From 7b663df2041814c8aa9a6a659a9340f21830999e Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Fri, 25 Feb 2022 14:45:29 -0800 Subject: [PATCH 01/35] Remove right arrow on edit page button --- layouts/partials/page-edit.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layouts/partials/page-edit.html b/layouts/partials/page-edit.html index 4ab823fef49..a478a426a1b 100755 --- a/layouts/partials/page-edit.html +++ b/layouts/partials/page-edit.html @@ -1,7 +1,7 @@ {{ if not .Lastmod.IsZero }}Last updated on {{ .Lastmod.Format "Jan 2, 2006" }}{{ end }}
-
From efe305af78e656f07afcc2368cf5d46cc8362b69 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Fri, 4 Mar 2022 13:29:35 -0500 Subject: [PATCH 14/35] Removed broken link from 2.6 TOC --- .../hosted-kubernetes-clusters/aks/_index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md index a0ad8a5c24f..f54e1e42bdd 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md @@ -14,7 +14,6 @@ You can use Rancher to create a cluster hosted in Microsoft Azure Kubernetes Ser - [Role-based Access Control](#role-based-access-control) - [AKS Cluster Configuration Reference](#aks-cluster-configuration-reference) - [Private Clusters](#private-clusters) -- [Minimum AKS Permissions](#minimum-aks-permissions) - [Syncing](#syncing) - [Programmatically Creating AKS Clusters](#programmatically-creating-aks-clusters) From 15f0b81debba68c390b83b4ee438df7917a42c49 Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Mon, 7 Mar 2022 17:01:20 +0530 Subject: [PATCH 15/35] Amendments to Cluster provisioning and registering documentation --- .../registered-clusters/_index.md | 13 ++++---- suggesting-an-improvement.md | 33 +++++++++++++++++++ 2 files changed, 39 insertions(+), 7 deletions(-) create mode 100644 suggesting-an-improvement.md diff --git a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md index 4d9ab0c2a1f..cdcbc76e1a1 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md @@ -3,7 +3,7 @@ title: Registering Existing Clusters weight: 6 --- -The cluster registration feature replaced the feature to import clusters. +Along with importing clusters, as of v2.5, Rancher allows you to tie in closer with cloud APIs and manage your cluster by registering existing clusters. The control that Rancher has to manage a registered cluster depends on the type of cluster. For details, see [Management Capabilities for Registered Clusters.](#management-capabilities-for-registered-clusters) @@ -168,7 +168,7 @@ Also in the K3s documentation, nodes with the worker role are called agent nodes # Debug Logging and Troubleshooting for Registered K3s Clusters -Nodes are upgraded by the system upgrade controller running in the downstream cluster. Based on the cluster configuration, Rancher deploys two [plans](https://github.com/rancher/system-upgrade-controller#example-upgrade-plan) to upgrade K3s nodes: one for controlplane nodes and one for workers. The system upgrade controller follows the plans and upgrades the nodes. +Nodes are upgraded by the system upgrade controller running in the downstream cluster. Based on the cluster configuration, Rancher deploys two [plans](https://github.com/rancher/system-upgrade-controller#example-upgrade-plan) to upgrade K3s nodes: one for controlplane nodes and one for workers. The system upgrade controller follows the plans and upgrades the nodes. To enable debug logging on the system upgrade controller deployment, edit the [configmap](https://github.com/rancher/system-upgrade-controller/blob/50a4c8975543d75f1d76a8290001d87dc298bdb4/manifests/system-upgrade-controller.yaml#L32) to set the debug environment variable to true. Then restart the `system-upgrade-controller` pod. @@ -196,7 +196,7 @@ Authorized Cluster Endpoint (ACE) support has been added for registered RKE2 and > **Note:** > -> - These steps only need to be performed on the control plane nodes of the downstream cluster. You must configure each control plane node individually. +> - These steps only need to be performed on the control plane nodes of the downstream cluster. You must configure each control plane node individually. > > - The following steps will work on both RKE2 and K3s clusters registered in v2.6.x as well as those registered (or imported) from a previous version of Rancher with an upgrade to v2.6.x. > @@ -223,19 +223,19 @@ Authorized Cluster Endpoint (ACE) support has been added for registered RKE2 and context: user: Default cluster: Default - + 1. Add the following to the config file (or create one if it doesn’t exist); note that the default location is `/etc/rancher/{rke2,k3s}/config.yaml`: kube-apiserver-arg: - authentication-token-webhook-config-file=/var/lib/rancher/{rke2,k3s}/kube-api-authn-webhook.yaml - + 1. Run the following commands: sudo systemctl stop {rke2,k3s}-server sudo systemctl start {rke2,k3s}-server 1. Finally, you **must** go back to the Rancher UI and edit the imported cluster there to complete the ACE enablement. Click on **⋮ > Edit Config**, then click the **Networking** tab under Cluster Configuration. Finally, click the **Enabled** button for **Authorized Endpoint**. Once the ACE is