Merge pull request #3955 from rancher/master-to-staging

Master to staging
2026-05-18 10:55:21 +00:00 · 2022-03-15 16:22:41 -04:00
parent 2bf34cbf1e c97a6e3a43
commit 9a1fc15784
40 changed files with 132 additions and 59 deletions
@@ -32,3 +32,5 @@ There are a few config flags that must be the same in all server nodes:

 ## Existing clusters
 If you have an existing cluster using the default embedded SQLite database, you can convert it to etcd by simply restarting your K3s server with the `--cluster-init` flag. Once you've done that, you'll be able to add additional instances as described above.
+
+>**Important:** K3s v1.22.2 and newer support migration from SQLite to etcd. Older versions will create a new empty datastore if you add `--cluster-init` to an existing server.
@@ -22,7 +22,7 @@ If you wish to use WireGuard as your flannel backend it may require additional k

 ### Custom CNI

-Run K3s with `--flannel-backend=none` and install your CNI of choice. IP Forwarding should be enabled for Canal and Calico. Please reference the steps below.
+Run K3s with `--flannel-backend=none` and install your CNI of choice. Most CNI plugins come with their own network policy engine, so it is recommended to set `--disable-network-policy` as well to avoid conflicts. IP Forwarding should be enabled for Canal and Calico. Please reference the steps below.

 {{% tabs %}}
 {{% tab "Canal" %}}
@@ -142,7 +142,7 @@ For a how-to guide for setting up a DNS record to route domain traffic to an Ama

 Rancher supports air gap installs using a secure Docker private registry. You must have your own private registry or other means of distributing Docker images to your machines.

-In a later step, when you set up your K3s Kubernetes cluster, you will create a [private registries configuration file]({{<baseurl>}}/k3s/latest/en/installation/private-registry/) with details from this registry.
+In a later step, when you set up your RKE Kubernetes cluster, you will create a [private registries configuration file]({{<baseurl>}}/rke/latest/en/config-options/private-registries/) with details from this registry.

 If you need help with creating a private registry, please refer to the [official Docker documentation.](https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry)

@@ -164,8 +164,6 @@ For an example of one way to set up Linux nodes, refer to this [tutorial]({{<bas

 Rancher supports air gap installs using a Docker private registry on your bastion server. You must have your own private registry or other means of distributing Docker images to your machines.

-In a later step, when you set up your K3s Kubernetes cluster, you will create a [private registries configuration file]({{<baseurl>}}/k3s/latest/en/installation/private-registry/) with details from this registry.
-
 If you need help with creating a private registry, please refer to the [official Docker documentation.](https://docs.docker.com/registry/)

 {{% /tab %}}
@@ -5,6 +5,8 @@ weight: 100
 ---
 The following steps will quickly deploy a Rancher Server on AWS with a single node cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.0-v2.4/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -5,6 +5,8 @@ weight: 100
 ---
 The following steps will quickly deploy a Rancher Server on DigitalOcean with a single node cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.0-v2.4/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -5,6 +5,8 @@ weight: 100
 ---
 The following steps will quickly deploy a Rancher server on GCP in a single-node RKE Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.0-v2.4/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -6,6 +6,8 @@ weight: 100

 The following steps will quickly deploy a Rancher server on Azure in a single-node RKE Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.0-v2.4/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -8,6 +8,8 @@ Howdy Partner! This tutorial walks you through:
 - Creation of your first cluster
 - Deployment of an application, Nginx

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.0-v2.4/en/installation/).
+
 ## Quick Start Outline

 This Quick Start Guide is divided into different tasks for easier consumption.
@@ -96,13 +98,13 @@ In this task, you can use the versatile **Custom** option. This option lets you

 11. When you finish running the command on your Linux host, click **Done**.

-**Result:** 
+**Result:**

 Your cluster is created and assigned a state of **Provisioning.** Rancher is standing up your cluster.

 You can access your cluster after its state is updated to **Active.**

-**Active** clusters are assigned two Projects: 
+**Active** clusters are assigned two Projects:

 - `Default`, containing the `default` namespace
 - `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces
@@ -4,6 +4,8 @@ weight: 200
 ---
 The following steps quickly deploy a Rancher Server with a single node cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.0-v2.4/en/installation/).
+
 ## Prerequisites

 - [Vagrant](https://www.vagrantup.com): Vagrant is required as this is used to provision the machine based on the Vagrantfile.
@@ -14,7 +16,7 @@ The following steps quickly deploy a Rancher Server with a single node cluster a
 - Vagrant will require plugins to create VirtualBox VMs. Install them with the following commands:

  `vagrant plugin install vagrant-vboxmanage`
-  
+
  `vagrant plugin install vagrant-vbguest`

 ## Getting Started
@@ -19,7 +19,7 @@ When you set up your high-availability Rancher installation, consider the follow
 Don't run other workloads or microservices in the Kubernetes cluster that Rancher is installed on.

