6/pages-for-subheaders/user-settings.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: User Settings ---- - - - - - -Within Rancher, each user has a number of settings associated with their login: personal preferences, API keys, etc. You can configure these settings by choosing from the **User Settings** menu. You can open this menu by clicking your avatar, located within the main menu. - -![User Settings Menu](/img/user-settings.png) - -The available user settings are: - -- [API & Keys](../reference-guides/user-settings/api-keys.md): If you want to interact with Rancher programmatically, you need an API key. Follow the directions in this section to obtain a key. -- [Cloud Credentials](../reference-guides/user-settings/manage-cloud-credentials.md): Manage cloud credentials [used by node templates](use-new-nodes-in-an-infra-provider.md#node-templates) to [provision nodes for clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md). -- [Node Templates](../reference-guides/user-settings/manage-node-templates.md): Manage templates [used by Rancher to provision nodes for clusters](../pages-for-subheaders/launch-kubernetes-with-rancher.md). -- [Preferences](../reference-guides/user-settings/user-preferences.md): Sets superficial preferences for the Rancher UI. -- Log Out: Ends your user session. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/about-the-api.md b/versioned_docs/version-2.6/reference-guides/about-the-api/about-the-api.md similarity index 92% rename from versioned_docs/version-2.6/pages-for-subheaders/about-the-api.md rename to versioned_docs/version-2.6/reference-guides/about-the-api/about-the-api.md index 3b39d7c2717..1dd830a0d8c 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/about-the-api.md +++ b/versioned_docs/version-2.6/reference-guides/about-the-api/about-the-api.md @@ -27,9 +27,9 @@ Go to the URL endpoint at `https:///v3`, where `` is ## Authentication -API requests must include authentication information. Authentication is done with HTTP basic authentication using [API Keys](../reference-guides/user-settings/api-keys.md). API keys can create new clusters and have access to multiple clusters via `/v3/clusters/`. [Cluster and project roles](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) apply to these keys and restrict what clusters and projects the account can see and what actions they can take. +API requests must include authentication information. Authentication is done with HTTP basic authentication using [API Keys](../user-settings/api-keys.md). API keys can create new clusters and have access to multiple clusters via `/v3/clusters/`. [Cluster and project roles](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md) apply to these keys and restrict what clusters and projects the account can see and what actions they can take. -By default, some cluster-level API tokens are generated with infinite time-to-live (`ttl=0`). In other words, API tokens with `ttl=0` never expire unless you invalidate them. For details on how to invalidate them, refer to the [API tokens page](../reference-guides/about-the-api/api-tokens.md). +By default, some cluster-level API tokens are generated with infinite time-to-live (`ttl=0`). In other words, API tokens with `ttl=0` never expire unless you invalidate them. For details on how to invalidate them, refer to the [API tokens page](api-tokens.md). ## Making requests diff --git a/versioned_docs/version-2.6/reference-guides/about-the-api/api-tokens.md b/versioned_docs/version-2.6/reference-guides/about-the-api/api-tokens.md index 0d813665761..c833cd47cb3 100644 --- a/versioned_docs/version-2.6/reference-guides/about-the-api/api-tokens.md +++ b/versioned_docs/version-2.6/reference-guides/about-the-api/api-tokens.md @@ -53,7 +53,7 @@ This setting is used by all kubeconfig tokens except those created by the CLI to Users can enable token hashing, where tokens will undergo a one-way hash using the SHA256 algorithm. This is a non-reversible process, once enabled, this feature cannot be disabled. It is advisable to take backups prior to enabling and/or evaluating in a test environment first. -To enable token hashing, refer to [this section](../../pages-for-subheaders/enable-experimental-features.md). +To enable token hashing, refer to [this section](../../how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features.md). This feature will affect all tokens which include, but are not limited to, the following: diff --git a/versioned_docs/version-2.6/reference-guides/backup-restore-configuration/backup-restore-configuration.md b/versioned_docs/version-2.6/reference-guides/backup-restore-configuration/backup-restore-configuration.md new file mode 100644 index 00000000000..1f74b2fad9b --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/backup-restore-configuration/backup-restore-configuration.md @@ -0,0 +1,12 @@ +--- +title: Rancher Backup Configuration Reference +--- + + + + + +- [Backup configuration](backup-configuration.md) +- [Restore configuration](restore-configuration.md) +- [Storage location configuration](storage-configuration.md) +- [Example Backup and Restore Custom Resources](examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/pages-for-subheaders/best-practices.md b/versioned_docs/version-2.6/reference-guides/best-practices/best-practices.md similarity index 95% rename from versioned_docs/version-2.6/pages-for-subheaders/best-practices.md rename to versioned_docs/version-2.6/reference-guides/best-practices/best-practices.md index 7009f6cce70..546ae01be94 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/best-practices.md +++ b/versioned_docs/version-2.6/reference-guides/best-practices/best-practices.md @@ -14,7 +14,7 @@ Use the navigation bar on the left to find the current best practices for managi For more guidance on best practices, you can consult these resources: -- [Security](rancher-security.md) +- [Security](../rancher-security/rancher-security.md) - [Rancher Blog](https://www.suse.com/c/rancherblog/) - [Rancher Forum](https://forums.rancher.com/) - [Rancher Users Slack](https://slack.rancher.io/) diff --git a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md index 31584a85c5f..6874ac85ef3 100644 --- a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md +++ b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-managed-clusters/monitoring-best-practices.md @@ -8,7 +8,7 @@ title: Monitoring Best Practices Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. This is not different when using Kubernetes and Rancher. Fortunately the integrated monitoring and alerting functionality makes this whole process a lot easier. -The [Rancher monitoring documentation](../../../pages-for-subheaders/monitoring-and-alerting.md) describes how you can set up a complete Prometheus and Grafana stack. Out of the box this will scrape monitoring data from all system and Kubernetes components in your cluster and provide sensible dashboards and alerts for them to get started. But for a reliable setup, you also need to monitor your own workloads and adapt Prometheus and Grafana to your own specific use cases and cluster sizes. This document aims to give you best practices for this. +The [Rancher monitoring documentation](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) describes how you can set up a complete Prometheus and Grafana stack. Out of the box this will scrape monitoring data from all system and Kubernetes components in your cluster and provide sensible dashboards and alerts for them to get started. But for a reliable setup, you also need to monitor your own workloads and adapt Prometheus and Grafana to your own specific use cases and cluster sizes. This document aims to give you best practices for this. ## What to Monitor @@ -98,7 +98,7 @@ Monitoring the availability and performance of all your internal workloads is vi ## Security Monitoring -In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans](../../../pages-for-subheaders/cis-scan-guides.md) which check if the cluster is configured according to security best practices. +In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) which check if the cluster is configured according to security best practices. For the workloads, you can have a look at Kubernetes and Container security solutions like [NeuVector](https://www.suse.com/products/neuvector/), [Falco](https://falco.org/), [Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/), [SysDig](https://sysdig.com/). @@ -112,4 +112,4 @@ When setting up alerts, configure them for all the workloads that are critical t If an alert starts firing, but there is nothing you can do about it at the moment, it's also fine to silence the alert for a certain amount of time, so that you can look at it later. -You can find more information on how to set up alerts and notification channels in the [Rancher Documentation](../../../pages-for-subheaders/monitoring-and-alerting.md). +You can find more information on how to set up alerts and notification channels in the [Rancher Documentation](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md). diff --git a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md new file mode 100644 index 00000000000..72c44ac9a78 --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters.md @@ -0,0 +1,23 @@ +--- +title: Best Practices for Rancher Managed Clusters +--- + + + + + +### Logging + +Refer to [this guide](logging-best-practices.md) for our recommendations for cluster-level logging and application logging. + +### Monitoring + +Configuring sensible monitoring and alerting rules is vital for running any production workloads securely and reliably. Refer to this [guide](monitoring-best-practices.md) for our recommendations. + +### Tips for Setting Up Containers + +Running well-built containers can greatly impact the overall performance and security of your environment. Refer to this [guide](tips-to-set-up-containers.md) for tips. + +### Best Practices for Rancher Managed vSphere Clusters + +This [guide](rancher-managed-clusters-in-vsphere.md) outlines a reference architecture for provisioning downstream Rancher clusters in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. diff --git a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md index 74243559753..6d35b2dc2d8 100644 --- a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md +++ b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere.md @@ -43,7 +43,7 @@ Configure appropriate Firewall / ACL rules to only expose access to Rancher ### Size the VM's According to Rancher Documentation -See [Installation Requirements](../../../pages-for-subheaders/installation-requirements.md). +See [Installation Requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md). ### Leverage VM Templates to Construct the Environment diff --git a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/rancher-server.md b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/rancher-server.md new file mode 100644 index 00000000000..a79561ced2c --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/rancher-server.md @@ -0,0 +1,21 @@ +--- +title: Best Practices for the Rancher Server +--- + + + + + +This guide contains our recommendations for running the Rancher server, and is intended to be used in situations in which Rancher manages downstream Kubernetes clusters. + +### Recommended Architecture and Infrastructure + +Refer to this [guide](tips-for-running-rancher.md) for our general advice for setting up the Rancher server on a high-availability Kubernetes cluster. + +### Deployment Strategies + +This [guide](rancher-deployment-strategy.md) is designed to help you choose whether a regional deployment strategy or a hub-and-spoke deployment strategy is better for a Rancher server that manages downstream Kubernetes clusters. + +### Installing Rancher in a vSphere Environment + +This [guide](on-premises-rancher-in-vsphere.md) outlines a reference architecture for installing Rancher in a vSphere environment, in addition to standard vSphere best practices as documented by VMware. \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md index 1ed05696fa2..8c71b562ae0 100644 --- a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md +++ b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/tips-for-running-rancher.md @@ -30,11 +30,11 @@ For best performance, run all three of your nodes in the same geographic datacen It's strongly recommended to have a "staging" or "pre-production" environment of the Kubernetes cluster that Rancher runs on. This environment should mirror your production environment as closely as possible in terms of software and hardware configuration. ### Monitor Your Clusters to Plan Capacity -The Rancher server's Kubernetes cluster should run within the [system and hardware requirements](../../../pages-for-subheaders/installation-requirements.md) as closely as possible. The more you deviate from the system and hardware requirements, the more risk you take. +The Rancher server's Kubernetes cluster should run within the [system and hardware requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) as closely as possible. The more you deviate from the system and hardware requirements, the more risk you take. However, metrics-driven capacity planning analysis should be the ultimate guidance for scaling Rancher, because the published requirements take into account a variety of workload types. Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with Prometheus, a leading open-source monitoring solution, and Grafana, which lets you visualize the metrics from Prometheus. -After you [enable monitoring](../../../pages-for-subheaders/monitoring-and-alerting.md) in the cluster, you can set up alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. +After you [enable monitoring](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) in the cluster, you can set up alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. diff --git a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md index 16707e39feb..896a4978b12 100644 --- a/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md +++ b/versioned_docs/version-2.6/reference-guides/best-practices/rancher-server/tuning-and-best-practices-for-rancher-at-scale.md @@ -29,7 +29,7 @@ This is typical in Rancher, as many operations create new `RoleBinding` objects You can reduce the number of `RoleBindings` in the upstream cluster in the following ways: * Limit the use of the [Restricted Admin](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md#restricted-admin) role. Apply other roles wherever possible. -* If you use [external authentication](../../../pages-for-subheaders/authentication-config.md), use groups to assign roles. +* If you use [external authentication](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config.md), use groups to assign roles. * Only add users to clusters and projects when necessary. * Remove clusters and projects when they are no longer needed. * Only use custom roles if necessary. @@ -93,7 +93,7 @@ You should keep the local Kubernetes cluster up to date. This will ensure that y Etcd is the backend database for Kubernetes and for Rancher. It plays a very important role in Rancher performance. -The two main bottlenecks to [etcd performance](https://etcd.io/docs/v3.4/op-guide/performance/) are disk and network speed. Etcd should run on dedicated nodes with a fast network setup and with SSDs that have high input/output operations per second (IOPS). For more information regarding etcd performance, see [Slow etcd performance (performance testing and optimization)](https://www.suse.com/support/kb/doc/?id=000020100) and [Tuning etcd for Large Installations](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md). Information on disks can also be found in the [Installation Requirements](../../../pages-for-subheaders/installation-requirements.md#disks). +The two main bottlenecks to [etcd performance](https://etcd.io/docs/v3.4/op-guide/performance/) are disk and network speed. Etcd should run on dedicated nodes with a fast network setup and with SSDs that have high input/output operations per second (IOPS). For more information regarding etcd performance, see [Slow etcd performance (performance testing and optimization)](https://www.suse.com/support/kb/doc/?id=000020100) and [Tuning etcd for Large Installations](../../../how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md). Information on disks can also be found in the [Installation Requirements](../../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md#disks). It's best to run etcd on exactly three nodes, as adding more nodes will reduce operation speed. This may be counter-intuitive to common scaling approaches, but it's due to etcd's [replication mechanisms](https://etcd.io/docs/v3.5/faq/#what-is-maximum-cluster-size). diff --git a/versioned_docs/version-2.6/pages-for-subheaders/cli-with-rancher.md b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/cli-with-rancher.md similarity index 67% rename from versioned_docs/version-2.6/pages-for-subheaders/cli-with-rancher.md rename to versioned_docs/version-2.6/reference-guides/cli-with-rancher/cli-with-rancher.md index 547d4c50308..a0e50c51b71 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/cli-with-rancher.md +++ b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/cli-with-rancher.md @@ -6,4 +6,4 @@ title: CLI with Rancher -Interact with Rancher using command line interface (CLI) tools from your workstation. The following docs will describe the [Rancher CLI](../reference-guides/cli-with-rancher/rancher-cli.md) and [kubectl Utility](../reference-guides/cli-with-rancher/kubectl-utility.md). \ No newline at end of file +Interact with Rancher using command line interface (CLI) tools from your workstation. The following docs will describe the [Rancher CLI](rancher-cli.md) and [kubectl Utility](kubectl-utility.md). \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md index 445d2b6446b..1261e576130 100644 --- a/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md @@ -65,16 +65,16 @@ The following commands are available for use in Rancher CLI. | Command | Result | |---|---| | `apps, [app]` | Performs operations on catalog applications (i.e., individual [Helm charts](https://docs.helm.sh/developing_charts/)) or Rancher charts. | -| `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | -| `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | +| `catalog` | Performs operations on [catalogs](../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md). | +| `clusters, [cluster]` | Performs operations on your [clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | -| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | +| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md)). Specify resources by name or ID. | | `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | | `namespaces, [namespace]` |Performs operations on namespaces. | | `nodes, [node]` |Performs operations on nodes. | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | -| `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | +| `ps` | Displays [workloads](../../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md) in a project. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | | `help, [h]` | Shows a list of commands or help for one command. | @@ -88,4 +88,4 @@ All commands accept the `--help` flag, which documents each command's usage. ### Limitations -The Rancher CLI **cannot** be used to install [dashboard apps or Rancher feature charts](../../pages-for-subheaders/helm-charts-in-rancher.md). +The Rancher CLI **cannot** be used to install [dashboard apps or Rancher feature charts](../../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md). diff --git a/versioned_docs/version-2.6/pages-for-subheaders/cluster-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/cluster-configuration.md similarity index 50% rename from versioned_docs/version-2.6/pages-for-subheaders/cluster-configuration.md rename to versioned_docs/version-2.6/reference-guides/cluster-configuration/cluster-configuration.md index 60e02a8cd40..04264ce4b2d 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/cluster-configuration.md +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/cluster-configuration.md @@ -8,18 +8,18 @@ title: Cluster Configuration After you provision a Kubernetes cluster using Rancher, you can still edit options and settings for the cluster. -For information on editing cluster membership, go to [this page.](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) +For information on editing cluster membership, go to [this page.](../../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) ### Cluster Configuration References The cluster configuration options depend on the type of Kubernetes cluster: -- [RKE Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) -- [RKE2 Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) -- [K3s Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) -- [EKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/eks-cluster-configuration.md) -- [GKE Cluster Configuration](gke-cluster-configuration.md) -- [AKS Cluster Configuration](../reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md) +- [RKE Cluster Configuration](rancher-server-configuration/rke1-cluster-configuration.md) +- [RKE2 Cluster Configuration](rancher-server-configuration/rke2-cluster-configuration.md) +- [K3s Cluster Configuration](rancher-server-configuration/k3s-cluster-configuration.md) +- [EKS Cluster Configuration](rancher-server-configuration/eks-cluster-configuration.md) +- [GKE Cluster Configuration](rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md) +- [AKS Cluster Configuration](rancher-server-configuration/aks-cluster-configuration.md) ### Cluster Management Capabilities by Cluster Type diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md new file mode 100644 index 00000000000..897728cd346 --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration.md @@ -0,0 +1,9 @@ +--- +title: Downstream Cluster Configuration +--- + + + + + +The following docs will discuss [node template configuration](node-template-configuration/node-template-configuration.md) and [machine configuration](machine-configuration/machine-configuration.md). \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md new file mode 100644 index 00000000000..b28ccd669dd --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration.md @@ -0,0 +1,9 @@ +--- +title: Machine Configuration +--- + + + + + +Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](amazon-ec2.md), [DigitalOcean](digitalocean.md), and [Azure](azure.md) to learn more. \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md index 78bdc608163..b8264329291 100644 --- a/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md @@ -24,7 +24,7 @@ See [Amazon Documentation: Adding Permissions to a User (Console)](https://docs. See our three example JSON policies: - [Example IAM Policy](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy) -- [Example IAM Policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) +- [Example IAM Policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md) or want to pass an IAM Profile to an instance) - [Example IAM Policy to allow encrypted EBS volumes](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-to-allow-encrypted-ebs-volumes) policy to an user. ### Authenticate & Configure Nodes @@ -46,7 +46,7 @@ If you provide your own security group for an EC2 instance, please note that Ran Configure the instances that will be created. Make sure you configure the correct **SSH User** for the configured AMI. It is possible that a selected region does not support the default instance type. In this scenario you must select an instance type that does exist, otherwise an error will occur stating the requested configuration is not supported. -If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider](../../../../pages-for-subheaders/set-up-cloud-providers.md), you will need an additional permission in your policy. See [Example IAM policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) for an example policy. +If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md), you will need an additional permission in your policy. See [Example IAM policy with PassRole](../../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md#example-iam-policy-with-passrole) for an example policy. ### Engine Options diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md new file mode 100644 index 00000000000..bbe4d6127c3 --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration.md @@ -0,0 +1,9 @@ +--- +title: Node Template Configuration +--- + + + + + +To learn about node template config, refer to [EC2 Node Template Configuration](amazon-ec2.md), [DigitalOcean Node Template Configuration](digitalocean.md), [Azure Node Template Configuration](azure.md), [vSphere Node Template Configuration](vsphere.md), and [Nutanix Node Template Configuration](nutanix.md). diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md index 67cd280e470..dc3974e551f 100644 --- a/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md @@ -17,7 +17,7 @@ title: AKS Cluster Configuration Reference When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. -Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../pages-for-subheaders/manage-role-based-access-control-rbac.md) +Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) ## Cloud Credentials diff --git a/versioned_docs/version-2.6/pages-for-subheaders/gke-cluster-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md similarity index 96% rename from versioned_docs/version-2.6/pages-for-subheaders/gke-cluster-configuration.md rename to versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md index c627ea2bf95..d1499f9932f 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/gke-cluster-configuration.md +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration.md @@ -107,7 +107,7 @@ _Mutable: no_ :::caution -Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md). +Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](gke-private-clusters.md). ::: @@ -117,7 +117,7 @@ Assign nodes only internal IP addresses. Private cluster nodes cannot access the :::caution -Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](../reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters.md). +Private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide](gke-private-clusters.md). ::: @@ -204,7 +204,7 @@ The node operating system image. For more information for the node image options :::note -The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](../../version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](logging.md) is compatible with the Container-Optimized OS image. +The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](../../../../../version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](../../../../integrations-in-rancher/logging/logging.md) is compatible with the Container-Optimized OS image. ::: diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md new file mode 100644 index 00000000000..e4da90d371a --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration.md @@ -0,0 +1,16 @@ +--- +title: Rancher Server Configuration +--- + + + + + +- [RKE1 Cluster Configuration](rke1-cluster-configuration.md) +- [RKE2 Cluster Configuration](rke2-cluster-configuration.md) +- [K3s Cluster Configuration](k3s-cluster-configuration.md) +- [EKS Cluster Configuration](eks-cluster-configuration.md) +- [AKS Cluster Configuration](aks-cluster-configuration.md) +- [GKE Cluster Configuration](gke-cluster-configuration/gke-cluster-configuration.md) +- [Use Existing Nodes](use-existing-nodes/use-existing-nodes.md) +- [Sync Clusters](sync-clusters.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md index a9a02deaaef..01858baf54d 100644 --- a/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md @@ -6,7 +6,7 @@ title: RKE Cluster Configuration Reference -When Rancher installs Kubernetes, it uses [RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) or [RKE2](https://docs.rke2.io/) as the Kubernetes distribution. +When Rancher installs Kubernetes, it uses [RKE](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) or [RKE2](https://docs.rke2.io/) as the Kubernetes distribution. This section covers the configuration options that are available in Rancher for a new or existing RKE Kubernetes cluster. @@ -20,7 +20,7 @@ You can configure the Kubernetes options one of two ways: The RKE cluster config options are nested under the `rancher_kubernetes_engine_config` directive. For more information, see the section about the [cluster config file.](#rke-cluster-config-file-reference) -In [clusters launched by RKE](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md), you can edit any of the remaining options that follow. +In [clusters launched by RKE](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md), you can edit any of the remaining options that follow. For an example of RKE config file syntax, see the [RKE documentation](https://rancher.com/docs/rke/latest/en/example-yamls/). @@ -92,7 +92,7 @@ Project network isolation is available if you are using any RKE network plugin t ### Kubernetes Cloud Providers -You can configure a [Kubernetes cloud provider](../../../pages-for-subheaders/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. :::note @@ -135,7 +135,7 @@ We recommend using a load balancer with the authorized cluster endpoint. For det ### Node Pools -For information on using the Rancher UI to set up node pools in an RKE cluster, refer to [this page.](../../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md) +For information on using the Rancher UI to set up node pools in an RKE cluster, refer to [this page.](../../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md) ### NGINX Ingress @@ -312,7 +312,7 @@ See [Docker Root Directory](#docker-root-directory). ### enable_cluster_monitoring -Option to enable or disable [Cluster Monitoring](../../../pages-for-subheaders/monitoring-and-alerting.md). +Option to enable or disable [Cluster Monitoring](../../../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md). ### enable_network_policy diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index b3f7a1ef06d..9e273a9aaa4 100644 --- a/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -120,7 +120,7 @@ When using `cilium` or `multus,cilium` as your container network interface provi #### Cloud Provider -You can configure a [Kubernetes cloud provider](../../../pages-for-subheaders/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../pages-for-subheaders/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers.md). If you want to use dynamically provisioned [volumes and storage](../../../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. :::note @@ -134,7 +134,7 @@ Choose the default [pod security policy](../../../how-to-guides/new-user-guides/ #### Worker CIS Profile -Select a [CIS benchmark](../../../pages-for-subheaders/cis-scan-guides.md) to validate the system configuration against. +Select a [CIS benchmark](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) to validate the system configuration against. #### Project Network Isolation diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md index 3c363d053cf..183cdb4f558 100644 --- a/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md @@ -6,7 +6,7 @@ title: Rancher Agent Options -Rancher deploys an agent on each node to communicate with the node. This pages describes the options that can be passed to the agent. To use these options, you will need to [create a cluster with custom nodes](../../../../pages-for-subheaders/use-existing-nodes.md) and add the options to the generated `docker run` command when adding a node. +Rancher deploys an agent on each node to communicate with the node. This pages describes the options that can be passed to the agent. To use these options, you will need to [create a cluster with custom nodes](use-existing-nodes.md) and add the options to the generated `docker run` command when adding a node. For an overview of how Rancher communicates with downstream clusters using node agents, refer to the [architecture section.](../../../rancher-manager-architecture/communicating-with-downstream-user-clusters.md#3-node-agents) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/use-existing-nodes.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md similarity index 67% rename from versioned_docs/version-2.6/pages-for-subheaders/use-existing-nodes.md rename to versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index 56a5c7efab7..cca7752af30 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/use-existing-nodes.md +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -9,7 +9,7 @@ description: To create a cluster with custom nodes, you’ll need to access serv When you create a custom cluster, Rancher uses RKE (the Rancher Kubernetes Engine) to create a Kubernetes cluster in on-prem bare-metal servers, on-prem virtual machines, or in any node hosted by an infrastructure provider. -To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node. +To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node. This section describes how to set up a custom cluster. @@ -17,7 +17,7 @@ This section describes how to set up a custom cluster. :::note Want to use Windows hosts as Kubernetes workers? -See [Configuring Custom Clusters for Windows](use-windows-clusters.md) before you start. +See [Configuring Custom Clusters for Windows](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md) before you start. ::: @@ -29,9 +29,9 @@ Begin creation of a custom cluster by provisioning a Linux host. Your host can b - An on-prem VM - A bare-metal server -If you want to reuse a node from a previous custom cluster, [clean the node](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node](../../../../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. -Provision the host according to the [installation requirements](../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) and the [checklist for production-ready clusters.](checklist-for-production-ready-clusters.md) +Provision the host according to the [installation requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md) and the [checklist for production-ready clusters.](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) If you're using Amazon EC2 as your host and want to use the [dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/) feature, there are additional [requirements](https://rancher.com/docs/rke//latest/en/config-options/dual-stack#requirements) when provisioning the host. @@ -45,7 +45,7 @@ If you're using Amazon EC2 as your host and want to use the [dual-stack](https:/ :::note Using Windows nodes as Kubernetes workers? - - See [Enable the Windows Support Option](use-windows-clusters.md). + - See [Enable the Windows Support Option](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md). - The only Network Provider available for clusters with Windows support is Flannel. ::: @@ -60,16 +60,16 @@ If you're using Amazon EC2 as your host and want to use the [dual-stack](https:/ 4. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -7. From **Node Role**, choose the roles that you want filled by a cluster node. You must provision at least one node for each role: `etcd`, `worker`, and `control plane`. All three roles are required for a custom cluster to finish provisioning. For more information on roles, see [this section.](../reference-guides/kubernetes-concepts.md#roles-for-nodes-in-kubernetes-clusters) +7. From **Node Role**, choose the roles that you want filled by a cluster node. You must provision at least one node for each role: `etcd`, `worker`, and `control plane`. All three roles are required for a custom cluster to finish provisioning. For more information on roles, see [this section.](../../../kubernetes-concepts.md#roles-for-nodes-in-kubernetes-clusters) :::note -- Using Windows nodes as Kubernetes workers? See [this section](use-windows-clusters.md). +- Using Windows nodes as Kubernetes workers? See [this section](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters.md). - Bare-Metal Server Reminder: If you plan on dedicating bare-metal servers to each role, you must provision a bare-metal server for each role (i.e. provision multiple bare-metal servers). ::: -8. **Optional**: Click **[Show advanced options](../reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options.md)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. +8. **Optional**: Click **[Show advanced options](rancher-agent-options.md)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. 9. Copy the command displayed on screen to your clipboard. @@ -137,5 +137,5 @@ Key=kubernetes.io/cluster/CLUSTERID, Value=shared After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster: -- **Access your cluster with the kubectl CLI:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. -- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. +- **Access your cluster with the kubectl CLI:** Follow [these steps](../../../../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#accessing-clusters-with-kubectl-from-your-workstation) to access clusters with kubectl on your workstation. In this case, you will be authenticated through the Rancher server’s authentication proxy, then Rancher will connect you to the downstream cluster. This method lets you manage the cluster without the Rancher UI. +- **Access your cluster with the kubectl CLI, using the authorized cluster endpoint:** Follow [these steps](../../../../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md#authenticating-directly-with-a-downstream-cluster) to access your cluster with kubectl directly, without authenticating through Rancher. We recommend setting up this alternative method to access your cluster so that in case you can’t connect to Rancher, you can still access the cluster. diff --git a/versioned_docs/version-2.6/reference-guides/kubernetes-concepts.md b/versioned_docs/version-2.6/reference-guides/kubernetes-concepts.md index 707fb8e1c51..e1e880e8cd4 100644 --- a/versioned_docs/version-2.6/reference-guides/kubernetes-concepts.md +++ b/versioned_docs/version-2.6/reference-guides/kubernetes-concepts.md @@ -57,7 +57,7 @@ Each [worker node](https://kubernetes.io/docs/concepts/architecture/nodes/) runs - **Kubelets:** An agent that monitors the state of the node, ensuring your containers are healthy. - **Workloads:** The containers and pods that hold your apps, as well as other types of deployments. -Worker nodes also run storage and networking drivers, and ingress controllers when required. You create as many worker nodes as necessary to run your [workloads](../pages-for-subheaders/workloads-and-pods.md). +Worker nodes also run storage and networking drivers, and ingress controllers when required. You create as many worker nodes as necessary to run your [workloads](../how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods.md). ## About Helm diff --git a/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md b/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md new file mode 100644 index 00000000000..62bade46a2a --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/monitoring-v2-configuration.md @@ -0,0 +1,15 @@ +--- +title: Monitoring V2 Configuration +--- + + + + + +The following sections will explain important options essential to configuring Monitoring V2 in Rancher: + +- [Receiver Configuration](receivers.md) +- [Route Configuration](routes.md) +- [ServiceMonitor and PodMonitor Configuration](servicemonitors-and-podmonitors.md) +- [Helm Chart Options](helm-chart-options.md) +- [Examples](examples.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/pipelines/configure-persistent-data.md b/versioned_docs/version-2.6/reference-guides/pipelines/configure-persistent-data.md index 630a03be55f..00d582182fb 100644 --- a/versioned_docs/version-2.6/reference-guides/pipelines/configure-persistent-data.md +++ b/versioned_docs/version-2.6/reference-guides/pipelines/configure-persistent-data.md @@ -8,7 +8,7 @@ This section assumes that you understand how persistent storage works in Kuberne :::note Prerequisites for both parts A and B: -[Persistent volumes](../../pages-for-subheaders/create-kubernetes-persistent-storage.md) must be available for the cluster. +[Persistent volumes](../../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) must be available for the cluster. ::: diff --git a/versioned_docs/version-2.6/pages-for-subheaders/pipelines.md b/versioned_docs/version-2.6/reference-guides/pipelines/pipelines.md similarity index 90% rename from versioned_docs/version-2.6/pages-for-subheaders/pipelines.md rename to versioned_docs/version-2.6/reference-guides/pipelines/pipelines.md index d748fdafe24..fd2f026cf0a 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/pipelines.md +++ b/versioned_docs/version-2.6/reference-guides/pipelines/pipelines.md @@ -4,7 +4,7 @@ title: Pipelines :::note Notes -- As of Rancher v2.5, Git-based deployment pipelines are now deprecated. We recommend handling pipelines with Rancher Continuous Delivery powered by [Fleet](../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md). To get to Fleet in Rancher, click ☰ > Continuous Delivery. +- As of Rancher v2.5, Git-based deployment pipelines are now deprecated. We recommend handling pipelines with Rancher Continuous Delivery powered by [Fleet](../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md). To get to Fleet in Rancher, click ☰ > Continuous Delivery. - Pipelines in Kubernetes 1.21+ are no longer supported. @@ -33,7 +33,7 @@ Rancher's pipeline provides a simple CI/CD experience, but it does not offer the ## Concepts -For an explanation of concepts and terminology used in this section, refer to [this page.](../reference-guides/pipelines/concepts.md) +For an explanation of concepts and terminology used in this section, refer to [this page.](concepts.md) ## How Pipelines Work @@ -41,7 +41,7 @@ After enabling the ability to use pipelines in a project, you can configure mult A pipeline is configured off of a group of files that are checked into source code repositories. Users can configure their pipelines either through the Rancher UI or by adding a `.rancher-pipeline.yml` into the repository. -Before pipelines can be configured, you will need to configure authentication to your version control provider, e.g. GitHub, GitLab, Bitbucket. If you haven't configured a version control provider, you can always use [Rancher's example repositories](../reference-guides/pipelines/example-repositories.md) to view some common pipeline deployments. +Before pipelines can be configured, you will need to configure authentication to your version control provider, e.g. GitHub, GitLab, Bitbucket. If you haven't configured a version control provider, you can always use [Rancher's example repositories](example-repositories.md) to view some common pipeline deployments. When you configure a pipeline in one of your projects, a namespace specifically for the pipeline is automatically created. The following components are deployed to it: @@ -65,7 +65,7 @@ When you configure a pipeline in one of your projects, a namespace specifically :::note - The managed Jenkins instance works statelessly, so don't worry about its data persistency. The Docker Registry and Minio instances use ephemeral volumes by default, which is fine for most use cases. If you want to make sure pipeline logs can survive node failures, you can configure persistent volumes for them, as described in [data persistency for pipeline components](../reference-guides/pipelines/configure-persistent-data.md). + The managed Jenkins instance works statelessly, so don't worry about its data persistency. The Docker Registry and Minio instances use ephemeral volumes by default, which is fine for most use cases. If you want to make sure pipeline logs can survive node failures, you can configure persistent volumes for them, as described in [data persistency for pipeline components](configure-persistent-data.md). ::: @@ -73,7 +73,7 @@ When you configure a pipeline in one of your projects, a namespace specifically If you can access a project, you can enable repositories to start building pipelines. -Only [administrators](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owners or members](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owners](../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) can configure version control providers and manage global pipeline execution settings. +Only [administrators](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md), [cluster owners or members](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles), or [project owners](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#project-roles) can configure version control providers and manage global pipeline execution settings. Project members can only configure repositories and pipelines. @@ -206,7 +206,7 @@ Now that repositories are added to your project, you can start configuring the p 1. In the dropdown menu in the top navigation bar, select the project where you want to configure pipelines. 1. In the left navigation bar, click **Legacy > Project > Pipelines**. 1. Find the repository that you want to set up a pipeline for. -1. Configure the pipeline through the UI or using a yaml file in the repository, i.e. `.rancher-pipeline.yml` or `.rancher-pipeline.yaml`. Pipeline configuration is split into stages and steps. Stages must fully complete before moving onto the next stage, but steps in a stage run concurrently. For each stage, you can add different step types. Note: As you build out each step, there are different advanced options based on the step type. Advanced options include trigger rules, environment variables, and secrets. For more information on configuring the pipeline through the UI or the YAML file, refer to the [pipeline configuration reference.](../reference-guides/pipelines/pipeline-configuration.md) +1. Configure the pipeline through the UI or using a yaml file in the repository, i.e. `.rancher-pipeline.yml` or `.rancher-pipeline.yaml`. Pipeline configuration is split into stages and steps. Stages must fully complete before moving onto the next stage, but steps in a stage run concurrently. For each stage, you can add different step types. Note: As you build out each step, there are different advanced options based on the step type. Advanced options include trigger rules, environment variables, and secrets. For more information on configuring the pipeline through the UI or the YAML file, refer to the [pipeline configuration reference.](pipeline-configuration.md) * If you are going to use the UI, select the vertical **⋮ > Edit Config** to configure the pipeline using the UI. After the pipeline is configured, you must view the YAML file and push it to the repository. * If you are going to use the YAML file, select the vertical **⋮ > View/Edit YAML** to configure the pipeline. If you choose to use a YAML file, you need to push it to the repository after any changes in order for it to be updated in the repository. When editing the pipeline configuration, it takes a few moments for Rancher to check for an existing pipeline configuration. @@ -226,7 +226,7 @@ Now that repositories are added to your project, you can start configuring the p ## Pipeline Configuration Reference -Refer to [this page](../reference-guides/pipelines/pipeline-configuration.md) for details on how to configure a pipeline to: +Refer to [this page](pipeline-configuration.md) for details on how to configure a pipeline to: - Run a script - Build and publish images @@ -267,7 +267,7 @@ Available Events: :::note -This option doesn't exist for Rancher's [example repositories](../reference-guides/pipelines/example-repositories.md). +This option doesn't exist for Rancher's [example repositories](example-repositories.md). ::: diff --git a/versioned_docs/version-2.6/pages-for-subheaders/prometheus-federator.md b/versioned_docs/version-2.6/reference-guides/prometheus-federator/prometheus-federator.md similarity index 97% rename from versioned_docs/version-2.6/pages-for-subheaders/prometheus-federator.md rename to versioned_docs/version-2.6/reference-guides/prometheus-federator/prometheus-federator.md index efef5f5abae..4b1e8a21143 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/prometheus-federator.md +++ b/versioned_docs/version-2.6/reference-guides/prometheus-federator/prometheus-federator.md @@ -24,7 +24,7 @@ Prometheus Federator is designed to be deployed alongside an existing Prometheus 1. On deploying this chart, users can create ProjectHelmCharts CRs with `spec.helmApiVersion` set to `monitoring.cattle.io/v1alpha1` (also known as "Project Monitors" in the Rancher UI) in a **Project Registration Namespace (`cattle-project-`)**. 2. On seeing each ProjectHelmChartCR, the operator will automatically deploy a Project Prometheus stack on the Project Owner's behalf in the **Project Release Namespace (`cattle-project--monitoring`)** based on a HelmChart CR and a HelmRelease CR automatically created by the ProjectHelmChart controller in the **Operator / System Namespace**. -3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). For more information, see the section on [configuring RBAC](../reference-guides/prometheus-federator/rbac.md). +3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). For more information, see the section on [configuring RBAC](rbac.md). ### What is a Project? @@ -43,7 +43,7 @@ As a Project Operator based on [rancher/helm-project-operator](https://github.co 1. **Operator / System Namespace**: The namespace that the operator is deployed into (e.g., `cattle-monitoring-system`). This namespace will contain all HelmCharts and HelmReleases for all ProjectHelmCharts watched by this operator. **Only Cluster Admins should have access to this namespace.** -2. **Project Registration Namespace (`cattle-project-`)**: The set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace. For details, refer to the [RBAC page](../reference-guides/prometheus-federator/rbac.md). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace.** +2. **Project Registration Namespace (`cattle-project-`)**: The set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace. For details, refer to the [RBAC page](rbac.md). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace.** :::note Notes: diff --git a/versioned_docs/version-2.6/reference-guides/prometheus-federator/rbac.md b/versioned_docs/version-2.6/reference-guides/prometheus-federator/rbac.md index 8b54ce9559f..276dd7d75f5 100644 --- a/versioned_docs/version-2.6/reference-guides/prometheus-federator/rbac.md +++ b/versioned_docs/version-2.6/reference-guides/prometheus-federator/rbac.md @@ -8,7 +8,7 @@ title: Role-Based Access Control This section describes the expectations for Role-Based Access Control (RBAC) for Prometheus Federator. -As described in the section on [namespaces](../../pages-for-subheaders/prometheus-federator.md#namespaces), Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: +As described in the section on [namespaces](prometheus-federator.md#namespaces), Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: - ClusterRoleBindings - RoleBindings in the Project Release Namespace diff --git a/versioned_docs/version-2.6/reference-guides/rancher-cluster-tools.md b/versioned_docs/version-2.6/reference-guides/rancher-cluster-tools.md index 63d8490bc41..ca037f533de 100644 --- a/versioned_docs/version-2.6/reference-guides/rancher-cluster-tools.md +++ b/versioned_docs/version-2.6/reference-guides/rancher-cluster-tools.md @@ -21,7 +21,7 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For more information, refer to the logging documentation [here.](../pages-for-subheaders/logging.md) +For more information, refer to the logging documentation [here.](../integrations-in-rancher/logging/logging.md) ## Monitoring and Alerts Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. @@ -32,7 +32,7 @@ Notifiers are services that inform you of alert events. You can configure notifi Alerts are rules that trigger those notifications. Before you can receive alerts, you must configure one or more notifier in Rancher. The scope for alerts can be set at either the cluster or project level. -For more information, refer to the monitoring documentation [here.](../pages-for-subheaders/monitoring-and-alerting.md) +For more information, refer to the monitoring documentation [here.](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) ## Istio @@ -40,7 +40,7 @@ For more information, refer to the monitoring documentation [here.](../pages-for Rancher's integration with Istio was improved in Rancher v2.5. -For more information, refer to the Istio documentation [here.](../pages-for-subheaders/istio.md) +For more information, refer to the Istio documentation [here.](../integrations-in-rancher/istio/istio.md) ## OPA Gatekeeper [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper) is an open-source project that provides integration between OPA and Kubernetes to provide policy control via admission controller webhooks. For details on how to enable Gatekeeper in Rancher, refer to the [OPA Gatekeeper section.](../integrations-in-rancher/opa-gatekeeper.md) @@ -49,4 +49,4 @@ For more information, refer to the Istio documentation [here.](../pages-for-subh Rancher can run a security scan to check whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark. -For more information, refer to the CIS scan documentation [here.](../pages-for-subheaders/cis-scan-guides.md) \ No newline at end of file +For more information, refer to the CIS scan documentation [here.](../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/architecture-recommendations.md b/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/architecture-recommendations.md index 8940a45f8c1..4831195e15d 100644 --- a/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/architecture-recommendations.md +++ b/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/architecture-recommendations.md @@ -57,7 +57,7 @@ We recommend the following configurations for the load balancer and Ingress cont It is strongly recommended to install Rancher on a Kubernetes cluster on hosted infrastructure such as Amazon's EC2 or Google Compute Engine. -For the best performance and greater security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and greater security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. ## Recommended Node Roles for Kubernetes Installations @@ -99,7 +99,7 @@ With that said, it is safe to use all three roles on three nodes when setting up Because no additional workloads will be deployed on the Rancher server cluster, in most cases it is not necessary to use the same architecture that we recommend for the scalability and reliability of downstream clusters. -For more best practices for downstream clusters, refer to the [production checklist](../../pages-for-subheaders/checklist-for-production-ready-clusters.md) or our [best practices guide.](../../pages-for-subheaders/best-practices.md) +For more best practices for downstream clusters, refer to the [production checklist](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters.md) or our [best practices guide.](../best-practices/best-practices.md) ## Architecture for an Authorized Cluster Endpoint (ACE) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/rancher-manager-architecture.md b/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md similarity index 50% rename from versioned_docs/version-2.6/pages-for-subheaders/rancher-manager-architecture.md rename to versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md index d7e76f28573..97ef05d0b6b 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/rancher-manager-architecture.md +++ b/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/rancher-manager-architecture.md @@ -6,16 +6,16 @@ title: Architecture -This section focuses on the [Rancher server and its components](../reference-guides/rancher-manager-architecture/rancher-server-and-components.md) and how [Rancher communicates with downstream Kubernetes clusters](../reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters.md). +This section focuses on the [Rancher server and its components](rancher-server-and-components.md) and how [Rancher communicates with downstream Kubernetes clusters](communicating-with-downstream-user-clusters.md). -For information on the different ways that Rancher can be installed, refer to the [overview of installation options.](installation-and-upgrade.md#overview-of-installation-options) +For information on the different ways that Rancher can be installed, refer to the [overview of installation options.](../../getting-started/installation-and-upgrade/installation-and-upgrade.md#overview-of-installation-options) -For a list of main features of the Rancher API server, refer to the [overview section.](../getting-started/overview.md#features-of-the-rancher-api-server) +For a list of main features of the Rancher API server, refer to the [overview section.](../../getting-started/overview.md#features-of-the-rancher-api-server) -For guidance about setting up the underlying infrastructure for the Rancher server, refer to the [architecture recommendations.](../reference-guides/rancher-manager-architecture/architecture-recommendations.md) +For guidance about setting up the underlying infrastructure for the Rancher server, refer to the [architecture recommendations.](architecture-recommendations.md) :::note -This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page. +This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../kubernetes-concepts.md) page. ::: \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/rancher-server-and-components.md b/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/rancher-server-and-components.md index 9d25e318ee3..7f1ec5b8b88 100644 --- a/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/rancher-server-and-components.md +++ b/versioned_docs/version-2.6/reference-guides/rancher-manager-architecture/rancher-server-and-components.md @@ -10,9 +10,9 @@ The majority of Rancher 2.x software runs on the Rancher Server. Rancher Server The figure below illustrates the high-level architecture of Rancher 2.x. The figure depicts a Rancher Server installation that manages two downstream Kubernetes clusters: one created by RKE and another created by Amazon EKS (Elastic Kubernetes Service). -For the best performance and security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) for running your workloads. +For the best performance and security, we recommend a dedicated Kubernetes cluster for the Rancher management server. Running user workloads on this cluster is not advised. After deploying Rancher, you can [create or import clusters](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md) for running your workloads. -The diagram below shows how users can manipulate both [Rancher-launched Kubernetes](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters and [hosted Kubernetes](../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md) clusters through Rancher's authentication proxy: +The diagram below shows how users can manipulate both [Rancher-launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters and [hosted Kubernetes](../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers.md) clusters through Rancher's authentication proxy:
    Managing Kubernetes Clusters through Rancher's Authentication Proxy
    diff --git a/versioned_docs/version-2.6/reference-guides/rancher-project-tools.md b/versioned_docs/version-2.6/reference-guides/rancher-project-tools.md index f199d246d2c..d2b99f71fa9 100644 --- a/versioned_docs/version-2.6/reference-guides/rancher-project-tools.md +++ b/versioned_docs/version-2.6/reference-guides/rancher-project-tools.md @@ -29,8 +29,8 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For details, refer to the [logging section.](../pages-for-subheaders/logging.md) +For details, refer to the [logging section.](../integrations-in-rancher/logging/logging.md) ## Monitoring -Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.](../pages-for-subheaders/monitoring-and-alerting.md) +Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md) diff --git a/versioned_docs/version-2.6/pages-for-subheaders/rancher-security.md b/versioned_docs/version-2.6/reference-guides/rancher-security/rancher-security.md similarity index 89% rename from versioned_docs/version-2.6/pages-for-subheaders/rancher-security.md rename to versioned_docs/version-2.6/reference-guides/rancher-security/rancher-security.md index f1e31f322f0..420cece1f1f 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/rancher-security.md +++ b/versioned_docs/version-2.6/reference-guides/rancher-security/rancher-security.md @@ -23,14 +23,14 @@ title: Security -Security is at the heart of all Rancher features. From integrating with all the popular authentication tools and services, to an enterprise grade [RBAC capability](manage-role-based-access-control-rbac.md), Rancher makes your Kubernetes clusters even more secure. +Security is at the heart of all Rancher features. From integrating with all the popular authentication tools and services, to an enterprise grade [RBAC capability](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md), Rancher makes your Kubernetes clusters even more secure. On this page, we provide security related documentation along with resources to help you secure your Rancher installation and your downstream Kubernetes clusters. ### NeuVector Integration with Rancher _New in v2.6.5_ -NeuVector is an open-source, container-focused security application that is now integrated into Rancher. NeuVector provides production security, DevOps vulnerability protection, and a container firewall, et al. Please see the [Rancher docs](../integrations-in-rancher/neuvector.md) and the [NeuVector docs](https://open-docs.neuvector.com/) for more information. +NeuVector is an open-source, container-focused security application that is now integrated into Rancher. NeuVector provides production security, DevOps vulnerability protection, and a container firewall, et al. Please see the [Rancher docs](../../integrations-in-rancher/neuvector.md) and the [NeuVector docs](https://open-docs.neuvector.com/) for more information. ### Running a CIS Security Scan on a Kubernetes Cluster @@ -46,13 +46,13 @@ The Benchmark provides recommendations of two types: Automated and Manual. We ru When Rancher runs a CIS security scan on a cluster, it generates a report showing the results of each test, including a summary with the number of passed, skipped and failed tests. The report also includes remediation steps for any failed tests. -For details, refer to the section on [security scans](cis-scan-guides.md). +For details, refer to the section on [security scans](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md). ### SELinux RPM [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8. -We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: `rancher-selinux` and `rke2-selinux`. For details, see [this page](selinux-rpm.md). +We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: `rancher-selinux` and `rke2-selinux`. For details, see [this page](selinux-rpm/selinux-rpm.md). ### Rancher Hardening Guide @@ -83,8 +83,8 @@ Results: ### Rancher Security Advisories and CVEs -Rancher is committed to informing the community of security issues in our products. For the list of CVEs (Common Vulnerabilities and Exposures) for issues we have resolved, refer to [this page.](../reference-guides/rancher-security/security-advisories-and-cves.md) +Rancher is committed to informing the community of security issues in our products. For the list of CVEs (Common Vulnerabilities and Exposures) for issues we have resolved, refer to [this page.](security-advisories-and-cves.md) ### Kubernetes Security Best Practices -For recommendations on securing your Kubernetes cluster, refer to the [Kubernetes Security Best Practices](../reference-guides/rancher-security/kubernetes-security-best-practices.md) guide. +For recommendations on securing your Kubernetes cluster, refer to the [Kubernetes Security Best Practices](kubernetes-security-best-practices.md) guide. diff --git a/versioned_docs/version-2.6/pages-for-subheaders/rancher-v2.6-hardening-guides.md b/versioned_docs/version-2.6/reference-guides/rancher-security/rancher-v2.6-hardening-guides/rancher-v2.6-hardening-guides.md similarity index 79% rename from versioned_docs/version-2.6/pages-for-subheaders/rancher-v2.6-hardening-guides.md rename to versioned_docs/version-2.6/reference-guides/rancher-security/rancher-v2.6-hardening-guides/rancher-v2.6-hardening-guides.md index 165dee6c072..b0932252e10 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/rancher-v2.6-hardening-guides.md +++ b/versioned_docs/version-2.6/reference-guides/rancher-security/rancher-v2.6-hardening-guides/rancher-v2.6-hardening-guides.md @@ -23,7 +23,7 @@ These guides have been tested along with the Rancher v2.6 release. Each self-ass | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | | ------------------ | --------------------- | --------------------- | ---------------- | -| Kubernetes v1.18 up to v1.23 | CIS v1.6 | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-self-assessment-guide-with-cis-v1.6-benchmark.md) | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark.md) | +| Kubernetes v1.18 up to v1.23 | CIS v1.6 | [Link](rke1-self-assessment-guide-with-cis-v1.6-benchmark.md) | [Link](rke1-hardening-guide-with-cis-v1.6-benchmark.md) | :::note @@ -35,7 +35,7 @@ These guides have been tested along with the Rancher v2.6 release. Each self-ass | Type | Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides | | ---- | ------------------ | --------------------- | --------------------- | ---------------- | -| Rancher provisioned RKE2 cluster | Kubernetes v1.21 up to v1.23 | CIS v1.6 | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke2-self-assessment-guide-with-cis-v1.6-benchmark.md) | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke2-hardening-guide-with-cis-v1.6-benchmark.md) | +| Rancher provisioned RKE2 cluster | Kubernetes v1.21 up to v1.23 | CIS v1.6 | [Link](rke2-self-assessment-guide-with-cis-v1.6-benchmark.md) | [Link](rke2-hardening-guide-with-cis-v1.6-benchmark.md) | | Standalone RKE2 | Kubernetes v1.21 up to v1.23 | CIS v1.6 | [Link](https://docs.rke2.io/security/cis_self_assessment16) | [Link](https://docs.rke2.io/security/hardening_guide) | ### K3s Guides @@ -48,4 +48,4 @@ These guides have been tested along with the Rancher v2.6 release. Each self-ass [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on RHEL and CentOS. -To use Rancher with SELinux, we recommend installing the `rancher-selinux` RPM according to the instructions on [this page](../reference-guides/rancher-security/selinux-rpm/about-rancher-selinux.md#installing-the-rancher-selinux-rpm). +To use Rancher with SELinux, we recommend installing the `rancher-selinux` RPM according to the instructions on [this page](../selinux-rpm/about-rancher-selinux.md#installing-the-rancher-selinux-rpm). diff --git a/versioned_docs/version-2.6/reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark.md b/versioned_docs/version-2.6/reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark.md index f7a60103433..c9e1bbb3962 100644 --- a/versioned_docs/version-2.6/reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark.md +++ b/versioned_docs/version-2.6/reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark.md @@ -446,7 +446,7 @@ upgrade_strategy: ### Reference Hardened RKE Template Configuration -The reference RKE template provides the configuration needed to achieve a hardened install of Kubernetes. RKE templates are used to provision Kubernetes and define Rancher settings. Follow the Rancher [documentation](../../../pages-for-subheaders/installation-and-upgrade.md) for additional installation and RKE template details. +The reference RKE template provides the configuration needed to achieve a hardened install of Kubernetes. RKE templates are used to provision Kubernetes and define Rancher settings. Follow the Rancher [documentation](../../../getting-started/installation-and-upgrade/installation-and-upgrade.md) for additional installation and RKE template details. ```yaml # diff --git a/versioned_docs/version-2.6/pages-for-subheaders/selinux-rpm.md b/versioned_docs/version-2.6/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md similarity index 85% rename from versioned_docs/version-2.6/pages-for-subheaders/selinux-rpm.md rename to versioned_docs/version-2.6/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md index c72c72ff56a..f2d93d01bb1 100644 --- a/versioned_docs/version-2.6/pages-for-subheaders/selinux-rpm.md +++ b/versioned_docs/version-2.6/reference-guides/rancher-security/selinux-rpm/selinux-rpm.md @@ -17,4 +17,4 @@ After being historically used by government agencies, SELinux is now industry st Enforcing ``` -We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: [`rancher-selinux`](../reference-guides/rancher-security/selinux-rpm/about-rancher-selinux.md) and [`rke2-selinux`](../reference-guides/rancher-security/selinux-rpm/about-rke2-selinux.md). \ No newline at end of file +We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: [`rancher-selinux`](about-rancher-selinux.md) and [`rke2-selinux`](about-rke2-selinux.md). \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/advanced-options.md b/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/advanced-options.md index 081d79e4b04..4d410831bf9 100644 --- a/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/advanced-options.md +++ b/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/advanced-options.md @@ -19,7 +19,7 @@ Use the command example to start a Rancher container with your private CA certif The example below is based on having the CA root certificates in the `/host/certs` directory on the host and mounting this directory on `/container/certs` inside the Rancher container. -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ``` docker run -d --restart=unless-stopped \ @@ -38,7 +38,7 @@ The API Audit Log writes to `/var/log/auditlog` inside the rancher container by See [API Audit Log](../../how-to-guides/advanced-user-guides/enable-api-audit-log.md) for more information and options. -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ``` docker run -d --restart=unless-stopped \ @@ -61,7 +61,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) See [TLS settings](../../getting-started/installation-and-upgrade/installation-references/tls-settings.md) for more information and options. @@ -87,7 +87,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ### Running `rancher/rancher` and `rancher/rancher-agent` on the Same Node @@ -106,4 +106,4 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) diff --git a/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md b/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md index a5f50bbfaa8..3d25c22374b 100644 --- a/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md +++ b/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/http-proxy-configuration.md @@ -24,7 +24,7 @@ NO_PROXY must be in uppercase to use network range (CIDR) notation. ## Docker Installation -Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md) are: +Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md) are: - `localhost` - `127.0.0.1` @@ -46,7 +46,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -Privileged access is [required.](../../pages-for-subheaders/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) +Privileged access is [required.](../../getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker.md#privileged-access-for-rancher) ### Air-gapped proxy configuration diff --git a/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md b/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md new file mode 100644 index 00000000000..e605bd0c77a --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker.md @@ -0,0 +1,9 @@ +--- +title: Single Node Rancher in Docker +--- + + + + + +The following docs will discuss [HTTP proxy configuration](http-proxy-configuration.md) and [advanced options](advanced-options.md) for Docker installs. \ No newline at end of file diff --git a/versioned_docs/version-2.6/reference-guides/user-settings/api-keys.md b/versioned_docs/version-2.6/reference-guides/user-settings/api-keys.md index 95a26a81a45..d5ff1d1fb24 100644 --- a/versioned_docs/version-2.6/reference-guides/user-settings/api-keys.md +++ b/versioned_docs/version-2.6/reference-guides/user-settings/api-keys.md @@ -51,7 +51,7 @@ Users may opt to enable [token hashing](../about-the-api/api-tokens.md). - Enter your API key information into the application that will send requests to the Rancher API. - Learn more about the Rancher endpoints and parameters by selecting **View in API** for an object in the Rancher UI. -- API keys are used for API calls and [Rancher CLI](../../pages-for-subheaders/cli-with-rancher.md). +- API keys are used for API calls and [Rancher CLI](../cli-with-rancher/cli-with-rancher.md). ## Deleting API Keys diff --git a/versioned_docs/version-2.6/reference-guides/user-settings/manage-cloud-credentials.md b/versioned_docs/version-2.6/reference-guides/user-settings/manage-cloud-credentials.md index e93b79d5c07..f32c283f3b3 100644 --- a/versioned_docs/version-2.6/reference-guides/user-settings/manage-cloud-credentials.md +++ b/versioned_docs/version-2.6/reference-guides/user-settings/manage-cloud-credentials.md @@ -6,7 +6,7 @@ title: Managing Cloud Credentials -When you create a cluster [hosted by an infrastructure provider](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), [node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. +When you create a cluster [hosted by an infrastructure provider](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), [node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. Node templates can use cloud credentials to access the credential information required to provision nodes in the infrastructure providers. The same cloud credential can be used by multiple node templates. By using a cloud credential, you do not have to re-enter access keys for the same cloud provider. Cloud credentials are stored as Kubernetes secrets. @@ -14,7 +14,7 @@ Cloud credentials are only used by node templates if there are fields marked as You can create cloud credentials in two contexts: -- [During creation of a node template](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) for a cluster. +- [During creation of a node template](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) for a cluster. - In the **User Settings** Cloud credentials are bound to their creator's user profile. They **cannot** be shared between non-admin users. However, admins are able to view and manage the cloud credentials of other users. @@ -29,7 +29,7 @@ Cloud credentials are bound to their creator's user profile. They **cannot** be 1. Based on the selected cloud credential type, enter the required values to authenticate with the infrastructure provider. 1. Click **Create**. -**Result:** The cloud credential is created and can immediately be used to [create node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates). +**Result:** The cloud credential is created and can immediately be used to [create node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates). ## Updating a Cloud Credential @@ -40,7 +40,7 @@ When access credentials are changed or compromised, updating a cloud credential 1. Choose the cloud credential you want to edit and click the **⋮ > Edit Config**. 1. Update the credential information and click **Save**. -**Result:** The cloud credential is updated with the new access credentials. All existing node templates using this cloud credential will automatically use the updated information whenever [new nodes are added](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The cloud credential is updated with the new access credentials. All existing node templates using this cloud credential will automatically use the updated information whenever [new nodes are added](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Deleting a Cloud Credential diff --git a/versioned_docs/version-2.6/reference-guides/user-settings/manage-node-templates.md b/versioned_docs/version-2.6/reference-guides/user-settings/manage-node-templates.md index fab13f80ffc..2d83b899104 100644 --- a/versioned_docs/version-2.6/reference-guides/user-settings/manage-node-templates.md +++ b/versioned_docs/version-2.6/reference-guides/user-settings/manage-node-templates.md @@ -6,10 +6,10 @@ title: Managing Node Templates -When you provision a cluster [hosted by an infrastructure provider](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md), [node templates](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. You can create node templates in two contexts: +When you provision a cluster [hosted by an infrastructure provider](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md), [node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) are used to provision the cluster nodes. These templates use Docker Machine configuration options to define an operating system image and settings/parameters for the node. You can create node templates in two contexts: -- While [provisioning a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). -- At any time, from your [user settings](../../pages-for-subheaders/user-settings.md). +- While [provisioning a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). +- At any time, from your [user settings](user-settings.md). When you create a node template, it is bound to your user profile. Node templates cannot be shared among users. You can delete stale node templates that you no longer user from your user settings. @@ -20,7 +20,7 @@ When you create a node template, it is bound to your user profile. Node template 1. Click **Add Template**. 1. Select one of the cloud providers available. Then follow the instructions on screen to configure the template. -**Result:** The template is configured. You can use the template later when you [provision a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The template is configured. You can use the template later when you [provision a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Updating a Node Template @@ -30,7 +30,7 @@ When you create a node template, it is bound to your user profile. Node template :::note - The default `active` [node drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md) and any node driver, that has fields marked as `password`, are required to use [cloud credentials](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md#cloud-credentials). + The default `active` [node drivers](../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-node-drivers.md) and any node driver, that has fields marked as `password`, are required to use [cloud credentials](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#cloud-credentials). ::: @@ -47,7 +47,7 @@ When creating new node templates from your user settings, you can clone an exist 1. Find the template you want to clone. Then select **⋮ > Clone**. 1. Complete the rest of the form. -**Result:** The template is cloned and configured. You can use the template later when you [provision a node pool cluster](../../pages-for-subheaders/use-new-nodes-in-an-infra-provider.md). +**Result:** The template is cloned and configured. You can use the template later when you [provision a node pool cluster](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md). ## Deleting a Node Template diff --git a/versioned_docs/version-2.6/reference-guides/user-settings/user-settings.md b/versioned_docs/version-2.6/reference-guides/user-settings/user-settings.md new file mode 100644 index 00000000000..496fde5638c --- /dev/null +++ b/versioned_docs/version-2.6/reference-guides/user-settings/user-settings.md @@ -0,0 +1,19 @@ +--- +title: User Settings +--- + + + + + +Within Rancher, each user has a number of settings associated with their login: personal preferences, API keys, etc. You can configure these settings by choosing from the **User Settings** menu. You can open this menu by clicking your avatar, located within the main menu. + +![User Settings Menu](/img/user-settings.png) + +The available user settings are: + +- [API & Keys](api-keys.md): If you want to interact with Rancher programmatically, you need an API key. Follow the directions in this section to obtain a key. +- [Cloud Credentials](manage-cloud-credentials.md): Manage cloud credentials [used by node templates](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider.md#node-templates) to [provision nodes for clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). +- [Node Templates](manage-node-templates.md): Manage templates [used by Rancher to provision nodes for clusters](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md). +- [Preferences](user-preferences.md): Sets superficial preferences for the Rancher UI. +- Log Out: Ends your user session. diff --git a/versioned_docs/version-2.6/security/security-scan/security-scan.md b/versioned_docs/version-2.6/security/security-scan/security-scan.md index 061d0af8edd..cacabb6266d 100644 --- a/versioned_docs/version-2.6/security/security-scan/security-scan.md +++ b/versioned_docs/version-2.6/security/security-scan/security-scan.md @@ -6,4 +6,4 @@ title: Security Scans -The documentation about CIS security scans has moved [here.](../../pages-for-subheaders/cis-scan-guides.md) +The documentation about CIS security scans has moved [here.](../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) diff --git a/versioned_docs/version-2.6/shared-files/_cluster-capabilities-table.md b/versioned_docs/version-2.6/shared-files/_cluster-capabilities-table.md index b74973f5a67..6cffdba23c4 100644 --- a/versioned_docs/version-2.6/shared-files/_cluster-capabilities-table.md +++ b/versioned_docs/version-2.6/shared-files/_cluster-capabilities-table.md @@ -2,13 +2,13 @@ | --- | --- | ---| ---|----| | [Using kubectl and a kubeconfig file to Access a Cluster](../how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig.md) | ✓ | ✓ | ✓ | ✓ | | [Managing Cluster Members](../how-to-guides/new-user-guides/manage-clusters/access-clusters/add-users-to-clusters.md) | ✓ | ✓ | ✓ | ✓ | -| [Editing and Upgrading Clusters](../pages-for-subheaders/cluster-configuration.md) | ✓ | ✓ | ✓ | ✓2 | +| [Editing and Upgrading Clusters](../reference-guides/cluster-configuration/cluster-configuration.md) | ✓ | ✓ | ✓ | ✓2 | | [Managing Nodes](../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md) | ✓ | ✓ | ✓ | ✓3 | -| [Managing Persistent Volumes and Storage Classes](../pages-for-subheaders/create-kubernetes-persistent-storage.md) | ✓ | ✓ | ✓ | ✓ | +| [Managing Persistent Volumes and Storage Classes](../how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage.md) | ✓ | ✓ | ✓ | ✓ | | [Managing Projects, Namespaces and Workloads](../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) | ✓ | ✓ | ✓ | ✓ | -| [Using App Catalogs](../pages-for-subheaders/helm-charts-in-rancher.md) | ✓ | ✓ | ✓ | ✓ | -| Configuring Tools ([Alerts, Notifiers, Monitoring](../pages-for-subheaders/monitoring-and-alerting.md), [Logging](../pages-for-subheaders/logging.md), [Istio](../pages-for-subheaders/istio.md)) | ✓ | ✓ | ✓ | ✓ | -| [Running Security Scans](../pages-for-subheaders/cis-scan-guides.md) | ✓ | ✓ | ✓ | ✓ | +| [Using App Catalogs](../how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher.md) | ✓ | ✓ | ✓ | ✓ | +| Configuring Tools ([Alerts, Notifiers, Monitoring](../integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md), [Logging](../integrations-in-rancher/logging/logging.md), [Istio](../integrations-in-rancher/istio/istio.md)) | ✓ | ✓ | ✓ | ✓ | +| [Running Security Scans](../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) | ✓ | ✓ | ✓ | ✓ | | [Ability to rotate certificates](../how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md) | ✓ | ✓ | | | | Ability to [backup](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher-launched-kubernetes-clusters.md) and [restore](../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md) Rancher-launched clusters | ✓ | ✓ | | ✓4 | | [Cleaning Kubernetes components when clusters are no longer reachable from Rancher](../how-to-guides/new-user-guides/manage-clusters/clean-cluster-nodes.md) | ✓ | | | | diff --git a/versioned_docs/version-2.6/troubleshooting/general-troubleshooting.md b/versioned_docs/version-2.6/troubleshooting/general-troubleshooting.md index 77ab7e24806..d162d499805 100644 --- a/versioned_docs/version-2.6/troubleshooting/general-troubleshooting.md +++ b/versioned_docs/version-2.6/troubleshooting/general-troubleshooting.md @@ -8,7 +8,7 @@ title: General Troubleshooting This section contains information to help you troubleshoot issues when using Rancher. -- [Kubernetes components](../pages-for-subheaders/kubernetes-components.md) +- [Kubernetes components](kubernetes-components/kubernetes-components.md) If you need help troubleshooting core Kubernetes cluster components like: * `etcd` @@ -33,7 +33,7 @@ This section contains information to help you troubleshoot issues when using Ran - [Troubleshooting Rancher installed on Kubernetes](other-troubleshooting-tips/rancher-ha.md) - If you experience issues with your [Rancher server installed on Kubernetes](../pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md) + If you experience issues with your [Rancher server installed on Kubernetes](../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster.md) - [Logging](other-troubleshooting-tips/logging.md) diff --git a/versioned_docs/version-2.6/troubleshooting/kubernetes-components/kubernetes-components.md b/versioned_docs/version-2.6/troubleshooting/kubernetes-components/kubernetes-components.md new file mode 100644 index 00000000000..53863435277 --- /dev/null +++ b/versioned_docs/version-2.6/troubleshooting/kubernetes-components/kubernetes-components.md @@ -0,0 +1,21 @@ +--- +title: Kubernetes Components +--- + + + + + +The commands and steps listed in this section apply to the core Kubernetes components on [Rancher Launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters. + +This section includes troubleshooting tips in the following categories: + +- [Troubleshooting etcd Nodes](troubleshooting-etcd-nodes.md) +- [Troubleshooting Controlplane Nodes](troubleshooting-controlplane-nodes.md) +- [Troubleshooting nginx-proxy Nodes](troubleshooting-nginx-proxy.md) +- [Troubleshooting Worker Nodes and Generic Components](troubleshooting-worker-nodes-and-generic-components.md) + +## Kubernetes Component Diagram + +![Cluster diagram](/img/clusterdiagram.svg)
    +Lines show the traffic flow between components. Colors are used purely for visual aid \ No newline at end of file diff --git a/versioned_docs/version-2.6/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md b/versioned_docs/version-2.6/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md index f1e6b8f8594..635e4d07371 100644 --- a/versioned_docs/version-2.6/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md +++ b/versioned_docs/version-2.6/troubleshooting/other-troubleshooting-tips/kubernetes-resources.md @@ -6,7 +6,7 @@ title: Kubernetes Resources -The commands/steps listed on this page can be used to check the most important Kubernetes resources and apply to [Rancher Launched Kubernetes](../../pages-for-subheaders/launch-kubernetes-with-rancher.md) clusters. +The commands/steps listed on this page can be used to check the most important Kubernetes resources and apply to [Rancher Launched Kubernetes](../../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher.md) clusters. Make sure you configured the correct kubeconfig (for example, `export KUBECONFIG=$PWD/kube_config_cluster.yml` for Rancher HA) or are using the embedded kubectl via the UI. diff --git a/versioned_sidebars/version-2.6-sidebars.json b/versioned_sidebars/version-2.6-sidebars.json index 2f6c0549bef..f2054c696c1 100644 --- a/versioned_sidebars/version-2.6-sidebars.json +++ b/versioned_sidebars/version-2.6-sidebars.json @@ -11,7 +11,7 @@ "label": "Quick Start Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/quick-start-guides" + "id": "getting-started/quick-start-guides/quick-start-guides" }, "items": [ { @@ -19,7 +19,7 @@ "label": "Deploying Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/deploy-rancher-manager" + "id": "getting-started/quick-start-guides/deploy-rancher-manager/deploy-rancher-manager" }, "items": [ "getting-started/quick-start-guides/deploy-rancher-manager/aws", @@ -39,7 +39,7 @@ "label": "Deploying Workloads", "link": { "type": "doc", - "id": "pages-for-subheaders/deploy-rancher-workloads" + "id": "getting-started/quick-start-guides/deploy-workloads/deploy-workloads" }, "items": [ "getting-started/quick-start-guides/deploy-workloads/workload-ingress", @@ -53,7 +53,7 @@ "label": "Installation and Upgrade", "link": { "type": "doc", - "id": "pages-for-subheaders/installation-and-upgrade" + "id": "getting-started/installation-and-upgrade/installation-and-upgrade" }, "items": [ { @@ -61,7 +61,7 @@ "label": "Installation Requirements", "link": { "type": "doc", - "id": "pages-for-subheaders/installation-requirements" + "id": "getting-started/installation-and-upgrade/installation-requirements/installation-requirements" }, "items": [ "getting-started/installation-and-upgrade/installation-requirements/install-docker", @@ -74,7 +74,7 @@ "label": "Installation References", "link": { "type": "doc", - "id": "pages-for-subheaders/installation-references" + "id": "getting-started/installation-and-upgrade/installation-references/installation-references" }, "items": [ "getting-started/installation-and-upgrade/installation-references/helm-chart-options", @@ -87,7 +87,7 @@ "label": "Install/Upgrade on a Kubernetes Cluster", "link": { "type": "doc", - "id": "pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster" + "id": "getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/install-upgrade-on-a-kubernetes-cluster" }, "items": [ "getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rollbacks", @@ -104,7 +104,7 @@ "label": "Other Installation Methods", "link": { "type": "doc", - "id": "pages-for-subheaders/other-installation-methods" + "id": "getting-started/installation-and-upgrade/other-installation-methods/other-installation-methods" }, "items": [ { @@ -112,7 +112,7 @@ "label": "Air-Gapped Helm CLI Install", "link": { "type": "doc", - "id": "pages-for-subheaders/air-gapped-helm-cli-install" + "id": "getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/air-gapped-helm-cli-install" }, "items": [ "getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry", @@ -127,7 +127,7 @@ "label": "Rancher on a Single Node with Docker", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-on-a-single-node-with-docker" + "id": "getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/rancher-on-a-single-node-with-docker" }, "items": [ "getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker/upgrade-docker-installed-rancher", @@ -140,7 +140,7 @@ "label": "Rancher Behind an HTTP Proxy", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-behind-an-http-proxy" + "id": "getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/rancher-behind-an-http-proxy" }, "items": [ "getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/set-up-infrastructure", @@ -155,7 +155,7 @@ "label": "Resources", "link": { "type": "doc", - "id": "pages-for-subheaders/resources" + "id": "getting-started/installation-and-upgrade/resources/resources" }, "items": [ "getting-started/installation-and-upgrade/resources/choose-a-rancher-version", @@ -183,7 +183,7 @@ "label": "New User Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/new-user-guides" + "id": "how-to-guides/new-user-guides/new-user-guides" }, "items": [ { @@ -191,7 +191,7 @@ "label": "Authentication, Permissions, and Global Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/authentication-permissions-and-global-configuration" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-permissions-and-global-configuration" }, "items": [ { @@ -199,7 +199,7 @@ "label": "Configuring Authentication", "link": { "type": "doc", - "id": "pages-for-subheaders/authentication-config" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/authentication-config" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups", @@ -220,7 +220,7 @@ "label": "Configuring OpenLDAP", "link": { "type": "doc", - "id": "pages-for-subheaders/configure-openldap" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/configure-openldap" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap/openldap-config-reference" @@ -231,7 +231,7 @@ "label": "Configuring Microsoft AD Federation Service (SAML)", "link": { "type": "doc", - "id": "pages-for-subheaders/configure-microsoft-ad-federation-service-saml" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-microsoft-ad-federation-service-saml" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher", @@ -243,7 +243,7 @@ "label": "Configuring Shibboleth (SAML)", "link": { "type": "doc", - "id": "pages-for-subheaders/configure-shibboleth-saml" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/configure-shibboleth-saml" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml/about-group-permissions" @@ -254,7 +254,7 @@ "label": "Managing Role-Based Access Control (RBAC)", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-role-based-access-control-rbac" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions", @@ -268,7 +268,7 @@ "label": "About Provisioning Drivers", "link": { "type": "doc", - "id": "pages-for-subheaders/about-provisioning-drivers" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/about-provisioning-drivers" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers/manage-cluster-drivers", @@ -280,7 +280,7 @@ "label": "About RKE1 Templates", "link": { "type": "doc", - "id": "pages-for-subheaders/about-rke1-templates" + "id": "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/about-rke1-templates" }, "items": [ "how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates/creator-permissions", @@ -303,7 +303,7 @@ "label": "Cluster Administration", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-clusters" + "id": "how-to-guides/new-user-guides/manage-clusters/manage-clusters" }, "items": [ { @@ -311,7 +311,7 @@ "label": "Access Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/access-clusters" + "id": "how-to-guides/new-user-guides/manage-clusters/access-clusters/access-clusters" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/access-clusters/use-kubectl-and-kubeconfig", @@ -324,7 +324,7 @@ "label": "Install Cluster Autoscaler", "link": { "type": "doc", - "id": "pages-for-subheaders/install-cluster-autoscaler" + "id": "how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/install-cluster-autoscaler" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler/use-aws-ec2-auto-scaling-groups" @@ -335,7 +335,7 @@ "label": "Create Kubernetes Persistent Storage", "link": { "type": "doc", - "id": "pages-for-subheaders/create-kubernetes-persistent-storage" + "id": "how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/create-kubernetes-persistent-storage" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage/manage-persistent-storage/about-persistent-storage", @@ -351,7 +351,7 @@ "label": "Provisioning Storage Examples", "link": { "type": "doc", - "id": "pages-for-subheaders/provisioning-storage-examples" + "id": "how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/provisioning-storage-examples" }, "items": [ "how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples/persistent-storage-in-amazon-ebs", @@ -374,7 +374,7 @@ "label": "Kubernetes Cluster Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-cluster-setup" + "id": "how-to-guides/new-user-guides/kubernetes-cluster-setup/kubernetes-cluster-setup" }, "items": [ "how-to-guides/new-user-guides/kubernetes-cluster-setup/high-availability-installs", @@ -388,7 +388,7 @@ "label": "Infrastructure Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/infrastructure-setup" + "id": "how-to-guides/new-user-guides/infrastructure-setup/infrastructure-setup" }, "items": [ "how-to-guides/new-user-guides/infrastructure-setup/ha-k3s-kubernetes-cluster", @@ -405,7 +405,7 @@ "label": "Kubernetes Clusters in Rancher Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-clusters-in-rancher-setup" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters", @@ -414,7 +414,7 @@ "label": "Checklist for Production-Ready Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/checklist-for-production-ready-clusters" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/checklist-for-production-ready-clusters" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters/recommended-cluster-architecture", @@ -426,7 +426,7 @@ "label": "Setting up Clusters from Hosted Kubernetes Providers", "link": { "type": "doc", - "id": "pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/set-up-clusters-from-hosted-kubernetes-providers" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks", @@ -442,7 +442,7 @@ "label": "Launching Kubernetes on Windows Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/use-windows-clusters" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/use-windows-clusters" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters/azure-storageclass-configuration", @@ -456,7 +456,7 @@ "label": "Setting up Cloud Providers", "link": { "type": "doc", - "id": "pages-for-subheaders/set-up-cloud-providers" + "id": "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/set-up-cloud-providers" }, "items": [ "how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon", @@ -475,7 +475,7 @@ "label": "Launching Kubernetes with Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/launch-kubernetes-with-rancher" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/launch-kubernetes-with-rancher" }, "items": [ { @@ -483,7 +483,7 @@ "label": "Launching New Nodes in an Infra Provider", "link": { "type": "doc", - "id": "pages-for-subheaders/use-new-nodes-in-an-infra-provider" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/use-new-nodes-in-an-infra-provider" }, "items": [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster", @@ -494,7 +494,7 @@ "label": "vSphere", "link": { "type": "doc", - "id": "pages-for-subheaders/vsphere" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/vsphere" }, "items": [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere", @@ -507,7 +507,7 @@ "label": "Nutanix", "link": { "type": "doc", - "id": "pages-for-subheaders/nutanix" + "id": "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/nutanix" }, "items": [ "how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos" @@ -524,7 +524,7 @@ "label": "Kubernetes Resources Setup", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-resources-setup" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-resources-setup" }, "items": [ { @@ -532,7 +532,7 @@ "label": "Workloads and Pods", "link": { "type": "doc", - "id": "pages-for-subheaders/workloads-and-pods" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/workloads-and-pods" }, "items": [ "how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods/deploy-workloads", @@ -546,7 +546,7 @@ "label": "Horizontal Pod Autoscaler", "link": { "type": "doc", - "id": "pages-for-subheaders/horizontal-pod-autoscaler" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/horizontal-pod-autoscaler" }, "items": [ "how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler/about-hpas", @@ -560,7 +560,7 @@ "label": "Load Balancer and Ingress Controller", "link": { "type": "doc", - "id": "pages-for-subheaders/load-balancer-and-ingress-controller" + "id": "how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/load-balancer-and-ingress-controller" }, "items": [ "how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing", @@ -580,7 +580,7 @@ "label": "Helm Charts in Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/helm-charts-in-rancher" + "id": "how-to-guides/new-user-guides/helm-charts-in-rancher/helm-charts-in-rancher" }, "items": [ "how-to-guides/new-user-guides/helm-charts-in-rancher/create-apps" @@ -591,7 +591,7 @@ "label": "Deploying Apps Across Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/deploy-apps-across-clusters" + "id": "how-to-guides/new-user-guides/deploy-apps-across-clusters/deploy-apps-across-clusters" }, "items": [ "how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet", @@ -603,7 +603,7 @@ "label": "Backup, Restore, and Disaster Recovery", "link": { "type": "doc", - "id": "pages-for-subheaders/backup-restore-and-disaster-recovery" + "id": "how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/backup-restore-and-disaster-recovery" }, "items": [ "how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-restore-usage-guide", @@ -625,7 +625,7 @@ "label": "Advanced User Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/advanced-user-guides" + "id": "how-to-guides/advanced-user-guides/advanced-user-guides" }, "items": [ { @@ -633,7 +633,7 @@ "label": "Project Administration", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-projects" + "id": "how-to-guides/advanced-user-guides/manage-projects/manage-projects" }, "items": [ "how-to-guides/advanced-user-guides/manage-projects/ci-cd-pipelines", @@ -643,7 +643,7 @@ "label": "Project Resource Quotas", "link": { "type": "doc", - "id": "pages-for-subheaders/manage-project-resource-quotas" + "id": "how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/manage-project-resource-quotas" }, "items": [ "how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas", @@ -659,7 +659,7 @@ "label": "Monitoring/Alerting Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-alerting-guides" + "id": "how-to-guides/advanced-user-guides/monitoring-alerting-guides/monitoring-alerting-guides" }, "items": [ "how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring", @@ -674,7 +674,7 @@ "label": "Prometheus Federator Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/prometheus-federator-guides" + "id": "how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/prometheus-federator-guides" }, "items": [ "how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/enable-prometheus-federator", @@ -691,7 +691,7 @@ "label": "Monitoring V2 Configuration Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-v2-configuration-guides" + "id": "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/monitoring-v2-configuration-guides" }, "items": [ { @@ -699,7 +699,7 @@ "label": "Advanced Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/advanced-configuration" + "id": "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/advanced-configuration" }, "items": [ "how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration/alertmanager", @@ -714,7 +714,7 @@ "label": "Istio Setup Guide", "link": { "type": "doc", - "id": "pages-for-subheaders/istio-setup-guide" + "id": "how-to-guides/advanced-user-guides/istio-setup-guide/istio-setup-guide" }, "items": [ "how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster", @@ -730,7 +730,7 @@ "label": "CIS Scan Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/cis-scan-guides" + "id": "how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides" }, "items": [ "how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark", @@ -749,7 +749,7 @@ "label": "Enabling Experimental Features", "link": { "type": "doc", - "id": "pages-for-subheaders/enable-experimental-features" + "id": "how-to-guides/advanced-user-guides/enable-experimental-features/enable-experimental-features" }, "items": [ "how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64", @@ -775,7 +775,7 @@ "label": "Best Practices", "link": { "type": "doc", - "id": "pages-for-subheaders/best-practices" + "id": "reference-guides/best-practices/best-practices" }, "items": [ { @@ -783,7 +783,7 @@ "label": "Rancher Server", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-server" + "id": "reference-guides/best-practices/rancher-server/rancher-server" }, "items": [ "reference-guides/best-practices/rancher-server/on-premises-rancher-in-vsphere", @@ -797,7 +797,7 @@ "label": "Rancher-Managed Clusters", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-managed-clusters" + "id": "reference-guides/best-practices/rancher-managed-clusters/rancher-managed-clusters" }, "items": [ "reference-guides/best-practices/rancher-managed-clusters/logging-best-practices", @@ -813,7 +813,7 @@ "label": "Rancher Architecture", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-manager-architecture" + "id": "reference-guides/rancher-manager-architecture/rancher-manager-architecture" }, "items": [ "reference-guides/rancher-manager-architecture/rancher-server-and-components", @@ -826,7 +826,7 @@ "label": "Cluster Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/cluster-configuration" + "id": "reference-guides/cluster-configuration/cluster-configuration" }, "items": [ { @@ -834,7 +834,7 @@ "label": "Rancher Server Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-server-configuration" + "id": "reference-guides/cluster-configuration/rancher-server-configuration/rancher-server-configuration" }, "items": [ "reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration", @@ -847,7 +847,7 @@ "label": "GKE Cluster Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/gke-cluster-configuration" + "id": "reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-cluster-configuration" }, "items": [ "reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration/gke-private-clusters" @@ -858,7 +858,7 @@ "label": "Use Existing Nodes", "link": { "type": "doc", - "id": "pages-for-subheaders/use-existing-nodes" + "id": "reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes" }, "items": [ "reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/rancher-agent-options" @@ -872,7 +872,7 @@ "label": "Downstream Cluster Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/downstream-cluster-configuration" + "id": "reference-guides/cluster-configuration/downstream-cluster-configuration/downstream-cluster-configuration" }, "items": [ { @@ -880,7 +880,7 @@ "label": "Node Template Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/node-template-configuration" + "id": "reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/node-template-configuration" }, "items": [ "reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2", @@ -895,7 +895,7 @@ "label": "Machine Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/machine-configuration" + "id": "reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/machine-configuration" }, "items": [ "reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2", @@ -912,7 +912,7 @@ "label": "Single-Node Rancher in Docker", "link": { "type": "doc", - "id": "pages-for-subheaders/single-node-rancher-in-docker" + "id": "reference-guides/single-node-rancher-in-docker/single-node-rancher-in-docker" }, "items": [ "reference-guides/single-node-rancher-in-docker/http-proxy-configuration", @@ -924,7 +924,7 @@ "label": "Backup & Restore Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/backup-restore-configuration" + "id": "reference-guides/backup-restore-configuration/backup-restore-configuration" }, "items": [ "reference-guides/backup-restore-configuration/backup-configuration", @@ -939,7 +939,7 @@ "label": "Monitoring V2 Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-v2-configuration" + "id": "reference-guides/monitoring-v2-configuration/monitoring-v2-configuration" }, "items": [ "reference-guides/monitoring-v2-configuration/receivers", @@ -954,7 +954,7 @@ "label": "Prometheus Federator", "link": { "type": "doc", - "id": "pages-for-subheaders/prometheus-federator" + "id": "reference-guides/prometheus-federator/prometheus-federator" }, "items": [ "reference-guides/prometheus-federator/rbac" @@ -965,7 +965,7 @@ "label": "User Settings", "link": { "type": "doc", - "id": "pages-for-subheaders/user-settings" + "id": "reference-guides/user-settings/user-settings" }, "items": [ "reference-guides/user-settings/api-keys", @@ -979,7 +979,7 @@ "label": "CLI with Rancher", "link": { "type": "doc", - "id": "pages-for-subheaders/cli-with-rancher" + "id": "reference-guides/cli-with-rancher/cli-with-rancher" }, "items": [ "reference-guides/cli-with-rancher/rancher-cli", @@ -991,7 +991,7 @@ "label": "About the API", "link": { "type": "doc", - "id": "pages-for-subheaders/about-the-api" + "id": "reference-guides/about-the-api/about-the-api" }, "items": [ "reference-guides/about-the-api/api-tokens" @@ -1006,7 +1006,7 @@ "label": "Pipelines", "link": { "type": "doc", - "id": "pages-for-subheaders/pipelines" + "id": "reference-guides/pipelines/pipelines" }, "items": [ "reference-guides/pipelines/concepts", @@ -1021,7 +1021,7 @@ "label": "Rancher Security", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-security" + "id": "reference-guides/rancher-security/rancher-security" }, "items": [ { @@ -1029,7 +1029,7 @@ "label": "Rancher v2.6 Hardening Guides", "link": { "type": "doc", - "id": "pages-for-subheaders/rancher-v2.6-hardening-guides" + "id": "reference-guides/rancher-security/rancher-v2.6-hardening-guides/rancher-v2.6-hardening-guides" }, "items": [ "reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark", @@ -1043,7 +1043,7 @@ "label": "SELinux RPM", "link": { "type": "doc", - "id": "pages-for-subheaders/selinux-rpm" + "id": "reference-guides/rancher-security/selinux-rpm/selinux-rpm" }, "items": [ "reference-guides/rancher-security/selinux-rpm/about-rancher-selinux", @@ -1065,7 +1065,7 @@ "label": "Cloud Marketplace Integration", "link": { "type": "doc", - "id": "pages-for-subheaders/cloud-marketplace" + "id": "integrations-in-rancher/cloud-marketplace/cloud-marketplace" }, "items": [ { @@ -1073,7 +1073,7 @@ "label": "AWS Marketplace Integration", "link": { "type": "doc", - "id": "pages-for-subheaders/aws-cloud-marketplace" + "id": "integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/aws-cloud-marketplace" }, "items": [ "integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/adapter-requirements", @@ -1090,7 +1090,7 @@ "label": "CIS Scans", "link": { "type": "doc", - "id": "pages-for-subheaders/cis-scans" + "id": "integrations-in-rancher/cis-scans/cis-scans" }, "items": [ "integrations-in-rancher/cis-scans/configuration-reference", @@ -1104,7 +1104,7 @@ "label": "Continuous Delivery with Fleet", "link": { "type": "doc", - "id": "pages-for-subheaders/fleet-gitops-at-scale" + "id": "integrations-in-rancher/fleet-gitops-at-scale/fleet-gitops-at-scale" }, "items": [ "integrations-in-rancher/fleet-gitops-at-scale/architecture", @@ -1118,7 +1118,7 @@ "label": "Istio", "link": { "type": "doc", - "id": "pages-for-subheaders/istio" + "id": "integrations-in-rancher/istio/istio" }, "items": [ "integrations-in-rancher/istio/cpu-and-memory-allocations", @@ -1129,7 +1129,7 @@ "label": "Configuration Options", "link": { "type": "doc", - "id": "pages-for-subheaders/configuration-options" + "id": "integrations-in-rancher/istio/configuration-options/configuration-options" }, "items": [ "integrations-in-rancher/istio/configuration-options/pod-security-policies", @@ -1146,7 +1146,7 @@ "label": "Logging", "link": { "type": "doc", - "id": "pages-for-subheaders/logging" + "id": "integrations-in-rancher/logging/logging" }, "items": [ "integrations-in-rancher/logging/logging-architecture", @@ -1159,7 +1159,7 @@ "label": "Custom Resource Configuration", "link": { "type": "doc", - "id": "pages-for-subheaders/custom-resource-configuration" + "id": "integrations-in-rancher/logging/custom-resource-configuration/custom-resource-configuration" }, "items": [ "integrations-in-rancher/logging/custom-resource-configuration/flows-and-clusterflows", @@ -1173,7 +1173,7 @@ "label": "Monitoring and Alerting", "link": { "type": "doc", - "id": "pages-for-subheaders/monitoring-and-alerting" + "id": "integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting" }, "items": [ "integrations-in-rancher/monitoring-and-alerting/how-monitoring-works", @@ -1212,7 +1212,7 @@ "label": "Kubernetes Components", "link": { "type": "doc", - "id": "pages-for-subheaders/kubernetes-components" + "id": "troubleshooting/kubernetes-components/kubernetes-components" }, "items": [ "troubleshooting/kubernetes-components/troubleshooting-etcd-nodes", From b1817890aca5e5bfe7921255b572c409a4e98117 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 11 Jan 2024 15:40:58 -0800 Subject: [PATCH 48/77] [2.6] Fix links to 'shared-files' module import --- .../kubernetes-clusters-in-rancher-setup.md | 2 +- .../new-user-guides/manage-clusters/manage-clusters.md | 2 +- .../cluster-configuration/cluster-configuration.md | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md index bb5e556d5c2..f088c16e1c4 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md @@ -19,7 +19,7 @@ For a conceptual overview of how the Rancher server provisions clusters and what The following table summarizes the options and settings available for each cluster type: -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../../shared-files/_cluster-capabilities-table.md'; diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md index ae29256b235..3e403f3aaa7 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/manage-clusters/manage-clusters.md @@ -18,7 +18,7 @@ This section assumes a basic familiarity with Docker and Kubernetes. For a brief After clusters have been [provisioned into Rancher](../kubernetes-clusters-in-rancher-setup/kubernetes-clusters-in-rancher-setup.md), [cluster owners](../authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#cluster-roles) will need to manage these clusters. There are many different options of how to manage your cluster. -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../../shared-files/_cluster-capabilities-table.md'; diff --git a/versioned_docs/version-2.6/reference-guides/cluster-configuration/cluster-configuration.md b/versioned_docs/version-2.6/reference-guides/cluster-configuration/cluster-configuration.md index 04264ce4b2d..7b15f647a03 100644 --- a/versioned_docs/version-2.6/reference-guides/cluster-configuration/cluster-configuration.md +++ b/versioned_docs/version-2.6/reference-guides/cluster-configuration/cluster-configuration.md @@ -27,7 +27,6 @@ The options and settings available for an existing cluster change based on the m The following table summarizes the options and settings available for each cluster type: -import ClusterCapabilitiesTable from '../shared-files/_cluster-capabilities-table.md'; +import ClusterCapabilitiesTable from '../../shared-files/_cluster-capabilities-table.md'; - From e1dfddd9570bb7a2e36365359f0b91df11f65d54 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 11 Jan 2024 15:44:30 -0800 Subject: [PATCH 49/77] [2.6] Add redirects for pages-for-subheaders removal --- docusaurus.config.js | 344 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 344 insertions(+) diff --git a/docusaurus.config.js b/docusaurus.config.js index 83c147f9c0f..9fef821692c 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -245,6 +245,350 @@ module.exports = { { fromExtensions: ['html', 'htm'], redirects: [ + { // Redirects for pages-for-subheaders removal [2.6] + to: '/v2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-provisioning-drivers', + from: '/v2.6/pages-for-subheaders/about-provisioning-drivers' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/about-rke1-templates', + from: '/v2.6/pages-for-subheaders/about-rke1-templates' + }, + { + to: '/v2.6/reference-guides/about-the-api', + from: '/v2.6/pages-for-subheaders/about-the-api' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/manage-clusters/access-clusters', + from: '/v2.6/pages-for-subheaders/access-clusters' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides/advanced-configuration', + from: '/v2.6/pages-for-subheaders/advanced-configuration' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides', + from: '/v2.6/pages-for-subheaders/advanced-user-guides' + }, + { + to: '/v2.6/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install', + from: '/v2.6/pages-for-subheaders/air-gapped-helm-cli-install' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config', + from: '/v2.6/pages-for-subheaders/authentication-config' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration', + from: '/v2.6/pages-for-subheaders/authentication-permissions-and-global-configuration' + }, + { + to: '/v2.6/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace', + from: '/v2.6/pages-for-subheaders/aws-cloud-marketplace' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery', + from: '/v2.6/pages-for-subheaders/backup-restore-and-disaster-recovery' + }, + { + to: '/v2.6/reference-guides/backup-restore-configuration', + from: '/v2.6/pages-for-subheaders/backup-restore-configuration' + }, + { + to: '/v2.6/reference-guides/best-practices', + from: '/v2.6/pages-for-subheaders/best-practices' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/checklist-for-production-ready-clusters', + from: '/v2.6/pages-for-subheaders/checklist-for-production-ready-clusters' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides/cis-scan-guides', + from: '/v2.6/pages-for-subheaders/cis-scan-guides' + }, + { + to: '/v2.6/integrations-in-rancher/cis-scans', + from: '/v2.6/pages-for-subheaders/cis-scans' + }, + { + to: '/v2.6/reference-guides/cli-with-rancher', + from: '/v2.6/pages-for-subheaders/cli-with-rancher' + }, + { + to: '/v2.6/integrations-in-rancher/cloud-marketplace', + from: '/v2.6/pages-for-subheaders/cloud-marketplace' + }, + { + to: '/v2.6/reference-guides/cluster-configuration', + from: '/v2.6/pages-for-subheaders/cluster-configuration' + }, + { + to: '/v2.6/integrations-in-rancher/istio/configuration-options', + from: '/v2.6/pages-for-subheaders/configuration-options' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml', + from: '/v2.6/pages-for-subheaders/configure-microsoft-ad-federation-service-saml' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-openldap', + from: '/v2.6/pages-for-subheaders/configure-openldap' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-shibboleth-saml', + from: '/v2.6/pages-for-subheaders/configure-shibboleth-saml' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/manage-clusters/create-kubernetes-persistent-storage', + from: '/v2.6/pages-for-subheaders/create-kubernetes-persistent-storage' + }, + { + to: '/v2.6/integrations-in-rancher/logging/custom-resource-configuration', + from: '/v2.6/pages-for-subheaders/custom-resource-configuration' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/deploy-apps-across-clusters', + from: '/v2.6/pages-for-subheaders/deploy-apps-across-clusters' + }, + { + to: '/v2.6/getting-started/quick-start-guides/deploy-rancher-manager', + from: '/v2.6/pages-for-subheaders/deploy-rancher-manager' + }, + { + to: '/v2.6/getting-started/quick-start-guides/deploy-workloads', + from: '/v2.6/pages-for-subheaders/deploy-rancher-workloads' + }, + { + to: '/v2.6/reference-guides/cluster-configuration/downstream-cluster-configuration', + from: '/v2.6/pages-for-subheaders/downstream-cluster-configuration' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides/enable-experimental-features', + from: '/v2.6/pages-for-subheaders/enable-experimental-features' + }, + { + to: '/v2.6/integrations-in-rancher/fleet-gitops-at-scale', + from: '/v2.6/pages-for-subheaders/fleet-gitops-at-scale' + }, + { + to: '/v2.6/reference-guides/cluster-configuration/rancher-server-configuration/gke-cluster-configuration', + from: '/v2.6/pages-for-subheaders/gke-cluster-configuration' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/helm-charts-in-rancher', + from: '/v2.6/pages-for-subheaders/helm-charts-in-rancher' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/horizontal-pod-autoscaler', + from: '/v2.6/pages-for-subheaders/horizontal-pod-autoscaler' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/infrastructure-setup', + from: '/v2.6/pages-for-subheaders/infrastructure-setup' + }, + { + to: '/v2.6/getting-started/installation-and-upgrade', + from: '/v2.6/pages-for-subheaders/installation-and-upgrade' + }, + { + to: '/v2.6/getting-started/installation-and-upgrade/installation-references', + from: '/v2.6/pages-for-subheaders/installation-references' + }, + { + to: '/v2.6/getting-started/installation-and-upgrade/installation-requirements', + from: '/v2.6/pages-for-subheaders/installation-requirements' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/manage-clusters/install-cluster-autoscaler', + from: '/v2.6/pages-for-subheaders/install-cluster-autoscaler' + }, + { + to: '/v2.6/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster', + from: '/v2.6/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster' + }, + { + to: '/v2.6/integrations-in-rancher/istio', + from: '/v2.6/pages-for-subheaders/istio' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides/istio-setup-guide', + from: '/v2.6/pages-for-subheaders/istio-setup-guide' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-cluster-setup', + from: '/v2.6/pages-for-subheaders/kubernetes-cluster-setup' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup', + from: '/v2.6/pages-for-subheaders/kubernetes-clusters-in-rancher-setup' + }, + { + to: '/v2.6/troubleshooting/kubernetes-components', + from: '/v2.6/pages-for-subheaders/kubernetes-components' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-resources-setup', + from: '/v2.6/pages-for-subheaders/kubernetes-resources-setup' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher', + from: '/v2.6/pages-for-subheaders/launch-kubernetes-with-rancher' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller', + from: '/v2.6/pages-for-subheaders/load-balancer-and-ingress-controller' + }, + { + to: '/v2.6/integrations-in-rancher/logging', + from: '/v2.6/pages-for-subheaders/logging' + }, + { + to: '/v2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration', + from: '/v2.6/pages-for-subheaders/machine-configuration' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/manage-clusters', + from: '/v2.6/pages-for-subheaders/manage-clusters' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas', + from: '/v2.6/pages-for-subheaders/manage-project-resource-quotas' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides/manage-projects', + from: '/v2.6/pages-for-subheaders/manage-projects' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac', + from: '/v2.6/pages-for-subheaders/manage-role-based-access-control-rbac' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides', + from: '/v2.6/pages-for-subheaders/monitoring-alerting-guides' + }, + { + to: '/v2.6/integrations-in-rancher/monitoring-and-alerting', + from: '/v2.6/pages-for-subheaders/monitoring-and-alerting' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides/monitoring-v2-configuration-guides', + from: '/v2.6/pages-for-subheaders/monitoring-v2-configuration-guides' + }, + { + to: '/v2.6/reference-guides/monitoring-v2-configuration', + from: '/v2.6/pages-for-subheaders/monitoring-v2-configuration' + }, + { + to: '/v2.6/how-to-guides/new-user-guides', + from: '/v2.6/pages-for-subheaders/new-user-guides' + }, + { + to: '/v2.6/reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration', + from: '/v2.6/pages-for-subheaders/node-template-configuration' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix', + from: '/v2.6/pages-for-subheaders/nutanix' + }, + { + to: '/v2.6/getting-started/installation-and-upgrade/other-installation-methods', + from: '/v2.6/pages-for-subheaders/other-installation-methods' + }, + { + to: '/v2.6/reference-guides/pipelines', + from: '/v2.6/pages-for-subheaders/pipelines' + }, + { + to: '/v2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides', + from: '/v2.6/pages-for-subheaders/prometheus-federator-guides' + }, + { + to: '/v2.6/reference-guides/prometheus-federator', + from: '/v2.6/pages-for-subheaders/prometheus-federator' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/manage-clusters/provisioning-storage-examples', + from: '/v2.6/pages-for-subheaders/provisioning-storage-examples' + }, + { + to: '/v2.6/getting-started/quick-start-guides', + from: '/v2.6/pages-for-subheaders/quick-start-guides' + }, + { + to: '/v2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy', + from: '/v2.6/pages-for-subheaders/rancher-behind-an-http-proxy' + }, + { + to: '/v2.6/reference-guides/best-practices/rancher-managed-clusters', + from: '/v2.6/pages-for-subheaders/rancher-managed-clusters' + }, + { + to: '/v2.6/reference-guides/rancher-manager-architecture', + from: '/v2.6/pages-for-subheaders/rancher-manager-architecture' + }, + { + to: '/v2.6/getting-started/installation-and-upgrade/other-installation-methods/rancher-on-a-single-node-with-docker', + from: '/v2.6/pages-for-subheaders/rancher-on-a-single-node-with-docker' + }, + { + to: '/v2.6/reference-guides/rancher-security', + from: '/v2.6/pages-for-subheaders/rancher-security' + }, + { + to: '/v2.6/reference-guides/cluster-configuration/rancher-server-configuration', + from: '/v2.6/pages-for-subheaders/rancher-server-configuration' + }, + { + to: '/v2.6/reference-guides/best-practices/rancher-server', + from: '/v2.6/pages-for-subheaders/rancher-server' + }, + { + to: '/v2.6/reference-guides/rancher-security/rancher-v2.6-hardening-guides', + from: '/v2.6/pages-for-subheaders/rancher-v2.6-hardening-guides' + }, + { + to: '/v2.6/getting-started/installation-and-upgrade/resources', + from: '/v2.6/pages-for-subheaders/resources' + }, + { + to: '/v2.6/reference-guides/rancher-security/selinux-rpm', + from: '/v2.6/pages-for-subheaders/selinux-rpm' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers', + from: '/v2.6/pages-for-subheaders/set-up-cloud-providers' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers', + from: '/v2.6/pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers' + }, + { + to: '/v2.6/reference-guides/single-node-rancher-in-docker', + from: '/v2.6/pages-for-subheaders/single-node-rancher-in-docker' + }, + { + to: '/v2.6/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes', + from: '/v2.6/pages-for-subheaders/use-existing-nodes' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider', + from: '/v2.6/pages-for-subheaders/use-new-nodes-in-an-infra-provider' + }, + { + to: '/v2.6/reference-guides/user-settings', + from: '/v2.6/pages-for-subheaders/user-settings' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/use-windows-clusters', + from: '/v2.6/pages-for-subheaders/use-windows-clusters' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere', + from: '/v2.6/pages-for-subheaders/vsphere' + }, + { + to: '/v2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/workloads-and-pods', + from: '/v2.6/pages-for-subheaders/workloads-and-pods' + }, // Redirects for pages-for-subheaders removal [2.6] (end) { // Redirects for dashboard#9970 to: '/v2.8/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/rke1-vs-rke2-differences', from: '/v2.8/cluster-provisioning/rke-clusters/behavior-differences-between-rke1-and-rke2/' From 084803bd4eb4b126d70cc887dc4f70b6732bdeac Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Fri, 12 Jan 2024 10:32:50 -0800 Subject: [PATCH 50/77] Update uninstallation insturctions --- .../installing-rancher-prime.md | 16 +++++++++++----- .../installing-rancher-prime.md | 8 ++++++-- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 1d142b0b23e..34b22f30035 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -143,10 +143,16 @@ The Rancher hostname must be resolvable by public DNS. For more details, please ## Uninstalling Rancher Prime PAYG Offering -To uninstall the Rancher Prime PAYG offering, migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. +Run the following command to uninstall Rancher Prime: -Uninstalling Rancher Prime may not cleanly remove all the resources that Rancher created. You are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, we recommend first preparing and migrating any other workloads off the cluster to destroy the cluster to complete the uninstallation since cleanup is not recoverable. +```shell +helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud +``` - ```shell - helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud - ``` +Uninstalling Rancher Prime may not cleanly remove all Kubernetes resources that Rancher created. You can use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup. + +The best practice for uninstalling the Rancher Prime PAYG offering is to migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. + +:::important +Ensure you prepare and migrate any non-Rancher workloads off the cluster before destroying the cluster since these resources are not recoverable. +::: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index ed194f1dab1..8f737cfc889 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -95,6 +95,10 @@ View billing information in the Azure Portal by going to **Home** > **Cost Manag ## Uninstalling Rancher Prime PAYG Offering -To uninstall the Rancher Prime PAYG offering, migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. +Uninstalling Rancher Prime may not cleanly remove all Kubernetes resources that Rancher created. You can use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup. -Uninstalling Rancher Prime may not cleanly remove all the resources that Rancher created. You are encouraged to use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup if necessary. However, it is recommended to migrate any other workloads off the cluster and prepare to destroy the cluster to complete the uninstallation since cleanup is not recoverable. +The best practice for uninstalling the Rancher Prime PAYG offering is to migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. + +:::important +Ensure you prepare and migrate any non-Rancher workloads off the cluster before destroying the cluster since these resources are not recoverable. +::: From e1aa035e698a3fbfe686895670000d975b498a01 Mon Sep 17 00:00:00 2001 From: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com> Date: Fri, 12 Jan 2024 14:02:25 -0700 Subject: [PATCH 51/77] add docs for additionalManifest field for RKE2/K3s cluster --- .../k3s-cluster-configuration.md | 28 +++++++++++++++++++ .../rke2-cluster-configuration.md | 28 +++++++++++++++++++ .../k3s-cluster-configuration.md | 28 +++++++++++++++++++ .../rke2-cluster-configuration.md | 28 +++++++++++++++++++ .../k3s-cluster-configuration.md | 28 +++++++++++++++++++ .../rke2-cluster-configuration.md | 28 +++++++++++++++++++ 6 files changed, 168 insertions(+) diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md index 9faf7e98213..fb8870595b0 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md @@ -231,6 +231,7 @@ spec: kubernetesVersion: v1.26.7+k3s1 localClusterAuthEndpoint: {} rkeConfig: + additionalManifest: "" chartValues: {} etcd: snapshotRetention: 5 @@ -307,10 +308,37 @@ spec: ``` +### additionalManifest + +Specify the addition manifest(s) to be delivered to the control plane nodes. +The value is a String, and will be placed at the path `/var/lib/rancher/k3s/server/manifests/rancher/addons.yaml` on target nodes. + +Example: + +```yaml +additionalManifest: |- + apiVersion: v1 + kind: Namespace + metadata: + name: name-xxxx +``` + + +:::note + +It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, +it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. + +The recommended approach is to utilize the `chartValues` field which is explained below. + +::: + ### chartValues Specify the values for the system charts installed by K3s. +For more information about how K3s manges packaged components, please refer to [K3s documentation](https://docs.k3s.io/installation/packaged-components). + Example: ```yaml diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index 34c63378cbe..2fcced5eceb 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -280,6 +280,7 @@ spec: kubernetesVersion: v1.25.12+rke2r1 localClusterAuthEndpoint: {} rkeConfig: + additionalManifest: "" chartValues: rke2-calico: {} etcd: @@ -337,10 +338,37 @@ spec: ``` +### additionalManifest + +Specify the addition manifest(s) to be delivered to the control plane nodes. +The value is a String, and will be placed at the path `/var/lib/rancher/rke2/server/manifests/rancher/addons.yaml` on target nodes. + +Example: + +```yaml +additionalManifest: |- + apiVersion: v1 + kind: Namespace + metadata: + name: name-xxxx +``` + + +:::note + +It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, +it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. + +The recommended approach is to utilize the `chartValues` field which is explained below. + +::: + ### chartValues Specify the values for the system charts installed by RKE2. +For more information about how RKE2 manges packaged components, please refer to [RKE2 documentation](https://docs.rke2.io/helm). + Example: ```yaml diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md index 9faf7e98213..9a5ebfa5669 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md @@ -231,6 +231,7 @@ spec: kubernetesVersion: v1.26.7+k3s1 localClusterAuthEndpoint: {} rkeConfig: + additionalManifest: "" chartValues: {} etcd: snapshotRetention: 5 @@ -307,10 +308,37 @@ spec: ``` +### additionalManifest + +Specify the addition manifest(s) to be delivered to the control plane nodes. +The value is a String, and will be placed at the path `/var/lib/rancher/k3s/server/manifests/rancher/addons.yaml` on target nodes. + +Example: + +```yaml +additionalManifest: |- + apiVersion: v1 + kind: Namespace + metadata: + name: name-xxxx +``` + + +:::note + +It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, +it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. + +The recommended approach is to utilize the `chartValues` field which is explained below. + +::: + ### chartValues Specify the values for the system charts installed by K3s. +For more information about how K3s manges packaged components, please refer to [K3s documentation](https://docs.k3s.io/installation/packaged-components). + Example: ```yaml diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index 34c63378cbe..2fcced5eceb 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -280,6 +280,7 @@ spec: kubernetesVersion: v1.25.12+rke2r1 localClusterAuthEndpoint: {} rkeConfig: + additionalManifest: "" chartValues: rke2-calico: {} etcd: @@ -337,10 +338,37 @@ spec: ``` +### additionalManifest + +Specify the addition manifest(s) to be delivered to the control plane nodes. +The value is a String, and will be placed at the path `/var/lib/rancher/rke2/server/manifests/rancher/addons.yaml` on target nodes. + +Example: + +```yaml +additionalManifest: |- + apiVersion: v1 + kind: Namespace + metadata: + name: name-xxxx +``` + + +:::note + +It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, +it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. + +The recommended approach is to utilize the `chartValues` field which is explained below. + +::: + ### chartValues Specify the values for the system charts installed by RKE2. +For more information about how RKE2 manges packaged components, please refer to [RKE2 documentation](https://docs.rke2.io/helm). + Example: ```yaml diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md index a776a3c23bd..d5d35125e75 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md @@ -231,6 +231,7 @@ spec: kubernetesVersion: v1.26.7+k3s1 localClusterAuthEndpoint: {} rkeConfig: + additionalManifest: "" chartValues: {} etcd: snapshotRetention: 5 @@ -307,10 +308,37 @@ spec: ``` +### additionalManifest + +Specify the addition manifest(s) to be delivered to the control plane nodes. +The value is a String, and will be placed at the path `/var/lib/rancher/k3s/server/manifests/rancher/addons.yaml` on target nodes. + +Example: + +```yaml +additionalManifest: |- + apiVersion: v1 + kind: Namespace + metadata: + name: name-xxxx +``` + + +:::note + +It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, +it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. + +The recommended approach is to utilize the `chartValues` field which is explained below. + +::: + ### chartValues Specify the values for the system charts installed by K3s. +For more information about how K3s manges packaged components, please refer to [K3s documentation](https://docs.k3s.io/installation/packaged-components). + Example: ```yaml diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index 9e4604f28de..5a23c76a57a 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -280,6 +280,7 @@ spec: kubernetesVersion: v1.25.12+rke2r1 localClusterAuthEndpoint: {} rkeConfig: + additionalManifest: "" chartValues: rke2-calico: {} etcd: @@ -337,10 +338,37 @@ spec: ``` +### additionalManifest + +Specify the addition manifest(s) to be delivered to the control plane nodes. +The value is a String, and will be placed at the path `/var/lib/rancher/rke2/server/manifests/rancher/addons.yaml` on target nodes. + +Example: + +```yaml +additionalManifest: |- + apiVersion: v1 + kind: Namespace + metadata: + name: name-xxxx +``` + + +:::note + +It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, +it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. + +The recommended approach is to utilize the `chartValues` field which is explained below. + +::: + ### chartValues Specify the values for the system charts installed by RKE2. +For more information about how RKE2 manges packaged components, please refer to [RKE2 documentation](https://docs.rke2.io/helm). + Example: ```yaml From ce6eb371307973122f120ec3fbfbe7a91cc5af60 Mon Sep 17 00:00:00 2001 From: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com> Date: Fri, 12 Jan 2024 15:30:18 -0700 Subject: [PATCH 52/77] address comments --- .../k3s-cluster-configuration.md | 8 ++++---- .../rke2-cluster-configuration.md | 8 ++++---- .../k3s-cluster-configuration.md | 8 ++++---- .../rke2-cluster-configuration.md | 8 ++++---- .../k3s-cluster-configuration.md | 8 ++++---- .../rke2-cluster-configuration.md | 8 ++++---- 6 files changed, 24 insertions(+), 24 deletions(-) diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md index fb8870595b0..6ec07fe1906 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md @@ -310,7 +310,8 @@ spec: ### additionalManifest -Specify the addition manifest(s) to be delivered to the control plane nodes. +Specify additional manifests to deliver to the control plane nodes. + The value is a String, and will be placed at the path `/var/lib/rancher/k3s/server/manifests/rancher/addons.yaml` on target nodes. Example: @@ -326,10 +327,9 @@ additionalManifest: |- :::note -It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, -it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. +If you want to customize system charts, you should use the `chartValues` field as described below. -The recommended approach is to utilize the `chartValues` field which is explained below. +Alternatives, such as using a HelmChartConfig to customize the system charts via `additionalManifest`, can cause unexpected behavior, due to having multiple HelmChartConfigs for the same chart. ::: diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index 2fcced5eceb..5dddf5eba8b 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -340,7 +340,8 @@ spec: ### additionalManifest -Specify the addition manifest(s) to be delivered to the control plane nodes. +Specify additional manifests to deliver to the control plane nodes. + The value is a String, and will be placed at the path `/var/lib/rancher/rke2/server/manifests/rancher/addons.yaml` on target nodes. Example: @@ -356,10 +357,9 @@ additionalManifest: |- :::note -It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, -it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. +If you want to customize system charts, you should use the `chartValues` field as described below. -The recommended approach is to utilize the `chartValues` field which is explained below. +Alternatives, such as using a HelmChartConfig to customize the system charts via `additionalManifest`, can cause unexpected behavior, due to having multiple HelmChartConfigs for the same chart. ::: diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md index 9a5ebfa5669..6ec07fe1906 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md @@ -310,7 +310,8 @@ spec: ### additionalManifest -Specify the addition manifest(s) to be delivered to the control plane nodes. +Specify additional manifests to deliver to the control plane nodes. + The value is a String, and will be placed at the path `/var/lib/rancher/k3s/server/manifests/rancher/addons.yaml` on target nodes. Example: @@ -326,10 +327,9 @@ additionalManifest: |- :::note -It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, -it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. +If you want to customize system charts, you should use the `chartValues` field as described below. -The recommended approach is to utilize the `chartValues` field which is explained below. +Alternatives, such as using a HelmChartConfig to customize the system charts via `additionalManifest`, can cause unexpected behavior, due to having multiple HelmChartConfigs for the same chart. ::: diff --git a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index 2fcced5eceb..5dddf5eba8b 100644 --- a/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/versioned_docs/version-2.7/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -340,7 +340,8 @@ spec: ### additionalManifest -Specify the addition manifest(s) to be delivered to the control plane nodes. +Specify additional manifests to deliver to the control plane nodes. + The value is a String, and will be placed at the path `/var/lib/rancher/rke2/server/manifests/rancher/addons.yaml` on target nodes. Example: @@ -356,10 +357,9 @@ additionalManifest: |- :::note -It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, -it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. +If you want to customize system charts, you should use the `chartValues` field as described below. -The recommended approach is to utilize the `chartValues` field which is explained below. +Alternatives, such as using a HelmChartConfig to customize the system charts via `additionalManifest`, can cause unexpected behavior, due to having multiple HelmChartConfigs for the same chart. ::: diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md index d5d35125e75..9d321b9d3cc 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md @@ -310,7 +310,8 @@ spec: ### additionalManifest -Specify the addition manifest(s) to be delivered to the control plane nodes. +Specify additional manifests to deliver to the control plane nodes. + The value is a String, and will be placed at the path `/var/lib/rancher/k3s/server/manifests/rancher/addons.yaml` on target nodes. Example: @@ -326,10 +327,9 @@ additionalManifest: |- :::note -It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, -it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. +If you want to customize system charts, you should use the `chartValues` field as described below. -The recommended approach is to utilize the `chartValues` field which is explained below. +Alternatives, such as using a HelmChartConfig to customize the system charts via `additionalManifest`, can cause unexpected behavior, due to having multiple HelmChartConfigs for the same chart. ::: diff --git a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md index 5a23c76a57a..07035bb6227 100644 --- a/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md +++ b/versioned_docs/version-2.8/reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md @@ -340,7 +340,8 @@ spec: ### additionalManifest -Specify the addition manifest(s) to be delivered to the control plane nodes. +Specify additional manifests to deliver to the control plane nodes. + The value is a String, and will be placed at the path `/var/lib/rancher/rke2/server/manifests/rancher/addons.yaml` on target nodes. Example: @@ -356,10 +357,9 @@ additionalManifest: |- :::note -It is discouraged to provide HelmChartConfig for customizing the system charts via `additionalManifest`, -it could cause unexpected behavior due to how multiple HelmChartConfig for the same chart being handled. +If you want to customize system charts, you should use the `chartValues` field as described below. -The recommended approach is to utilize the `chartValues` field which is explained below. +Alternatives, such as using a HelmChartConfig to customize the system charts via `additionalManifest`, can cause unexpected behavior, due to having multiple HelmChartConfigs for the same chart. ::: From 13219aad0c94b0c96efb2165a547c18e2469388a Mon Sep 17 00:00:00 2001 From: Daniel Huth <4455258+Agreon@users.noreply.github.com> Date: Tue, 16 Jan 2024 17:02:35 +0100 Subject: [PATCH 53/77] Fix typo in fleet documentation (#1065) * Fix typo in fleet documentation * slight reword + apply changes to versioned 2.8 --------- Co-authored-by: martyav --- docs/integrations-in-rancher/fleet/fleet.md | 2 +- .../version-2.8/integrations-in-rancher/fleet/fleet.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/integrations-in-rancher/fleet/fleet.md b/docs/integrations-in-rancher/fleet/fleet.md index 0db52a7e9e1..d8d1f44b282 100644 --- a/docs/integrations-in-rancher/fleet/fleet.md +++ b/docs/integrations-in-rancher/fleet/fleet.md @@ -12,7 +12,7 @@ Many users often manage over 10 clusters at a time. Given the proliferation of c - I need to deploy my monitoring stack (e.g., Grafana, Prometheus) across geographical regions, each with different retention policies. - I am a platform operator and want to provision clusters with all components using a scalable and safe operating model (GitOps). -- I am an application developer and want to get my latest changes to automatically into my development environment. +- I am an application developer and want my latest changes to automatically go into my development environment. ## Fleet with Rancher Prime diff --git a/versioned_docs/version-2.8/integrations-in-rancher/fleet/fleet.md b/versioned_docs/version-2.8/integrations-in-rancher/fleet/fleet.md index 0db52a7e9e1..09bc89db026 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/fleet/fleet.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/fleet/fleet.md @@ -12,7 +12,7 @@ Many users often manage over 10 clusters at a time. Given the proliferation of c - I need to deploy my monitoring stack (e.g., Grafana, Prometheus) across geographical regions, each with different retention policies. - I am a platform operator and want to provision clusters with all components using a scalable and safe operating model (GitOps). -- I am an application developer and want to get my latest changes to automatically into my development environment. +- I am an application developer and want my latest changes to automatically go into my development environment. ## Fleet with Rancher Prime From 573fcd717fb0cb9774ebc946628fb3524a866985 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Tue, 16 Jan 2024 10:27:38 -0800 Subject: [PATCH 54/77] Adjust phrasing to indicate distro list is not exhaustive. Fix links --- .../migrate-rancher-to-new-cluster.md | 9 +++------ .../migrate-rancher-to-new-cluster.md | 5 +---- .../migrate-rancher-to-new-cluster.md | 5 +---- .../migrate-rancher-to-new-cluster.md | 9 +++------ .../migrate-rancher-to-new-cluster.md | 9 +++------ 5 files changed, 11 insertions(+), 26 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 4b58db9ead3..1c05a3268d7 100644 --- a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -11,7 +11,7 @@ If you are migrating Rancher to a new Kubernetes cluster, you don't need to inst ### Prerequisites -These instructions assume that you have [created a backup](back-up-rancher.md) and already installed a new Kubernetes cluster where Rancher will be deployed. The backup is specific to the Rancher application and can only migrate the Rancher application. +These instructions assume that you have [created a backup](back-up-rancher.md) and already installed a new Kubernetes cluster where Rancher will be deployed. The backup is specific to the Rancher application and can only migrate the Rancher application. :::caution @@ -21,12 +21,9 @@ It is required to use the same hostname that was set as the server URL in the fi Rancher version must be v2.5.0 and up -Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. One of Rancher's Kubernetes distributions may also be used: +Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. A Rancher-created Kubernetes distributions such as, but not limited to, [RKE](https://rke.docs.rancher.com/installation) or [K3s](https://docs.k3s.io/installation) may also be used. -- [RKE Kubernetes installation docs](https://rancher.com/docs/rke/latest/en/installation/) -- [K3s Kubernetes installation docs](https://rancher.com/docs/k3s/latest/en/installation/) - -Since Rancher can be installed on any Kubernetes cluster, you can use this backup and restore method to migrate Rancher from one Kubernetes cluster to any other Kubernetes cluster. This method *only* migrates Rancher-related resources and won't affect other applications on the cluster. Refer to the [support matrix](https://www.suse.com/lifecycle/) to identify which Kubernetes cluster types and versions are supported for your Rancher version. +Since Rancher can be installed on any Kubernetes cluster, you can use this backup and restore method to migrate Rancher from one Kubernetes cluster to any other Kubernetes cluster. This method *only* migrates Rancher-related resources and won't affect other applications on the cluster. Refer to the [support matrix](https://www.suse.com/lifecycle/) to identify which Kubernetes cluster types and versions are supported for your Rancher version. ### 1. Install the rancher-backup Helm chart diff --git a/versioned_docs/version-2.5/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.5/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 141f0fe99c7..15aeb447a08 100644 --- a/versioned_docs/version-2.5/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.5/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -16,10 +16,7 @@ It is required to use the same hostname that was set as the server URL in the fi Rancher version must be v2.5.0 and up -Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. One of Rancher's Kubernetes distributions may also be used: - -- [RKE Kubernetes installation docs](https://rancher.com/docs/rke/latest/en/installation/) -- [K3s Kubernetes installation docs](https://rancher.com/docs/k3s/latest/en/installation/) +Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. A Rancher-created Kubernetes distributions such as, but not limited to, [RKE](https://rke.docs.rancher.com/installation) or [K3s](https://docs.k3s.io/installation) may also be used. Since Rancher can be installed on any Kubernetes cluster, you can use this backup and restore method to migrate Rancher from one Kubernetes cluster to any other Kubernetes cluster. This method *only* migrates Rancher-related resources and won't affect other applications on the cluster. Refer to the [support matrix](https://www.suse.com/lifecycle/) to identify which Kubernetes cluster types and versions are supported for your Rancher version. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index aef2bca7ef5..0d83a5c5ae4 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -20,10 +20,7 @@ It is required to use the same hostname that was set as the server URL in the fi Rancher version must be v2.5.0 and up -Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. One of Rancher's Kubernetes distributions may also be used: - -- [RKE Kubernetes installation docs](https://rancher.com/docs/rke/latest/en/installation/) -- [K3s Kubernetes installation docs](https://rancher.com/docs/k3s/latest/en/installation/) +Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. A Rancher-created Kubernetes distributions such as, but not limited to, [RKE](https://rke.docs.rancher.com/installation) or [K3s](https://docs.k3s.io/installation) may also be used. Since Rancher can be installed on any Kubernetes cluster, you can use this backup and restore method to migrate Rancher from one Kubernetes cluster to any other Kubernetes cluster. This method *only* migrates Rancher-related resources and won't affect other applications on the cluster. Refer to the [support matrix](https://www.suse.com/lifecycle/) to identify which Kubernetes cluster types and versions are supported for your Rancher version. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 4b58db9ead3..1c05a3268d7 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -11,7 +11,7 @@ If you are migrating Rancher to a new Kubernetes cluster, you don't need to inst ### Prerequisites -These instructions assume that you have [created a backup](back-up-rancher.md) and already installed a new Kubernetes cluster where Rancher will be deployed. The backup is specific to the Rancher application and can only migrate the Rancher application. +These instructions assume that you have [created a backup](back-up-rancher.md) and already installed a new Kubernetes cluster where Rancher will be deployed. The backup is specific to the Rancher application and can only migrate the Rancher application. :::caution @@ -21,12 +21,9 @@ It is required to use the same hostname that was set as the server URL in the fi Rancher version must be v2.5.0 and up -Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. One of Rancher's Kubernetes distributions may also be used: +Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. A Rancher-created Kubernetes distributions such as, but not limited to, [RKE](https://rke.docs.rancher.com/installation) or [K3s](https://docs.k3s.io/installation) may also be used. -- [RKE Kubernetes installation docs](https://rancher.com/docs/rke/latest/en/installation/) -- [K3s Kubernetes installation docs](https://rancher.com/docs/k3s/latest/en/installation/) - -Since Rancher can be installed on any Kubernetes cluster, you can use this backup and restore method to migrate Rancher from one Kubernetes cluster to any other Kubernetes cluster. This method *only* migrates Rancher-related resources and won't affect other applications on the cluster. Refer to the [support matrix](https://www.suse.com/lifecycle/) to identify which Kubernetes cluster types and versions are supported for your Rancher version. +Since Rancher can be installed on any Kubernetes cluster, you can use this backup and restore method to migrate Rancher from one Kubernetes cluster to any other Kubernetes cluster. This method *only* migrates Rancher-related resources and won't affect other applications on the cluster. Refer to the [support matrix](https://www.suse.com/lifecycle/) to identify which Kubernetes cluster types and versions are supported for your Rancher version. ### 1. Install the rancher-backup Helm chart diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 4b58db9ead3..1c05a3268d7 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -11,7 +11,7 @@ If you are migrating Rancher to a new Kubernetes cluster, you don't need to inst ### Prerequisites -These instructions assume that you have [created a backup](back-up-rancher.md) and already installed a new Kubernetes cluster where Rancher will be deployed. The backup is specific to the Rancher application and can only migrate the Rancher application. +These instructions assume that you have [created a backup](back-up-rancher.md) and already installed a new Kubernetes cluster where Rancher will be deployed. The backup is specific to the Rancher application and can only migrate the Rancher application. :::caution @@ -21,12 +21,9 @@ It is required to use the same hostname that was set as the server URL in the fi Rancher version must be v2.5.0 and up -Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. One of Rancher's Kubernetes distributions may also be used: +Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes clusters such as Amazon EKS clusters. For help installing Kubernetes, refer to the documentation of the Kubernetes distribution. A Rancher-created Kubernetes distributions such as, but not limited to, [RKE](https://rke.docs.rancher.com/installation) or [K3s](https://docs.k3s.io/installation) may also be used. -- [RKE Kubernetes installation docs](https://rancher.com/docs/rke/latest/en/installation/) -- [K3s Kubernetes installation docs](https://rancher.com/docs/k3s/latest/en/installation/) - -Since Rancher can be installed on any Kubernetes cluster, you can use this backup and restore method to migrate Rancher from one Kubernetes cluster to any other Kubernetes cluster. This method *only* migrates Rancher-related resources and won't affect other applications on the cluster. Refer to the [support matrix](https://www.suse.com/lifecycle/) to identify which Kubernetes cluster types and versions are supported for your Rancher version. +Since Rancher can be installed on any Kubernetes cluster, you can use this backup and restore method to migrate Rancher from one Kubernetes cluster to any other Kubernetes cluster. This method *only* migrates Rancher-related resources and won't affect other applications on the cluster. Refer to the [support matrix](https://www.suse.com/lifecycle/) to identify which Kubernetes cluster types and versions are supported for your Rancher version. ### 1. Install the rancher-backup Helm chart From be0e4450e7f0b6e9d36d83d601fabb57d8e35c9e Mon Sep 17 00:00:00 2001 From: Lucas Saintarbor Date: Tue, 16 Jan 2024 15:29:33 -0800 Subject: [PATCH 55/77] Apply suggestions for AWS section Co-authored-by: Marty Hernandez Avedon --- .../common-issues.md | 2 +- .../installing-rancher-prime.md | 62 ++++++++++--------- .../prerequisites.md | 15 +++-- .../troubleshooting.md | 2 +- .../upgrading-rancher-payg-cluster.md | 6 +- 5 files changed, 44 insertions(+), 43 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index c87f2e16e2d..6df0070a237 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -3,4 +3,4 @@ title: AWS Marketplace Common Issues --- ### Migrating Rancher to a different EKS Cluster -When migrating Rancher to a different EKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. +When you migrate Rancher to a different EKS cluster by following the steps in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 34b22f30035..c2dde56f248 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -8,39 +8,39 @@ This page covers installing the Rancher Prime PAYG offering on Amazon's AWS Mark ### OIDC provider -Your EKS cluster requires an OIDC provider to be installed. To check for an OIDC provider, find the OIDC issuer with the following command. Substitute `$CLUSTER_NAME` with the name of your EKS cluster and `$REGION` with the region where it is running: +Your EKS cluster requires that you install an OIDC provider. To check that you've installed an OIDC provider, find the OIDC issuer with the following command. Substitute `` with the name of your EKS cluster and `` with the region where it is running: ```shell -aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query cluster.identity.oidc.issuer --output text +aws eks describe-cluster --name --region --query cluster.identity.oidc.issuer --output text ``` -A URL is returned, like `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`) will be referred to in later instructions as the OIDC Provider Identity. The final section of the URL, `1234567890ABCDEF`, is the `$OIDC_ID`. +This should return an URL, such as `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`) is the OIDC Provider Identity. The final section of the URL, `1234567890ABCDEF`, is the OIDC ID. -Using the `$OIDC_ID` of the issuer found above, you can check if a provider is installed with the following command: +Use the OIDC ID to check if the EKS cluster has a provider: ```shell -aws iam list-open-id-connect-providers | grep $OIDC_ID +aws iam list-open-id-connect-providers | grep ``` -If there is no output, you will need to create an OIDC provider: +If the last command produces no output, create an OIDC provider: ```shell -eksctl utils associate-iam-oidc-provider --cluster $CLUSTER_NAME --region $REGION --approve +eksctl utils associate-iam-oidc-provider --cluster --region --approve ``` ### IAM Role -An IAM role and an attached policy are required to provide the necessary permissions. The role name is passed as an argument during the Helm deployment. +You must create an IAM role and an attached policy to provide the necessary permissions. The role name is passed as an argument during the Helm deployment. -Create the role with a `$ROLE_NAME` of your choosing (for example, `rancher-csp-iam-role`) and the required policy attached to it: +Create the role with a `` of your choosing (for example, `rancher-csp-iam-role`) and attach the required policy: ```shell eksctl create iamserviceaccount \ --name rancher-csp-billing-adapter \ --namespace cattle-csp-billing-adapter-system \ - --cluster $CLUSTER_NAME \ - --region $REGION \ - --role-name $ROLE_NAME --role-only \ + --cluster \ + --region \ + --role-name --role-only \ --attach-policy-arn 'arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess' \ --approve ``` @@ -57,32 +57,32 @@ eksctl create iamserviceaccount \ --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com ``` -1. Install Rancher into your cluster using Helm. Customize your Helm installation values if needed: +1. Install Rancher with Helm. Customize your Helm installation values if needed: :::note - Rancher Prime utilizes cert-manager to issue and maintain its certificates. Rancher will generate a CA certificate of its own and sign a certificate using that CA. + Rancher Prime uses cert-manager to issue and maintain its certificates. Rancher generates its own CA certificate and signs certificates with that CA. ::: - The Rancher hostname must be resolvable by a public DNS. For more details, please refer to the [Prerequisites](prerequisites.md) section. For example, if the DNS name is `rancher.my.org`, then replace `$HOST_NAME` with `rancher.my.org` when running the `helm install` command. + The Rancher hostname must be resolvable by a public DNS. For more details, see [Prerequisites](prerequisites.md). For example, if the DNS name is `rancher.my.org`, then replace `` with `rancher.my.org` when running the `helm install` command. ```shell helm install -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/$REPOSITORY/rancher-cloud-helm/rancher-cloud \ - --version $CHART_VERSION \ - --set rancherHostname=$HOST_NAME \ - --set rancherServerURL=https://$HOST_NAME \ - --set rancherReplicas=$REPLICAS \ - --set rancherBootstrapPassword=$BOOTSTRAP_PASSWORD \ + --version \ + --set rancherHostname=\ + --set rancherServerURL=https://\ + --set rancherReplicas= \ + --set rancherBootstrapPassword=\ --set rancherIngressClassName=nginx \ - --set global.aws.accountNumber=$AWS_ACCOUNT_ID \ - --set global.aws.roleName=$ROLE_NAME + --set global.aws.accountNumber=\ + --set global.aws.roleName= ``` :::note - Monitor the logs for the `rancher-cloud` pod since it is deleted 1 minute after a successful or failed installation. + Monitor the logs for the `rancher-cloud` pod since it is deleted one minute after a successful or failed installation. ```shell kubectl logs -f rancher-cloud -n cattle-rancher-csp-deployer-system @@ -90,12 +90,14 @@ eksctl create iamserviceaccount \ ::: -1. After a successful deployment, running the following command should produce a similar output: +1. After a successful deployment, the following command should produce similar output: ```shell kubectl get deployments --all-namespaces ``` +**Response:** + ```shell NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE cattle-csp-billing-adapter-system csp-rancher-usage-operator 1/1 1 1 30m @@ -115,25 +117,25 @@ eksctl create iamserviceaccount \ ### Check Helm Chart Installation -Check that the Helm chart installation is complete: +1. Check that the Helm chart installation completed: ```shell helm ls -n cattle-rancher-csp-deployer-system ``` -After completing the Helm chart installation, you can verify the installation was successful: +2. Verify the status of the installation: ```shell helm status rancher-cloud -n cattle-rancher-csp-deployer-system ``` -Refer to the [Troubleshooting](troubleshooting.md) section for a failed installation. +Refer to the [Troubleshooting](troubleshooting.md) section if installation fails. -After the Helm chart installation is complete, Rancher Prime is successfully installed. +When Helm chart installation successfully completes, Rancher Prime will be installed. ## Log into the Rancher Dashboard -You may now log in to the Rancher dashboard by pointing your browser to the Rancher server URL `https://$RANCHER_HOSTNAME`, where`$RANCHER_HOSTNAME` is the hostname chosen when [installing Rancher](#installing-rancher). +You may now log in to the Rancher dashboard by pointing your browser to the Rancher server URL `https://`. The `` is the hostname you entered when you [installed Rancher](#installing-rancher). :::note @@ -149,7 +151,7 @@ Run the following command to uninstall Rancher Prime: helm uninstall -n cattle-rancher-csp-deployer-system rancher-cloud ``` -Uninstalling Rancher Prime may not cleanly remove all Kubernetes resources that Rancher created. You can use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup. +Uninstalling Rancher Prime may not remove all of the Kubernetes resources created by Rancher. Run the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup. The best practice for uninstalling the Rancher Prime PAYG offering is to migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md index 7b7a3c25c8a..7de00c52259 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md @@ -5,11 +5,10 @@ title: Prerequisites Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: - A Rancher-compatible EKS cluster. For more details, please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/). Please refer to [Creating an EKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress is installed on the EKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deploying Ingress-NGINX on an EKS cluster. -- Get the Load Balancer IP. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the EXTERNAL-IP. -- The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS is set up to point to the EXTERNAL-IP saved. -- Installation requires you to have the following tools available and properly configured to access your AWS account and your EKS cluster: - - [`aws`](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) - - [`curl`](https://curl.se/docs/install.html) - - [`eksctl`](https://eksctl.io/installation/) - - [`helm` (v3 or greater)](https://helm.sh/docs/intro/quickstart/#install-helm) +- An ingress on the EKS cluster, so that Rancher is accessible from outside the cluster. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deploying Ingress-NGINX on an EKS cluster. +- The Load Balancer IP address. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the `EXTERNAL-IP`. +- The Rancher hostname. The hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS points to the `EXTERNAL-IP`. + - [`aws`](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). + - [`curl`](https://curl.se/docs/install.html). + - [`eksctl`](https://eksctl.io/installation/). + - [`helm` (v3 or greater)](https://helm.sh/docs/intro/quickstart/#install-helm). diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index 441e193eda1..1246bb82d50 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -42,7 +42,7 @@ oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/$REPOSITORY/rancher-clou --set global.aws.roleName=$ROLE_NAME ``` -## Rancher Usage Record Not found +## Rancher Usage Record Not Found When you attempt to retrieve a usage record, you might see the following message: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index b660ef822f5..0acc4b1e762 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -2,9 +2,9 @@ title: Upgrading Rancher Prime PAYG Cluster in AWS --- -The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are periodically updated as new versions of the billing adapter or Rancher Prime are released. In this situation, the Helm chart will be updated with new tags and digests, and a new version of the Helm chart will be uploaded. +The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are periodically updated as new versions of the billing adapter or Rancher Prime are released. When this happens, the Helm chart is updated with new tags and digests, and a new version of the Helm chart is uploaded. -To upgrade the deployed Helm chart with the latest version, run the following Helm command: +To upgrade the deployed Helm chart to the latest version, run the following Helm command: ```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ @@ -26,6 +26,6 @@ helm ls -n cattle-rancher-csp-deployer-system :::warning -Rancher Prime PAYG customers will have constraints on getting updates to the offering based on the latest version SUSE has published to AWS, which may trail slightly behind the latest Rancher release. +Rancher Prime PAYG customers have constraints on getting updates, based on the latest version SUSE has published to AWS. The latest available Rancher Prime version may trail slightly behind the latest Rancher release. ::: From 732c354b806b32e6cf8098c2f8726cdb6fdf42a7 Mon Sep 17 00:00:00 2001 From: Lucas Saintarbor Date: Tue, 16 Jan 2024 15:36:25 -0800 Subject: [PATCH 56/77] Apply suggestions for Azure section Co-authored-by: Marty Hernandez Avedon --- .../installing-rancher-prime.md | 32 +++++++++---------- .../troubleshooting.md | 14 ++++---- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 8f737cfc889..1cd7a9bad76 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -6,10 +6,10 @@ This page covers installing the Rancher Prime PAYG offering on Microsoft's Azure ## How to Install Rancher Prime PAYG -Refer to the following steps for creating a new deployment of Rancher Prime from the Azure Marketplace page. +The following steps describe how to create a new deployment of Rancher Prime from the [Azure Marketplace](https://azuremarketplace.microsoft.com) page. 1. Select the **Rancher Prime with 24x7 Support** offer (either **EU and UK only** or **non-EU and non-UK only**) that corresponds to the location where your account is registered. -1. Choose the plan from the dropdown list. View the **Plans + Pricing** tab for more details about the plan. +1. Choose a plan from the dropdown menu. View the **Plans + Pricing** tab for more details about the plan. 1. Select **Create**. ### Basics @@ -18,8 +18,8 @@ On the **Basics** tab, specify the **Project details** and **Instance details**: ![Basics tab](/img/install-rancher-prime-basics.png) -1. Select an existing **Subscription** from the dropdown list. -1. Select an existing **Resource group** from the dropdown list. +1. Select an existing **Subscription** from the dropdown menu. +1. Select an existing **Resource group** from the dropdown menu. :::note @@ -29,8 +29,8 @@ On the **Basics** tab, specify the **Project details** and **Instance details**: ::: -1. Select an existing **AKS Cluster Name** from the dropdown list. -1. Choose an **Extension Resource name**. It can consist of alphanumeric characters and dots; the length must be between 2 and 253 characters. +1. Select an existing **AKS Cluster Name** from the dropdown menu. +1. Choose an **Extension Resource name**. It can consist of alphanumeric characters and dots and must be between 2 and 253 characters long. 1. Select **Next**. ### Rancher Configuration @@ -39,7 +39,7 @@ On the **Rancher Configuraion** tab, specify the following information: ![Rancher Configuration](/img/install-rancher-prime-bootstrap-password.png) -1. Enter the **Hostname** for Rancher. The Rancher hostname must be a fully qualified domain name (FQDN) and the Rancher server URL will be created using this hostname. +1. Enter the **Hostname** for Rancher. The Rancher hostname must be a fully qualified domain name (FQDN). The Rancher server URL will be created using this hostname. :::note The IP address of the Rancher hostname must be resolvable by a public DNS. @@ -49,19 +49,19 @@ On the **Rancher Configuraion** tab, specify the following information: 1. Choose and confirm a **Bootstrap Password**. During the first login, you will use the bootstrap password to authenticate to the Rancher dashboard. :::note - The current Rancher deployment exposes the bootstrap password in the Cluster configuration settings in Azure Portal. Until this is resolved, we suggest changing the Admin password after initial login by editing your profile in the Rancher dashboard. + The current Rancher deployment exposes the bootstrap password in the Cluster configuration settings in the Azure Portal. Until this security issue is resolved, we suggest changing the Admin password after initial login, by editing your profile in the Rancher dashboard. ::: 1. Select **Next**. -### Review + create +### Review + Create 1. On the **Review + create** tab, review the summary of the offer (Price, Basics, Rancher Configuration) and the link to **view automation template** (Azure Resource Manager Template). 