enabled, you then have the option of entering a fully qualified domain name (FQDN) and certificate information. - + >**Note:** The FQDN field is optional, and if one is entered, it should point to the downstream cluster. Certificate information is only needed if there is a load balancer in front of the downstream cluster that is using an untrusted certificate. If you have a valid certificate, then nothing needs to be added to the CA Certificates field. # Annotating Registered Clusters @@ -286,4 +286,3 @@ To annotate a registered cluster, 1. Click **Save**. **Result:** The annotation does not give the capabilities to the cluster, but it does indicate to Rancher that the cluster has those capabilities. - diff --git a/suggesting-an-improvement.md b/suggesting-an-improvement.md new file mode 100644 index 00000000000..c243c72b006 --- /dev/null +++ b/suggesting-an-improvement.md @@ -0,0 +1,33 @@ +# Suggesting an improvement + +If you notice an issue with Kubewarden documentation or want to suggest new content, then open an issue. You only require access to a [GitHub account](https://github.com/join) and a browser. + +In most cases, any new documentation work for Kubewarden begins with an issue in GitHub. The [documentation team for Kubewarden](https://github.com/orgs/kubewarden/teams/kubewarden-documentation) reviews, categorizes and tags them as appropriate. Everybody is welcome to work on the issue, including the reporter, but we request that you assign it to yourself before commencing any work to avoid duplicate efforts. + +## Opening an issue + +If you want to suggest improvements to existing documentation content or notice an error, then open an issue. + +- Click the GitHub Octocat icon on the top. This redirects you to the [documentation repository for Kubewarden](https://github.com/kubewarden/docs). +- Navigate to the Issues tab and click **New issue**. +- Describe the issue or suggestion for improvement. The more details you provide, the better! +- Click Submit new issue. +- Post submitting, you can either assign it to yourself or wait for a community member to pick it up. Members of the documentation team and from the community might request clarifications before they can take action on your issue, so we'd request you to actively check your issue or [turn on GitHub notifications](https://docs.github.com/en/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications). + +## New content suggestions + +If you want to suggest new content, please file an issue following the steps above. Either + +- You can choose an existing page in the section you think the content belongs in and click Create an issue. +OR +- Navigate to [GitHub](https://github.com/kubewarden/docs/issues/new/choose) and file the issue directly. + +## How do I make my contribution count? + +No contribution is big or small! However, to ensure that the community derives maximum value we'd request you to follow the below when reporting an issue: + +- Focus on providing a clear description of the issue. Some key points to consider would be specifically describing what is missing, outdated, erroneous, or requires qualitative/technical improvement. +- Detailing the specific impact the issue has on users. +- Delimiting the scope of the issue. If the scope is larger, we'd request you to break it down to smaller tasks within an issue. For example, "Creating a Contribution guide" is very widely scoped since there would be multiple tasks associated with the issue. However, "Fixing grammatical error on the Quickstart page" is a more narrowly scoped issue that would, potentially, require only a single pull request. +- Crosscheck existing issues to avoid duplicate work. +- There is a fair chance that you're opening an issue with reference to another pull request or existing issue. Ensure you reference it in the issue you're opening to provide context for contributors who may want to work on it. From 0cefcedccda62c3bab7db44a185ac2b41f570289 Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Mon, 7 Mar 2022 17:17:50 +0530 Subject: [PATCH 16/35] Adding change to the registereing cluster docs --- suggesting-an-improvement.md | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 suggesting-an-improvement.md diff --git a/suggesting-an-improvement.md b/suggesting-an-improvement.md deleted file mode 100644 index c243c72b006..00000000000 --- a/suggesting-an-improvement.md +++ /dev/null @@ -1,33 +0,0 @@ -# Suggesting an improvement - -If you notice an issue with Kubewarden documentation or want to suggest new content, then open an issue. You only require access to a [GitHub account](https://github.com/join) and a browser. - -In most cases, any new documentation work for Kubewarden begins with an issue in GitHub. The [documentation team for Kubewarden](https://github.com/orgs/kubewarden/teams/kubewarden-documentation) reviews, categorizes and tags them as appropriate. Everybody is welcome to work on the issue, including the reporter, but we request that you assign it to yourself before commencing any work to avoid duplicate efforts. - -## Opening an issue - -If you want to suggest improvements to