 ### Make sure nodes are configured correctly for Kubernetes ###
-It's important to follow K8s and etcd best practices when deploying your nodes, including disabling swap, double checking you have full network connectivity between all machines in the cluster, using unique hostnames, MAC addresses, and product_uuids for every node, checking that all correct ports are opened, and deploying with ssd backed etcd.  More details can be found in the [kubernetes docs](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) and [etcd's performance op guide](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/performance.md)
+It's important to follow K8s and etcd best practices when deploying your nodes, including disabling swap, double checking you have full network connectivity between all machines in the cluster, using unique hostnames, MAC addresses, and product_uuids for every node, checking that all correct ports are opened, and deploying with ssd backed etcd. More details can be found in the [kubernetes docs](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) and [etcd's performance op guide](https://etcd.io/docs/v3.4/op-guide/performance/).

 ### When using RKE: Back up the Statefile
 RKE keeps record of the cluster state in a file called `cluster.rkestate`. This file is important for the recovery of a cluster and/or the continued maintenance of the cluster through RKE. Because this file contains certificate material, we strongly recommend encrypting this file before backing up. After each run of `rke up` you should backup the state file. 
@@ -145,7 +145,7 @@ For a how-to guide for setting up a DNS record to route domain traffic to an Ama

 Rancher supports air gap installs using a secure Docker private registry. You must have your own private registry or other means of distributing Docker images to your machines.

-In a later step, when you set up your K3s Kubernetes cluster, you will create a [private registries configuration file]({{<baseurl>}}/k3s/latest/en/installation/private-registry/) with details from this registry.
+In a later step, when you set up your RKE Kubernetes cluster, you will create a [private registries configuration file]({{<baseurl>}}/rke/latest/en/config-options/private-registries/) with details from this registry.

 If you need help with creating a private registry, please refer to the [official Docker documentation.](https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry)

@@ -167,8 +167,6 @@ For an example of one way to set up Linux nodes, refer to this [tutorial]({{<bas

 Rancher supports air gap installs using a Docker private registry on your bastion server. You must have your own private registry or other means of distributing Docker images to your machines.

-In a later step, when you set up your K3s Kubernetes cluster, you will create a [private registries configuration file]({{<baseurl>}}/k3s/latest/en/installation/private-registry/) with details from this registry.
-
 If you need help with creating a private registry, please refer to the [official Docker documentation.](https://docs.docker.com/registry/)

 {{% /tab %}}
@@ -26,14 +26,14 @@ kubectl create namespace cert-manager
 Install the CustomResourceDefinitions of cert-manager:

 ```
-kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.2/cert-manager.crds.yaml
+kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
 ```