1. Select **Create** to start the deployment. ### Deployment Complete -After the deployment is completed, the Rancher Prime Kubernetes service extension is successfully installed. +When the deployment successfully completes, Rancher Prime will be installed. :::note @@ -71,21 +71,21 @@ On the **Extensions + applications** page, the **Provisioning State** may show * ## Log into the Rancher Dashboard -You may now login to Rancher dashboard by pointing your browser to the Rancher server URL `https://$RANCHER_HOSTNAME`, where $RANCHER_HOSTNAME is the [hostname](#rancher-configuration) you have chosen when configuring Rancher. +You may now log in to the Rancher dashboard by pointing your browser to the Rancher server URL `https://`. The `` is the hostname you entered when you [installed Rancher](#installing-rancher). :::note -The Rancher hostname must be resolvable by public DNS. Please refer to the [Prerequisites](prerequisites.md) section for more details. +The Rancher hostname must be resolvable by public DNS. See the [Prerequisites](prerequisites.md) for more details. ::: ## How to Use Rancher -After logging into Rancher Prime, you should notice the **Welcome to Rancher Prime** message at the top of the screen. +After you login to Rancher Prime, you should notice the **Welcome to Rancher Prime** message at the top of the screen. ![Rancher Prime Home](/img/install-rancher-prime-home.png) -If your Rancher Prime PAYG deployment only has **Welcome to Rancher** at the top of the screen, please ensure you've updated to the latest version, and reset the branding to default (i.e., "suse") from **Global Settings**. +If your Rancher Prime PAYG deployment only has **Welcome to Rancher** at the top of the screen, make sure that you've updated to the latest version, and reset the branding to default (i.e., "suse") from **Global Settings**. ![Global Settings](/img/install-rancher-prime-global-settings.png) @@ -95,10 +95,10 @@ View billing information in the Azure Portal by going to **Home** > **Cost Manag ## Uninstalling Rancher Prime PAYG Offering -Uninstalling Rancher Prime may not cleanly remove all Kubernetes resources that Rancher created. You can use the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup. +Uninstalling Rancher Prime may not remove all of the Kubernetes resources created by Rancher. Run the [Rancher resource cleanup script](https://github.com/rancher/rancher-cleanup) to perform a more comprehensive cleanup. The best practice for uninstalling the Rancher Prime PAYG offering is to migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. :::important -Ensure you prepare and migrate any non-Rancher workloads off the cluster before destroying the cluster since these resources are not recoverable. +Ensure that you prepare and migrate any non-Rancher workloads off of the cluster before you destroy the cluster. These resources are nonrecoverable. ::: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md index 882193656c9..a9d21f35bd0 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md @@ -6,12 +6,14 @@ This section contains information to help troubleshoot issues when installing th ## Deployment -After a successful deployment, check the status of the deployment, it should list similar pod and chart output. +After a successful deployment, check the status of the deployment. It should list similar pod and chart output as the example below. ```shell kubectl get deployments --all-namespaces ``` +**Response:** + ```shell NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE cattle-csp-billing-adapter-system csp-rancher-usage-operator 1/1 1 1 8h @@ -42,19 +44,19 @@ Check the status of pods or jobs: kubectl get pods --all-namespaces ``` -If a pod is not in Running state, you can attempt to find the root cause with the following commands: +If a pod is not in a `Running` state, you can attempt to find the root cause with the following commands: - Describe pod: `kubectl describe pod $POD_NAME -n $NAMESPACE` - Pod container logs: `kubectl logs $POD_NAME -n $NAMESPACE` - Describe job: `kubectl describe job $JOB_NAME -n $NAMESPACE` - Logs from the containers of pods of the job: `kubectl logs -l job-name=$JOB_NAME -n $NAMESPACE` -## Rancher Usage Record Not found +## Rancher Usage Record Not Found When you attempt to retrieve a usage record, you might see the following message: ```shell -Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" Check Configuration, Retrieve generated configuration csp-config +Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record not found" Check Configuration, Retrieve generated configuration csp-config ``` To resolve the error, run: @@ -73,7 +75,7 @@ When you attempt to install an extension of the same type, you will see the foll Multiple extensions of same type is not allowed at this scope. (Code: ValidationFailed)" ``` -AKS cluster already has the extension with the same type. To resolve the error, uninstall the extension and re-deploy with the same cluster. +The AKS cluster already has the extension with the same type. To resolve the error, uninstall the extension and re-deploy to the same cluster. ## Resource Already Existing in your Cluster @@ -83,4 +85,4 @@ When you attempt to install a resource or extension that already exists, you wil Helm installation failed : Resource already existing in your cluster : Recommendation Manually delete the resource(s) that currently exist in your cluster and try installation again. To delete these resources run the following commands: kubectl delete -n : InnerError [rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "rancher" in namespace "cattle-system" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "test-nv2-reinstall": current value is "testnv2-plan"] ``` -AKS cluster already has the extension installed. To resolve the error, uninstall the extension as suggested in the error message by deleting the resource via the kubectl command, or uninstall the extension in Azure Console and re-deploy with the same cluster. +The AKS cluster already has the extension installed. To resolve the error, uninstall the extension as suggested in the error message, by deleting the resource via the kubectl command, or uninstall the extension in the Azure Console and re-deploy to the same cluster. From 3de3df0772b7d520c0b0b3b31c72d36aa216a639 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 16 Jan 2024 16:03:50 -0800 Subject: [PATCH 57/77] Replacing dollar sign placeholders --- .../troubleshooting.md | 22 +++++++++---------- .../upgrading-rancher-payg-cluster.md | 14 ++++++------ .../troubleshooting.md | 8 +++---- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index 1246bb82d50..2266debe877 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -14,10 +14,10 @@ kubectl get pods --all-namespaces If a pod is not in a `Running` state, you can attempt to find the root cause with the following commands: -- Describe pod: `kubectl describe pod $POD_NAME -n $NAMESPACE` -- Pod container logs: `kubectl logs $POD_NAME -n $NAMESPACE` -- Describe job: `kubectl describe job $JOB_NAME -n $NAMESPACE` -- Logs from the containers of pods of the job: `kubectl logs -l job-name=$JOB_NAME -n $NAMESPACE` +- Describe pod: `kubectl describe pod -n ` +- Pod container logs: `kubectl logs -n ` +- Describe job: `kubectl describe job -n ` +- Logs from the containers of pods of the job: `kubectl logs -l job-name= -n ` ## Recovering from Failed Pods @@ -33,13 +33,13 @@ Fix the problem and run: ```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ -oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/$REPOSITORY/rancher-cloud-helm/rancher-cloud --install \ - --version $CHART_VERSION \ - --set rancherHostname=$HOST_NAME \ - --set rancherServerURL=https://$HOST_NAME \ - --set rancherReplicas=$REPLICAS \ - --set global.aws.accountNumber=$AWS_ACCOUNT_ID \ - --set global.aws.roleName=$ROLE_NAME +oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse//rancher-cloud-helm/rancher-cloud --install \ + --version \ + --set rancherHostname= \ + --set rancherServerURL=https:// \ + --set rancherReplicas= \ + --set global.aws.accountNumber= \ + --set global.aws.roleName= ``` ## Rancher Usage Record Not Found diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index 0acc4b1e762..32d19738cac 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -8,14 +8,14 @@ To upgrade the deployed Helm chart to the latest version, run the following Helm ```shell helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ -oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/$REPOSITORY/rancher-cloud-helm/rancher-cloud \ - --version $UPGRADED_CHART_VERSION \ - --set rancherHostname=$HOST_NAME \ - --set rancherServerURL=https://$HOST_NAME \ - --set rancherReplicas=$REPLICAS \ +oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse//rancher-cloud-helm/rancher-cloud \ + --version \ + --set rancherHostname= \ + --set rancherServerURL=https:// \ + --set rancherReplicas= \ --set rancherIngressClassName=nginx \ - --set global.aws.accountNumber=$AWS_ACCOUNT_ID \ - --set global.aws.roleName=$ROLE_NAME + --set global.aws.accountNumber= \ + --set global.aws.roleName= ``` To check if the upgraded Helm chart deployed successfully, run the following Helm command: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md index a9d21f35bd0..91671240aed 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/troubleshooting.md @@ -46,10 +46,10 @@ kubectl get pods --all-namespaces If a pod is not in a `Running` state, you can attempt to find the root cause with the following commands: -- Describe pod: `kubectl describe pod $POD_NAME -n $NAMESPACE` -- Pod container logs: `kubectl logs $POD_NAME -n $NAMESPACE` -- Describe job: `kubectl describe job $JOB_NAME -n $NAMESPACE` -- Logs from the containers of pods of the job: `kubectl logs -l job-name=$JOB_NAME -n $NAMESPACE` +- Describe pod: `kubectl describe pod -n ` +- Pod container logs: `kubectl logs -n ` +- Describe job: `kubectl describe job -n -n ` ## Rancher Usage Record Not Found From b865f5095c5c2ebac758e2ace86f807da2deb20e Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Tue, 16 Jan 2024 16:07:30 -0800 Subject: [PATCH 58/77] Update admonition for uninstallation --- .../installing-rancher-prime.md | 2 +- .../installing-rancher-prime.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index c2dde56f248..c9aa93fbe9d 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -155,6 +155,6 @@ Uninstalling Rancher Prime may not remove all of the Kubernetes resources create The best practice for uninstalling the Rancher Prime PAYG offering is to migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. -:::important +:::note warning Ensure you prepare and migrate any non-Rancher workloads off the cluster before destroying the cluster since these resources are not recoverable. ::: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 1cd7a9bad76..766485cc8e6 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -99,6 +99,6 @@ Uninstalling Rancher Prime may not remove all of the Kubernetes resources create The best practice for uninstalling the Rancher Prime PAYG offering is to migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. -:::important +:::note warning Ensure that you prepare and migrate any non-Rancher workloads off of the cluster before you destroy the cluster. These resources are nonrecoverable. ::: From c2b95c9b264ea66c43f457453567c5f3cd93ff6c Mon Sep 17 00:00:00 2001 From: Lucas Saintarbor Date: Tue, 16 Jan 2024 16:44:14 -0800 Subject: [PATCH 59/77] Apply suggestions from code review Co-authored-by: Billy Tat --- .../installing-rancher-prime.md | 4 ++-- .../aws-marketplace-payg-integration/prerequisites.md | 8 ++++---- .../installing-rancher-prime.md | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index c9aa93fbe9d..258b8dcdbf3 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -14,7 +14,7 @@ Your EKS cluster requires that you install an OIDC provider. To check that you'v aws eks describe-cluster --name --region --query cluster.identity.oidc.issuer --output text ``` -This should return an URL, such as `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`) is the OIDC Provider Identity. The final section of the URL, `1234567890ABCDEF`, is the OIDC ID. +This should return a URL, such as `https://oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`. The part after `https://` (e.g. `oidc.eks.region.amazonaws.com/id/1234567890ABCDEF`) is the OIDC Provider Identity. The final section of the URL, `1234567890ABCDEF`, is the OIDC ID. Use the OIDC ID to check if the EKS cluster has a provider: @@ -155,6 +155,6 @@ Uninstalling Rancher Prime may not remove all of the Kubernetes resources create The best practice for uninstalling the Rancher Prime PAYG offering is to migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. -:::note warning +:::warning Ensure you prepare and migrate any non-Rancher workloads off the cluster before destroying the cluster since these resources are not recoverable. ::: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md index 7de00c52259..dfc3c43e273 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md @@ -8,7 +8,7 @@ Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need t - An ingress on the EKS cluster, so that Rancher is accessible from outside the cluster. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deploying Ingress-NGINX on an EKS cluster. - The Load Balancer IP address. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the `EXTERNAL-IP`. - The Rancher hostname. The hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS points to the `EXTERNAL-IP`. - - [`aws`](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). - - [`curl`](https://curl.se/docs/install.html). - - [`eksctl`](https://eksctl.io/installation/). - - [`helm` (v3 or greater)](https://helm.sh/docs/intro/quickstart/#install-helm). +- [`aws`](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). +- [`curl`](https://curl.se/docs/install.html). +- [`eksctl`](https://eksctl.io/installation/). +- [`helm` (v3 or greater)](https://helm.sh/docs/intro/quickstart/#install-helm). diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 766485cc8e6..2c9f20e2eb3 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -54,7 +54,7 @@ On the **Rancher Configuraion** tab, specify the following information: ::: 1. Select **Next**. -### Review + Create +### Review + create 1. On the **Review + create** tab, review the summary of the offer (Price, Basics, Rancher Configuration) and the link to **view automation template** (Azure Resource Manager Template). 1. Select **Create** to start the deployment. @@ -99,6 +99,6 @@ Uninstalling Rancher Prime may not remove all of the Kubernetes resources create The best practice for uninstalling the Rancher Prime PAYG offering is to migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. -:::note warning +:::warning Ensure that you prepare and migrate any non-Rancher workloads off of the cluster before you destroy the cluster. These resources are nonrecoverable. ::: From 7d3a4906cbd16dc86b4cee0df74d558c8aa46efb Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 17 Jan 2024 10:04:59 -0800 Subject: [PATCH 60/77] Add numbered list for "Recovering from Failed Pods" --- .../troubleshooting.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index 2266debe877..43387ea4faf 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -21,26 +21,26 @@ If a pod is not in a `Running` state, you can attempt to find the root cause wit ## Recovering from Failed Pods -If any of the pods aren't running, check the `rancher-cloud` pod: +1. If any of the pods aren't running, check the `rancher-cloud` pod: -```shell -kubectl get pods --all-namespaces | grep rancher-cloud -``` + ```shell + kubectl get pods --all-namespaces | grep rancher-cloud + ``` -If the `rancher-cloud` pod is in an `Error` state, wait for the pod to be deleted. This should take about one minute. +1. If the `rancher-cloud` pod is in an `Error` state, wait for the pod to be deleted. This should take about one minute. -Fix the problem and run: +1. Fix the problem and run: -```shell -helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ -oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse//rancher-cloud-helm/rancher-cloud --install \ - --version \ - --set rancherHostname= \ - --set rancherServerURL=https:// \ - --set rancherReplicas= \ - --set global.aws.accountNumber= \ - --set global.aws.roleName= -``` + ```shell + helm upgrade -n cattle-rancher-csp-deployer-system rancher-cloud --create-namespace \ + oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/suse//rancher-cloud-helm/rancher-cloud --install \ + --version \ + --set rancherHostname= \ + --set rancherServerURL=https:// \ + --set rancherReplicas= \ + --set global.aws.accountNumber= \ + --set global.aws.roleName= + ``` ## Rancher Usage Record Not Found From b7e225af8ea3c355cc264ab49709ba132088eff1 Mon Sep 17 00:00:00 2001 From: Lucas Saintarbor Date: Wed, 17 Jan 2024 10:13:20 -0800 Subject: [PATCH 61/77] Update versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md Co-authored-by: Marty Hernandez Avedon --- .../azure-marketplace-payg-integration/common-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md index 5a2f3be77ff..709747a464b 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -4,4 +4,4 @@ title: Azure Marketplace Common Issues ### Migrating Rancher to a different AKS Cluster -When migrating Rancher to a different AKS cluster by following the steps specified in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), Rancher Prime must be reinstalled via the Azure Marketplace on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. +When you migrate Rancher to a different AKScluster by following the steps in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. From c005d204c00101868031ae4d4bc88e2e5e91be87 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 17 Jan 2024 10:14:37 -0800 Subject: [PATCH 62/77] Fix typo --- .../azure-marketplace-payg-integration/common-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md index 709747a464b..33025523ea7 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -4,4 +4,4 @@ title: Azure Marketplace Common Issues ### Migrating Rancher to a different AKS Cluster -When you migrate Rancher to a different AKScluster by following the steps in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. +When you migrate Rancher to a different AKS cluster by following the steps in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. From 2302e373760ce9ab38b6987b54c9ad9d52045dfe Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 17 Jan 2024 13:30:50 -0500 Subject: [PATCH 63/77] #753 other title improvements (#1050) * vagrant quickstart retitled for consistency * rm number from title * 2. rm number from title * 3. rm number from title (Istio related, as were 2 prev) * 4. rm number from title (Istio related) * 5. rm number from title (Istio related) * 6. rm number from title (Istio related) * making backup 'examples' title more specific * rewrite + making monitoring 'examples' title more specific * suggestions from Btat correcting capitalization for github, combining two lines into one * versioning previous commit * applying sunil's suggestions rm'ing numbers from titles of pages missed in 2.0-2.4 * Apply suggestions from code review Co-authored-by: Billy Tat --------- Co-authored-by: Billy Tat --- .../deploy-rancher-manager/vagrant.md | 2 +- .../istio-setup-guide/enable-istio-in-cluster.md | 2 +- .../istio-setup-guide/enable-istio-in-namespace.md | 2 +- .../istio-setup-guide/generate-and-view-traffic.md | 2 +- .../istio-setup-guide/set-up-istio-gateway.md | 2 +- .../istio-setup-guide/set-up-traffic-management.md | 2 +- .../istio-setup-guide/use-istio-sidecar.md | 2 +- .../backup-restore-configuration/examples.md | 2 +- .../monitoring-v2-configuration/examples.md | 14 +++++++------- .../deploy-rancher-manager/vagrant.md | 2 +- .../istio-setup-guide/enable-istio-in-cluster.md | 2 +- .../istio-setup-guide/enable-istio-in-namespace.md | 2 +- .../istio-setup-guide/generate-and-view-traffic.md | 2 +- .../istio-setup-guide/node-selectors.md | 2 +- .../istio-setup-guide/set-up-istio-gateway.md | 2 +- .../istio-setup-guide/set-up-traffic-management.md | 2 +- .../istio-setup-guide/use-istio-sidecar.md | 2 +- .../deploy-rancher-manager/vagrant.md | 2 +- .../istio-setup-guide/enable-istio-in-cluster.md | 2 +- .../istio-setup-guide/enable-istio-in-namespace.md | 2 +- .../istio-setup-guide/generate-and-view-traffic.md | 2 +- .../istio-setup-guide/set-up-istio-gateway.md | 2 +- .../istio-setup-guide/set-up-traffic-management.md | 2 +- .../istio-setup-guide/use-istio-sidecar.md | 2 +- .../backup-restore-configuration/examples.md | 2 +- .../monitoring-v2-configuration/examples.md | 14 +++++++------- .../deploy-rancher-manager/vagrant.md | 2 +- .../istio-setup-guide/enable-istio-in-cluster.md | 2 +- .../istio-setup-guide/enable-istio-in-namespace.md | 2 +- .../istio-setup-guide/generate-and-view-traffic.md | 2 +- .../istio-setup-guide/set-up-istio-gateway.md | 2 +- .../istio-setup-guide/set-up-traffic-management.md | 2 +- .../istio-setup-guide/use-istio-sidecar.md | 2 +- .../backup-restore-configuration/examples.md | 2 +- .../monitoring-v2-configuration/examples.md | 14 +++++++------- .../deploy-rancher-manager/vagrant.md | 2 +- .../istio-setup-guide/enable-istio-in-cluster.md | 2 +- .../istio-setup-guide/enable-istio-in-namespace.md | 2 +- .../istio-setup-guide/generate-and-view-traffic.md | 2 +- .../istio-setup-guide/set-up-istio-gateway.md | 2 +- .../istio-setup-guide/set-up-traffic-management.md | 2 +- .../istio-setup-guide/use-istio-sidecar.md | 2 +- .../backup-restore-configuration/examples.md | 2 +- .../monitoring-v2-configuration/examples.md | 14 +++++++------- .../deploy-rancher-manager/vagrant.md | 2 +- .../istio-setup-guide/enable-istio-in-cluster.md | 2 +- .../istio-setup-guide/enable-istio-in-namespace.md | 2 +- .../istio-setup-guide/generate-and-view-traffic.md | 2 +- .../istio-setup-guide/set-up-istio-gateway.md | 2 +- .../istio-setup-guide/set-up-traffic-management.md | 2 +- .../istio-setup-guide/use-istio-sidecar.md | 2 +- .../backup-restore-configuration/examples.md | 2 +- .../monitoring-v2-configuration/examples.md | 14 +++++++------- 53 files changed, 83 insertions(+), 83 deletions(-) diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index efd3465ce22..25fd2b14d68 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -1,5 +1,5 @@ --- -title: Vagrant Quick Start +title: Rancher Vagrant Quick Start --- diff --git a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index 3ca93936f1f..61f65cbba77 100644 --- a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -1,5 +1,5 @@ --- -title: 1. Enable Istio in the Cluster +title: Enable Istio in the Cluster --- diff --git a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md index 13100f50109..01800259c55 100644 --- a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md +++ b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md @@ -1,5 +1,5 @@ --- -title: 2. Enable Istio in a Namespace +title: Enable Istio in a Namespace --- diff --git a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md index 7203d827091..e965bc9a8b1 100644 --- a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md +++ b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md @@ -1,5 +1,5 @@ --- -title: 6. Generate and View Traffic +title: Generate and View Traffic from Istio --- diff --git a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md index 38548a4921d..9644f8434c8 100644 --- a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md +++ b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md @@ -1,5 +1,5 @@ --- -title: 4. Set up the Istio Gateway +title: Set up the Istio Gateway --- diff --git a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md index 150289745d7..ebf477eb829 100644 --- a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md +++ b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md @@ -1,5 +1,5 @@ --- -title: 5. Set up Istio's Components for Traffic Management +title: Set up Istio's Components for Traffic Management --- diff --git a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md index af5b22672c5..314aebddf46 100644 --- a/docs/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md +++ b/docs/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md @@ -1,5 +1,5 @@ --- -title: 3. Add Deployments and Services with the Istio Sidecar +title: Add Deployments and Services with the Istio Sidecar --- diff --git a/docs/reference-guides/backup-restore-configuration/examples.md b/docs/reference-guides/backup-restore-configuration/examples.md index 0afd8a359fb..d00dce126ea 100644 --- a/docs/reference-guides/backup-restore-configuration/examples.md +++ b/docs/reference-guides/backup-restore-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Backup and Restore Examples --- diff --git a/docs/reference-guides/monitoring-v2-configuration/examples.md b/docs/reference-guides/monitoring-v2-configuration/examples.md index c65722cfa97..d6ef1920256 100644 --- a/docs/reference-guides/monitoring-v2-configuration/examples.md +++ b/docs/reference-guides/monitoring-v2-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Monitoring V2 Configuration Examples --- @@ -8,20 +8,20 @@ title: Examples ### ServiceMonitor -An example ServiceMonitor custom resource can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) +See the official prometheus-operator GitHub repo for an example [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) YAML. ### PodMonitor -An example PodMonitor can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/example-app-pod-monitor.yaml) An example Prometheus resource that refers to it can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/prometheus-pod-monitor.yaml) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/getting-started/#using-podmonitors) for an example PodMonitor and an example Prometheus resource that refers to a PodMonitor. ### PrometheusRule -For users who are familiar with Prometheus, a PrometheusRule contains the alerting and recording rules that you would normally place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). +A PrometheusRule contains the alerting and recording rules that you would usually place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). -For a more fine-grained application of PrometheusRules within your cluster, the ruleSelector field on a Prometheus resource allows you to select which PrometheusRules should be loaded onto Prometheus based on the labels attached to the PrometheusRules resources. +For a more fine-grained approach, the `ruleSelector` field on a Prometheus resource can select which PrometheusRules should be loaded onto Prometheus, based on the labels attached to the PrometheusRules resources. -An example PrometheusRule is on [this page.](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/alerting/) for an example PrometheusRule. ### Alertmanager Config -For an example configuration, refer to [this section](./receivers.md#example-alertmanager-configs). +See the Rancher docs page on Receivers for an example [Alertmanager config](./receivers.md#example-alertmanager-configs). diff --git a/versioned_docs/version-2.0-2.4/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/versioned_docs/version-2.0-2.4/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index a9680505eaf..8b276ea2278 100644 --- a/versioned_docs/version-2.0-2.4/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/versioned_docs/version-2.0-2.4/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -1,5 +1,5 @@ --- -title: Vagrant Quick Start +title: Rancher Vagrant Quick Start --- diff --git a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index d6a00bb9afd..d11bad34119 100644 --- a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -1,5 +1,5 @@ --- -title: 1. Enable Istio in the Cluster +title: Enable Istio in the Cluster --- diff --git a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md index 929f03ca7ce..faa18fd7864 100644 --- a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md +++ b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md @@ -1,5 +1,5 @@ --- -title: 2. Enable Istio in a Namespace +title: Enable Istio in a Namespace --- diff --git a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md index becffde4401..fc703971513 100644 --- a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md +++ b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md @@ -1,5 +1,5 @@ --- -title: 7. Generate and View Traffic +title: Generate and View Traffic --- diff --git a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/node-selectors.md b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/node-selectors.md index 6df5cde370e..ce031a8a0cd 100644 --- a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/node-selectors.md +++ b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/node-selectors.md @@ -1,5 +1,5 @@ --- -title: 3. Select the Nodes Where Istio Components Will be Deployed +title: Select the Nodes Where Istio Components Will be Deployed --- > **Prerequisite:** Your cluster needs a worker node that can designated for Istio. The worker node should meet the [resource requirements.](../../../explanations/integrations-in-rancher/istio/cpu-and-memory-allocations.md) diff --git a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md index f90135bcf22..ac54b573e6d 100644 --- a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md +++ b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md @@ -1,5 +1,5 @@ --- -title: 5. Set up the Istio Gateway +title: Set up the Istio Gateway --- diff --git a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md index 37c0d47eeab..cdca3098dd6 100644 --- a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md +++ b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md @@ -1,5 +1,5 @@ --- -title: 6. Set up Istio's Components for Traffic Management +title: Set up Istio's Components for Traffic Management --- diff --git a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md index 29bf3db97d1..f47f613d0aa 100644 --- a/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md +++ b/versioned_docs/version-2.0-2.4/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md @@ -1,5 +1,5 @@ --- -title: 4. Add Deployments and Services with the Istio Sidecar +title: Add Deployments and Services with the Istio Sidecar --- diff --git a/versioned_docs/version-2.5/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/versioned_docs/version-2.5/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index e076f6d7528..0561a13e025 100644 --- a/versioned_docs/version-2.5/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/versioned_docs/version-2.5/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -1,5 +1,5 @@ --- -title: Vagrant Quick Start +title: Rancher Vagrant Quick Start --- diff --git a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index 76bdcc78c48..b2847bbe92e 100644 --- a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -1,5 +1,5 @@ --- -title: 1. Enable Istio in the Cluster +title: Enable Istio in the Cluster --- diff --git a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md index d0d02e1e126..e46acb5d5c8 100644 --- a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md +++ b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md @@ -1,5 +1,5 @@ --- -title: 2. Enable Istio in a Namespace +title: Enable Istio in a Namespace --- diff --git a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md index 849197b482d..d6105392b51 100644 --- a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md +++ b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md @@ -1,5 +1,5 @@ --- -title: 6. Generate and View Traffic +title: Generate and View Traffic from Istio --- diff --git a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md index 3f0ede71d7f..cb4d2bd8093 100644 --- a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md +++ b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md @@ -1,5 +1,5 @@ --- -title: 4. Set up the Istio Gateway +title: Set up the Istio Gateway --- diff --git a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md index e1e57f5983c..f20b52ccbd7 100644 --- a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md +++ b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md @@ -1,5 +1,5 @@ --- -title: 5. Set up Istio's Components for Traffic Management +title: Set up Istio's Components for Traffic Management --- diff --git a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md index 0996a8f6c6a..e359b42cdae 100644 --- a/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md +++ b/versioned_docs/version-2.5/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md @@ -1,5 +1,5 @@ --- -title: 3. Add Deployments and Services with the Istio Sidecar +title: Add Deployments and Services with the Istio Sidecar --- diff --git a/versioned_docs/version-2.5/reference-guides/backup-restore-configuration/examples.md b/versioned_docs/version-2.5/reference-guides/backup-restore-configuration/examples.md index 610cfab0650..f07d105adc6 100644 --- a/versioned_docs/version-2.5/reference-guides/backup-restore-configuration/examples.md +++ b/versioned_docs/version-2.5/reference-guides/backup-restore-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Backup and Restore Examples --- diff --git a/versioned_docs/version-2.5/reference-guides/monitoring-v2-configuration/examples.md b/versioned_docs/version-2.5/reference-guides/monitoring-v2-configuration/examples.md index c65722cfa97..d6ef1920256 100644 --- a/versioned_docs/version-2.5/reference-guides/monitoring-v2-configuration/examples.md +++ b/versioned_docs/version-2.5/reference-guides/monitoring-v2-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Monitoring V2 Configuration Examples --- @@ -8,20 +8,20 @@ title: Examples ### ServiceMonitor -An example ServiceMonitor custom resource can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) +See the official prometheus-operator GitHub repo for an example [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) YAML. ### PodMonitor -An example PodMonitor can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/example-app-pod-monitor.yaml) An example Prometheus resource that refers to it