public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-26 22:58:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into master-to-staging

Browse Source
This commit is contained in:
Jennifer Travinski
2022-05-06 15:46:32 -04:00
parent ee9a4a18dd 877427c716
commit 6f5704f5ea
3 changed files with 48 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.6/en/backups/examples/_index.md
+7
View File
@@ -272,6 +272,13 @@ data:
# Example EncryptionConfiguration
The snippet below demonstrates two different types of secrets and their relevance with respect to Backup and Restore of custom resources.
The first example is that of a secret that is used to encrypt the backup files. The backup operator, in this case, will not be able to read the secrets encryption file. It only uses the contents of the secret.
The second example is that of a Kubernetes secrets encryption config file that is used to encrypt secrets when stored in etcd. **When backing up the etcd datastore, be sure to also back up the EncryptionConfiguration.** Failure to do so will result in an inability to use the restored data if secrets encryption was in use at the time the data was backed up.
```yaml
apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-rke2/_index.md
+35 -50
View File
@@ -89,7 +89,7 @@ To use this `kubeconfig` file,
1. Install [kubectl,](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) a Kubernetes command-line tool.
2. Copy the file at `/etc/rancher/rke2/rke2.yaml` and save it to the directory `~/.kube/config` on your local machine.
3. In the kubeconfig file, the `server` directive is defined as localhost. Configure the server as the DNS of your load balancer, referring to port 6443. (The Kubernetes API server will be reached at port 6443, while the Rancher server will be reached at ports 80 and 443.) Here is an example `rke2.yaml`:
3. In the kubeconfig file, the `server` directive is defined as localhost. Configure the server as the DNS of your control-plane load balancer, on port 6443. (The RKE2 Kubernetes API Server uses port 6443, while the Rancher server will be served via the NGINX Ingress on ports 80 and 443.) Here is an example `rke2.yaml`:
```yml
apiVersion: v1
@@ -128,55 +128,40 @@ Now that you have set up the `kubeconfig` file, you can use `kubectl` to access
Check that all the required pods and containers are healthy are ready to continue:
```
/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system etcd-ip-172-31-18-145 1/1 Running 0 4m37s
kube-system etcd-ip-172-31-25-73 1/1 Running 0 20m
kube-system etcd-ip-172-31-31-210 1/1 Running 0 9m12s
kube-system helm-install-rke2-canal-th9k9 0/1 Completed 0 21m
kube-system helm-install-rke2-coredns-6njr6 0/1 Completed 0 21m
kube-system helm-install-rke2-ingress-nginx-vztsd 0/1 Completed 0 21m
kube-system helm-install-rke2-kube-proxy-6std5 0/1 Completed 0 21m
kube-system helm-install-rke2-metrics-server-9sl7m 0/1 Completed 0 21m
kube-system kube-apiserver-ip-172-31-18-145 1/1 Running 0 4m22s
kube-system kube-apiserver-ip-172-31-25-73 1/1 Running 0 20m
kube-system kube-apiserver-ip-172-31-31-210 1/1 Running 0 9m8s
kube-system kube-controller-manager-ip-172-31-18-145 1/1 Running 0 4m8s
kube-system kube-controller-manager-ip-172-31-25-73 1/1 Running 0 21m
kube-system kube-controller-manager-ip-172-31-31-210 1/1 Running 0 8m55s
kube-system kube-proxy-57twm 1/1 Running 0 10m
kube-system kube-proxy-f7pc6 1/1 Running 0 5m24s
kube-system kube-proxy-rj4t5 1/1 Running 0 21m
kube-system kube-scheduler-ip-172-31-18-145 1/1 Running 0 4m15s
kube-system kube-scheduler-ip-172-31-25-73 1/1 Running 0 21m
kube-system kube-scheduler-ip-172-31-31-210 1/1 Running 0 8m48s
kube-system rke2-canal-4x972 2/2 Running 0 10m
kube-system rke2-canal-flh8m 2/2 Running 0 5m24s
kube-system rke2-canal-zfhkr 2/2 Running 0 21m