 And install it with Helm. Note that cert-manager also needs your proxy configured in case it needs to communicate with Let's Encrypt or other external certificate issuers:

 ```
 helm upgrade --install cert-manager jetstack/cert-manager \
-  --namespace cert-manager --version v0.15.2 \
+  --namespace cert-manager --version v1.5.1 \
  --set http_proxy=http://${proxy_host} \
  --set https_proxy=http://${proxy_host} \
  --set noProxy=127.0.0.0/8\\,10.0.0.0/8\\,cattle-system.svc\\,172.16.0.0/12\\,192.168.0.0/16\\,.svc\\,.cluster.local
@@ -13,6 +13,7 @@ A summary of the steps is as follows:
 2. Create or update the `tls-ca` Kubernetes secret resource with the root CA certificate (only required when using a private CA).
 3. Update the Rancher installation using the Helm CLI.
 4. Reconfigure the Rancher agents to trust the new CA certificate.
+5. Select Force Update of Fleet clusters to connect fleet-agent to Rancher.

 The details of these instructions are below.

@@ -145,3 +146,12 @@ First, generate the agent definitions as described here: https://gist.github.com

 Then, connect to a controlplane node of the downstream cluster via SSH, create a Kubeconfig and apply the definitions:
 https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b
+
+
+# 5. Select Force Update of Fleet clusters to connect fleet-agent to Rancher
+
+Select 'Force Update' for the clusters within the [Continuous Delivery]({{<baseurl>}}/rancher/v2.5/en/deploy-across-clusters/fleet/#accessing-fleet-in-the-rancher-ui) view under Cluster Explorer in the Rancher UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher.
+
+### Why is this step required?
+
+Fleet agents in Rancher managed clusters store kubeconfig that is used to connect to the Rancher proxied kube-api in the fleet-agent secret of the fleet-system namespace. The kubeconfig contains a certificate-authority-data block containing the Rancher CA. When changing the Rancher CA, this block needs to be updated for a successful connection of the fleet-agent to Rancher.
@@ -1,10 +1,8 @@
 ---
 title: Rancher Deployment Quick Start Guides
 metaDescription: Use this section to jump start your Rancher deployment and testing. It contains instructions for a simple Rancher setup and some common use cases.
-short title: Use this section to jump start your Rancher deployment and testing. It contains instructions for a simple Rancher setup and some common use cases. 
+short title: Use this section to jump start your Rancher deployment and testing. It contains instructions for a simple Rancher setup and some common use cases.
 weight: 2
-aliases:
-  - /rancher/v2.x/en/quick-start-guide/
 ---
 >**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.5/en/installation/).

@@ -5,6 +5,8 @@ weight: 100
 ---
 The following steps will quickly deploy a Rancher server on AWS in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.5/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -24,7 +26,7 @@ The following steps will quickly deploy a Rancher server on AWS in a single-node
 3. Rename the `terraform.tfvars.example` file to `terraform.tfvars`.

 4. Edit `terraform.tfvars` and customize the following variables:
-    - `aws_access_key` - Amazon AWS Access Key 
+    - `aws_access_key` - Amazon AWS Access Key
    - `aws_secret_key` - Amazon AWS Secret Key
    - `rancher_server_admin_password` - Admin password for created Rancher server

@@ -5,6 +5,8 @@ weight: 100
 ---
 The following steps will quickly deploy a Rancher server on DigitalOcean in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.5/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -5,6 +5,8 @@ weight: 100
 ---
 The following steps will quickly deploy a Rancher server on GCP in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.5/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -25,7 +27,7 @@ The following steps will quickly deploy a Rancher server on GCP in a single-node
 3. Rename the `terraform.tfvars.example` file to `terraform.tfvars`.

 4. Edit `terraform.tfvars` and customize the following variables:
-    - `gcp_account_json` - GCP service account file path and file name 
+    - `gcp_account_json` - GCP service account file path and file name
    - `rancher_server_admin_password` - Admin password for created Rancher server

 5. **Optional:** Modify optional variables within `terraform.tfvars`.
@@ -6,6 +6,8 @@ weight: 100

 The following steps will quickly deploy a Rancher server on Azure in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.5/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -27,7 +29,7 @@ The following steps will quickly deploy a Rancher server on Azure in a single-no
 3. Rename the `terraform.tfvars.example` file to `terraform.tfvars`.

 4. Edit `terraform.tfvars` and customize the following variables:
-    - `azure_subscription_id` - Microsoft Azure Subscription ID 
+    - `azure_subscription_id` - Microsoft Azure Subscription ID
    - `azure_client_id` - Microsoft Azure Client ID
    - `azure_client_secret` - Microsoft Azure Client Secret
    - `azure_tenant_id` - Microsoft Azure Tenant ID
@@ -41,7 +43,7 @@ Suggestions include:
    - `instance_type` - Compute instance size used, minimum is `Standard_DS2_v2` but `Standard_DS2_v3` or `Standard_DS3_v2` could be used if within budget
    - `add_windows_node` - If true, an additional Windows worker node is added to the workload cluster
    - `windows_admin_password` - The admin password of the windows worker node
-    
+
 6. Run `terraform init`.

 7. To initiate the creation of the environment, run `terraform apply --auto-approve`. Then wait for output similar to the following:
@@ -10,6 +10,8 @@ Howdy Partner! This tutorial walks you through:
 - Creation of your first cluster
 - Deployment of an application, Nginx

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.5/en/installation/).
+
 ## Quick Start Outline

 This Quick Start Guide is divided into different tasks for easier consumption.
@@ -104,13 +106,13 @@ In this task, you can use the versatile **Custom** option. This option lets you

 1. When you finish running the command on your Linux host, click **Done**.

-**Result:** 
+**Result:**

 Your cluster is created and assigned a state of **Provisioning.** Rancher is standing up your cluster.

 You can access your cluster after its state is updated to **Active.**

-**Active** clusters are assigned two Projects: 
+**Active** clusters are assigned two Projects:

 - `Default`, containing the `default` namespace
 - `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces
@@ -6,6 +6,8 @@ aliases:
 ---
 The following steps quickly deploy a Rancher Server with a single node cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.5/en/installation/).
+
 ## Prerequisites

 - [Vagrant](https://www.vagrantup.com): Vagrant is required as this is used to provision the machine based on the Vagrantfile.
@@ -16,7 +18,7 @@ The following steps quickly deploy a Rancher Server with a single node cluster a
 - Vagrant will require plugins to create VirtualBox VMs. Install them with the following commands:

  `vagrant plugin install vagrant-vboxmanage`
-  
+
  `vagrant plugin install vagrant-vbguest`

 ## Getting Started
@@ -15,7 +15,7 @@ When you set up your high-availability Rancher installation, consider the follow
 Don't run other workloads or microservices in the Kubernetes cluster that Rancher is installed on.

 ### Make sure nodes are configured correctly for Kubernetes ###
-It's important to follow K8s and etcd best practices when deploying your nodes, including disabling swap, double checking you have full network connectivity between all machines in the cluster, using unique hostnames, MAC addresses, and product_uuids for every node, checking that all correct ports are opened, and deploying with ssd backed etcd.  More details can be found in the [kubernetes docs](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) and [etcd's performance op guide](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/performance.md)
+It's important to follow K8s and etcd best practices when deploying your nodes, including disabling swap, double checking you have full network connectivity between all machines in the cluster, using unique hostnames, MAC addresses, and product_uuids for every node, checking that all correct ports are opened, and deploying with ssd backed etcd. More details can be found in the [kubernetes docs](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) and [etcd's performance op guide](https://etcd.io/docs/v3.4/op-guide/performance/).

 ### When using RKE: Back up the Statefile
 RKE keeps record of the cluster state in a file called `cluster.rkestate`. This file is important for the recovery of a cluster and/or the continued maintenance of the cluster through RKE. Because this file contains certificate material, we strongly recommend encrypting this file before backing up. After each run of `rke up` you should backup the state file. 
@@ -20,7 +20,7 @@ Rancher provides an intuitive user interface for interacting with your clusters.

 You can use the Kubernetes command-line tool, [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), to manage   your clusters. You have two options for using kubectl:

- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell]({{<baseurl>}}/rancher/v2.6/en/cluster-access/kubectl/).
+- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell]({{<baseurl>}}/rancher/v2.6/en/cluster-admin/cluster-access/kubectl/).
 - **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](./kubectl/).

 ### Rancher CLI
@@ -341,7 +341,10 @@ Example:
 local_cluster_auth_endpoint:
  enabled: true
  fqdn: "FQDN"
-  ca_certs: "BASE64_CACERT"
+  ca_certs: |-
+    -----BEGIN CERTIFICATE-----
+    ...
+    -----END CERTIFICATE-----
 ```

