From b1a71f1a0edd5bbdd8eb467b96c9c31d96867b01 Mon Sep 17 00:00:00 2001 From: Tejeev Date: Sat, 17 Jul 2021 02:25:51 +0100 Subject: [PATCH 01/29] Traefik is not upgraded with the rest of k3s --- content/k3s/latest/en/upgrades/_index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/k3s/latest/en/upgrades/_index.md b/content/k3s/latest/en/upgrades/_index.md index 2345c08bbb4..1b9c86805ad 100644 --- a/content/k3s/latest/en/upgrades/_index.md +++ b/content/k3s/latest/en/upgrades/_index.md @@ -9,4 +9,6 @@ This section describes how to upgrade your K3s cluster. [Automated upgrades]({{< baseurl >}}/k3s/latest/en/upgrades/automated/) describes how to perform Kubernetes-native automated upgrades using Rancher's [system-upgrade-controller](https://github.com/rancher/system-upgrade-controller). -> The experimental embedded Dqlite data store was deprecated in K3s v1.19.1. Please note that upgrades from experimental Dqlite to experimental embedded etcd are not supported. If you attempt an upgrade it will not succeed and data will be lost. \ No newline at end of file +> If Traefik is not disabled K3s versions 1.20 and earlier will have installed Traefik v1, while K3s versions 1.21 and later will install Traefik v2 if v1 is not already present. To upgrade Traefik, please refer to the [Traefik documentation](https://doc.traefik.io/traefik/migration/v1-to-v2/) and use the [migration tool](https://github.com/traefik/traefik-migration-tool) to migrate from the older Traefik v1 to Traefik v2. + +> The experimental embedded Dqlite data store was deprecated in K3s v1.19.1. Please note that upgrades from experimental Dqlite to experimental embedded etcd are not supported. If you attempt an upgrade it will not succeed and data will be lost. From fcf4791121634a6a6b7c82a30cd5cff1c8a8baaf Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Tue, 31 Aug 2021 19:29:51 -0400 Subject: [PATCH 02/29] Updated argument to match released Rancher versions --- .../advanced/arm64-platform/_index.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.0-v2.4/en/installation/resources/advanced/arm64-platform/_index.md b/content/rancher/v2.0-v2.4/en/installation/resources/advanced/arm64-platform/_index.md index a5459d480a0..f022f52f21d 100644 --- a/content/rancher/v2.0-v2.4/en/installation/resources/advanced/arm64-platform/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/resources/advanced/arm64-platform/_index.md @@ -12,14 +12,29 @@ aliases: The following options are available when using an ARM64 platform: - Running Rancher on ARM64 based node(s) - - Only [Docker Install]({{}}/rancher/v2.0-v2.4/en/installation/other-installation-methods/single-node-docker) + - For only [Docker Install]({{}}/rancher/v2.0-v2.4/en/installation/other-installation-methods/single-node-docker). Please note how to update the following installation command: + + ``` + docker run -d --restart=unless-stopped \ + -p 80:80 -p 443:443 \ + --privileged \ + rancher/rancher:vX.Y.Z + ``` +In the last line `rancher/rancher:vX.Y.Z`, be certain to replace "X.Y.Z" with a released version in which ARM64 builds only exist. For example, if your matching version is v2.5.8, you would fill in this line with `rancher/rancher:v2.5.8`. + +> **Note:** To check if your specific released version supports an ARM64 platform, you may navigate to your version's release notes in the following two ways: + +> - Manually find your version using https://github.com/rancher/rancher/releases. +> - Go directly to your version using the tag and the specific version number. If you plan to use v2.5.8, for example, you may navigate to https://github.com/rancher/rancher/releases/tag/v2.5.8. + - Create custom cluster and adding ARM64 based node(s) - Kubernetes cluster version must be 1.12 or higher - CNI Network Provider must be [Flannel]({{}}/rancher/v2.0-v2.4/en/faq/networking/cni-providers/#flannel) + - Importing clusters that contain ARM64 based nodes - Kubernetes cluster version must be 1.12 or higher -Please see [Cluster Options]({{}}/rancher/v2.0-v2.4/en/cluster-provisioning/rke-clusters/options/) how to configure the cluster options. +Please see [Cluster Options]({{}}/rancher/v2.0-v2.4/en/cluster-provisioning/rke-clusters/options/) for information on how to configure the cluster options. The following features are not tested: From d1d2901d8266dcbfff53a8765b1dd3570806f875 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Wed, 4 Aug 2021 12:15:00 -0700 Subject: [PATCH 03/29] Replace outdated link to post about RancherOS support --- content/os/v1.x/en/_index.md | 2 +- layouts/_default/list.