can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/prometheus-pod-monitor.yaml) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/getting-started/#using-podmonitors) for an example PodMonitor and an example Prometheus resource that refers to a PodMonitor. ### PrometheusRule -For users who are familiar with Prometheus, a PrometheusRule contains the alerting and recording rules that you would normally place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). +A PrometheusRule contains the alerting and recording rules that you would usually place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). -For a more fine-grained application of PrometheusRules within your cluster, the ruleSelector field on a Prometheus resource allows you to select which PrometheusRules should be loaded onto Prometheus based on the labels attached to the PrometheusRules resources. +For a more fine-grained approach, the `ruleSelector` field on a Prometheus resource can select which PrometheusRules should be loaded onto Prometheus, based on the labels attached to the PrometheusRules resources. -An example PrometheusRule is on [this page.](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/alerting/) for an example PrometheusRule. ### Alertmanager Config -For an example configuration, refer to [this section](./receivers.md#example-alertmanager-configs). +See the Rancher docs page on Receivers for an example [Alertmanager config](./receivers.md#example-alertmanager-configs). diff --git a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index d45b57fc169..eca79248fdb 100644 --- a/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/versioned_docs/version-2.6/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -1,5 +1,5 @@ --- -title: Vagrant Quick Start +title: Rancher Vagrant Quick Start --- diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index bb81cb623f5..5808f1a8946 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -1,5 +1,5 @@ --- -title: 1. Enable Istio in the Cluster +title: Enable Istio in the Cluster --- diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md index 13100f50109..01800259c55 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md @@ -1,5 +1,5 @@ --- -title: 2. Enable Istio in a Namespace +title: Enable Istio in a Namespace --- diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md index 7203d827091..e965bc9a8b1 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md @@ -1,5 +1,5 @@ --- -title: 6. Generate and View Traffic +title: Generate and View Traffic from Istio --- diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md index 38548a4921d..9644f8434c8 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md @@ -1,5 +1,5 @@ --- -title: 4. Set up the Istio Gateway +title: Set up the Istio Gateway --- diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md index 150289745d7..ebf477eb829 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md @@ -1,5 +1,5 @@ --- -title: 5. Set up Istio's Components for Traffic Management +title: Set up Istio's Components for Traffic Management --- diff --git a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md index af5b22672c5..314aebddf46 100644 --- a/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md +++ b/versioned_docs/version-2.6/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md @@ -1,5 +1,5 @@ --- -title: 3. Add Deployments and Services with the Istio Sidecar +title: Add Deployments and Services with the Istio Sidecar --- diff --git a/versioned_docs/version-2.6/reference-guides/backup-restore-configuration/examples.md b/versioned_docs/version-2.6/reference-guides/backup-restore-configuration/examples.md index bab7533302e..dba8f0afc0c 100644 --- a/versioned_docs/version-2.6/reference-guides/backup-restore-configuration/examples.md +++ b/versioned_docs/version-2.6/reference-guides/backup-restore-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Backup and Restore Examples --- diff --git a/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/examples.md b/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/examples.md index c65722cfa97..d6ef1920256 100644 --- a/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/examples.md +++ b/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Monitoring V2 Configuration Examples --- @@ -8,20 +8,20 @@ title: Examples ### ServiceMonitor -An example ServiceMonitor custom resource can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) +See the official prometheus-operator GitHub repo for an example [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) YAML. ### PodMonitor -An example PodMonitor can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/example-app-pod-monitor.yaml) An example Prometheus resource that refers to it can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/prometheus-pod-monitor.yaml) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/getting-started/#using-podmonitors) for an example PodMonitor and an example Prometheus resource that refers to a PodMonitor. ### PrometheusRule -For users who are familiar with Prometheus, a PrometheusRule contains the alerting and recording rules that you would normally place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). +A PrometheusRule contains the alerting and recording rules that you would usually place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). -For a more fine-grained application of PrometheusRules within your cluster, the ruleSelector field on a Prometheus resource allows you to select which PrometheusRules should be loaded onto Prometheus based on the labels attached to the PrometheusRules resources. +For a more fine-grained approach, the `ruleSelector` field on a Prometheus resource can select which PrometheusRules should be loaded onto Prometheus, based on the labels attached to the PrometheusRules resources. -An example PrometheusRule is on [this page.](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/alerting/) for an example PrometheusRule. ### Alertmanager Config -For an example configuration, refer to [this section](./receivers.md#example-alertmanager-configs). +See the Rancher docs page on Receivers for an example [Alertmanager config](./receivers.md#example-alertmanager-configs). diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index efd3465ce22..25fd2b14d68 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -1,5 +1,5 @@ --- -title: Vagrant Quick Start +title: Rancher Vagrant Quick Start --- diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index 3ca93936f1f..61f65cbba77 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -1,5 +1,5 @@ --- -title: 1. Enable Istio in the Cluster +title: Enable Istio in the Cluster --- diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md index 13100f50109..01800259c55 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md @@ -1,5 +1,5 @@ --- -title: 2. Enable Istio in a Namespace +title: Enable Istio in a Namespace --- diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md index 7203d827091..e965bc9a8b1 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md @@ -1,5 +1,5 @@ --- -title: 6. Generate and View Traffic +title: Generate and View Traffic from Istio --- diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md index 38548a4921d..9644f8434c8 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md @@ -1,5 +1,5 @@ --- -title: 4. Set up the Istio Gateway +title: Set up the Istio Gateway --- diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md index 150289745d7..ebf477eb829 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md @@ -1,5 +1,5 @@ --- -title: 5. Set up Istio's Components for Traffic Management +title: Set up Istio's Components for Traffic Management --- diff --git a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md index af5b22672c5..314aebddf46 100644 --- a/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md +++ b/versioned_docs/version-2.7/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md @@ -1,5 +1,5 @@ --- -title: 3. Add Deployments and Services with the Istio Sidecar +title: Add Deployments and Services with the Istio Sidecar --- diff --git a/versioned_docs/version-2.7/reference-guides/backup-restore-configuration/examples.md b/versioned_docs/version-2.7/reference-guides/backup-restore-configuration/examples.md index bab7533302e..dba8f0afc0c 100644 --- a/versioned_docs/version-2.7/reference-guides/backup-restore-configuration/examples.md +++ b/versioned_docs/version-2.7/reference-guides/backup-restore-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Backup and Restore Examples --- diff --git a/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/examples.md b/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/examples.md index c65722cfa97..d6ef1920256 100644 --- a/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/examples.md +++ b/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Monitoring V2 Configuration Examples --- @@ -8,20 +8,20 @@ title: Examples ### ServiceMonitor -An example ServiceMonitor custom resource can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) +See the official prometheus-operator GitHub repo for an example [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) YAML. ### PodMonitor -An example PodMonitor can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/example-app-pod-monitor.yaml) An example Prometheus resource that refers to it can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/prometheus-pod-monitor.yaml) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/getting-started/#using-podmonitors) for an example PodMonitor and an example Prometheus resource that refers to a PodMonitor. ### PrometheusRule -For users who are familiar with Prometheus, a PrometheusRule contains the alerting and recording rules that you would normally place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). +A PrometheusRule contains the alerting and recording rules that you would usually place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). -For a more fine-grained application of PrometheusRules within your cluster, the ruleSelector field on a Prometheus resource allows you to select which PrometheusRules should be loaded onto Prometheus based on the labels attached to the PrometheusRules resources. +For a more fine-grained approach, the `ruleSelector` field on a Prometheus resource can select which PrometheusRules should be loaded onto Prometheus, based on the labels attached to the PrometheusRules resources. -An example PrometheusRule is on [this page.](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/alerting/) for an example PrometheusRule. ### Alertmanager Config -For an example configuration, refer to [this section](./receivers.md#example-alertmanager-configs). +See the Rancher docs page on Receivers for an example [Alertmanager config](./receivers.md#example-alertmanager-configs). diff --git a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md index efd3465ce22..25fd2b14d68 100644 --- a/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md +++ b/versioned_docs/version-2.8/getting-started/quick-start-guides/deploy-rancher-manager/vagrant.md @@ -1,5 +1,5 @@ --- -title: Vagrant Quick Start +title: Rancher Vagrant Quick Start --- diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md index 3ca93936f1f..61f65cbba77 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md @@ -1,5 +1,5 @@ --- -title: 1. Enable Istio in the Cluster +title: Enable Istio in the Cluster --- diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md index 13100f50109..01800259c55 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md @@ -1,5 +1,5 @@ --- -title: 2. Enable Istio in a Namespace +title: Enable Istio in a Namespace --- diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md index 7203d827091..e965bc9a8b1 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md @@ -1,5 +1,5 @@ --- -title: 6. Generate and View Traffic +title: Generate and View Traffic from Istio --- diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md index 38548a4921d..9644f8434c8 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md @@ -1,5 +1,5 @@ --- -title: 4. Set up the Istio Gateway +title: Set up the Istio Gateway --- diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md index 150289745d7..ebf477eb829 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md @@ -1,5 +1,5 @@ --- -title: 5. Set up Istio's Components for Traffic Management +title: Set up Istio's Components for Traffic Management --- diff --git a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md index af5b22672c5..314aebddf46 100644 --- a/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md +++ b/versioned_docs/version-2.8/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md @@ -1,5 +1,5 @@ --- -title: 3. Add Deployments and Services with the Istio Sidecar +title: Add Deployments and Services with the Istio Sidecar --- diff --git a/versioned_docs/version-2.8/reference-guides/backup-restore-configuration/examples.md b/versioned_docs/version-2.8/reference-guides/backup-restore-configuration/examples.md index 0afd8a359fb..d00dce126ea 100644 --- a/versioned_docs/version-2.8/reference-guides/backup-restore-configuration/examples.md +++ b/versioned_docs/version-2.8/reference-guides/backup-restore-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Backup and Restore Examples --- diff --git a/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/examples.md b/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/examples.md index c65722cfa97..d6ef1920256 100644 --- a/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/examples.md +++ b/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/examples.md @@ -1,5 +1,5 @@ --- -title: Examples +title: Monitoring V2 Configuration Examples --- @@ -8,20 +8,20 @@ title: Examples ### ServiceMonitor -An example ServiceMonitor custom resource can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) +See the official prometheus-operator GitHub repo for an example [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) YAML. ### PodMonitor -An example PodMonitor can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/example-app-pod-monitor.yaml) An example Prometheus resource that refers to it can be found [here.](https://github.com/prometheus-operator/prometheus-operator/blob/master/example/user-guides/getting-started/prometheus-pod-monitor.yaml) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/getting-started/#using-podmonitors) for an example PodMonitor and an example Prometheus resource that refers to a PodMonitor. ### PrometheusRule -For users who are familiar with Prometheus, a PrometheusRule contains the alerting and recording rules that you would normally place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). +A PrometheusRule contains the alerting and recording rules that you would usually place in a [Prometheus rule file](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/). -For a more fine-grained application of PrometheusRules within your cluster, the ruleSelector field on a Prometheus resource allows you to select which PrometheusRules should be loaded onto Prometheus based on the labels attached to the PrometheusRules resources. +For a more fine-grained approach, the `ruleSelector` field on a Prometheus resource can select which PrometheusRules should be loaded onto Prometheus, based on the labels attached to the PrometheusRules resources. -An example PrometheusRule is on [this page.](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md) +See the [Prometheus Operator documentation](https://prometheus-operator.dev/docs/user-guides/alerting/) for an example PrometheusRule. ### Alertmanager Config -For an example configuration, refer to [this section](./receivers.md#example-alertmanager-configs). +See the Rancher docs page on Receivers for an example [Alertmanager config](./receivers.md#example-alertmanager-configs). From a4e1f471c3673a920f4ac532c5fab41109ed9cbf Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 17 Jan 2024 10:38:06 -0800 Subject: [PATCH 64/77] Update prerequisites and upgrading section for consistency --- .../aws-marketplace-payg-integration/prerequisites.md | 2 +- .../azure-marketplace-payg-integration/prerequisites.md | 6 +++--- .../upgrading-rancher-payg-cluster.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md index dfc3c43e273..82f8b8ea79e 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md @@ -4,7 +4,7 @@ title: Prerequisites Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible EKS cluster. For more details, please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/). Please refer to [Creating an EKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). +- A Rancher-compatible EKS cluster. For more details, see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/). Refer to [Creating an EKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). - An ingress on the EKS cluster, so that Rancher is accessible from outside the cluster. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deploying Ingress-NGINX on an EKS cluster. - The Load Balancer IP address. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the `EXTERNAL-IP`. - The Rancher hostname. The hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS points to the `EXTERNAL-IP`. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md index cb3eec947f4..aedcdd45b13 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/prerequisites.md @@ -4,6 +4,6 @@ title: Prerequisites Before using Rancher Prime on Azure as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: -- A Rancher-compatible AKS cluster. For more details, please see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/). You can only install the Rancher Prime PAYG offering onto clusters in regions where AKS and Azure Container Apps are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Please see [Creating an AKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress installed on the AKS cluster so that Rancher is accessible outside the cluster. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#5-install-an-ingress) for instructions on how to deploy Ingress-NGINX on an AKS cluster. -- The Rancher hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. Please refer to [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#7-set-up-dns) for instructions on how to set up DNS. +- A Rancher-compatible AKS cluster. For more details, see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/). You can only install the Rancher Prime PAYG offering onto clusters in regions where AKS and Azure Container Apps are available. See the [Azure documentation](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=container-apps,kubernetes-service®ions=all) for details. Refer to [Creating an AKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#3-create-the-aks-cluster) for bringing up an AKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). +- An ingress installed on the AKS cluster, so that Rancher is accessible outside the cluster. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#5-install-an-ingress) for instructions on deploying Ingress-NGINX on an AKS cluster. +- The Rancher hostname. The hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-aks.md#7-set-up-dns) for instructions on how to set up DNS. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index 68f4a113461..ebf5dcdfd1f 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -10,8 +10,8 @@ To update to the latest version of the Rancher Prime PAYG offering supported in az k8s-extension update --name $CLUSTER_EXTENSION_RESOURCE_NAME --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --cluster-type managedClusters --version $VERSION_TO_BE_UPGRADED ``` -:::note +:::warning -PAYG customers will have constraints on getting updates to the offer based on the latest version SUSE has published to Azure, which may trail slightly behind the latest Rancher release. +Rancher Prime PAYG customers have constraints on getting updates to the offer, based on the latest version SUSE has published to Azure. The latest available Rancher Prime version may trail slightly behind the latest Rancher release. ::: From f0d4deec5d747abcecbb327c73144b45f7904eaa Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 17 Jan 2024 10:50:28 -0800 Subject: [PATCH 65/77] Added AWS/Azure marketplace links --- .../pages-for-subheaders/aws-marketplace-payg-integration.md | 2 +- .../pages-for-subheaders/azure-marketplace-payg-integration.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md b/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md index 6f7ff87d155..3cbf9e8803b 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md +++ b/versioned_docs/version-2.7/pages-for-subheaders/aws-marketplace-payg-integration.md @@ -8,7 +8,7 @@ title: AWS Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher Prime integrates with the AWS Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, benefiting from a new pay-monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEA and EMEA AWS Marketplace offerings for Rancher Prime: +Rancher Prime integrates with the [AWS Marketplace](https://aws.amazon.com/marketplace) as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to AWS customers, benefiting from a new pay-monthly pricing model available through the AWS Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in AWS, on-prem, or at the edge. To learn more, see our non-EMEA and EMEA AWS Marketplace offerings for Rancher Prime: - [Rancher Prime](https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c) - [Rancher Prime (EMEA Orders Only)](https://aws.amazon.com/marketplace/pp/prodview-ocgjwd5c2aj5i) diff --git a/versioned_docs/version-2.7/pages-for-subheaders/azure-marketplace-payg-integration.md b/versioned_docs/version-2.7/pages-for-subheaders/azure-marketplace-payg-integration.md index 42f6ae467ab..052cc94bca9 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/azure-marketplace-payg-integration.md +++ b/versioned_docs/version-2.7/pages-for-subheaders/azure-marketplace-payg-integration.md @@ -8,7 +8,7 @@ title: Azure Marketplace Pay-as-you-go (PAYG) Integration ## Overview -Rancher Prime integrates with the Azure Marketplace as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to Azure customers, benefiting from a new pay-monthly pricing model available through the Azure Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in Azure, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA Azure Marketplace offerings for Rancher Prime: +Rancher Prime integrates with the [Azure Marketplace](https://azuremarketplace.microsoft.com) as a pay-as-you-go (PAYG) offering. This brings the value of running and managing Kubernetes environments to Azure customers, benefiting from a new pay-monthly pricing model available through the Azure Marketplace. This listing will enable you to manage any CNCF-certified Kubernetes distribution in Azure, on-prem, or at the edge. To learn more, see our non-EMEMA and EMEA Azure Marketplace offerings for Rancher Prime: - [Rancher Prime with 24x7 Support](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suse.rancher-prime-llc/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suse.rancher-prime-llcpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%221dafcf16-920e-46ea-80c9-dc85c6bd3a17%22%7D/searchTelemetryId/c2300fb7-ba7b-462a-ba57-a37cb5e2822d) - [Rancher Prime with 24x7 Support (EMEA Orders Only)](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/suseirelandltd1692213356027.rancher-prime-ltd/selectionMode~/false/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false/selectedMenuId/home/launchingContext~/%7B%22galleryItemId%22%3A%22suseirelandltd1692213356027.rancher-prime-ltdpay-as-you-go%22%2C%22source%22%3A%5B%22GalleryFeaturedMenuItemPart%22%2C%22VirtualizedTileDetails%22%5D%2C%22menuItemId%22%3A%22home%22%2C%22subMenuItemId%22%3A%22Search%20results%22%2C%22telemetryId%22%3A%22c6b1d79a-b577-47b0-90e5-41e6c49688ab%22%7D/searchTelemetryId/1793144d-e0d9-466e-8e36-dfeddc73163b) From 6353941d078ac765d528dc2c178f86b07c156d27 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Wed, 17 Jan 2024 10:53:43 -0800 Subject: [PATCH 66/77] Remove Azure Marketplace link on Install page --- .../installing-rancher-prime.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md index 2c9f20e2eb3..5dda266f125 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/installing-rancher-prime.md @@ -6,7 +6,7 @@ This page covers installing the Rancher Prime PAYG offering on Microsoft's Azure ## How to Install Rancher Prime PAYG -The following steps describe how to create a new deployment of Rancher Prime from the [Azure Marketplace](https://azuremarketplace.microsoft.com) page. +The following steps describe how to create a new deployment of Rancher Prime from the Azure Marketplace page. 1. Select the **Rancher Prime with 24x7 Support** offer (either **EU and UK only** or **non-EU and non-UK only**) that corresponds to the location where your account is registered. 1. Choose a plan from the dropdown menu. View the **Plans + Pricing** tab for more details about the plan. From cab14bc27976b8c132a89e4720382bf0345cba06 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Wed, 17 Jan 2024 14:35:08 -0800 Subject: [PATCH 67/77] Add 2.8.1 webhook version mapping --- docs/reference-guides/rancher-webhook.md | 1 + versioned_docs/version-2.8/reference-guides/rancher-webhook.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference-guides/rancher-webhook.md b/docs/reference-guides/rancher-webhook.md index 0060448992d..046b638ba41 100644 --- a/docs/reference-guides/rancher-webhook.md +++ b/docs/reference-guides/rancher-webhook.md @@ -20,6 +20,7 @@ Each Rancher version is designed to be compatible with a single version of the w | Rancher Version | Webhook Version | |-----------------|:---------------:| | v2.8.0 | v0.4.2 | +| v2.8.1 | v0.4.2 | ## Why Do We Need It? diff --git a/versioned_docs/version-2.8/reference-guides/rancher-webhook.md b/versioned_docs/version-2.8/reference-guides/rancher-webhook.md index 0060448992d..046b638ba41 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-webhook.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-webhook.md @@ -20,6 +20,7 @@ Each Rancher version is designed to be compatible with a single version of the w | Rancher Version | Webhook Version | |-----------------|:---------------:| | v2.8.0 | v0.4.2 | +| v2.8.1 | v0.4.2 | ## Why Do We Need It? From ce87dde56ed72a8bc34122c475300aeb93b6dad8 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Wed, 17 Jan 2024 15:41:16 -0800 Subject: [PATCH 68/77] Add 2.8.1 entry to versions table --- src/pages/versions.md | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/pages/versions.md b/src/pages/versions.md index 8d8301ade9c..7a1487b0ef6 100644 --- a/src/pages/versions.md +++ b/src/pages/versions.md @@ -10,10 +10,10 @@ Below are the documentation and release notes for the currently released version - + - - + +
    v2.8.0v2.8.1 DocumentationRelease NotesSupport MatrixRelease Notes
    N/A
    @@ -41,20 +41,31 @@ Below are the documentation and release notes for the currently released version ### Past versions -Below are the documentation and release notes for previous versions of Rancher 2.7.x: +Below are the documentation and release notes for previous versions of Rancher 2.8.x: - + + + + + + +
    v2.8.0DocumentationRelease Notes
    N/A
    + +
    + + + - + - + @@ -196,7 +207,7 @@ Below are the documentation and release notes for legacy versions of Rancher 2.5 - + From 3198dc92e000e42e2ca8d1c6106a25041b9fa047 Mon Sep 17 00:00:00 2001 From: Lucas Saintarbor Date: Wed, 17 Jan 2024 16:11:59 -0800 Subject: [PATCH 69/77] Apply suggestions from code review Co-authored-by: Marty Hernandez Avedon --- .../aws-marketplace-payg-integration/common-issues.md | 3 +++ .../installing-rancher-prime.md | 8 ++++---- .../aws-marketplace-payg-integration/prerequisites.md | 4 ++-- .../aws-marketplace-payg-integration/troubleshooting.md | 2 +- .../upgrading-rancher-payg-cluster.md | 2 +- .../azure-marketplace-payg-integration/common-issues.md | 6 +++++- .../upgrading-rancher-payg-cluster.md | 6 +++--- 7 files changed, 19 insertions(+), 12 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index 6df0070a237..cd448268605 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -1,6 +1,9 @@ --- title: AWS Marketplace Common Issues --- + +This page covers some common issues that might arise when setting up the Rancher Prime PAYG offering on Amazon's AWS Marketplace. + ### Migrating Rancher to a different EKS Cluster When you migrate Rancher to a different EKS cluster by following the steps in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md index 258b8dcdbf3..9e7d770230a 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/installing-rancher-prime.md @@ -57,7 +57,7 @@ eksctl create iamserviceaccount \ --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com ``` -1. Install Rancher with Helm. Customize your Helm installation values if needed: +1. Install Rancher with Helm. Customize your Helm installation values if needed. :::note @@ -135,11 +135,11 @@ When Helm chart installation successfully completes, Rancher Prime will be insta ## Log into the Rancher Dashboard -You may now log in to the Rancher dashboard by pointing your browser to the Rancher server URL `https://`. The `` is the hostname you entered when you [installed Rancher](#installing-rancher). +You may now log in to the Rancher dashboard by pointing your browser to the Rancher server URL, `https://`. The `` is the hostname you entered when you [installed Rancher](#installing-rancher). :::note -The Rancher hostname must be resolvable by public DNS. For more details, please refer to the [Prerequisites](prerequisites.md) section. +The Rancher hostname must be resolvable by public DNS. For more details, see [Prerequisites](prerequisites.md). ::: @@ -156,5 +156,5 @@ Uninstalling Rancher Prime may not remove all of the Kubernetes resources create The best practice for uninstalling the Rancher Prime PAYG offering is to migrate any non-Rancher workloads to a different cluster and destroy the Rancher cluster. :::warning -Ensure you prepare and migrate any non-Rancher workloads off the cluster before destroying the cluster since these resources are not recoverable. +Ensure that you prepare and migrate any non-Rancher workloads off of the cluster before you destroy the cluster. These resources are nonrecoverable. ::: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md index 82f8b8ea79e..9e6bb17301e 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/prerequisites.md @@ -5,8 +5,8 @@ title: Prerequisites Before using Rancher Prime on AWS as a pay-as-you-go (PAYG) offering, you need the following resources, information, and tools: - A Rancher-compatible EKS cluster. For more details, see the [Rancher support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/). Refer to [Creating an EKS cluster](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md) for bringing up an EKS cluster to [install Rancher Prime PAYG](installing-rancher-prime.md). -- An ingress on the EKS cluster, so that Rancher is accessible from outside the cluster. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deploying Ingress-NGINX on an EKS cluster. -- The Load Balancer IP address. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) and save the `EXTERNAL-IP`. +- An ingress on the EKS cluster, so that Rancher is accessible from outside the cluster. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#5-install-an-ingress) for instructions on deploying Ingress-NGINX on an EKS cluster. +- The Load Balancer IP address. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#6-get-load-balancer-ip) for how to find it, then save the `EXTERNAL-IP`. - The Rancher hostname. The hostname must be a fully qualified domain name (FQDN), and its corresponding IP address must be resolvable from a public DNS. See the [Rancher documentation](../../../getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/rancher-on-amazon-eks.md#7-set-up-dns) for instructions on how to set up DNS. This DNS points to the `EXTERNAL-IP`. - [`aws`](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). - [`curl`](https://curl.se/docs/install.html). diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md index 43387ea4faf..747c842c85b 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/troubleshooting.md @@ -47,7 +47,7 @@ If a pod is not in a `Running` state, you can attempt to find the root cause wit When you attempt to retrieve a usage record, you might see the following message: ```shell -Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record" not found" Check Configuration, Retrieve generated configuration csp-config +Error from server (NotFound): cspadapterusagerecords.susecloud.net "rancher-usage-record not found" Check Configuration, Retrieve generated configuration csp-config ``` To resolve the error, run: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index 32d19738cac..17d8f52198b 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -2,7 +2,7 @@ title: Upgrading Rancher Prime PAYG Cluster in AWS --- -The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are periodically updated as new versions of the billing adapter or Rancher Prime are released. When this happens, the Helm chart is updated with new tags and digests, and a new version of the Helm chart is uploaded. +The AWS Marketplace PAYG offering is tied to a billing adapter and the Rancher Prime version. These are periodically updated as new versions of the billing adapter or Rancher Prime are released. When a new update is available, the Helm chart is updated with new tags and digests, and a new version of the Helm chart is uploaded. To upgrade the deployed Helm chart to the latest version, run the following Helm command: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md index 33025523ea7..1ea6b610a7a 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -2,6 +2,10 @@ title: Azure Marketplace Common Issues --- -### Migrating Rancher to a different AKS Cluster +This page covers some common issues that might arise when setting up the Rancher Prime PAYG offering on Microsoft's Azure Marketplace. + + + +### Migrating Rancher to a Different AKS Cluster When you migrate Rancher to a different AKS cluster by following the steps in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md index ebf5dcdfd1f..b39efd514e5 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/upgrading-rancher-payg-cluster.md @@ -2,9 +2,9 @@ title: Upgrading Rancher Prime PAYG Cluster in Azure --- -The Azure Marketplace PAYG offering is periodically updated as a new version of Rancher Prime is released and for optimizations in the integration with Azure. +The Azure Marketplace PAYG offering is periodically updated when a new version of Rancher Prime is released, and to optimize integration with Azure. -To update to the latest version of the Rancher Prime PAYG offering supported in the marketplace listing, run the following command in the cluster Cloud Shell: +To update to the latest supported version of the Rancher Prime PAYG offering, run the following command in the cluster Cloud Shell: ```shell az k8s-extension update --name $CLUSTER_EXTENSION_RESOURCE_NAME --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --cluster-type managedClusters --version $VERSION_TO_BE_UPGRADED @@ -12,6 +12,6 @@ az k8s-extension update --name $CLUSTER_EXTENSION_RESOURCE_NAME --cluster-name :::warning -Rancher Prime PAYG customers have constraints on getting updates to the offer, based on the latest version SUSE has published to Azure. The latest available Rancher Prime version may trail slightly behind the latest Rancher release. +Rancher Prime PAYG customers have constraints on getting updates, based on the latest version SUSE has published to Azure. The latest available Rancher Prime version may trail slightly behind the latest Rancher release. ::: From 7cb977a75af8a26f1e0ee409a1d4877a4607707b Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Wed, 17 Jan 2024 16:55:12 -0800 Subject: [PATCH 70/77] Add back line intro line for 2.7 table --- src/pages/versions.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/pages/versions.md b/src/pages/versions.md index 7a1487b0ef6..2ab2238df0e 100644 --- a/src/pages/versions.md +++ b/src/pages/versions.md @@ -54,6 +54,8 @@ Below are the documentation and release notes for previous versions of Rancher 2