 ### Custom Network Plug-in
@@ -14,7 +14,6 @@ You can use Rancher to create a cluster hosted in Microsoft Azure Kubernetes Ser
 - [Role-based Access Control](#role-based-access-control)
 - [AKS Cluster Configuration Reference](#aks-cluster-configuration-reference)
 - [Private Clusters](#private-clusters)
- [Minimum AKS Permissions](#minimum-aks-permissions)
 - [Syncing](#syncing)
 - [Programmatically Creating AKS Clusters](#programmatically-creating-aks-clusters)

@@ -168,7 +168,7 @@ Also in the K3s documentation, nodes with the worker role are called agent nodes

 # Debug Logging and Troubleshooting for Registered K3s Clusters

-Nodes are upgraded by the system upgrade controller running in the downstream cluster. Based on the cluster configuration, Rancher deploys two [plans](https://github.com/rancher/system-upgrade-controller#example-upgrade-plan) to upgrade K3s nodes: one for controlplane nodes and one for workers. The system upgrade controller follows the plans and upgrades the nodes. 
+Nodes are upgraded by the system upgrade controller running in the downstream cluster. Based on the cluster configuration, Rancher deploys two [plans](https://github.com/rancher/system-upgrade-controller#example-upgrade-plan) to upgrade K3s nodes: one for controlplane nodes and one for workers. The system upgrade controller follows the plans and upgrades the nodes.