existing documentation content or notice an error, then open an issue. - -- Click the GitHub Octocat icon on the top. This redirects you to the [documentation repository for Kubewarden](https://github.com/kubewarden/docs). -- Navigate to the Issues tab and click **New issue**. -- Describe the issue or suggestion for improvement. The more details you provide, the better! -- Click Submit new issue. -- Post submitting, you can either assign it to yourself or wait for a community member to pick it up. Members of the documentation team and from the community might request clarifications before they can take action on your issue, so we'd request you to actively check your issue or [turn on GitHub notifications](https://docs.github.com/en/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications). - -## New content suggestions - -If you want to suggest new content, please file an issue following the steps above. Either - -- You can choose an existing page in the section you think the content belongs in and click Create an issue. -OR -- Navigate to [GitHub](https://github.com/kubewarden/docs/issues/new/choose) and file the issue directly. - -## How do I make my contribution count? - -No contribution is big or small! However, to ensure that the community derives maximum value we'd request you to follow the below when reporting an issue: - -- Focus on providing a clear description of the issue. Some key points to consider would be specifically describing what is missing, outdated, erroneous, or requires qualitative/technical improvement. -- Detailing the specific impact the issue has on users. -- Delimiting the scope of the issue. If the scope is larger, we'd request you to break it down to smaller tasks within an issue. For example, "Creating a Contribution guide" is very widely scoped since there would be multiple tasks associated with the issue. However, "Fixing grammatical error on the Quickstart page" is a more narrowly scoped issue that would, potentially, require only a single pull request. -- Crosscheck existing issues to avoid duplicate work. -- There is a fair chance that you're opening an issue with reference to another pull request or existing issue. Ensure you reference it in the issue you're opening to provide context for contributors who may want to work on it. From 6e36eaaadf8be26de24e1b6cecdc3502692dce9a Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Mon, 7 Mar 2022 17:32:52 +0530 Subject: [PATCH 17/35] Rewording the amendment of v2.5 & 2.6 CA documentation --- .../en/installation/resources/update-ca-cert/_index.md | 10 ++++++++++ .../en/installation/resources/update-ca-cert/_index.md | 9 +++++++++ 2 files changed, 19 insertions(+) diff --git a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md index c256f9f5905..08c26328652 100644 --- a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md @@ -13,6 +13,7 @@ A summary of the steps is as follows: 2. Create or update the `tls-ca` Kubernetes secret resource with the root CA certificate (only required when using a private CA). 3. Update the Rancher installation using the Helm CLI. 4. Reconfigure the Rancher agents to trust the new CA certificate. +5. Select Force Update of fleet clusters to connect fleet-agent to Rancher The details of these instructions are below. @@ -145,3 +146,12 @@ First, generate the agent definitions as described here: https://gist.github.com Then, connect to a controlplane node of the downstream cluster via SSH, create a Kubeconfig and apply the definitions: https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b + + +# 5. Select Force Update of fleet clusters to connect fleet-agent to Rancher + +Select 'Force Update' for the clusters within the Continuous Delivery view of the Rancher Explorer UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher. + +### Why is this step required? + +Fleet agents in Rancher managed clusters store kubeconfig that is used to connect to the Rancher proxied kube-api in the fleet-agent secret of the fleet-system namespace. The kubeconfig contains a certificate-authority-data block containing the Rancher CA. When changing the Rancher CA, this needs to be updated for a successful connection of the fleet-agent to Rancher. diff --git a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md index 5a7a477fa82..658ffc2ea34 100644 --- a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md @@ -11,6 +11,7 @@ A summary of the steps is as follows: 2. Create or update the `tls-ca` Kubernetes secret resource with the root CA certificate (only required when using a private CA). 