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/os/v1.x/en/_index.md b/content/os/v1.x/en/_index.md index dc16c38d517..37908051d30 100644 --- a/content/os/v1.x/en/_index.md +++ b/content/os/v1.x/en/_index.md @@ -5,7 +5,7 @@ description: RancherOS is a simplified Linux distribution built from containers, weight: 1 --- -> RancherOS 1.x is currently in a maintain-only-as-essential mode. It is no longer being actively maintained at a code level other than addressing critical or security fixes. For more information about the support status of RancherOS, see [this page.](https://rancher.zendesk.com/hc/en-us/articles/360041771072-Could-you-help-us-understand-the-development-and-support-status-of-RancherOS-for-2020-and-beyond-) +> RancherOS 1.x is currently in a maintain-only-as-essential mode. It is no longer being actively maintained at a code level other than addressing critical or security fixes. For more information about the support status of RancherOS, see [this page.](https://rancher.zendesk.com/hc/en-us/articles/360041771072-Could-you-help-us-understan[…]opment-and-support-status-of-RancherOS-for-2020-and-beyond-) RancherOS is the smallest, easiest way to run Docker in production. Every process in RancherOS is a container managed by Docker. This includes system services such as `udev` and `syslog`. Because it only includes the services necessary to run Docker, RancherOS is significantly smaller than most traditional operating systems. By removing unnecessary libraries and services, requirements for security patches and other maintenance are also reduced. This is possible because, with Docker, users typically package all necessary libraries into their containers. diff --git a/layouts/_default/list.html b/layouts/_default/list.html index b1545cff714..495a9d74776 100644 --- a/layouts/_default/list.html +++ b/layouts/_default/list.html @@ -42,7 +42,7 @@ {{end}} {{ if in .Dir "os/v1.x" }}
- RancherOS 1.x is currently in a maintain-only-as-essential mode. It is no longer being actively maintained at a code level other than addressing critical or security fixes. For more information about the support status of RancherOS, see this page. + RancherOS 1.x is currently in a maintain-only-as-essential mode. It is no longer being actively maintained at a code level other than addressing critical or security fixes. For more information about the support status of RancherOS, see this page.
{{end}} From 131ec61bd6d4414c381c7a35f94c75bd1d41791f Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Tue, 31 Aug 2021 19:42:51 -0700 Subject: [PATCH 04/29] Fix links --- .../latest/en/security/self_assessment/_index.md | 2 +- .../docker-installs/docker-restores/_index.md | 6 +++--- .../rancher-managed/monitoring/_index.md | 4 ++-- .../rancher-server/deployment-types/_index.md | 3 +-- content/rancher/v2.5/en/cis-scans/_index.md | 8 ++++---- content/rancher/v2.5/en/cli/_index.md | 8 ++++---- content/rancher/v2.5/en/cluster-admin/_index.md | 1 - .../cluster-access/cluster-members/_index.md | 2 +- .../projects-and-namespaces/_index.md | 8 ++++---- .../examples/vsphere/_index.md | 2 +- .../cluster-capabilities-table/index.md | 8 ++++---- .../hosted-kubernetes-clusters/gke/_index.md | 2 +- .../registered-clusters/_index.md | 4 ++-- .../rke-clusters/options/_index.md | 4 ++-- content/rancher/v2.5/en/faq/_index.md | 2 +- .../air-gap/populate-private-registry/_index.md | 2 +- .../single-node-rollbacks/_index.md | 6 +++--- .../single-node-upgrades/_index.md | 2 +- .../en/installation/requirements/ports/_index.md | 2 +- .../resources/advanced/api-audit-log/_index.md | 2 +- .../istio-virtual-service-ui/_index.md | 2 +- content/rancher/v2.5/en/istio/_index.md | 8 ++++---- .../enable-istio-with-psp/_index.md | 4 ++-- .../selectors-and-scrape/_index.md | 2 +- content/rancher/v2.5/en/istio/rbac/_index.md | 2 +- .../v2.5/en/istio/release-notes/_index.md | 2 +- .../rancher/v2.5/en/istio/resources/_index.md | 2 +- content/rancher/v2.5/en/istio/setup/_index.md | 16 ++++++++-------- .../en/istio/setup/deploy-workloads/_index.md | 4 ++-- .../setup/enable-istio-in-cluster/_index.md | 4 ++-- .../setup/enable-istio-in-namespace/_index.md | 4 ++-- .../v2.5/en/istio/setup/gateway/_index.md | 4 ++-- .../setup/set-up-traffic-management/_index.md | 4 ++-- .../v2.5/en/istio/setup/view-traffic/_index.md | 2 +- .../v2.5/en/monitoring-alerting/_index.md | 12 +++--------- .../monitoring-alerting/configuration/_index.md | 2 +- .../configuration/advanced/prometheus/_index.md | 2 +- .../advanced/prometheusrules/_index.md | 3 +-- .../configuration/examples/_index.md | 2 +- .../configuration/receiver/_index.md | 2 +- .../configuration/route/_index.md | 2 +- .../en/monitoring-alerting/expression/_index.md | 4 ++-- .../guides/enable-monitoring/_index.md | 8 ++++---- .../guides/migrating/_index.md | 8 ++++---- .../guides/persist-grafana/_index.md | 2 +- .../how-monitoring-works/_index.md | 4 ++-- .../v2.5/en/monitoring-alerting/rbac/_index.md | 2 +- content/rancher/v2.5/en/overview/_index.md | 2 +- .../rancher/v2.5/en/pipelines/config/_index.md | 4 ++-- .../v2.5/en/project-admin/namespaces/_index.md | 7 +++---- .../en/project-admin/project-members/_index.md | 4 ++-- .../en/project-admin/resource-quotas/_index.md | 4 ++-- .../override-container-default/_index.md | 2 +- .../override-namespace-default/_index.md | 8 ++++---- .../v2.5/en/project-admin/tools/_index.md | 10 +++++----- content/rancher/v2.5/en/security/cve/_index.md | 2 +- content/rancher/v2.5/en/system-tools/_index.md | 4 ++-- .../docker-installs/docker-restores/_index.md | 6 +++--- .../rancher-managed/monitoring/_index.md | 2 +- .../rancher-server/deployment-types/_index.md | 2 +- content/rancher/v2.6/en/cis-scans/_index.md | 8 ++++---- content/rancher/v2.6/en/cli/_index.md | 8 ++++---- content/rancher/v2.6/en/cluster-admin/_index.md | 2 +- .../cluster-access/cluster-members/_index.md | 2 +- .../rke-config-reference/_index.md | 2 +- .../projects-and-namespaces/_index.md | 6 +++--- .../cluster-capabilities-table/index.md | 6 +++--- .../hosted-kubernetes-clusters/gke/_index.md | 2 +- .../registered-clusters/_index.md | 2 +- content/rancher/v2.6/en/faq/_index.md | 2 +- .../air-gap/populate-private-registry/_index.md | 2 +- .../single-node-rollbacks/_index.md | 6 +++--- .../single-node-upgrades/_index.md | 2 +- .../en/installation/requirements/ports/_index.md | 2 +- .../resources/advanced/api-audit-log/_index.md | 2 +- .../istio-virtual-service-ui/_index.md | 2 +- content/rancher/v2.6/en/istio/_index.md | 14 +++++++------- .../rancher/v2.6/en/istio/resources/_index.md | 2 +- content/rancher/v2.6/en/istio/setup/_index.md | 16 ++++++++-------- .../en/istio/setup/deploy-workloads/_index.md | 2 +- .../setup/enable-istio-in-cluster/_index.md | 12 ++++++------ .../setup/enable-istio-in-namespace/_index.md | 2 +- .../v2.6/en/istio/setup/gateway/_index.md | 2 +- .../setup/set-up-traffic-management/_index.md | 2 +- .../v2.6/en/istio/setup/view-traffic/_index.md | 2 +- .../v2.6/en/monitoring-alerting/_index.md | 8 +++----- .../advanced/prometheusrules/_index.md | 2 +- .../configuration/examples/_index.md | 2 +- .../configuration/helm-chart-options/_index.md | 4 ++-- .../configuration/route/_index.md | 2 +- .../en/monitoring-alerting/dashboards/_index.md | 12 ++++++------ .../guides/enable-monitoring/_index.md | 8 ++++---- .../how-monitoring-works/_index.md | 4 ++-- content/rancher/v2.6/en/overview/_index.md | 2 +- .../rancher/v2.6/en/pipelines/config/_index.md | 4 ++-- .../v2.6/en/project-admin/namespaces/_index.md | 4 ++-- .../en/project-admin/project-members/_index.md | 2 +- .../en/project-admin/resource-quotas/_index.md | 2 +- .../override-container-default/_index.md | 2 +- .../override-namespace-default/_index.md | 8 ++++---- .../v2.6/en/project-admin/tools/_index.md | 10 +++++----- content/rancher/v2.6/en/security/cve/_index.md | 2 +- content/rancher/v2.6/en/system-tools/_index.md | 4 ++-- layouts/_default/list.html | 2 +- 104 files changed, 215 insertions(+), 227 deletions(-) diff --git a/content/k3s/latest/en/security/self_assessment/_index.md b/content/k3s/latest/en/security/self_assessment/_index.md index 6dc8799df5e..ff7ba082384 100644 --- a/content/k3s/latest/en/security/self_assessment/_index.md +++ b/content/k3s/latest/en/security/self_assessment/_index.md @@ -2040,7 +2040,7 @@ Where access to the Kubernetes API from a pod is required, a specific service ac The default service account should be configured such that it does not provide a service account token and does not have any explicit rights assignments. -**Result:** Fail. Currently requires operator intervention See the [Hardening Guide]({{}}/rancher/k3s/latest/en/security/hardening_guide) for details. +**Result:** Fail. Currently requires operator intervention See the [Hardening Guide]({{}}/k3s/latest/en/security/hardening_guide) for details. **Audit:** For each namespace in the cluster, review the rights assigned to the default service account and ensure that it has no roles or cluster roles bound to it apart from the defaults. Additionally ensure that the automountServiceAccountToken: false setting is in place for each default service account. diff --git a/content/rancher/v2.5/en/backups/docker-installs/docker-restores/_index.md b/content/rancher/v2.5/en/backups/docker-installs/docker-restores/_index.md index cca3af9c994..c3c88f5afb9 100644 --- a/content/rancher/v2.5/en/backups/docker-installs/docker-restores/_index.md +++ b/content/rancher/v2.5/en/backups/docker-installs/docker-restores/_index.md @@ -39,7 +39,7 @@ You can obtain `` and `` by loggi ## Restoring Backups -Using a [backup]({{}}/rancher/v2.5/en/backups/backups/single-node-backups/) that you created earlier, restore Rancher to its last known healthy state. +Using a [backup]({{}}/rancher/v2.5/en/backups/docker-installs/docker-backups/) that you created earlier, restore Rancher to its last known healthy state. 1. Using a remote Terminal connection, log into the node running your Rancher Server. @@ -48,9 +48,9 @@ Using a [backup]({{}}/rancher/v2.5/en/backups/backups/single-node-backu ``` docker stop ``` -1. Move the backup tarball that you created during completion of [Creating Backups—Docker Installs]({{}}/rancher/v2.5/en/backups/backups/single-node-backups/) onto your Rancher Server. Change to the directory that you moved it to. Enter `dir` to confirm that it's there. +1. Move the backup tarball that you created during completion of [Creating Backups—Docker Installs]({{}}/rancher/v2.5/en/backups/docker-installs/docker-backups/) onto your Rancher Server. Change to the directory that you moved it to. Enter `dir` to confirm that it's there. - If you followed the naming convention we suggested in [Creating Backups—Docker Installs]({{}}/rancher/v2.5/en/backups/backups/single-node-backups/), it will have a name similar to `rancher-data-backup--.tar.gz`. + If you followed the naming convention we suggested in [Creating Backups—Docker Installs]({{}}/rancher/v2.5/en/backups/docker-installs/docker-backups/), it will have a name similar to `rancher-data-backup--.tar.gz`. 