 To enable debug logging on the system upgrade controller deployment, edit the [configmap](https://github.com/rancher/system-upgrade-controller/blob/50a4c8975543d75f1d76a8290001d87dc298bdb4/manifests/system-upgrade-controller.yaml#L32) to set the debug environment variable to true. Then restart the `system-upgrade-controller` pod.

@@ -196,7 +196,7 @@ Authorized Cluster Endpoint (ACE) support has been added for registered RKE2 and

 > **Note:**
 >
-> - These steps only need to be performed on the control plane nodes of the downstream cluster. You must configure each control plane node individually. 
+> - These steps only need to be performed on the control plane nodes of the downstream cluster. You must configure each control plane node individually.
 >
 > - The following steps will work on both RKE2 and K3s clusters registered in v2.6.x as well as those registered (or imported) from a previous version of Rancher with an upgrade to v2.6.x.
 >
@@ -223,19 +223,19 @@ Authorized Cluster Endpoint (ACE) support has been added for registered RKE2 and
          context:
            user: Default
            cluster: Default
-        
+
 1. Add the following to the config file (or create one if it doesn’t exist); note that the default location is `/etc/rancher/{rke2,k3s}/config.yaml`:

        kube-apiserver-arg:
            - authentication-token-webhook-config-file=/var/lib/rancher/{rke2,k3s}/kube-api-authn-webhook.yaml
-        
+
 1. Run the following commands:

        sudo systemctl stop {rke2,k3s}-server
        sudo systemctl start {rke2,k3s}-server

 1. Finally, you **must** go back to the Rancher UI and edit the imported cluster there to complete the ACE enablement. Click on **⋮ > Edit Config**, then click the **Networking** tab under Cluster Configuration. Finally, click the **Enabled** button for **Authorized Endpoint**. Once the ACE is enabled, you then have the option of entering a fully qualified domain name (FQDN) and certificate information.  
-      
+
      >**Note:** The <b>FQDN</b> field is optional, and if one is entered, it should point to the downstream cluster. Certificate information is only needed if there is a load balancer in front of the downstream cluster that is using an untrusted certificate. If you have a valid certificate, then nothing needs to be added to the <b>CA Certificates</b> field.

 # Annotating Registered Clusters
@@ -286,4 +286,3 @@ To annotate a registered cluster,
 1. Click **Save**.

 **Result:** The annotation does not give the capabilities to the cluster, but it does indicate to Rancher that the cluster has those capabilities.
-
@@ -142,7 +142,7 @@ For a how-to guide for setting up a DNS record to route domain traffic to an Ama

 Rancher supports air gap installs using a secure Docker private registry. You must have your own private registry or other means of distributing Docker images to your machines.

-In a later step, when you set up your K3s Kubernetes cluster, you will create a [private registries configuration file]({{<baseurl>}}/k3s/latest/en/installation/private-registry/) with details from this registry.
+In a later step, when you set up your RKE Kubernetes cluster, you will create a [private registries configuration file]({{<baseurl>}}/rke/latest/en/config-options/private-registries/) with details from this registry.

 If you need help with creating a private registry, please refer to the [official Docker documentation.](https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry)

@@ -164,8 +164,6 @@ For an example of one way to set up Linux nodes, refer to this [tutorial]({{<bas

 Rancher supports air gap installs using a Docker private registry on your bastion server. You must have your own private registry or other means of distributing Docker images to your machines.

-In a later step, when you set up your K3s Kubernetes cluster, you will create a [private registries configuration file]({{<baseurl>}}/k3s/latest/en/installation/private-registry/) with details from this registry.
-
 If you need help with creating a private registry, please refer to the [official Docker documentation.](https://docs.docker.com/registry/)

 {{% /tab %}}
@@ -65,7 +65,7 @@ helm upgrade --install rancher rancher-latest/rancher \
   --namespace cattle-system \
   --set hostname=rancher.example.com \
   --set proxy=http://${proxy_host}
-   --set no_proxy=127.0.0.0/8\\,10.0.0.0/8\\,cattle-system.svc\\,172.16.0.0/12\\,192.168.0.0/16\\,.svc\\,.cluster.local
+   --set noProxy=127.0.0.0/8\\,10.0.0.0/8\\,cattle-system.svc\\,172.16.0.0/12\\,192.168.0.0/16\\,.svc\\,.cluster.local
 ```

 After waiting for the deployment to finish:
@@ -11,6 +11,7 @@ A summary of the steps is as follows:
 2. Create or update the `tls-ca` Kubernetes secret resource with the root CA certificate (only required when using a private CA).
 3. Update the Rancher installation using the Helm CLI.
 4. Reconfigure the Rancher agents to trust the new CA certificate.
+5. Select Force Update of Fleet clusters to connect fleet-agent to Rancher.

 The details of these instructions are below.

@@ -143,3 +144,11 @@ First, generate the agent definitions as described here: https://gist.github.com

 Then, connect to a controlplane node of the downstream cluster via SSH, create a Kubeconfig and apply the definitions:
 https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b
+
+# 5. Select Force Update of Fleet clusters to connect fleet-agent to Rancher
+
+Select 'Force Update' for the clusters within the [Continuous Delivery]({{<baseurl>}}/rancher/v2.6/en/deploy-across-clusters/fleet/#accessing-fleet-in-the-rancher-ui) view of the Rancher UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher.
+
+### Why is this step required?
+
+Fleet agents in Rancher managed clusters store kubeconfig that is used to connect to the Rancher proxied kube-api in the fleet-agent secret of the fleet-system namespace. The kubeconfig contains a certificate-authority-data block containing the Rancher CA. When changing the Rancher CA, this block needs to be updated for a successful connection of the fleet-agent to Rancher.
@@ -19,18 +19,38 @@ The resource quota includes two limits, which you set while creating or editing

 - **Project Limits:**

-    This set of values configures an overall resource limit for the project. If you try to add a new namespace to the project, Rancher uses the limits you've set to validate that the project has enough resources to accommodate the namespace.  In other words, if you try to move a namespace into a project near its resource quota, Rancher blocks you from moving the namespace.
+    This set of values configures a total limit for each specified resource shared among all namespaces in the project.

 - **Namespace Default Limits:**

-    This value is the default resource limit available for each namespace. When the resource quota is created at the project level, this limit is automatically propagated to each namespace in the project. Each namespace is bound to this default limit unless you override it.
+    This set of values configures the default quota limit available for each namespace for each specified resource.
+    When a namespace is created in the project without overrides, this limit is automatically bound to the namespace and enforced.
+
    
 In the following diagram, a Rancher administrator wants to apply a resource quota that sets the same CPU and memory limit for every namespace in their project (`Namespace 1-4`). However, in Rancher, the administrator can set a resource quota for the project (`Project Resource Quota`) rather than individual namespaces. This quota includes resource limits for both the entire project (`Project Limit`) and individual namespaces (`Namespace Default Limit`). Rancher then propagates the `Namespace Default Limit` quotas to each namespace (`Namespace Resource Quota`) when created.

 <sup>Rancher: Resource Quotas Propagating to Each Namespace</sup>
 ![Rancher Resource Quota Implementation]({{<baseurl>}}/img/rancher/rancher-resource-quota.png)

-Let's highlight some more nuanced functionality. If a quota is deleted at the project level, it will also be removed from all namespaces contained within that project, despite any overrides that may exist. Further, updating an existing namespace default limit for a quota at the project level will not result in that value being propagated to existing namespaces in the project; the updated value will only be applied to newly created namespaces in that project. To update a namespace default limit for existing namespaces you can delete and subsequently recreate the quota at the project level with the new default value. This will result in the new default value being applied to all existing namespaces in the project.
+Let's highlight some more nuanced functionality for namespaces created **_within_** the Rancher UI. If a quota is deleted at the project level, it will also be removed from all namespaces contained within that project, despite any overrides that may exist. Further, updating an existing namespace default limit for a quota at the project level will not result in that value being propagated to existing namespaces in the project; the updated value will only be applied to newly created namespaces in that project. To update a namespace default limit for existing namespaces you can delete and subsequently recreate the quota at the project level with the new default value. This will result in the new default value being applied to all existing namespaces in the project.
+
+Before creating a namespace in a project, Rancher compares the amounts of the project's available resources and requested resources, regardless of whether they come from the default or overridden limits.
+If the requested resources exceed the remaining capacity in the project for those resources, Rancher will assign the namespace the remaining capacity for that resource.
+
+However, this is not the case with namespaces created **_outside_** of Rancher's UI. For namespaces created via `kubectl`, Rancher
+will assign a resource quota that has a **zero** amount for any resource that requested more capacity than what remains in the project.
+
+To create a namespace in an existing project via `kubectl`, use the `field.cattle.io/projectId` annotation. To override the default
+requested quota limit, use the `field.cattle.io/resourceQuota` annotation.
+```
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    field.cattle.io/projectId: [your-cluster-ID]:[your-project-ID]
+    field.cattle.io/resourceQuota: '{"limit":{"limitsCpu":"100m", "limitsMemory":"100Mi", "configMaps": "50"}}'
+  name: my-ns
+```

 The following table explains the key differences between the two quota types.

@@ -1,8 +1,10 @@
 ---
 title: Rancher Deployment Quick Start Guides
 metaDescription: Use this section to jump start your Rancher deployment and testing. It contains instructions for a simple Rancher setup and some common use cases.
-short title: Use this section to jump start your Rancher deployment and testing. It contains instructions for a simple Rancher setup and some common use cases. 
+short title: Use this section to jump start your Rancher deployment and testing. It contains instructions for a simple Rancher setup and some common use cases.
 weight: 2
+aliases:
+  - /rancher/v2.x/en/quick-start-guide/
 ---
 >**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.6/en/installation/).

@@ -5,6 +5,8 @@ weight: 100
 ---
 The following steps will quickly deploy a Rancher server on AWS in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.6/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -24,7 +26,7 @@ The following steps will quickly deploy a Rancher server on AWS in a single-node
 3. Rename the `terraform.tfvars.example` file to `terraform.tfvars`.

 4. Edit `terraform.tfvars` and customize the following variables:
-    - `aws_access_key` - Amazon AWS Access Key 
+    - `aws_access_key` - Amazon AWS Access Key
    - `aws_secret_key` - Amazon AWS Secret Key
    - `rancher_server_admin_password` - Admin password for created Rancher server

@@ -5,6 +5,8 @@ weight: 120
 ---
 The following steps will quickly deploy a Rancher server on DigitalOcean in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.6/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -10,6 +10,8 @@ weight: 250
 - Creation of your first cluster
 - Deployment of an application, Nginx

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.6/en/installation/).
+
 ## Quick Start Outline

 This Quick Start Guide is divided into different tasks for easier consumption.
@@ -41,7 +43,7 @@ This Quick Start Guide is divided into different tasks for easier consumption.
  - [Equinix Metal Pricing](https://metal.equinix.com/developers/docs/servers/server-specs/)

  **Note:**
-  > When provisioning a new Equinix Metal Server via the CLI or API you will need to be able to provide the following information:  project-id, plan, metro, and the operating-system 
+  > When provisioning a new Equinix Metal Server via the CLI or API you will need to be able to provide the following information:  project-id, plan, metro, and the operating-system
  > When using a cloud-hosted virtual machine you need to allow inbound TCP communication to ports 80 and 443.  Please see your cloud-host's documentation for information regarding port configuration.
  > For a full list of port requirements, refer to [Docker Installation]({{<baseurl>}}/rancher/v2.6/en/cluster-provisioning/node-requirements/).
  > Provision the host according to our [Requirements]({{<baseurl>}}/rancher/v2.6/en/installation/requirements/).
@@ -102,13 +104,13 @@ In this task, you can use the versatile **Custom** option. This option lets you

 11. When you finish running the command on your Linux host, click **Done**.

-**Result:** 
+**Result:**

 Your cluster is created and assigned a state of **Provisioning**. Rancher is standing up your cluster.

 You can access your cluster after its state is updated to **Active**.

-**Active** clusters are assigned two Projects: 
+**Active** clusters are assigned two Projects:

 - `Default`, containing the `default` namespace
 - `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces
@@ -5,6 +5,8 @@ weight: 130
 ---
 The following steps will quickly deploy a Rancher server on GCP in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.6/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -25,7 +27,7 @@ The following steps will quickly deploy a Rancher server on GCP in a single-node
 3. Rename the `terraform.tfvars.example` file to `terraform.tfvars`.

 4. Edit `terraform.tfvars` and customize the following variables:
-    - `gcp_account_json` - GCP service account file path and file name 
+    - `gcp_account_json` - GCP service account file path and file name
    - `rancher_server_admin_password` - Admin password for created Rancher server

 5. **Optional:** Modify optional variables within `terraform.tfvars`.
@@ -5,6 +5,8 @@ weight: 140
 ---
 The following steps will quickly deploy a Rancher server on Hetzner Cloud in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.6/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -6,6 +6,8 @@ weight: 115

 The following steps will quickly deploy a Rancher server on Azure in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.6/en/installation/).
+
 ## Prerequisites

 >**Note**
@@ -27,7 +29,7 @@ The following steps will quickly deploy a Rancher server on Azure in a single-no
 3. Rename the `terraform.tfvars.example` file to `terraform.tfvars`.

 4. Edit `terraform.tfvars` and customize the following variables:
-    - `azure_subscription_id` - Microsoft Azure Subscription ID 
+    - `azure_subscription_id` - Microsoft Azure Subscription ID
    - `azure_client_id` - Microsoft Azure Client ID
    - `azure_client_secret` - Microsoft Azure Client Secret
    - `azure_tenant_id` - Microsoft Azure Tenant ID
@@ -41,7 +43,7 @@ Suggestions include:
    - `instance_type` - Compute instance size used, minimum is `Standard_DS2_v2` but `Standard_DS2_v3` or `Standard_DS3_v2` could be used if within budget
    - `add_windows_node` - If true, an additional Windows worker node is added to the workload cluster
    - `windows_admin_password` - The admin password of the windows worker node
-    
+
 6. Run `terraform init`.

 7. To initiate the creation of the environment, run `terraform apply --auto-approve`. Then wait for output similar to the following:
@@ -8,6 +8,8 @@ Howdy Partner! This tutorial walks you through:
 - Creation of your first cluster
 - Deployment of an application, Nginx

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.6/en/installation/).
+
 ## Quick Start Outline

 This Quick Start Guide is divided into different tasks for easier consumption.
@@ -96,13 +98,13 @@ In this task, you can use the versatile **Custom** option. This option lets you

 11. When you finish running the command on your Linux host, click **Done**.

-**Result:** 
+**Result:**

 Your cluster is created and assigned a state of **Provisioning**. Rancher is standing up your cluster.

 You can access your cluster after its state is updated to **Active**.

-**Active** clusters are assigned two Projects: 
+**Active** clusters are assigned two Projects:

 - `Default`, containing the `default` namespace
 - `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces
@@ -4,6 +4,8 @@ weight: 200
 ---
 The following steps quickly deploy a Rancher Server with a single node cluster attached.

+>**Note:** The intent of these guides is to quickly launch a sandbox that you can use to evaluate Rancher. These guides are not intended for production environments. For comprehensive setup instructions, see [Installation]({{<baseurl>}}/rancher/v2.6/en/installation/).
+
 ## Prerequisites

 - [Vagrant](https://www.vagrantup.com): Vagrant is required as this is used to provision the machine based on the Vagrantfile.
@@ -14,7 +16,7 @@ The following steps quickly deploy a Rancher Server with a single node cluster a
 - Vagrant will require plugins to create VirtualBox VMs. Install them with the following commands:

  `vagrant plugin install vagrant-vboxmanage`
-  
+
  `vagrant plugin install vagrant-vbguest`

 ## Getting Started
@@ -6,7 +6,9 @@ weight: 230

 To deploy Kubernetes, RKE deploys several core components or services in Docker containers on the nodes. Based on the roles of the node, the containers deployed may be different.

-**All services support additional [custom arguments, Docker mount binds and extra environment variables]({{<baseurl>}}/rke/latest/en/config-options/services/services-extras/).**
+>**Note:** All services support <b>additional custom arguments, Docker mount binds, and extra environment variables.</b> 
+>
+>To configure advanced options for Kubernetes services such as `kubelet`, `kube-controller`, and `kube-apiserver` that are not documented below, see the [`extra_args` documentation]({{<baseurl>}}/rke/latest/en/config-options/services/services-extras/) for more details.

 | Component               | Services key name in cluster.yml |
 |-------------------------|----------------------------------|
@@ -1,14 +1,9 @@
 {{ if not .Lastmod.IsZero }}Last updated on {{ .Lastmod.Format "Jan 2, 2006" }}{{ end }}
 <div class="buttons-container">
    <a href="{{.Site.Params.ghdocsrepo}}/edit/master/content/{{.File.Path}}" class="btn bg-link">
-        <button class="button has-icon-right">
+        <button class="button">
            <span>Edit this page</span>
-            <svg class="icon right" enable-background="new 0 0 34 34" viewBox="0 0 34 34" xmlns="http://www.w3.org/2000/svg">
-                <g>
-                    <path class="svg-linear" d="m19.5 12 5 5-5 5"></path>
-                    <path class="svg-linear" d="m24.5 17h-15"></path>
-                </g>
-            </svg>
+
        </button>
    </a>
 </div>