kube-system rke2-coredns-rke2-coredns-6cd96645d6-cmstq 1/1 Running 0 21m
kube-system rke2-ingress-nginx-controller-54946dd48f-6mp76 1/1 Running 0 20m
kube-system rke2-ingress-nginx-default-backend-5795954f8-p92xx 1/1 Running 0 20m
kube-system rke2-metrics-server-5f9b5757dc-k5sgh 1/1 Running 0 20m
/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system cloud-controller-manager-rke2-server-1 1/1 Running 0 2m28s
kube-system cloud-controller-manager-rke2-server-2 1/1 Running 0 61s
kube-system cloud-controller-manager-rke2-server-3 1/1 Running 0 49s
kube-system etcd-rke2-server-1 1/1 Running 0 2m13s
kube-system etcd-rke2-server-2 1/1 Running 0 87s
kube-system etcd-rke2-server-3 1/1 Running 0 56s
kube-system helm-install-rke2-canal-hs6sx 0/1 Completed 0 2m17s
kube-system helm-install-rke2-coredns-xmzm8 0/1 Completed 0 2m17s
kube-system helm-install-rke2-ingress-nginx-flwnl 0/1 Completed 0 2m17s
kube-system helm-install-rke2-metrics-server-7sggn 0/1 Completed 0 2m17s
kube-system kube-apiserver-rke2-server-1 1/1 Running 0 116s
kube-system kube-apiserver-rke2-server-2 1/1 Running 0 66s
kube-system kube-apiserver-rke2-server-3 1/1 Running 0 48s
kube-system kube-controller-manager-rke2-server-1 1/1 Running 0 2m30s
kube-system kube-controller-manager-rke2-server-2 1/1 Running 0 57s
kube-system kube-controller-manager-rke2-server-3 1/1 Running 0 42s
kube-system kube-proxy-rke2-server-1 1/1 Running 0 2m25s
kube-system kube-proxy-rke2-server-2 1/1 Running 0 59s
kube-system kube-proxy-rke2-server-3 1/1 Running 0 85s
kube-system kube-scheduler-rke2-server-1 1/1 Running 0 2m30s
kube-system kube-scheduler-rke2-server-2 1/1 Running 0 57s
kube-system kube-scheduler-rke2-server-3 1/1 Running 0 42s
kube-system rke2-canal-b9lvm 2/2 Running 0 91s
kube-system rke2-canal-khwp2 2/2 Running 0 2m5s
kube-system rke2-canal-swfmq 2/2 Running 0 105s
kube-system rke2-coredns-rke2-coredns-547d5499cb-6tvwb 1/1 Running 0 92s
kube-system rke2-coredns-rke2-coredns-547d5499cb-rdttj 1/1 Running 0 2m8s
kube-system rke2-coredns-rke2-coredns-autoscaler-65c9bb465d-85sq5 1/1 Running 0 2m8s
kube-system rke2-ingress-nginx-controller-69qxc 1/1 Running 0 52s
kube-system rke2-ingress-nginx-controller-7hprp 1/1 Running 0 52s
kube-system rke2-ingress-nginx-controller-x658h 1/1 Running 0 52s
kube-system rke2-metrics-server-6564db4569-vdfkn 1/1 Running 0 66s
```
**Result:** You have confirmed that you can access the cluster with `kubectl` and the RKE2 cluster is running successfully. Now the Rancher management server can be installed on the cluster.
### 5. Configure nginx to be a daemonset
Currently, RKE2 deploys nginx-ingress as a deployment, and that can impact the Rancher deployment so that you cannot use all servers to proxy requests to the Rancher pods.
To rectify that, place the following file in /var/lib/rancher/rke2/server/manifests on any of the server nodes:
```yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-ingress-nginx
namespace: kube-system
spec:
valuesContent: |-
controller:
kind: DaemonSet
daemonset:
useHostPort: true
```
content/rke/latest/en/os/_index.md
+6
View File
@@ -154,6 +154,12 @@ If using Red Hat Enterprise Linux, Oracle Linux or CentOS, you cannot use the `r
systemctl disable nm-cloud-setup.service nm-cloud-setup.timer
reboot
```
>
> In addition, the default firewall settings of RHEL 8.4 prevent RKE1 pods from reaching out to Rancher to connect to the cluster agent. To allow Docker containers to reach out to the internet and connect to Rancher, make the following updates to the firewall settings:
> ```
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --reload
```
#### Using upstream Docker
If you are using upstream Docker, the package name is `docker-ce` or `docker-ee`. You can check the installed package by executing: