mirror of
https://github.com/rancher/rancher-docs.git
synced 2026-04-14 18:35:37 +00:00
Fix broken external links
This commit is contained in:
Billy Tat
@@ -212,7 +212,7 @@ configs:
|
||||
ca_file: <path to the ca file used in the registry>
|
||||
```
|
||||
|
||||
For more information on private registries configuration file for RKE2, refer to the [RKE2 documentation.](https://docs.rke2.io/install/containerd_registry_configuration)
|
||||
For more information on private registries configuration file for RKE2, refer to the [RKE2 documentation.](https://docs.rke2.io/install/private_registry)
|
||||
|
||||
## 3. Install RKE2
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ Deploying to Amazon AWS will incur charges.
|
||||
- [Amazon AWS Account](https://aws.amazon.com/account/): An Amazon AWS Account is required to create resources for deploying Rancher and Kubernetes.
|
||||
- [Amazon AWS Access Key](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html): Use this link to follow a tutorial to create an Amazon AWS Access Key if you don't have one yet.
|
||||
- [IAM Policy created](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start): Defines the permissions an account attached with this policy has.
|
||||
- Install [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Amazon AWS.
|
||||
- Install [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Amazon AWS.
|
||||
|
||||
### Example IAM Policy
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ Deploying to Microsoft Azure will incur charges.
|
||||
- [Microsoft Azure Subscription](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal): Use this link to follow a tutorial to create a Microsoft Azure subscription if you don't have one yet.
|
||||
- [Micsoroft Azure Tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant): Use this link and follow instructions to create a Microsoft Azure tenant.
|
||||
- [Microsoft Azure Client ID/Secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal): Use this link and follow instructions to create a Microsoft Azure client and secret.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Microsoft Azure.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Microsoft Azure.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -25,7 +25,7 @@ Deploying to DigitalOcean will incur charges.
|
||||
|
||||
- [DigitalOcean Account](https://www.digitalocean.com): You will require an account on DigitalOcean as this is where the server and cluster will run.
|
||||
- [DigitalOcean Access Key](https://www.digitalocean.com/community/tutorials/how-to-create-a-digitalocean-space-and-api-key): Use this link to create a DigitalOcean Access Key if you don't have one.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster to DigitalOcean.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster to DigitalOcean.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -26,7 +26,7 @@ Deploying to Google GCP will incur charges.
|
||||
- [Google GCP Account](https://console.cloud.google.com/): A Google GCP Account is required to create resources for deploying Rancher and Kubernetes.
|
||||
- [Google GCP Project](https://cloud.google.com/appengine/docs/standard/nodejs/building-app/creating-project): Use this link to follow a tutorial to create a GCP Project if you don't have one yet.
|
||||
- [Google GCP Service Account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys): Use this link and follow instructions to create a GCP service account and token file.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Google GCP.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Google GCP.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -25,7 +25,7 @@ Deploying to Hetzner Cloud will incur charges.
|
||||
|
||||
- [Hetzner Cloud Account](https://www.hetzner.com): You will require an account on Hetzner as this is where the server and cluster will run.
|
||||
- [Hetzner API Access Key](https://docs.hetzner.cloud/#getting-started): Use these instructions to create a Hetzner Cloud API Key if you don't have one.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster to Hetzner.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster to Hetzner.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -23,9 +23,9 @@ Deploying to Linode will incur charges.
|
||||
|
||||
:::
|
||||
|
||||
- [Linode Account](https://linode.com): The Linode account to run provision server and cluster under.
|
||||
- [Linode Personal Access Token](https://www.linode.com/docs/products/tools/api/guides/manage-api-tokens/): A Linode Personal Access Token to authenticate with.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster on Linode.
|
||||
- [Linode Account](https://www.linode.com/): The Linode account to run provision server and cluster under.
|
||||
- [Linode Personal Access Token](https://techdocs.akamai.com/cloud-computing/docs/manage-personal-access-tokens): A Linode Personal Access Token to authenticate with.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster on Linode.
|
||||
|
||||
|
||||
## Getting Started
|
||||
@@ -48,7 +48,7 @@ See the [Quickstart Readme](https://github.com/rancher/quickstart) and the [Lino
|
||||
- `prefix` - The prefix for all created infrastructure.
|
||||
- `linode_type` - The type/plan that all infrastructure Linodes should use.
|
||||
- Default: `g6-standard-2`
|
||||
- For a complete list of plans, see the [official Plan Types page](https://www.linode.com/docs/products/compute/compute-instances/plans/).
|
||||
- For a complete list of plans, see the [official Plan Types page](https://techdocs.akamai.com/cloud-computing/docs/compute-instance-plan-types).
|
||||
|
||||
6. Run `terraform init`.
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ Deploying to Outscale will incur charges.
|
||||
|
||||
- [Outscale Account](https://en.outscale.com/): You will require an account on Outscale as this is where the server and cluster will run.
|
||||
- [Outscale Access Key](https://docs.outscale.com/en/userguide/About-Access-Keys.html): Use these instructions to create an Outscale Access Key if you don't have one.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Outscale.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Outscale.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -16,7 +16,7 @@ The intent of these guides is to quickly launch a sandbox that you can use to ev
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- [Vagrant](https://www.vagrantup.com): Vagrant is required as this is used to provision the machine based on the Vagrantfile.
|
||||
- [Vagrant](https://developer.hashicorp.com/vagrant): Vagrant is required as this is used to provision the machine based on the Vagrantfile.
|
||||
- [Virtualbox](https://www.virtualbox.org): The virtual machines that Vagrant provisions need to be provisioned to VirtualBox.
|
||||
- At least 4GB of free RAM.
|
||||
|
||||
|
||||
@@ -150,7 +150,7 @@ You will still be able to login using the locally configured `admin` account and
|
||||
|
||||
In order to successfully configure AD authentication it is crucial that you provide the correct configuration pertaining to the hierarchy and schema of your AD server.
|
||||
|
||||
The [`ldapsearch`](https://manpages.ubuntu.com/manpages/kinetic/en/man1/ldapsearch.1.html) tool allows you to query your AD server to learn about the schema used for user and group objects.
|
||||
The [`ldapsearch`](https://manpages.ubuntu.com/manpages/noble/en/man1/ldapsearch.1.html) tool allows you to query your AD server to learn about the schema used for user and group objects.
|
||||
|
||||
For the purpose of the example commands provided below we will assume:
|
||||
|
||||
|
||||
@@ -100,7 +100,7 @@ Monitoring the availability and performance of all your internal workloads is vi
|
||||
|
||||
In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [Compliance Scans](../../../how-to-guides/advanced-user-guides/compliance-scan-guides/compliance-scan-guides.md) which check if the cluster is configured according to security best practices.
|
||||
|
||||
For the workloads, you can have a look at Kubernetes and Container security solutions like [NeuVector](https://www.suse.com/products/neuvector/), [Falco](https://falco.org/), [Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/), [SysDig](https://sysdig.com/).
|
||||
For the workloads, you can have a look at Kubernetes and Container security solutions like [NeuVector](https://www.suse.com/products/neuvector/), [Falco](https://falco.org/), [Aqua Kubernetes Security](https://www.aquasec.com/products/kubernetes-security/), [SysDig](https://sysdig.com/).
|
||||
|
||||
## Setting up Alerts
|
||||
|
||||
|
||||
@@ -171,7 +171,7 @@ Option to set environment variables for [Rancher agents](../../../how-to-guides/
|
||||
|
||||
##### Automatic Snapshots
|
||||
|
||||
Option to enable or disable recurring etcd snapshots. If enabled, users have the option to configure the frequency of snapshots. For details, refer to the [RKE2 documentation](https://docs.rke2.io/backup_restore#creating-snapshots). Note that with RKE2, snapshots are stored on each etcd node. This varies from RKE1 which only stores one snapshot per cluster.
|
||||
Option to enable or disable recurring etcd snapshots. If enabled, users have the option to configure the frequency of snapshots. For details, refer to the [RKE2 documentation](https://docs.rke2.io/datastore/backup_restore#creating-snapshots). Note that with RKE2, snapshots are stored on each etcd node. This varies from RKE1 which only stores one snapshot per cluster.
|
||||
|
||||
##### Metrics
|
||||
|
||||
@@ -235,7 +235,7 @@ We recommend using a load balancer with the authorized cluster endpoint. For det
|
||||
|
||||
#### Registries
|
||||
|
||||
Select the image repository to pull Rancher images from. For more details and configuration options, see the [RKE2 documentation](https://docs.rke2.io/install/containerd_registry_configuration).
|
||||
Select the image repository to pull Rancher images from. For more details and configuration options, see the [RKE2 documentation](https://docs.rke2.io/install/private_registry).
|
||||
|
||||
#### Upgrade Strategy
|
||||
|
||||
|
||||
@@ -204,7 +204,7 @@ configs:
|
||||
ca_file: <镜像仓库所用的 CA 文件路径>
|
||||
```
|
||||
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 3. 安装 RKE2
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher AWS 指南,以快速部署带有单节点
|
||||
- [Amazon AWS 账号](https://aws.amazon.com/account/): 用于创建部署 Rancher Server 和 Kubernetes 的资源。
|
||||
- [Amazon AWS 访问密钥](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html):如果你没有的话,请访问此链接查看相关指南。
|
||||
- [已创建 IAM 策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start):定义附加此策略的账号所具有的权限。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
|
||||
### IAM 策略示例
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ description: 阅读此分步 Rancher Azure 指南,以快速部署带有单节
|
||||
- [Microsoft Azure 订阅](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal):如果你没有的话,请访问此链接查看如何创建 Microsoft Azure 订阅。
|
||||
- [Micsoroft Azure 租户](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant):访问此链接并参考教程以创建 Microsoft Azure 租户。
|
||||
- [Microsoft Azure 客户端 ID/密文](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal):访问此链接并参考教程以创建 Microsoft Azure 客户端和密文。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher DigitalOcean 指南,以快速部署带有
|
||||
|
||||
- [DigitalOcean 账号](https://www.digitalocean.com):用于运行服务器和集群。
|
||||
- [DigitalOcean 访问密钥](https://www.digitalocean.com/community/tutorials/how-to-create-a-digitalocean-space-and-api-key):如果你没有的话,请访问此链接创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 DigitalOcean 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 DigitalOcean 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher GCP 指南,以快速部署带有单节点
|
||||
- [Google GCP Account](https://console.cloud.google.com/):用于创建部署 Rancher 和 Kubernetes 的资源。
|
||||
- [Google GCP 项目](https://cloud.google.com/appengine/docs/standard/nodejs/building-app/creating-project):如果你没有的话,请访问此链接查看如何创建 GCP 项目。
|
||||
- [Google GCP ServiceAccount](https://cloud.google.com/iam/docs/creating-managing-service-account-keys):请访问此链接查看如何创建 GCP ServiceAccount 和 Token 文件。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Google GCP 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Google GCP 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Hetzner Cloud 指南,以快速部署带
|
||||
|
||||
- [Hetzner Cloud 账号](https://www.hetzner.com):用于运行服务器和集群。
|
||||
- [Hetzner API 访问密钥](https://docs.hetzner.cloud/#getting-started):如果你没有的话,请参考说明创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Hetzner 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Hetzner 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -19,9 +19,9 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
|
||||
:::
|
||||
|
||||
- [Linode 账号](https://linode.com): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://www.linode.com/docs/products/tools/api/guides/manage-api-tokens/): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Linode 中配置服务器和集群。
|
||||
- [Linode 账号](https://www.linode.com/): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://techdocs.akamai.com/cloud-computing/docs/manage-personal-access-tokens): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Linode 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
@@ -45,7 +45,7 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
- `prefix` - 所有创建资源的前缀
|
||||
- `linode_type` - 所有的 Linode 资源使用的类型/计划
|
||||
- 默认: `g6-standard-2`
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://www.linode.com/docs/products/compute/compute-instances/plans/).
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://techdocs.akamai.com/cloud-computing/docs/compute-instance-plan-types).
|
||||
|
||||
6. 执行 `terraform init`。
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Outscale 指南,以快速部署带有单
|
||||
|
||||
- [Outscale 账号](https://en.outscale.com/):用于运行服务器和集群。
|
||||
- [Outscale 访问密钥](https://docs.outscale.com/en/userguide/About-Access-Keys.html):如果你没有的话,请按照说明创建一个 Outscale 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Outscale 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Outscale 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -12,7 +12,7 @@ title: Vagrant 快速入门
|
||||
|
||||
## 先决条件
|
||||
|
||||
- [Vagrant](https://www.vagrantup.com):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Vagrant](https://developer.hashicorp.com/vagrant):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Virtualbox](https://www.virtualbox.org):需要把 Vagrant 配置的虚拟机配置到 VirtualBox。
|
||||
- 至少 4GB 的可用内存。
|
||||
|
||||
|
||||
@@ -146,7 +146,7 @@ Rancher 使用 LDAP 查询来搜索和检索关于 Active Directory 中的用户
|
||||
|
||||
为了成功配置 AD 身份验证,你必须提供 AD 服务器的层次结构和 Schema 的正确配置。
|
||||
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/kinetic/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/noble/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
|
||||
在下面的示例命令中,我们假设:
|
||||
|
||||
|
||||
@@ -96,7 +96,7 @@ Prometheus 不是用于长期存储指标的,它只用于短期存储。
|
||||
|
||||
除了通过监控工作负载来检测性能、可用性或可扩展性之外,你还应该监控集群和运行在集群中的工作负载,来发现潜在的安全问题。一个好的做法是经常运行 [CIS 扫描](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md)并发出告警,来检查集群是否按照安全最佳实践进行配置。
|
||||
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/products/kubernetes-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
|
||||
## 设置告警
|
||||
|
||||
|
||||
@@ -162,7 +162,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
#### 自动快照
|
||||
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/datastore/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
|
||||
#### 指标
|
||||
|
||||
@@ -226,7 +226,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
### 镜像仓库
|
||||
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 升级策略
|
||||
|
||||
|
||||
@@ -204,7 +204,7 @@ configs:
|
||||
ca_file: <镜像仓库所用的 CA 文件路径>
|
||||
```
|
||||
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 3. 安装 RKE2
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher AWS 指南,以快速部署带有单节点
|
||||
- [Amazon AWS 账号](https://aws.amazon.com/account/): 用于创建部署 Rancher Server 和 Kubernetes 的资源。
|
||||
- [Amazon AWS 访问密钥](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html):如果你没有的话,请访问此链接查看相关指南。
|
||||
- [已创建 IAM 策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start):定义附加此策略的账号所具有的权限。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
|
||||
### IAM 策略示例
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ description: 阅读此分步 Rancher Azure 指南,以快速部署带有单节
|
||||
- [Microsoft Azure 订阅](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal):如果你没有的话,请访问此链接查看如何创建 Microsoft Azure 订阅。
|
||||
- [Micsoroft Azure 租户](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant):访问此链接并参考教程以创建 Microsoft Azure 租户。
|
||||
- [Microsoft Azure 客户端 ID/密文](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal):访问此链接并参考教程以创建 Microsoft Azure 客户端和密文。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher DigitalOcean 指南,以快速部署带有
|
||||
|
||||
- [DigitalOcean 账号](https://www.digitalocean.com):用于运行服务器和集群。
|
||||
- [DigitalOcean 访问密钥](https://www.digitalocean.com/community/tutorials/how-to-create-a-digitalocean-space-and-api-key):如果你没有的话,请访问此链接创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 DigitalOcean 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 DigitalOcean 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher GCP 指南,以快速部署带有单节点
|
||||
- [Google GCP Account](https://console.cloud.google.com/):用于创建部署 Rancher 和 Kubernetes 的资源。
|
||||
- [Google GCP 项目](https://cloud.google.com/appengine/docs/standard/nodejs/building-app/creating-project):如果你没有的话,请访问此链接查看如何创建 GCP 项目。
|
||||
- [Google GCP ServiceAccount](https://cloud.google.com/iam/docs/creating-managing-service-account-keys):请访问此链接查看如何创建 GCP ServiceAccount 和 Token 文件。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Google GCP 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Google GCP 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Hetzner Cloud 指南,以快速部署带
|
||||
|
||||
- [Hetzner Cloud 账号](https://www.hetzner.com):用于运行服务器和集群。
|
||||
- [Hetzner API 访问密钥](https://docs.hetzner.cloud/#getting-started):如果你没有的话,请参考说明创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Hetzner 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Hetzner 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -19,9 +19,9 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
|
||||
:::
|
||||
|
||||
- [Linode 账号](https://linode.com): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://www.linode.com/docs/products/tools/api/guides/manage-api-tokens/): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Linode 中配置服务器和集群。
|
||||
- [Linode 账号](https://www.linode.com/): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://techdocs.akamai.com/cloud-computing/docs/manage-personal-access-tokens): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Linode 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
@@ -45,7 +45,7 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
- `prefix` - 所有创建资源的前缀
|
||||
- `linode_type` - 所有的 Linode 资源使用的类型/计划
|
||||
- 默认: `g6-standard-2`
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://www.linode.com/docs/products/compute/compute-instances/plans/).
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://techdocs.akamai.com/cloud-computing/docs/compute-instance-plan-types).
|
||||
|
||||
6. 执行 `terraform init`。
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Outscale 指南,以快速部署带有单
|
||||
|
||||
- [Outscale 账号](https://en.outscale.com/):用于运行服务器和集群。
|
||||
- [Outscale 访问密钥](https://docs.outscale.com/en/userguide/About-Access-Keys.html):如果你没有的话,请按照说明创建一个 Outscale 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Outscale 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Outscale 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -12,7 +12,7 @@ title: Vagrant 快速入门
|
||||
|
||||
## 先决条件
|
||||
|
||||
- [Vagrant](https://www.vagrantup.com):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Vagrant](https://developer.hashicorp.com/vagrant):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Virtualbox](https://www.virtualbox.org):需要把 Vagrant 配置的虚拟机配置到 VirtualBox。
|
||||
- 至少 4GB 的可用内存。
|
||||
|
||||
|
||||
@@ -146,7 +146,7 @@ Rancher 使用 LDAP 查询来搜索和检索关于 Active Directory 中的用户
|
||||
|
||||
为了成功配置 AD 身份验证,你必须提供 AD 服务器的层次结构和 Schema 的正确配置。
|
||||
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/kinetic/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/noble/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
|
||||
在下面的示例命令中,我们假设:
|
||||
|
||||
|
||||
@@ -96,7 +96,7 @@ Prometheus 不是用于长期存储指标的,它只用于短期存储。
|
||||
|
||||
除了通过监控工作负载来检测性能、可用性或可扩展性之外,你还应该监控集群和运行在集群中的工作负载,来发现潜在的安全问题。一个好的做法是经常运行 [CIS 扫描](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md)并发出告警,来检查集群是否按照安全最佳实践进行配置。
|
||||
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/products/kubernetes-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
|
||||
## 设置告警
|
||||
|
||||
|
||||
@@ -162,7 +162,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
#### 自动快照
|
||||
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/datastore/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
|
||||
#### 指标
|
||||
|
||||
@@ -226,7 +226,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
### 镜像仓库
|
||||
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 升级策略
|
||||
|
||||
|
||||
@@ -204,7 +204,7 @@ configs:
|
||||
ca_file: <镜像仓库所用的 CA 文件路径>
|
||||
```
|
||||
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 3. 安装 RKE2
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher AWS 指南,以快速部署带有单节点
|
||||
- [Amazon AWS 账号](https://aws.amazon.com/account/): 用于创建部署 Rancher Server 和 Kubernetes 的资源。
|
||||
- [Amazon AWS 访问密钥](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html):如果你没有的话,请访问此链接查看相关指南。
|
||||
- [已创建 IAM 策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start):定义附加此策略的账号所具有的权限。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
|
||||
### IAM 策略示例
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ description: 阅读此分步 Rancher Azure 指南,以快速部署带有单节
|
||||
- [Microsoft Azure 订阅](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal):如果你没有的话,请访问此链接查看如何创建 Microsoft Azure 订阅。
|
||||
- [Micsoroft Azure 租户](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant):访问此链接并参考教程以创建 Microsoft Azure 租户。
|
||||
- [Microsoft Azure 客户端 ID/密文](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal):访问此链接并参考教程以创建 Microsoft Azure 客户端和密文。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher DigitalOcean 指南,以快速部署带有
|
||||
|
||||
- [DigitalOcean 账号](https://www.digitalocean.com):用于运行服务器和集群。
|
||||
- [DigitalOcean 访问密钥](https://www.digitalocean.com/community/tutorials/how-to-create-a-digitalocean-space-and-api-key):如果你没有的话,请访问此链接创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 DigitalOcean 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 DigitalOcean 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher GCP 指南,以快速部署带有单节点
|
||||
- [Google GCP Account](https://console.cloud.google.com/):用于创建部署 Rancher 和 Kubernetes 的资源。
|
||||
- [Google GCP 项目](https://cloud.google.com/appengine/docs/standard/nodejs/building-app/creating-project):如果你没有的话,请访问此链接查看如何创建 GCP 项目。
|
||||
- [Google GCP ServiceAccount](https://cloud.google.com/iam/docs/creating-managing-service-account-keys):请访问此链接查看如何创建 GCP ServiceAccount 和 Token 文件。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Google GCP 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Google GCP 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Hetzner Cloud 指南,以快速部署带
|
||||
|
||||
- [Hetzner Cloud 账号](https://www.hetzner.com):用于运行服务器和集群。
|
||||
- [Hetzner API 访问密钥](https://docs.hetzner.cloud/#getting-started):如果你没有的话,请参考说明创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Hetzner 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Hetzner 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -19,9 +19,9 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
|
||||
:::
|
||||
|
||||
- [Linode 账号](https://linode.com): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://www.linode.com/docs/products/tools/api/guides/manage-api-tokens/): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Linode 中配置服务器和集群。
|
||||
- [Linode 账号](https://www.linode.com/): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://techdocs.akamai.com/cloud-computing/docs/manage-personal-access-tokens): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Linode 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
@@ -45,7 +45,7 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
- `prefix` - 所有创建资源的前缀
|
||||
- `linode_type` - 所有的 Linode 资源使用的类型/计划
|
||||
- 默认: `g6-standard-2`
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://www.linode.com/docs/products/compute/compute-instances/plans/).
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://techdocs.akamai.com/cloud-computing/docs/compute-instance-plan-types).
|
||||
|
||||
6. 执行 `terraform init`。
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Outscale 指南,以快速部署带有单
|
||||
|
||||
- [Outscale 账号](https://en.outscale.com/):用于运行服务器和集群。
|
||||
- [Outscale 访问密钥](https://docs.outscale.com/en/userguide/About-Access-Keys.html):如果你没有的话,请按照说明创建一个 Outscale 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Outscale 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Outscale 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -12,7 +12,7 @@ title: Vagrant 快速入门
|
||||
|
||||
## 先决条件
|
||||
|
||||
- [Vagrant](https://www.vagrantup.com):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Vagrant](https://developer.hashicorp.com/vagrant):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Virtualbox](https://www.virtualbox.org):需要把 Vagrant 配置的虚拟机配置到 VirtualBox。
|
||||
- 至少 4GB 的可用内存。
|
||||
|
||||
|
||||
@@ -146,7 +146,7 @@ Rancher 使用 LDAP 查询来搜索和检索关于 Active Directory 中的用户
|
||||
|
||||
为了成功配置 AD 身份验证,你必须提供 AD 服务器的层次结构和 Schema 的正确配置。
|
||||
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/kinetic/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/noble/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
|
||||
在下面的示例命令中,我们假设:
|
||||
|
||||
|
||||
@@ -96,7 +96,7 @@ Prometheus 不是用于长期存储指标的,它只用于短期存储。
|
||||
|
||||
除了通过监控工作负载来检测性能、可用性或可扩展性之外,你还应该监控集群和运行在集群中的工作负载,来发现潜在的安全问题。一个好的做法是经常运行 [CIS 扫描](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md)并发出告警,来检查集群是否按照安全最佳实践进行配置。
|
||||
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/products/kubernetes-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
|
||||
## 设置告警
|
||||
|
||||
|
||||
@@ -162,7 +162,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
#### 自动快照
|
||||
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/datastore/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
|
||||
#### 指标
|
||||
|
||||
@@ -226,7 +226,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
### 镜像仓库
|
||||
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 升级策略
|
||||
|
||||
|
||||
@@ -204,7 +204,7 @@ configs:
|
||||
ca_file: <镜像仓库所用的 CA 文件路径>
|
||||
```
|
||||
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 3. 安装 RKE2
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher AWS 指南,以快速部署带有单节点
|
||||
- [Amazon AWS 账号](https://aws.amazon.com/account/): 用于创建部署 Rancher Server 和 Kubernetes 的资源。
|
||||
- [Amazon AWS 访问密钥](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html):如果你没有的话,请访问此链接查看相关指南。
|
||||
- [已创建 IAM 策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start):定义附加此策略的账号所具有的权限。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
|
||||
### IAM 策略示例
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ description: 阅读此分步 Rancher Azure 指南,以快速部署带有单节
|
||||
- [Microsoft Azure 订阅](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal):如果你没有的话,请访问此链接查看如何创建 Microsoft Azure 订阅。
|
||||
- [Micsoroft Azure 租户](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant):访问此链接并参考教程以创建 Microsoft Azure 租户。
|
||||
- [Microsoft Azure 客户端 ID/密文](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal):访问此链接并参考教程以创建 Microsoft Azure 客户端和密文。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher DigitalOcean 指南,以快速部署带有
|
||||
|
||||
- [DigitalOcean 账号](https://www.digitalocean.com):用于运行服务器和集群。
|
||||
- [DigitalOcean 访问密钥](https://www.digitalocean.com/community/tutorials/how-to-create-a-digitalocean-space-and-api-key):如果你没有的话,请访问此链接创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 DigitalOcean 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 DigitalOcean 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher GCP 指南,以快速部署带有单节点
|
||||
- [Google GCP Account](https://console.cloud.google.com/):用于创建部署 Rancher 和 Kubernetes 的资源。
|
||||
- [Google GCP 项目](https://cloud.google.com/appengine/docs/standard/nodejs/building-app/creating-project):如果你没有的话,请访问此链接查看如何创建 GCP 项目。
|
||||
- [Google GCP ServiceAccount](https://cloud.google.com/iam/docs/creating-managing-service-account-keys):请访问此链接查看如何创建 GCP ServiceAccount 和 Token 文件。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Google GCP 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Google GCP 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Hetzner Cloud 指南,以快速部署带
|
||||
|
||||
- [Hetzner Cloud 账号](https://www.hetzner.com):用于运行服务器和集群。
|
||||
- [Hetzner API 访问密钥](https://docs.hetzner.cloud/#getting-started):如果你没有的话,请参考说明创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Hetzner 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Hetzner 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -19,9 +19,9 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
|
||||
:::
|
||||
|
||||
- [Linode 账号](https://linode.com): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://www.linode.com/docs/products/tools/api/guides/manage-api-tokens/): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Linode 中配置服务器和集群。
|
||||
- [Linode 账号](https://www.linode.com/): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://techdocs.akamai.com/cloud-computing/docs/manage-personal-access-tokens): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Linode 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
@@ -45,7 +45,7 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
- `prefix` - 所有创建资源的前缀
|
||||
- `linode_type` - 所有的 Linode 资源使用的类型/计划
|
||||
- 默认: `g6-standard-2`
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://www.linode.com/docs/products/compute/compute-instances/plans/).
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://techdocs.akamai.com/cloud-computing/docs/compute-instance-plan-types).
|
||||
|
||||
6. 执行 `terraform init`。
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Outscale 指南,以快速部署带有单
|
||||
|
||||
- [Outscale 账号](https://en.outscale.com/):用于运行服务器和集群。
|
||||
- [Outscale 访问密钥](https://docs.outscale.com/en/userguide/About-Access-Keys.html):如果你没有的话,请按照说明创建一个 Outscale 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Outscale 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Outscale 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -12,7 +12,7 @@ title: Vagrant 快速入门
|
||||
|
||||
## 先决条件
|
||||
|
||||
- [Vagrant](https://www.vagrantup.com):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Vagrant](https://developer.hashicorp.com/vagrant):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Virtualbox](https://www.virtualbox.org):需要把 Vagrant 配置的虚拟机配置到 VirtualBox。
|
||||
- 至少 4GB 的可用内存。
|
||||
|
||||
|
||||
@@ -146,7 +146,7 @@ Rancher 使用 LDAP 查询来搜索和检索关于 Active Directory 中的用户
|
||||
|
||||
为了成功配置 AD 身份验证,你必须提供 AD 服务器的层次结构和 Schema 的正确配置。
|
||||
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/kinetic/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/noble/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
|
||||
在下面的示例命令中,我们假设:
|
||||
|
||||
|
||||
@@ -96,7 +96,7 @@ Prometheus 不是用于长期存储指标的,它只用于短期存储。
|
||||
|
||||
除了通过监控工作负载来检测性能、可用性或可扩展性之外,你还应该监控集群和运行在集群中的工作负载,来发现潜在的安全问题。一个好的做法是经常运行 [CIS 扫描](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md)并发出告警,来检查集群是否按照安全最佳实践进行配置。
|
||||
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/products/kubernetes-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
|
||||
## 设置告警
|
||||
|
||||
|
||||
@@ -162,7 +162,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
#### 自动快照
|
||||
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/datastore/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
|
||||
#### 指标
|
||||
|
||||
@@ -226,7 +226,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
### 镜像仓库
|
||||
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 升级策略
|
||||
|
||||
|
||||
@@ -204,7 +204,7 @@ configs:
|
||||
ca_file: <镜像仓库所用的 CA 文件路径>
|
||||
```
|
||||
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 3. 安装 RKE2
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher AWS 指南,以快速部署带有单节点
|
||||
- [Amazon AWS 账号](https://aws.amazon.com/account/): 用于创建部署 Rancher Server 和 Kubernetes 的资源。
|
||||
- [Amazon AWS 访问密钥](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html):如果你没有的话,请访问此链接查看相关指南。
|
||||
- [已创建 IAM 策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start):定义附加此策略的账号所具有的权限。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
|
||||
### IAM 策略示例
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ description: 阅读此分步 Rancher Azure 指南,以快速部署带有单节
|
||||
- [Microsoft Azure 订阅](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal):如果你没有的话,请访问此链接查看如何创建 Microsoft Azure 订阅。
|
||||
- [Micsoroft Azure 租户](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant):访问此链接并参考教程以创建 Microsoft Azure 租户。
|
||||
- [Microsoft Azure 客户端 ID/密文](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal):访问此链接并参考教程以创建 Microsoft Azure 客户端和密文。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher DigitalOcean 指南,以快速部署带有
|
||||
|
||||
- [DigitalOcean 账号](https://www.digitalocean.com):用于运行服务器和集群。
|
||||
- [DigitalOcean 访问密钥](https://www.digitalocean.com/community/tutorials/how-to-create-a-digitalocean-space-and-api-key):如果你没有的话,请访问此链接创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 DigitalOcean 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 DigitalOcean 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher GCP 指南,以快速部署带有单节点
|
||||
- [Google GCP Account](https://console.cloud.google.com/):用于创建部署 Rancher 和 Kubernetes 的资源。
|
||||
- [Google GCP 项目](https://cloud.google.com/appengine/docs/standard/nodejs/building-app/creating-project):如果你没有的话,请访问此链接查看如何创建 GCP 项目。
|
||||
- [Google GCP ServiceAccount](https://cloud.google.com/iam/docs/creating-managing-service-account-keys):请访问此链接查看如何创建 GCP ServiceAccount 和 Token 文件。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Google GCP 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Google GCP 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Hetzner Cloud 指南,以快速部署带
|
||||
|
||||
- [Hetzner Cloud 账号](https://www.hetzner.com):用于运行服务器和集群。
|
||||
- [Hetzner API 访问密钥](https://docs.hetzner.cloud/#getting-started):如果你没有的话,请参考说明创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Hetzner 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Hetzner 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -19,9 +19,9 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
|
||||
:::
|
||||
|
||||
- [Linode 账号](https://linode.com): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://www.linode.com/docs/products/tools/api/guides/manage-api-tokens/): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Linode 中配置服务器和集群。
|
||||
- [Linode 账号](https://www.linode.com/): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://techdocs.akamai.com/cloud-computing/docs/manage-personal-access-tokens): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Linode 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
@@ -45,7 +45,7 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
- `prefix` - 所有创建资源的前缀
|
||||
- `linode_type` - 所有的 Linode 资源使用的类型/计划
|
||||
- 默认: `g6-standard-2`
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://www.linode.com/docs/products/compute/compute-instances/plans/).
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://techdocs.akamai.com/cloud-computing/docs/compute-instance-plan-types).
|
||||
|
||||
6. 执行 `terraform init`。
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Outscale 指南,以快速部署带有单
|
||||
|
||||
- [Outscale 账号](https://en.outscale.com/):用于运行服务器和集群。
|
||||
- [Outscale 访问密钥](https://docs.outscale.com/en/userguide/About-Access-Keys.html):如果你没有的话,请按照说明创建一个 Outscale 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Outscale 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Outscale 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -12,7 +12,7 @@ title: Vagrant 快速入门
|
||||
|
||||
## 先决条件
|
||||
|
||||
- [Vagrant](https://www.vagrantup.com):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Vagrant](https://developer.hashicorp.com/vagrant):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Virtualbox](https://www.virtualbox.org):需要把 Vagrant 配置的虚拟机配置到 VirtualBox。
|
||||
- 至少 4GB 的可用内存。
|
||||
|
||||
|
||||
@@ -146,7 +146,7 @@ Rancher 使用 LDAP 查询来搜索和检索关于 Active Directory 中的用户
|
||||
|
||||
为了成功配置 AD 身份验证,你必须提供 AD 服务器的层次结构和 Schema 的正确配置。
|
||||
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/kinetic/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/jammy/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
|
||||
在下面的示例命令中,我们假设:
|
||||
|
||||
|
||||
@@ -96,7 +96,7 @@ Prometheus 不是用于长期存储指标的,它只用于短期存储。
|
||||
|
||||
除了通过监控工作负载来检测性能、可用性或可扩展性之外,你还应该监控集群和运行在集群中的工作负载,来发现潜在的安全问题。一个好的做法是经常运行 [CIS 扫描](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md)并发出告警,来检查集群是否按照安全最佳实践进行配置。
|
||||
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/products/kubernetes-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
|
||||
## 设置告警
|
||||
|
||||
|
||||
@@ -166,7 +166,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
#### 自动快照
|
||||
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/datastore/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
|
||||
#### 指标
|
||||
|
||||
@@ -230,7 +230,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
### 镜像仓库
|
||||
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 升级策略
|
||||
|
||||
|
||||
@@ -204,7 +204,7 @@ configs:
|
||||
ca_file: <镜像仓库所用的 CA 文件路径>
|
||||
```
|
||||
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
有关 RKE2 的私有镜像仓库配置文件的详情,请参见 [RKE2 官方文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 3. 安装 RKE2
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher AWS 指南,以快速部署带有单节点
|
||||
- [Amazon AWS 账号](https://aws.amazon.com/account/): 用于创建部署 Rancher Server 和 Kubernetes 的资源。
|
||||
- [Amazon AWS 访问密钥](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html):如果你没有的话,请访问此链接查看相关指南。
|
||||
- [已创建 IAM 策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start):定义附加此策略的账号所具有的权限。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Amazon AWS 中配置服务器和集群。
|
||||
|
||||
### IAM 策略示例
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ description: 阅读此分步 Rancher Azure 指南,以快速部署带有单节
|
||||
- [Microsoft Azure 订阅](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal):如果你没有的话,请访问此链接查看如何创建 Microsoft Azure 订阅。
|
||||
- [Micsoroft Azure 租户](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant):访问此链接并参考教程以创建 Microsoft Azure 租户。
|
||||
- [Microsoft Azure 客户端 ID/密文](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal):访问此链接并参考教程以创建 Microsoft Azure 客户端和密文。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Microsoft Azure 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher DigitalOcean 指南,以快速部署带有
|
||||
|
||||
- [DigitalOcean 账号](https://www.digitalocean.com):用于运行服务器和集群。
|
||||
- [DigitalOcean 访问密钥](https://www.digitalocean.com/community/tutorials/how-to-create-a-digitalocean-space-and-api-key):如果你没有的话,请访问此链接创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 DigitalOcean 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 DigitalOcean 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -22,7 +22,7 @@ description: 阅读此分步 Rancher GCP 指南,以快速部署带有单节点
|
||||
- [Google GCP Account](https://console.cloud.google.com/):用于创建部署 Rancher 和 Kubernetes 的资源。
|
||||
- [Google GCP 项目](https://cloud.google.com/appengine/docs/standard/nodejs/building-app/creating-project):如果你没有的话,请访问此链接查看如何创建 GCP 项目。
|
||||
- [Google GCP ServiceAccount](https://cloud.google.com/iam/docs/creating-managing-service-account-keys):请访问此链接查看如何创建 GCP ServiceAccount 和 Token 文件。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Google GCP 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Google GCP 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Hetzner Cloud 指南,以快速部署带
|
||||
|
||||
- [Hetzner Cloud 账号](https://www.hetzner.com):用于运行服务器和集群。
|
||||
- [Hetzner API 访问密钥](https://docs.hetzner.cloud/#getting-started):如果你没有的话,请参考说明创建一个。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Hetzner 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Hetzner 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -19,9 +19,9 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
|
||||
:::
|
||||
|
||||
- [Linode 账号](https://linode.com): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://www.linode.com/docs/products/tools/api/guides/manage-api-tokens/): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html): 用于在 Linode 中配置服务器和集群。
|
||||
- [Linode 账号](https://www.linode.com/): 用于运行服务器和集群。
|
||||
- [Linode 访问密钥](https://techdocs.akamai.com/cloud-computing/docs/manage-personal-access-tokens): 用于权限认证的 Linode 访问密钥。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): 用于在 Linode 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
@@ -45,7 +45,7 @@ description: 阅读此分步 Rancher Linode 指南,以快速部署带有单节
|
||||
- `prefix` - 所有创建资源的前缀
|
||||
- `linode_type` - 所有的 Linode 资源使用的类型/计划
|
||||
- 默认: `g6-standard-2`
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://www.linode.com/docs/products/compute/compute-instances/plans/).
|
||||
- 完整的计划列表, 请参照[官方的计划类型页面](https://techdocs.akamai.com/cloud-computing/docs/compute-instance-plan-types).
|
||||
|
||||
6. 执行 `terraform init`。
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ description: 阅读此分步 Rancher Outscale 指南,以快速部署带有单
|
||||
|
||||
- [Outscale 账号](https://en.outscale.com/):用于运行服务器和集群。
|
||||
- [Outscale 访问密钥](https://docs.outscale.com/en/userguide/About-Access-Keys.html):如果你没有的话,请按照说明创建一个 Outscale 访问密钥。
|
||||
- [Terraform](https://www.terraform.io/downloads.html):用于在 Outscale 中配置服务器和集群。
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install):用于在 Outscale 中配置服务器和集群。
|
||||
|
||||
|
||||
## 开始使用
|
||||
|
||||
@@ -12,7 +12,7 @@ title: Vagrant 快速入门
|
||||
|
||||
## 先决条件
|
||||
|
||||
- [Vagrant](https://www.vagrantup.com):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Vagrant](https://developer.hashicorp.com/vagrant):Vagrant 是必需的,用于根据 Vagrantfile 配置主机。
|
||||
- [Virtualbox](https://www.virtualbox.org):需要把 Vagrant 配置的虚拟机配置到 VirtualBox。
|
||||
- 至少 4GB 的可用内存。
|
||||
|
||||
|
||||
@@ -146,7 +146,7 @@ Rancher 使用 LDAP 查询来搜索和检索关于 Active Directory 中的用户
|
||||
|
||||
为了成功配置 AD 身份验证,你必须提供 AD 服务器的层次结构和 Schema 的正确配置。
|
||||
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/kinetic/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
[`ldapsearch`](https://manpages.ubuntu.com/manpages/noble/en/man1/ldapsearch.1.html) 工具允许你查询你的 AD 服务器,从而了解用于用户和组对象的 Schema。
|
||||
|
||||
在下面的示例命令中,我们假设:
|
||||
|
||||
|
||||
@@ -96,7 +96,7 @@ Prometheus 不是用于长期存储指标的,它只用于短期存储。
|
||||
|
||||
除了通过监控工作负载来检测性能、可用性或可扩展性之外,你还应该监控集群和运行在集群中的工作负载,来发现潜在的安全问题。一个好的做法是经常运行 [CIS 扫描](../../../pages-for-subheaders/cis-scan-guides.md)并发出告警,来检查集群是否按照安全最佳实践进行配置。
|
||||
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
对于工作负载,你可以查看 Kubernetes 和 Container 安全解决方案,例如 [NeuVector](https://www.suse.com/products/neuvector/)、[Falco](https://falco.org/)、[Aqua Kubernetes Security](https://www.aquasec.com/products/kubernetes-security/) 和 [SysDig](https://sysdig.com/)。
|
||||
|
||||
## 设置告警
|
||||
|
||||
|
||||
@@ -162,7 +162,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
#### 自动快照
|
||||
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
启用或禁用定期 etcd 快照的选项。如果启用,用户可以配置快照的频率。有关详细信息,请参阅 [RKE2 文档](https://docs.rke2.io/datastore/backup_restore#creating-snapshots)。请注意,如果使用 RKE2,快照会存储在每个 etcd 节点上,这与 RKE1 不同(RKE1 每个集群只存储一个快照)。
|
||||
|
||||
#### 指标
|
||||
|
||||
@@ -226,7 +226,7 @@ Rancher 与以下开箱即用的网络提供商兼容:
|
||||
|
||||
### 镜像仓库
|
||||
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/containerd_registry_configuration)。
|
||||
选择要从中拉取 Rancher 镜像的镜像仓库。有关更多详细信息和配置选项,请参阅 [RKE2 文档](https://docs.rke2.io/install/private_registry)。
|
||||
|
||||
### 升级策略
|
||||
|
||||
|
||||
@@ -212,7 +212,7 @@ configs:
|
||||
ca_file: <path to the ca file used in the registry>
|
||||
```
|
||||
|
||||
For more information on private registries configuration file for RKE2, refer to the [RKE2 documentation.](https://docs.rke2.io/install/containerd_registry_configuration)
|
||||
For more information on private registries configuration file for RKE2, refer to the [RKE2 documentation.](https://docs.rke2.io/install/private_registry)
|
||||
|
||||
## 3. Install RKE2
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ Deploying to Amazon AWS will incur charges.
|
||||
- [Amazon AWS Account](https://aws.amazon.com/account/): An Amazon AWS Account is required to create resources for deploying Rancher and Kubernetes.
|
||||
- [Amazon AWS Access Key](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html): Use this link to follow a tutorial to create an Amazon AWS Access Key if you don't have one yet.
|
||||
- [IAM Policy created](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start): Defines the permissions an account attached with this policy has.
|
||||
- Install [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Amazon AWS.
|
||||
- Install [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Amazon AWS.
|
||||
|
||||
### Example IAM Policy
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ Deploying to Microsoft Azure will incur charges.
|
||||
- [Microsoft Azure Subscription](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal): Use this link to follow a tutorial to create a Microsoft Azure subscription if you don't have one yet.
|
||||
- [Micsoroft Azure Tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant): Use this link and follow instructions to create a Microsoft Azure tenant.
|
||||
- [Microsoft Azure Client ID/Secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal): Use this link and follow instructions to create a Microsoft Azure client and secret.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Microsoft Azure.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Microsoft Azure.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -25,7 +25,7 @@ Deploying to DigitalOcean will incur charges.
|
||||
|
||||
- [DigitalOcean Account](https://www.digitalocean.com): You will require an account on DigitalOcean as this is where the server and cluster will run.
|
||||
- [DigitalOcean Access Key](https://www.digitalocean.com/community/tutorials/how-to-create-a-digitalocean-space-and-api-key): Use this link to create a DigitalOcean Access Key if you don't have one.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster to DigitalOcean.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster to DigitalOcean.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -26,7 +26,7 @@ Deploying to Google GCP will incur charges.
|
||||
- [Google GCP Account](https://console.cloud.google.com/): A Google GCP Account is required to create resources for deploying Rancher and Kubernetes.
|
||||
- [Google GCP Project](https://cloud.google.com/appengine/docs/standard/nodejs/building-app/creating-project): Use this link to follow a tutorial to create a GCP Project if you don't have one yet.
|
||||
- [Google GCP Service Account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys): Use this link and follow instructions to create a GCP service account and token file.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Google GCP.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Google GCP.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -25,7 +25,7 @@ Deploying to Hetzner Cloud will incur charges.
|
||||
|
||||
- [Hetzner Cloud Account](https://www.hetzner.com): You will require an account on Hetzner as this is where the server and cluster will run.
|
||||
- [Hetzner API Access Key](https://docs.hetzner.cloud/#getting-started): Use these instructions to create a Hetzner Cloud API Key if you don't have one.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster to Hetzner.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster to Hetzner.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -23,9 +23,9 @@ Deploying to Linode will incur charges.
|
||||
|
||||
:::
|
||||
|
||||
- [Linode Account](https://linode.com): The Linode account to run provision server and cluster under.
|
||||
- [Linode Personal Access Token](https://www.linode.com/docs/products/tools/api/guides/manage-api-tokens/): A Linode Personal Access Token to authenticate with.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster on Linode.
|
||||
- [Linode Account](https://www.linode.com/): The Linode account to run provision server and cluster under.
|
||||
- [Linode Personal Access Token](https://techdocs.akamai.com/cloud-computing/docs/manage-personal-access-tokens): A Linode Personal Access Token to authenticate with.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster on Linode.
|
||||
|
||||
|
||||
## Getting Started
|
||||
@@ -48,7 +48,7 @@ See the [Quickstart Readme](https://github.com/rancher/quickstart) and the [Lino
|
||||
- `prefix` - The prefix for all created infrastructure.
|
||||
- `linode_type` - The type/plan that all infrastructure Linodes should use.
|
||||
- Default: `g6-standard-2`
|
||||
- For a complete list of plans, see the [official Plan Types page](https://www.linode.com/docs/products/compute/compute-instances/plans/).
|
||||
- For a complete list of plans, see the [official Plan Types page](https://techdocs.akamai.com/cloud-computing/docs/compute-instance-plan-types).
|
||||
|
||||
6. Run `terraform init`.
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ Deploying to Outscale will incur charges.
|
||||
|
||||
- [Outscale Account](https://en.outscale.com/): You will require an account on Outscale as this is where the server and cluster will run.
|
||||
- [Outscale Access Key](https://docs.outscale.com/en/userguide/About-Access-Keys.html): Use these instructions to create an Outscale Access Key if you don't have one.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Outscale.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Outscale.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -16,7 +16,7 @@ The intent of these guides is to quickly launch a sandbox that you can use to ev
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- [Vagrant](https://www.vagrantup.com): Vagrant is required as this is used to provision the machine based on the Vagrantfile.
|
||||
- [Vagrant](https://developer.hashicorp.com/vagrant): Vagrant is required as this is used to provision the machine based on the Vagrantfile.
|
||||
- [Virtualbox](https://www.virtualbox.org): The virtual machines that Vagrant provisions need to be provisioned to VirtualBox.
|
||||
- At least 4GB of free RAM.
|
||||
|
||||
|
||||
@@ -150,7 +150,7 @@ You will still be able to login using the locally configured `admin` account and
|
||||
|
||||
In order to successfully configure AD authentication it is crucial that you provide the correct configuration pertaining to the hierarchy and schema of your AD server.
|
||||
|
||||
The [`ldapsearch`](https://manpages.ubuntu.com/manpages/kinetic/en/man1/ldapsearch.1.html) tool allows you to query your AD server to learn about the schema used for user and group objects.
|
||||
The [`ldapsearch`](https://manpages.ubuntu.com/manpages/noble/en/man1/ldapsearch.1.html) tool allows you to query your AD server to learn about the schema used for user and group objects.
|
||||
|
||||
For the purpose of the example commands provided below we will assume:
|
||||
|
||||
|
||||
@@ -100,7 +100,7 @@ Monitoring the availability and performance of all your internal workloads is vi
|
||||
|
||||
In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans](../../../how-to-guides/advanced-user-guides/cis-scan-guides/cis-scan-guides.md) which check if the cluster is configured according to security best practices.
|
||||
|
||||
For the workloads, you can have a look at Kubernetes and Container security solutions like [NeuVector](https://www.suse.com/products/neuvector/), [Falco](https://falco.org/), [Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/), [SysDig](https://sysdig.com/).
|
||||
For the workloads, you can have a look at Kubernetes and Container security solutions like [NeuVector](https://www.suse.com/products/neuvector/), [Falco](https://falco.org/), [Aqua Kubernetes Security](https://www.aquasec.com/products/kubernetes-security/), [SysDig](https://sysdig.com/).
|
||||
|
||||
## Setting up Alerts
|
||||
|
||||
|
||||
@@ -171,7 +171,7 @@ Option to set environment variables for [Rancher agents](../../../how-to-guides/
|
||||
|
||||
##### Automatic Snapshots
|
||||
|
||||
Option to enable or disable recurring etcd snapshots. If enabled, users have the option to configure the frequency of snapshots. For details, refer to the [RKE2 documentation](https://docs.rke2.io/backup_restore#creating-snapshots). Note that with RKE2, snapshots are stored on each etcd node. This varies from RKE1 which only stores one snapshot per cluster.
|
||||
Option to enable or disable recurring etcd snapshots. If enabled, users have the option to configure the frequency of snapshots. For details, refer to the [RKE2 documentation](https://docs.rke2.io/datastore/backup_restore#creating-snapshots). Note that with RKE2, snapshots are stored on each etcd node. This varies from RKE1 which only stores one snapshot per cluster.
|
||||
|
||||
##### Metrics
|
||||
|
||||
@@ -235,7 +235,7 @@ We recommend using a load balancer with the authorized cluster endpoint. For det
|
||||
|
||||
#### Registries
|
||||
|
||||
Select the image repository to pull Rancher images from. For more details and configuration options, see the [RKE2 documentation](https://docs.rke2.io/install/containerd_registry_configuration).
|
||||
Select the image repository to pull Rancher images from. For more details and configuration options, see the [RKE2 documentation](https://docs.rke2.io/install/private_registry).
|
||||
|
||||
#### Upgrade Strategy
|
||||
|
||||
|
||||
@@ -212,7 +212,7 @@ configs:
|
||||
ca_file: <path to the ca file used in the registry>
|
||||
```
|
||||
|
||||
For more information on private registries configuration file for RKE2, refer to the [RKE2 documentation.](https://docs.rke2.io/install/containerd_registry_configuration)
|
||||
For more information on private registries configuration file for RKE2, refer to the [RKE2 documentation.](https://docs.rke2.io/install/private_registry)
|
||||
|
||||
## 3. Install RKE2
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ Deploying to Amazon AWS will incur charges.
|
||||
- [Amazon AWS Account](https://aws.amazon.com/account/): An Amazon AWS Account is required to create resources for deploying Rancher and Kubernetes.
|
||||
- [Amazon AWS Access Key](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html): Use this link to follow a tutorial to create an Amazon AWS Access Key if you don't have one yet.
|
||||
- [IAM Policy created](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html#access_policies_create-start): Defines the permissions an account attached with this policy has.
|
||||
- Install [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Amazon AWS.
|
||||
- Install [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Amazon AWS.
|
||||
|
||||
### Example IAM Policy
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ Deploying to Microsoft Azure will incur charges.
|
||||
- [Microsoft Azure Subscription](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription#create-a-subscription-in-the-azure-portal): Use this link to follow a tutorial to create a Microsoft Azure subscription if you don't have one yet.
|
||||
- [Micsoroft Azure Tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant): Use this link and follow instructions to create a Microsoft Azure tenant.
|
||||
- [Microsoft Azure Client ID/Secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal): Use this link and follow instructions to create a Microsoft Azure client and secret.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster in Microsoft Azure.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster in Microsoft Azure.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
@@ -25,7 +25,7 @@ Deploying to DigitalOcean will incur charges.
|
||||
|
||||
- [DigitalOcean Account](https://www.digitalocean.com): You will require an account on DigitalOcean as this is where the server and cluster will run.
|
||||
- [DigitalOcean Access Key](https://www.digitalocean.com/community/tutorials/how-to-create-a-digitalocean-space-and-api-key): Use this link to create a DigitalOcean Access Key if you don't have one.
|
||||
- [Terraform](https://www.terraform.io/downloads.html): Used to provision the server and cluster to DigitalOcean.
|
||||
- [Terraform](https://developer.hashicorp.com/terraform/install): Used to provision the server and cluster to DigitalOcean.
|
||||
|
||||
|
||||
## Getting Started
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user