3. Update the Rancher installation using the Helm CLI. 4. Reconfigure the Rancher agents to trust the new CA certificate. +5. Select Force Update of fleet clusters to connect fleet-agent to Rancher The details of these instructions are below. @@ -143,3 +144,11 @@ First, generate the agent definitions as described here: https://gist.github.com Then, connect to a controlplane node of the downstream cluster via SSH, create a Kubeconfig and apply the definitions: https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b + +# 5. Select Force Update of fleet clusters to connect fleet-agent to Rancher + +Select 'Force Update' for the clusters within the Continuous Delivery view of the Rancher Explorer UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher. + +### Why is this step required? + +Fleet agents in Rancher managed clusters store kubeconfig that is used to connect to the Rancher proxied kube-api in the fleet-agent secret of the fleet-system namespace. The kubeconfig contains a certificate-authority-data block containing the Rancher CA. When changing the Rancher CA, this needs to be updated for a successful connection of the fleet-agent to Rancher. From a318798cb711e1727d6c952279e717e90fed5a74 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Mon, 7 Mar 2022 17:10:36 -0500 Subject: [PATCH 18/35] Updated note to be more noticeable to link to extra_args page. --- content/rke/latest/en/config-options/services/_index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/rke/latest/en/config-options/services/_index.md b/content/rke/latest/en/config-options/services/_index.md index 0266731a249..f607b54ae74 100644 --- a/content/rke/latest/en/config-options/services/_index.md +++ b/content/rke/latest/en/config-options/services/_index.md @@ -6,7 +6,9 @@ weight: 230 To deploy Kubernetes, RKE deploys several core components or services in Docker containers on the nodes. Based on the roles of the node, the containers deployed may be different. -**All services support additional [custom arguments, Docker mount binds and extra environment variables]({{}}/rke/latest/en/config-options/services/services-extras/).** +>**Note:** All services support additional custom arguments, Docker mount binds, and extra environment variables. +> +>Please see the [documentation]({{}}/rke/latest/en/config-options/services/services-extras/) for more details. | Component | Services key name in cluster.yml | |-------------------------|----------------------------------| From e6f414711c3b4f9d1f4fe6e909e86187dbc75b6a Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Tue, 8 Mar 2022 16:23:41 +0530 Subject: [PATCH 19/35] Modifying content for v2.5 and 2.6 CA certificate content --- .../v2.6/en/cluster-provisioning/registered-clusters/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md index cdcbc76e1a1..35146cafedd 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md @@ -3,7 +3,7 @@ title: Registering Existing Clusters weight: 6 --- -Along with importing clusters, as of v2.5, Rancher allows you to tie in closer with cloud APIs and manage your cluster by registering existing clusters. +The cluster registration feature replaced the feature to import clusters. The control that Rancher has to manage a registered cluster depends on the type of cluster. For details, see [Management Capabilities for Registered Clusters.](#management-capabilities-for-registered-clusters) From 9d42c3ee57e422f1f9f3233d9c90fc0c3e1ba13f Mon Sep 17 00:00:00 2001 From: Manuel Buil Date: Fri, 4 Mar 2022 16:19:00 +0100 Subject: [PATCH 20/35] Add comment about disabling netpol when flannel-backend=none Signed-off-by: Manuel Buil --- content/k3s/latest/en/installation/network-options/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/k3s/latest/en/installation/network-options/_index.md b/content/k3s/latest/en/installation/network-options/_index.md index dcc65a03aea..78e734929ea 100644 --- a/content/k3s/latest/en/installation/network-options/_index.md +++ b/content/k3s/latest/en/installation/network-options/_index.md @@ -22,7 +22,7 @@ If you wish to use WireGuard as your flannel backend it may require additional k ### Custom CNI -Run K3s with `--flannel-backend=none` and install your CNI of choice. IP Forwarding should be enabled for Canal and Calico. Please reference the steps below. +Run K3s with `--flannel-backend=none` and install your CNI of choice. Most CNI plugins come with their own network policy engine, so it is recommended to set `--disable-network-policy` as well to avoid conflicts. IP Forwarding should be enabled for Canal and Calico. Please reference the steps below. {{% tabs %}} {{% tab "Canal" %}} From 03250a7ecc82624e748ab3de91658aba1000c59f Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Tue, 8 Mar 2022 09:30:09 -0500 Subject: [PATCH 21/35] Updated wording per feedback --- content/rke/latest/en/config-options/services/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rke/latest/en/config-options/services/_index.md b/content/rke/latest/en/config-options/services/_index.md index f607b54ae74..77a3a969195 100644 --- a/content/rke/latest/en/config-options/services/_index.md +++ b/content/rke/latest/en/config-options/services/_index.md @@ -8,7 +8,7 @@ To deploy Kubernetes, RKE deploys several core components or services in Docker >**Note:** All services support additional custom arguments, Docker mount binds, and extra environment variables. > ->Please see the [documentation]({{}}/rke/latest/en/config-options/services/services-extras/) for more details. +>To configure advanced options for Kubernetes services such as `kubelet`, `kube-controller`, and `kube-apiserver` that are not documented below, see the [`extra_args` documentation]({{}}/rke/latest/en/config-options/services/services-extras/) for more details. | Component | Services key name in cluster.yml | |-------------------------|----------------------------------| From 5800f6da0a8cb7e090f4d05427a7157ef4c05d47 Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Tue, 8 Mar 2022 20:52:03 +0530 Subject: [PATCH 22/35] Update content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md Co-authored-by: Jen Travinski --- .../v2.5/en/installation/resources/update-ca-cert/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md index 08c26328652..7a3b3e9413b 100644 --- a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md @@ -150,7 +150,7 @@ https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b # 5. Select Force Update of fleet clusters to connect fleet-agent to Rancher -Select 'Force Update' for the clusters within the Continuous Delivery view of the Rancher Explorer UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher. +Select 'Force Update' for the clusters within the [Continuous Delivery]({{}}/rancher/v2.5/en/deploy-across-clusters/fleet/#accessing-fleet-in-the-rancher-ui) view under Cluster Explorer in the Rancher UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher. ### Why is this step required? From be250166d22a8ac92099047eeac7378022a0ac83 Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Tue, 8 Mar 2022 20:52:20 +0530 Subject: [PATCH 23/35] Update content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md Co-authored-by: Jen Travinski --- .../v2.5/en/installation/resources/update-ca-cert/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md index 7a3b3e9413b..ee6457aeefb 100644 --- a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md @@ -13,7 +13,7 @@ A summary of the steps is as follows: 2. Create or update the `tls-ca` Kubernetes secret resource with the root CA certificate (only required when using a private CA). 3. Update the Rancher installation using the Helm CLI. 4. Reconfigure the Rancher agents to trust the new CA certificate. -5. Select Force Update of fleet clusters to connect fleet-agent to Rancher +5. Select Force Update of Fleet clusters to connect fleet-agent to Rancher. The details of these instructions are below. From 4ed4c8ee202eb21d2541da2cfe7517b2d826a4c1 Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Tue, 8 Mar 2022 20:52:34 +0530 Subject: [PATCH 24/35] Update content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md Co-authored-by: Jen Travinski --- .../v2.5/en/installation/resources/update-ca-cert/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md index ee6457aeefb..5b8e5f7b256 100644 --- a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md @@ -148,7 +148,7 @@ Then, connect to a controlplane node of the downstream cluster via SSH, create a https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b -# 5. Select Force Update of fleet clusters to connect fleet-agent to Rancher +# 5. Select Force Update of Fleet clusters to connect fleet-agent to Rancher Select 'Force Update' for the clusters within the [Continuous Delivery]({{}}/rancher/v2.5/en/deploy-across-clusters/fleet/#accessing-fleet-in-the-rancher-ui) view under Cluster Explorer in the Rancher UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher. From 39596de19eb13291a33ac7b439b812e1ca3d0e89 Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Tue, 8 Mar 2022 20:52:54 +0530 Subject: [PATCH 25/35] Update content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md Co-authored-by: Jen Travinski --- .../v2.5/en/installation/resources/update-ca-cert/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md index 5b8e5f7b256..751feae2d8c 100644 --- a/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.5/en/installation/resources/update-ca-cert/_index.md @@ -154,4 +154,4 @@ Select 'Force Update' for the clusters within the [Continuous Delivery]({{ Date: Tue, 8 Mar 2022 20:53:05 +0530 Subject: [PATCH 26/35] Update content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md Co-authored-by: Jen Travinski --- .../v2.6/en/installation/resources/update-ca-cert/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md index 658ffc2ea34..1844c02f224 100644 --- a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md @@ -11,7 +11,7 @@ A summary of the steps is as follows: 2. Create or update the `tls-ca` Kubernetes secret resource with the root CA certificate (only required when using a private CA). 