mirror of
https://github.com/rancher/rancher-docs.git
synced 2026-05-23 05:15:16 +00:00
Denise
GitHub
@@ -103,4 +103,4 @@ Using the Unique ID of the service account key, register it as an Oauth Client u
|
||||
1. Click **Authenticate with Google**.
|
||||
1. Click **Save**.
|
||||
|
||||
**Result:** Google authentication is successfully configured.
|
||||
**Result:** Google authentication is successfully configured.
|
||||
|
||||
@@ -88,7 +88,7 @@ The following table depicts the port requirements for [Rancher Launched Kubernet
|
||||
|
||||
### Port Requirements for Clusters Hosted by an Infrastructure Provider
|
||||
|
||||
If you are launching a Kubernetes cluster on nodes that are in an infastructure provider such as Amazon EC2, Google Container Engine, DigitalOcean, Azure, or vSphere, [these port requirements]({{<baseurl>}}/rancher/v2.x/en/cluster-provisioning/node-requirements/port-reqs-for-infrastructure-provider) apply.
|
||||
If you are launching a Kubernetes cluster on nodes that are in an infastructure provider such as Amazon EC2, Google Container Engine, DigitalOcean, Azure, or vSphere, these port requirements apply.
|
||||
|
||||
These required ports are automatically opened by Rancher during creation of clusters using cloud providers.
|
||||
|
||||
@@ -157,4 +157,4 @@ However, this traffic may be blocked when:
|
||||
- You have applied strict host firewall policies on the node.
|
||||
- You are using nodes that have multiple interfaces (multihomed).
|
||||
|
||||
In these cases, you have to explicitly allow this traffic in your host firewall, or in case of public/private cloud hosted machines (i.e. AWS or OpenStack), in your security group configuration. Keep in mind that when using a security group as source or destination in your security group, explicitly opening ports only applies to the private interface of the nodes/instances.
|
||||
In these cases, you have to explicitly allow this traffic in your host firewall, or in case of public/private cloud hosted machines (i.e. AWS or OpenStack), in your security group configuration. Keep in mind that when using a security group as source or destination in your security group, explicitly opening ports only applies to the private interface of the nodes/instances.
|
||||
|
||||
@@ -32,7 +32,7 @@ For a full list of all the best practices that we recommend, refer to the [best
|
||||
|
||||
For more information on what each role is used for, refer to the [section on roles for nodes in Kubernetes.]({{<baseurl>}}/rancher/v2.x/en/cluster-provisioning/production/nodes-and-roles)
|
||||
|
||||
For more information about the recommended number of nodes for each Kubernetes role, refer to the [section on recommended architecture.]({{<baseurl>}}/rancher/v2.x/en/cluster/provisioning/recommended-architecture)
|
||||
For more information about the recommended number of nodes for each Kubernetes role, refer to the [section on recommended architecture.]({{<baseurl>}}/rancher/v2.x/encluster-provisioning/recommended-architecture)
|
||||
|
||||
### Logging and Monitoring
|
||||
|
||||
@@ -46,4 +46,4 @@ For more information about the recommended number of nodes for each Kubernetes r
|
||||
### Networking
|
||||
|
||||
* Minimize network latency. Rancher recommends minimizing latency between the etcd nodes. The default setting for `heartbeat-interval` is `500`, and the default setting for `election-timeout` is `5000`. These [settings for etcd tuning](https://coreos.com/etcd/docs/latest/tuning.html) allow etcd to run in most networks (except really high latency networks).
|
||||
* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider]({{<baseurl>}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/cloud-providers/) resources, consult the documentation for any restrictions (i.e. zone storage restrictions).
|
||||
* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider]({{<baseurl>}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/cloud-providers/) resources, consult the documentation for any restrictions (i.e. zone storage restrictions).
|
||||
|
||||
@@ -131,10 +131,10 @@ The following tables break down the port requirements for inbound and outbound t
|
||||
| TCP | 2376 | Any node IP from a node created using Node driver | Docker daemon TLS port used by Docker Machine |
|
||||
| TCP | 6443 | Hosted/Imported Kubernetes API | Kubernetes API server |
|
||||
|
||||
**Note** Rancher nodes may also require additional outbound access for any external [authentication provider]({{< baseurl >}}rancher/v2.x/en/admin-settings/authentication/) which is configured (LDAP for example).
|
||||
**Note** Rancher nodes may also require additional outbound access for any external [authentication provider]({{< baseurl >}}/rancher/v2.x/en/admin-settings/authentication/) which is configured (LDAP for example).
|
||||
|
||||
### Additional Port Requirements for Nodes in High-Availability Rancher Installations
|
||||
|
||||
You will need to open additional ports to the launch the Kubernetes cluster that is required for a high-availability installation of Rancher.
|
||||
|
||||
The ports that need to be opened for each node depend on the node's Kubernetes role: etcd, controlplane, or worker. For a breakdown of the port requirements for each role, refer to the [port requirements for the Rancher Kubernetes Engine.]({{<baseurl>}}/rke/latest/en/os/#ports)
|
||||
The ports that need to be opened for each node depend on the node's Kubernetes role: etcd, controlplane, or worker. For a breakdown of the port requirements for each role, refer to the [port requirements for the Rancher Kubernetes Engine.]({{<baseurl>}}/rke/latest/en/os/#ports)
|
||||
|
||||
+1
-1
@@ -36,7 +36,7 @@ This Quick Start Guide is divided into different tasks for easier consumption.
|
||||
>**Note:**
|
||||
> When using a cloud-hosted virtual machine you need to allow inbound TCP communication to ports 80 and 443. Please see your cloud-host's documentation for information regarding port configuration.
|
||||
>
|
||||
> For a full list of port requirements, refer to [Single Node Installation]({{<baseurl>}}/rancher/v2.x/en/installation/node-requirements/).
|
||||
> For a full list of port requirements, refer to [Single Node Installation]({{<baseurl>}}/rancher/v2.x/en/cluster-provisioning/node-requirements/).
|
||||
|
||||
Provision the host according to our [Requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements/).
|
||||
|
||||
|
||||
Reference in New Issue
Block a user