    +Below are the documentation and release notes for previous versions of Rancher 2.7.x: +
    v2.7.8 Documentation Release NotesSupport Matrix
    N/A
    v2.7.7 Documentation Release NotesSupport Matrix
    N/A
    v2.7.6v2.5.17 Documentation Release Notes
    N / A
    N/A
    v2.5.16
    From 0e8b62a573ba335cf2b6950ebdc88c2b4645f6d1 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Thu, 18 Jan 2024 11:01:56 -0800 Subject: [PATCH 71/77] Uodated title and small grammary changes to common issues page --- .../aws-marketplace-payg-integration/common-issues.md | 4 ++-- .../azure-marketplace-payg-integration/common-issues.md | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md index cd448268605..dd6ed7e4b1f 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-marketplace-payg-integration/common-issues.md @@ -1,9 +1,9 @@ --- -title: AWS Marketplace Common Issues +title: Common Issues for Rancher Prime PAYG on AWS --- This page covers some common issues that might arise when setting up the Rancher Prime PAYG offering on Amazon's AWS Marketplace. ### Migrating Rancher to a different EKS Cluster -When you migrate Rancher to a different EKS cluster by following the steps in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS marketplace. +When you migrate Rancher to a different EKS cluster by following the steps in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target EKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the AWS Marketplace. diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md index 1ea6b610a7a..cd68e5462b8 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/azure-marketplace-payg-integration/common-issues.md @@ -1,11 +1,9 @@ --- -title: Azure Marketplace Common Issues +title: Common Issues for Rancher Prime PAYG on Azure --- This page covers some common issues that might arise when setting up the Rancher Prime PAYG offering on Microsoft's Azure Marketplace. - - ### Migrating Rancher to a Different AKS Cluster When you migrate Rancher to a different AKS cluster by following the steps in [Rancher Backups and Disaster Recovery](../../../pages-for-subheaders/backup-restore-and-disaster-recovery.md), you must reinstall Rancher Prime on the target AKS cluster after restoring from the backup. Furthermore, the restored Rancher version must not be newer than the version available in the Azure Marketplace. From 980175da65100341943b7c457e59cb8d0f489bfb Mon Sep 17 00:00:00 2001 From: Sunil Singh Date: Fri, 19 Jan 2024 13:30:14 -0800 Subject: [PATCH 72/77] Adding in missing version-2.8.json file for international versions of the documentation. Fixes the Chinese sidebar translations for v2.8. Signed-off-by: Sunil Singh --- .../version-2.8.json | 387 ++++++++++++++++++ 1 file changed, 387 insertions(+) create mode 100644 i18n/zh/docusaurus-plugin-content-docs/version-2.8.json diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.8.json b/i18n/zh/docusaurus-plugin-content-docs/version-2.8.json new file mode 100644 index 00000000000..42af6504026 --- /dev/null +++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.8.json @@ -0,0 +1,387 @@ +{ + "version.label": { + "message": "v2.8", + "description": "The label for version 2.8" + }, + "sidebar.tutorialSidebar.category.Getting Started": { + "message": "开始使用", + "description": "The label for category Getting Started in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Quick Start Guides": { + "message": "快速入门指南", + "description": "The label for category Quick Start Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Deploy Rancher": { + "message": "部署 Rancher", + "description": "The label for category Deploy Rancher in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Deploy Workloads": { + "message": "部署工作负载", + "description": "The label for category Deploy Workloads in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Installation and Upgrade": { + "message": "安装和升级", + "description": "The label for category Installation and Upgrade in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Installation Requirements": { + "message": "安装要求", + "description": "The label for category Installation Requirements in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Installation References": { + "message": "安装参考", + "description": "The label for category Installation References in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Install/Upgrade on a Kubernetes Cluster": { + "message": "在 Kubernetes 集群上安装/升级", + "description": "The label for category Install/Upgrade on a Kubernetes Cluster in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Other Installation Methods": { + "message": "其他安装方式", + "description": "The label for category Other Installation Methods in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Air-Gapped Helm CLI Install": { + "message": "离线 Helm CLI 安装", + "description": "The label for category Air-Gapped Helm CLI Install in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Rancher on a Single Node with Docker": { + "message": "使用 Docker 将 Rancher 安装到单个节点中", + "description": "The label for category Rancher on a Single Node with Docker in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Rancher Behind an HTTP Proxy": { + "message": "HTTP 代理后的 Rancher", + "description": "The label for category Rancher Behind an HTTP Proxy in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Resources": { + "message": "资源", + "description": "The label for category Resources in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.How-to Guides": { + "message": "操作指南", + "description": "The label for category How-to Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.New User Guides": { + "message": "新用户指南", + "description": "The label for category New User Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Authentication, Permissions, and Global Configuration": { + "message": "身份验证、权限和全局配置", + "description": "The label for category Authentication, Permissions, and Global Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Authentication Config": { + "message": "身份验证配置", + "description": "The label for category Authentication Config in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Configure OpenLDAP": { + "message": "配置 OpenLDAP", + "description": "The label for category Configure OpenLDAP in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Configure Microsoft AD Federation Service (SAML)": { + "message": "配置 Microsoft AD FS (SAML)", + "description": "The label for category Configure Microsoft AD Federation Service (SAML) in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Configure Shibboleth (SAML)": { + "message": "配置 Shibboleth (SAML)", + "description": "The label for category Configure Shibboleth (SAML) in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Manage Role-Based Access Control (RBAC)": { + "message": "管理 RBAC", + "description": "The label for category Manage Role-Based Access Control (RBAC) in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.About Provisioning Drivers": { + "message": "关于 Provisioning 驱动", + "description": "The label for category About Provisioning Drivers in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.About RKE1 Templates": { + "message": "关于 RKE1 模板", + "description": "The label for category About RKE1 Templates in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Manage Clusters": { + "message": "管理集群", + "description": "The label for category Manage Clusters in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Access Clusters": { + "message": "访问集群", + "description": "The label for category Access Clusters in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Install Cluster Autoscaler": { + "message": "安装 Cluster Autoscaler", + "description": "The label for category Install Cluster Autoscaler in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Create Kubernetes Persistent Storage": { + "message": "创建 Kubernetes 持久存储", + "description": "The label for category Create Kubernetes Persistent Storage in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Provisioning Storage Examples": { + "message": "配置存储示例", + "description": "The label for category Provisioning Storage Examples in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Kubernetes Cluster Setup": { + "message": "Kubernetes 集群设置", + "description": "The label for category Kubernetes Cluster Setup in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Infrastructure Setup": { + "message": "基础设施设置", + "description": "The label for category Infrastructure Setup in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Kubernetes Clusters in Rancher Setup": { + "message": "Rancher 设置中的 Kubernetes 集群", + "description": "The label for category Kubernetes Clusters in Rancher Setup in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Checklist for Production-Ready Clusters": { + "message": "生产就绪集群检查清单", + "description": "The label for category Checklist for Production-Ready Clusters in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Set Up Clusters from Hosted Kubernetes Providers": { + "message": "通过托管 Kubernetes 提供商设置集群", + "description": "The label for category Set Up Clusters from Hosted Kubernetes Providers in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Use Windows Clusters": { + "message": "使用 Windows 集群", + "description": "The label for category Use Windows Clusters in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Set Up Cloud Providers": { + "message": "设置 Cloud Provider", + "description": "The label for category Set Up Cloud Providers in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Launch Kubernetes with Rancher": { + "message": "使用 Rancher 启动 Kubernetes", + "description": "The label for category Launch Kubernetes with Rancher in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Use New Nodes in an Infra Provider": { + "message": "在基础设施提供商中使用新节点", + "description": "The label for category Use New Nodes in an Infra Provider in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.vSphere": { + "message": "vSphere", + "description": "The label for category vSphere in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Nutanix": { + "message": "Nutanix", + "description": "The label for category Nutanix in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Kubernetes Resources Setup": { + "message": "Kubernetes 资源设置", + "description": "The label for category Kubernetes Resources Setup in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Workloads and Pods": { + "message": "工作负载和 Pod", + "description": "The label for category Workloads and Pods in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Horizontal Pod Autoscaler": { + "message": "Horizontal Pod Autoscaler", + "description": "The label for category Horizontal Pod Autoscaler in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Load Balancer and Ingress Controller": { + "message": "负载均衡和 Ingress Controller", + "description": "The label for category Load Balancer and Ingress Controller in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Helm Charts in Rancher": { + "message": "Rancher 中的 Helm Chart", + "description": "The label for category Helm Charts in Rancher in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Deploy Apps Across Clusters": { + "message": "跨集群部署应用", + "description": "The label for category Deploy Apps Across Clusters in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Backup, Restore, and Disaster Recovery": { + "message": "备份、还原和灾难恢复", + "description": "The label for category Backup, Restore, and Disaster Recovery in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Advanced User Guides": { + "message": "高级用户指南", + "description": "The label for category Advanced User Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Manage Projects": { + "message": "管理项目", + "description": "The label for category Manage Projects in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Manage Project Resource Quotas": { + "message": "管理项目资源配额", + "description": "The label for category Manage Project Resource Quotas in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Monitoring/Alerting Guides": { + "message": "Monitoring/Alerting 指南", + "description": "The label for category Monitoring/Alerting Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Prometheus Federator Guides": { + "message": "Prometheus Federator 指南", + "description": "The label for category Prometheus Federator Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Monitoring V2 Configuration Guides": { + "message": "Monitoring V2 配置指南", + "description": "The label for category Monitoring V2 Configuration Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Advanced Configuration": { + "message": "高级配置", + "description": "The label for category Advanced Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Istio Setup Guide": { + "message": "Istio 设置指南", + "description": "The label for category Istio Setup Guide in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.CIS Scan Guides": { + "message": "CIS 扫描指南", + "description": "The label for category CIS Scan Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Enable Experimental Features": { + "message": "启用实验功能", + "description": "The label for category Enable Experimental Features in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Reference Guides": { + "message": "参考指南", + "description": "The label for category Reference Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Best Practices": { + "message": "最佳实践", + "description": "The label for category Best Practices in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Rancher Server": { + "message": "Rancher Server", + "description": "The label for category Rancher Server in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Rancher-Managed Clusters": { + "message": "Rancher 管理的集群", + "description": "The label for category Rancher-Managed Clusters in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Rancher Architecture": { + "message": "Rancher 架构", + "description": "The label for category Rancher Architecture in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Cluster Configuration": { + "message": "集群配置", + "description": "The label for category Cluster Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Rancher Server Configuration": { + "message": "Rancher Server 配置", + "description": "The label for category Rancher Server Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.GKE Cluster Configuration": { + "message": "GKE 集群配置", + "description": "The label for category GKE Cluster Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Use Existing Nodes": { + "message": "使用现有节点", + "description": "The label for category Use Existing Nodes in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Downstream Cluster Configuration": { + "message": "下游集群配置", + "description": "The label for category Downstream Cluster Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Node Template Configuration": { + "message": "节点模板配置", + "description": "The label for category Node Template Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Machine Configuration": { + "message": "主机配置", + "description": "The label for category Machine Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Single-Node Rancher in Docker": { + "message": "Docker 中的单节点 Rancher", + "description": "The label for category Single-Node Rancher in Docker in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Backup & Restore Configuration": { + "message": "备份和恢复配置", + "description": "The label for category Backup & Restore Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Monitoring V2 Configuration": { + "message": "Monitoring V2 配置", + "description": "The label for category Monitoring V2 Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Prometheus Federator": { + "message": "Prometheus Federator", + "description": "The label for category Prometheus Federator in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.User Settings": { + "message": "用户设置", + "description": "The label for category User Settings in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.CLI with Rancher": { + "message": "Rancher CLI", + "description": "The label for category CLI with Rancher in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.About the API": { + "message": "关于 API", + "description": "The label for category About the API in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Rancher Security": { + "message": "Rancher 安全", + "description": "The label for category Rancher Security in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.SELinux RPM": { + "message": "SELinux RPM", + "description": "The label for category SELinux RPM in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Integrations in Rancher": { + "message": "Rancher 中的集成", + "description": "The label for category Integrations in Rancher in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Cloud Marketplace Integration": { + "message": "云市场集成", + "description": "The label for category Cloud Marketplace Integration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.AWS Marketplace Integration": { + "message": "AWS Marketplace 集成", + "description": "The label for category AWS Marketplace Integration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.CIS Scans": { + "message": "CIS 扫描", + "description": "The label for category CIS Scans in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Istio": { + "message": "Istio", + "description": "The label for category Istio in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Configuration Options": { + "message": "配置选项", + "description": "The label for category Configuration Options in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Logging": { + "message": "Logging", + "description": "The label for category Logging in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Custom Resource Configuration": { + "message": "自定义资源配置", + "description": "The label for category Custom Resource Configuration in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Monitoring and Alerting": { + "message": "监控和告警", + "description": "The label for category Monitoring and Alerting in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.FAQ": { + "message": "常见问题", + "description": "The label for category FAQ in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Troubleshooting": { + "message": "故障排除", + "description": "The label for category Troubleshooting in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Kubernetes Components": { + "message": "Kubernetes 组件", + "description": "The label for category Kubernetes Components in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Other Troubleshooting Tips": { + "message": "其他故障排除提示", + "description": "The label for category Other Troubleshooting Tips in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Hardening Guides": { + "message": "加固指南", + "description": "The label for category Hardening Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.RKE Hardening Guides": { + "message": "RKE 加固指南", + "description": "The label for category RKE Hardening Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.RKE2 Hardening Guides": { + "message": "RKE2 加固指南", + "description": "The label for category RKE2 Hardening Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.K3s Hardening Guides": { + "message": "K3s 加固指南", + "description": "The label for category K3s Hardening Guides in sidebar tutorialSidebar" + }, + "sidebar.tutorialSidebar.category.Continuous Delivery with Fleet": { + "message": "使用 Fleet 进行持续交付", + "description": "The label for category Continuous Delivery with Fleet in sidebar tutorialSidebar" + } + } + \ No newline at end of file From c4f8e548bad4f4934a9ed821a1111f089cde516e Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Mon, 22 Jan 2024 12:51:29 -0800 Subject: [PATCH 73/77] Bump heap size allocation - some builds not passing again --- .github/workflows/deploy.yml | 2 +- .github/workflows/test-deploy.yml | 2 +- package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4e257f0548d..9340858ea99 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -22,7 +22,7 @@ jobs: run: yarn install --frozen-lockfile - name: Build website env: - NODE_OPTIONS: "--max_old_space_size=4096" + NODE_OPTIONS: "--max_old_space_size=4608" run: yarn build --no-minify # Popular action to deploy to GitHub Pages: diff --git a/.github/workflows/test-deploy.yml b/.github/workflows/test-deploy.yml index 7c48089c289..6bdebacadb1 100644 --- a/.github/workflows/test-deploy.yml +++ b/.github/workflows/test-deploy.yml @@ -24,5 +24,5 @@ jobs: run: yarn run remark --quiet --use remark-lint-no-dead-urls ./docs - name: Test build website env: - NODE_OPTIONS: "--max_old_space_size=4096" + NODE_OPTIONS: "--max_old_space_size=4608" run: yarn build --no-minify \ No newline at end of file diff --git a/package.json b/package.json index ce09b6b1112..cc211cc5592 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "scripts": { "docusaurus": "docusaurus", "start": "docusaurus start", - "build": "NODE_OPTIONS='--max-old-space-size=4096' docusaurus build", + "build": "NODE_OPTIONS='--max-old-space-size=4608' docusaurus build", "swizzle": "docusaurus swizzle", "deploy": "docusaurus deploy", "clear": "docusaurus clear", From 94f70232460fb9047214e8edc76403fcdb0f75d9 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Wed, 17 Jan 2024 14:56:13 -0800 Subject: [PATCH 74/77] Update CNI popularity table for 2.8.1 --- docs/faq/container-network-interface-providers.md | 11 ++--------- shared-files/_cni-popularity.md | 10 ++++++++++ .../faq/container-network-interface-providers.md | 12 +++--------- .../faq/container-network-interface-providers.md | 13 +++---------- .../faq/container-network-interface-providers.md | 10 ++-------- .../faq/container-network-interface-providers.md | 10 ++-------- .../faq/container-network-interface-providers.md | 10 ++-------- 7 files changed, 24 insertions(+), 52 deletions(-) create mode 100644 shared-files/_cni-popularity.md diff --git a/docs/faq/container-network-interface-providers.md b/docs/faq/container-network-interface-providers.md index bd7bb49fae2..a8662eaf14a 100644 --- a/docs/faq/container-network-interface-providers.md +++ b/docs/faq/container-network-interface-providers.md @@ -182,18 +182,11 @@ The following table summarizes the different features available for each CNI net - Ingress/Egress Policies: This feature allows you to manage routing control for both Kubernetes and non-Kubernetes communications. - ## CNI Community Popularity -The following table summarizes different GitHub metrics to give you an idea of each project's popularity and activity. This data was collected in November 2023. +import CNIPopularityTable from '/shared-files/_cni-popularity.md'; -| Provider | Project | Stars | Forks | Contributors | -| ---- | ---- | ---- | ---- | ---- | -| Canal | https://github.com/projectcalico/canal | 707 | 104 | 20 | -| Flannel | https://github.com/flannel-io/flannel | 8.3k | 2.9k | 225 | -| Calico | https://github.com/projectcalico/calico | 5.1k | 1.2k | 328 | -| Weave | https://github.com/weaveworks/weave/ | 6.5k | 672 | 87 | -| Cilium | https://github.com/cilium/cilium | 17.1k | 2.5k | 677 | + ## Which CNI Provider Should I Use? diff --git a/shared-files/_cni-popularity.md b/shared-files/_cni-popularity.md new file mode 100644 index 00000000000..ca3ef5b60ea --- /dev/null +++ b/shared-files/_cni-popularity.md @@ -0,0 +1,10 @@ + +The following table summarizes different GitHub metrics to give you an idea of each project's popularity and activity. This data was collected in January 2024. + +| Provider | Project | Stars | Forks | Contributors | +| ---- | ---- | ---- | ---- | ---- | +| Canal | https://github.com/projectcalico/canal | 708 | 103 | 20 | +| Flannel | https://github.com/flannel-io/flannel | 8.3k | 2.9k | 231 | +| Calico | https://github.com/projectcalico/calico | 5.2k | 1.2k | 332 | +| Weave | https://github.com/weaveworks/weave/ | 6.5k | 670 | 87 | +| Cilium | https://github.com/cilium/cilium | 17.6k | 2.6k | 689 | diff --git a/versioned_docs/version-2.0-2.4/faq/container-network-interface-providers.md b/versioned_docs/version-2.0-2.4/faq/container-network-interface-providers.md index 9081a7f4ae8..4c2662c0a91 100644 --- a/versioned_docs/version-2.0-2.4/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.0-2.4/faq/container-network-interface-providers.md @@ -134,18 +134,12 @@ The following table summarizes the different features available for each CNI net - Ingress/Egress Policies: This feature allows you to manage routing control for both Kubernetes and non-Kubernetes communications. -#### CNI Community Popularity +### CNI Community Popularity -The following table summarizes different GitHub metrics to give you an idea of each project's popularity and activity. This data was collected in January 2020. +import CNIPopularityTable from '/shared-files/_cni-popularity.md'; -| Provider | Project | Stars | Forks | Contributors | -| ---- | ---- | ---- | ---- | ---- | -| Canal | https://github.com/projectcalico/canal | 614 | 89 | 19 | -| flannel | https://github.com/coreos/flannel | 4977 | 1.4k | 140 | -| Calico | https://github.com/projectcalico/calico | 1534 | 429 | 135 | -| Weave | https://github.com/weaveworks/weave/ | 5737 | 559 | 73 | + -
    ### Which CNI Provider Should I Use? It depends on your project needs. There are many different providers, which each have various features and options. There isn't one provider that meets everyone's needs. diff --git a/versioned_docs/version-2.5/faq/container-network-interface-providers.md b/versioned_docs/version-2.5/faq/container-network-interface-providers.md index e66d3a1dfe5..3e11f8cb90b 100644 --- a/versioned_docs/version-2.5/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.5/faq/container-network-interface-providers.md @@ -132,18 +132,11 @@ The following table summarizes the different features available for each CNI net - Ingress/Egress Policies: This feature allows you to manage routing control for both Kubernetes and non-Kubernetes communications. -#### CNI Community Popularity +### CNI Community Popularity -The following table summarizes different GitHub metrics to give you an idea of each project's popularity and activity. This data was collected in January 2020. +import CNIPopularityTable from '/shared-files/_cni-popularity.md'; -| Provider | Project | Stars | Forks | Contributors | -| ---- | ---- | ---- | ---- | ---- | -| Canal | https://github.com/projectcalico/canal | 614 | 89 | 19 | -| flannel | https://github.com/coreos/flannel | 4977 | 1.4k | 140 | -| Calico | https://github.com/projectcalico/calico | 1534 | 429 | 135 | -| Weave | https://github.com/weaveworks/weave/ | 5737 | 559 | 73 | - -
    + ### Which CNI Provider Should I Use? diff --git a/versioned_docs/version-2.6/faq/container-network-interface-providers.md b/versioned_docs/version-2.6/faq/container-network-interface-providers.md index 2f4809d249e..a8662eaf14a 100644 --- a/versioned_docs/version-2.6/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.6/faq/container-network-interface-providers.md @@ -184,15 +184,9 @@ The following table summarizes the different features available for each CNI net ## CNI Community Popularity -The following table summarizes different GitHub metrics to give you an idea of each project's popularity and activity. This data was collected in November 2023. +import CNIPopularityTable from '/shared-files/_cni-popularity.md'; -| Provider | Project | Stars | Forks | Contributors | -| ---- | ---- | ---- | ---- | ---- | -| Canal | https://github.com/projectcalico/canal | 707 | 104 | 20 | -| Flannel | https://github.com/flannel-io/flannel | 8.3k | 2.9k | 225 | -| Calico | https://github.com/projectcalico/calico | 5.1k | 1.2k | 328 | -| Weave | https://github.com/weaveworks/weave/ | 6.5k | 672 | 87 | -| Cilium | https://github.com/cilium/cilium | 17.1k | 2.5k | 677 | + ## Which CNI Provider Should I Use? diff --git a/versioned_docs/version-2.7/faq/container-network-interface-providers.md b/versioned_docs/version-2.7/faq/container-network-interface-providers.md index 2f4809d249e..a8662eaf14a 100644 --- a/versioned_docs/version-2.7/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.7/faq/container-network-interface-providers.md @@ -184,15 +184,9 @@ The following table summarizes the different features available for each CNI net ## CNI Community Popularity -The following table summarizes different GitHub metrics to give you an idea of each project's popularity and activity. This data was collected in November 2023. +import CNIPopularityTable from '/shared-files/_cni-popularity.md'; -| Provider | Project | Stars | Forks | Contributors | -| ---- | ---- | ---- | ---- | ---- | -| Canal | https://github.com/projectcalico/canal | 707 | 104 | 20 | -| Flannel | https://github.com/flannel-io/flannel | 8.3k | 2.9k | 225 | -| Calico | https://github.com/projectcalico/calico | 5.1k | 1.2k | 328 | -| Weave | https://github.com/weaveworks/weave/ | 6.5k | 672 | 87 | -| Cilium | https://github.com/cilium/cilium | 17.1k | 2.5k | 677 | + ## Which CNI Provider Should I Use? diff --git a/versioned_docs/version-2.8/faq/container-network-interface-providers.md b/versioned_docs/version-2.8/faq/container-network-interface-providers.md index 2f4809d249e..a8662eaf14a 100644 --- a/versioned_docs/version-2.8/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.8/faq/container-network-interface-providers.md @@ -184,15 +184,9 @@ The following table summarizes the different features available for each CNI net ## CNI Community Popularity -The following table summarizes different GitHub metrics to give you an idea of each project's popularity and activity. This data was collected in November 2023. +import CNIPopularityTable from '/shared-files/_cni-popularity.md'; -| Provider | Project | Stars | Forks | Contributors | -| ---- | ---- | ---- | ---- | ---- | -| Canal | https://github.com/projectcalico/canal | 707 | 104 | 20 | -| Flannel | https://github.com/flannel-io/flannel | 8.3k | 2.9k | 225 | -| Calico | https://github.com/projectcalico/calico | 5.1k | 1.2k | 328 | -| Weave | https://github.com/weaveworks/weave/ | 6.5k | 672 | 87 | -| Cilium | https://github.com/cilium/cilium | 17.1k | 2.5k | 677 | + ## Which CNI Provider Should I Use? From 99a37596a34ec6ecac3afa5483cfe5b9289b85ad Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 18 Jan 2024 11:25:58 -0800 Subject: [PATCH 75/77] Update shared-files/_cni-popularity.md Co-authored-by: Marty Hernandez Avedon --- shared-files/_cni-popularity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared-files/_cni-popularity.md b/shared-files/_cni-popularity.md index ca3ef5b60ea..e2b5bf845c9 100644 --- a/shared-files/_cni-popularity.md +++ b/shared-files/_cni-popularity.md @@ -1,5 +1,5 @@ -The following table summarizes different GitHub metrics to give you an idea of each project's popularity and activity. This data was collected in January 2024. +The following table summarizes different GitHub metrics to give you an idea of each project's popularity and activity levels. This data was collected in January 2024. | Provider | Project | Stars | Forks | Contributors | | ---- | ---- | ---- | ---- | ---- | From f747efc410cfa023da149ae5725b41219a694101 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Mon, 22 Jan 2024 15:10:19 -0800 Subject: [PATCH 76/77] Trigger Build From 964b48145e18efde2283e4fd3802ae94b4a5224c Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Mon, 22 Jan 2024 15:36:36 -0800 Subject: [PATCH 77/77] Bump heap size more --- .github/workflows/deploy.yml | 2 +- .github/workflows/test-deploy.yml | 2 +- package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9340858ea99..d2d15cc90af 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -22,7 +22,7 @@ jobs: run: yarn install --frozen-lockfile - name: Build website env: - NODE_OPTIONS: "--max_old_space_size=4608" + NODE_OPTIONS: "--max_old_space_size=5120" run: yarn build --no-minify # Popular action to deploy to GitHub Pages: diff --git a/.github/workflows/test-deploy.yml b/.github/workflows/test-deploy.yml index 6bdebacadb1..01662059905 100644 --- a/.github/workflows/test-deploy.yml +++ b/.github/workflows/test-deploy.yml @@ -24,5 +24,5 @@ jobs: run: yarn run remark --quiet --use remark-lint-no-dead-urls ./docs - name: Test build website env: - NODE_OPTIONS: "--max_old_space_size=4608" + NODE_OPTIONS: "--max_old_space_size=5120" run: yarn build --no-minify \ No newline at end of file diff --git a/package.json b/package.json index cc211cc5592..abc472e80c9 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "scripts": { "docusaurus": "docusaurus", "start": "docusaurus start", - "build": "NODE_OPTIONS='--max-old-space-size=4608' docusaurus build", + "build": "NODE_OPTIONS='--max-old-space-size=5120' docusaurus build", "swizzle": "docusaurus swizzle", "deploy": "docusaurus deploy", "clear": "docusaurus clear",
    v2.7.8