3. Update the Rancher installation using the Helm CLI. 4. Reconfigure the Rancher agents to trust the new CA certificate. -5. Select Force Update of fleet clusters to connect fleet-agent to Rancher +5. Select Force Update of Fleet clusters to connect fleet-agent to Rancher. The details of these instructions are below. From cef5df873db5995274d42d080fa218519a17a4dd Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Tue, 8 Mar 2022 20:53:15 +0530 Subject: [PATCH 27/35] Update content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md Co-authored-by: Jen Travinski --- .../v2.6/en/installation/resources/update-ca-cert/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md index 1844c02f224..737c3160586 100644 --- a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md @@ -145,7 +145,7 @@ First, generate the agent definitions as described here: https://gist.github.com Then, connect to a controlplane node of the downstream cluster via SSH, create a Kubeconfig and apply the definitions: https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b -# 5. Select Force Update of fleet clusters to connect fleet-agent to Rancher +# 5. Select Force Update of Fleet clusters to connect fleet-agent to Rancher Select 'Force Update' for the clusters within the Continuous Delivery view of the Rancher Explorer UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher. From 83f2ae662f1ee2ab2a095cd713d26cddf70284e4 Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Tue, 8 Mar 2022 20:53:29 +0530 Subject: [PATCH 28/35] Update content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md Co-authored-by: Jen Travinski --- .../v2.6/en/installation/resources/update-ca-cert/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md index 737c3160586..1e51027858c 100644 --- a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md @@ -147,7 +147,7 @@ https://gist.github.com/superseb/b14ed3b5535f621ad3d2aa6a4cd6443b # 5. Select Force Update of Fleet clusters to connect fleet-agent to Rancher -Select 'Force Update' for the clusters within the Continuous Delivery view of the Rancher Explorer UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher. +Select 'Force Update' for the clusters within the [Continuous Delivery]({{}}/rancher/v2.6/en/deploy-across-clusters/fleet/#accessing-fleet-in-the-rancher-ui) view of the Rancher UI to allow the fleet-agent in downstream clusters to successfully connect to Rancher. ### Why is this step required? From 7bc69e96ca47a3cd0c876910ccbbe353de5412e0 Mon Sep 17 00:00:00 2001 From: divya-mohan0209 Date: Tue, 8 Mar 2022 20:53:38 +0530 Subject: [PATCH 29/35] Update content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md Co-authored-by: Jen Travinski --- .../v2.6/en/installation/resources/update-ca-cert/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md index 1e51027858c..3c01e5f7eaf 100644 --- a/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md +++ b/content/rancher/v2.6/en/installation/resources/update-ca-cert/_index.md @@ -151,4 +151,4 @@ Select 'Force Update' for the clusters within the [Continuous Delivery]({{ Date: Mon, 7 Mar 2022 17:28:38 -0500 Subject: [PATCH 30/35] Update documentation on resource quota limits --- .../quotas-for-projects/_index.md | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md b/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md index 63a18ba0f49..cefac3e9f1d 100644 --- a/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md +++ b/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md @@ -19,11 +19,13 @@ The resource quota includes two limits, which you set while creating or editing - **Project Limits:** - This set of values configures an overall resource limit for the project. If you try to add a new namespace to the project, Rancher uses the limits you've set to validate that the project has enough resources to accommodate the namespace. In other words, if you try to move a namespace into a project near its resource quota, Rancher blocks you from moving the namespace. + This set of values configures a total limit for each specified resource shared among all namespaces in the project. - **Namespace Default Limits:** - This value is the default resource limit available for each namespace. When the resource quota is created at the project level, this limit is automatically propagated to each namespace in the project. Each namespace is bound to this default limit unless you override it. + This set of values configures the default quota limit available for each namespace for each specified resource. + When a namespace is created in the project without overrides, this limit is automatically bound to the namespace and enforced. + In the following diagram, a Rancher administrator wants to apply a resource quota that sets the same CPU and memory limit for every namespace in their project (`Namespace 1-4`). However, in Rancher, the administrator can set a resource quota for the project (`Project Resource Quota`) rather than individual namespaces. This quota includes resource limits for both the entire project (`Project Limit`) and individual namespaces (`Namespace Default Limit`). Rancher then propagates the `Namespace Default Limit` quotas to each namespace (`Namespace Resource Quota`) when created. @@ -32,6 +34,24 @@ In the following diagram, a Rancher administrator wants to apply a resource quot Let's highlight some more nuanced functionality. If a quota is deleted at the project level, it will also be removed from all namespaces contained within that project, despite any overrides that may exist. Further, updating an existing namespace default limit for a quota at the project level will not result in that value being propagated to existing namespaces in the project; the updated value will only be applied to newly created namespaces in that project. To update a namespace default limit for existing namespaces you can delete and subsequently recreate the quota at the project level with the new default value. This will result in the new default value being applied to all existing namespaces in the project. +Before creating a namespace in a project, Rancher compares the amounts of the project's available resources and requested resources (regardless of whether they come from the default or overriden limits). +If a new namespace, for any one resource, will exceed the remaining quota for it, +Rancher will still grant the remaining amount for that resource. +However, this is not the case with namespaces created outside of Rancher's UI. For namespaces created via `kubectl`, Rancher +will assign a resource quota that has a **zero** amount for any exceeding resource. + +To create a namespace in an existing project via `kubectl`, use the `field.cattle.io/projectId` annotation. To override the default +requested quota limit, use the `field.cattle.io/resourceQuota` annotation. +``` +apiVersion: v1 +kind: Namespace +metadata: + annotations: + field.cattle.io/projectId: [your-cluster-ID]:[your-project-ID] + field.cattle.io/resourceQuota: '{"limit":{"limitsCpu":"100m", "limitsMemory":"100Mi", "configMaps": "50"}}' + name: my-ns +``` + The following table explains the key differences between the two quota types. | Rancher Resource Quotas | Kubernetes Resource Quotas | From 749fec0a3e339febf9d749b4b2d9f7f0184a47a3 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Tue, 8 Mar 2022 12:15:28 -0700 Subject: [PATCH 31/35] Clarify sentences about project resource quotas --- .../resource-quotas/quotas-for-projects/_index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md b/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md index cefac3e9f1d..8b6d3cdf3c8 100644 --- a/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md +++ b/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md @@ -35,10 +35,10 @@ In the following diagram, a Rancher administrator wants to apply a resource quot Let's highlight some more nuanced functionality. If a quota is deleted at the project level, it will also be removed from all namespaces contained within that project, despite any overrides that may exist. Further, updating an existing namespace default limit for a quota at the project level will not result in that value being propagated to existing namespaces in the project; the updated value will only be applied to newly created namespaces in that project. To update a namespace default limit for existing namespaces you can delete and subsequently recreate the quota at the project level with the new default value. This will result in the new default value being applied to all existing namespaces in the project. Before creating a namespace in a project, Rancher compares the amounts of the project's available resources and requested resources (regardless of whether they come from the default or overriden limits). -If a new namespace, for any one resource, will exceed the remaining quota for it, -Rancher will still grant the remaining amount for that resource. +If the requested resources exceed the remaining capacity in the project for those resources, Rancher will assign the namespace the remaining capacity for that resource. + However, this is not the case with namespaces created outside of Rancher's UI. For namespaces created via `kubectl`, Rancher -will assign a resource quota that has a **zero** amount for any exceeding resource. +will assign a resource quota that has a **zero** amount for any resource that requested more capacity than what remains in the project. To create a namespace in an existing project via `kubectl`, use the `field.cattle.io/projectId` annotation. To override the default requested quota limit, use the `field.cattle.io/resourceQuota` annotation. From 40aa2ced730725b032dff4adbabab8d3d12e282b Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Wed, 9 Mar 2022 10:03:14 -0500 Subject: [PATCH 32/35] Added clarifying note on quota behavior in Rancher UI --- .../resource-quotas/quotas-for-projects/_index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md b/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md index 8b6d3cdf3c8..7e2aaf3e869 100644 --- a/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md +++ b/content/rancher/v2.6/en/project-admin/resource-quotas/quotas-for-projects/_index.md @@ -32,12 +32,12 @@ In the following diagram, a Rancher administrator wants to apply a resource quot Rancher: Resource Quotas Propagating to Each Namespace ![Rancher Resource Quota Implementation]({{}}/img/rancher/rancher-resource-quota.png) -Let's highlight some more nuanced functionality. If a quota is deleted at the project level, it will also be removed from all namespaces contained within that project, despite any overrides that may exist. Further, updating an existing namespace default limit for a quota at the project level will not result in that value being propagated to existing namespaces in the project; the updated value will only be applied to newly created namespaces in that project. To update a namespace default limit for existing namespaces you can delete and subsequently recreate the quota at the project level with the new default value. This will result in the new default value being applied to all existing namespaces in the project. +Let's highlight some more nuanced functionality for namespaces created **_within_** the Rancher UI. If a quota is deleted at the project level, it will also be removed from all namespaces contained within that project, despite any overrides that may exist. Further, updating an existing namespace default limit for a quota at the project level will not result in that value being propagated to existing namespaces in the project; the updated value will only be applied to newly created namespaces in that project. To update a namespace default limit for existing namespaces you can delete and subsequently recreate the quota at the project level with the new default value. This will result in the new default value being applied to all existing namespaces in the project. -Before creating a namespace in a project, Rancher compares the amounts of the project's available resources and requested resources (regardless of whether they come from the default or overriden limits). +Before creating a namespace in a project, Rancher compares the amounts of the project's available resources and requested resources, regardless of whether they come from the default or overridden limits. If the requested resources exceed the remaining capacity in the project for those resources, Rancher will assign the namespace the remaining capacity for that resource. -However, this is not the case with namespaces created outside of Rancher's UI. For namespaces created via `kubectl`, Rancher +However, this is not the case with namespaces created **_outside_** of Rancher's UI. For namespaces created via `kubectl`, Rancher will assign a resource quota that has a **zero** amount for any resource that requested more capacity than what remains in the project. To create a namespace in an existing project via `kubectl`, use the `field.cattle.io/projectId` annotation. To override the default From a33d971fbab70cf389ce188d24dadaa0dd43262e Mon Sep 17 00:00:00 2001 From: Alex Seymour <9771530+axeal@users.noreply.github.com> Date: Fri, 11 Mar 2022 10:53:58 +0100 Subject: [PATCH 33/35] Fix no_proxy to noProxy for rancher chart value is noProxy (per https://github.com/rancher/rancher/blob/v2.6.3/chart/values.yaml#L89 and https://rancher.com/docs/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/), this is correct in v2.5 doc at https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/ --- .../behind-proxy/install-rancher/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md index ae9faf9304b..35ceaf1b26a 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md @@ -65,7 +65,7 @@ helm upgrade --install rancher rancher-latest/rancher \ --namespace cattle-system \ --set hostname=rancher.example.com \ --set proxy=http://${proxy_host} - --set no_proxy=127.0.0.0/8\\,10.0.0.0/8\\,cattle-system.svc\\,172.16.0.0/12\\,192.168.0.0/16\\,.svc\\,.cluster.local + --set noProxy=127.0.0.0/8\\,10.0.0.0/8\\,cattle-system.svc\\,172.16.0.0/12\\,192.168.0.0/16\\,.svc\\,.cluster.local ``` After waiting for the deployment to finish: From 05bf4245929572eb331a12d88f124b4a544b1eb7 Mon Sep 17 00:00:00 2001 From: Alex Seymour <9771530+axeal@users.noreply.github.com> Date: Fri, 11 Mar 2022 14:08:49 +0100 Subject: [PATCH 34/35] Update local_cluster_auth_endpoint ca_certs Clarify format of ca_certs field in local_cluster_auth_endpoint to prevent confusion with double base 64 encoding --- .../editing-clusters/rke-config-reference/_index.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md index 0f0c03d67f2..27e73a4c408 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md @@ -341,7 +341,10 @@ Example: local_cluster_auth_endpoint: enabled: true fqdn: "FQDN" - ca_certs: "BASE64_CACERT" + ca_certs: |- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- ``` ### Custom Network Plug-in From e803b521b12cd2ee2de543f3241ddbac252536b2 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Tue, 15 Mar 2022 11:03:16 -0400 Subject: [PATCH 35/35] Added note to clarify K3s versioning caveat --- content/k3s/latest/en/installation/ha-embedded/_index.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/k3s/latest/en/installation/ha-embedded/_index.md b/content/k3s/latest/en/installation/ha-embedded/_index.md index 9d4a1d85cc6..6d4bb7bab49 100644 --- a/content/k3s/latest/en/installation/ha-embedded/_index.md +++ b/content/k3s/latest/en/installation/ha-embedded/_index.md @@ -32,3 +32,5 @@ There are a few config flags that must be the same in all server nodes: ## Existing clusters If you have an existing cluster using the default embedded SQLite database, you can convert it to etcd by simply restarting your K3s server with the `--cluster-init` flag. Once you've done that, you'll be able to add additional instances as described above. + +>**Important:** K3s v1.22.2 and newer support migration from SQLite to etcd. Older versions will create a new empty datastore if you add `--cluster-init` to an existing server.