1. Enter the following command to delete your current state data and replace it with your backup data, replacing the placeholders. Don't forget to close the quotes. diff --git a/content/rancher/v2.5/en/best-practices/rancher-managed/monitoring/_index.md b/content/rancher/v2.5/en/best-practices/rancher-managed/monitoring/_index.md index 24faff8755c..62da3f81540 100644 --- a/content/rancher/v2.5/en/best-practices/rancher-managed/monitoring/_index.md +++ b/content/rancher/v2.5/en/best-practices/rancher-managed/monitoring/_index.md @@ -97,7 +97,7 @@ Sometimes it is useful to monitor workloads from the outside. For this, you can If you have a (micro)service architecture where multiple individual workloads within your cluster are communicating with each other, it is really important to have detailed metrics and traces about this traffic to understand how all these workloads are communicating with each other and where a problem or bottleneck may be. -Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click](https://rancher.com/docs/rancher/v2.5/en/cluster-admin/tools/istio/) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. +Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click]({{}}/rancher/v2.5/en/istio/) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. # Real User Monitoring @@ -119,4 +119,4 @@ When setting up alerts, configure them for all the workloads that are critical t If an alert starts firing, but there is nothing you can do about it at the moment, it's also fine to silence the alert for a certain amount of time, so that you can look at it later. -You can find more information on how to set up alerts and notification channels in the [Rancher Documentation]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5). \ No newline at end of file +You can find more information on how to set up alerts and notification channels in the [Rancher Documentation]({{}}/rancher/v2.5/en/monitoring-alerting). \ No newline at end of file diff --git a/content/rancher/v2.5/en/best-practices/rancher-server/deployment-types/_index.md b/content/rancher/v2.5/en/best-practices/rancher-server/deployment-types/_index.md index 7dc67404bdf..10baf18b84e 100644 --- a/content/rancher/v2.5/en/best-practices/rancher-server/deployment-types/_index.md +++ b/content/rancher/v2.5/en/best-practices/rancher-server/deployment-types/_index.md @@ -36,5 +36,4 @@ However, metrics-driven capacity planning analysis should be the ultimate guidan Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with Prometheus, a leading open-source monitoring solution, and Grafana, which lets you visualize the metrics from Prometheus. -After you [enable monitoring]({{}}/rancher/v2.5/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/) in the cluster, you can set up [a notification channel]({{}}/rancher/v2.5/en/cluster-admin/tools/notifiers/) and [cluster alerts]({{}}/rancher/v2.5/en/cluster-admin/tools/alerts/) to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. - +After you [enable monitoring]({{}}/rancher/v2.5/en/monitoring-alerting) in the cluster, you can set up [a notification channel]({{}}/rancher/v2.5/en/monitoring-alerting/) and alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. \ No newline at end of file diff --git a/content/rancher/v2.5/en/cis-scans/_index.md b/content/rancher/v2.5/en/cis-scans/_index.md index d54e85e2b91..d8d1afce196 100644 --- a/content/rancher/v2.5/en/cis-scans/_index.md +++ b/content/rancher/v2.5/en/cis-scans/_index.md @@ -294,9 +294,9 @@ Alerts can be configured to be sent out for a scan that runs on a schedule. > **Prerequisite:** > -> Before enabling alerts for `rancher-cis-benchmark`, make sure to install the `rancher-monitoring` application and configure the Receivers and Routes. For more information, see [this section.]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration/alertmanager/) +> Before enabling alerts for `rancher-cis-benchmark`, make sure to install the `rancher-monitoring` application and configure the Receivers and Routes. For more information, see [this section.]({{}}/rancher/v2.5/en/monitoring-alerting/configuration/alertmanager/) > -> While configuring the routes for `rancher-cis-benchmark` alerts, you can specify the matching using the key-value pair `job: rancher-cis-scan`. An example route configuration is [here.]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration/alertmanager/#example-route-config-for-cis-scan-alerts) +> While configuring the routes for `rancher-cis-benchmark` alerts, you can specify the matching using the key-value pair `job: rancher-cis-scan`. An example route configuration is [here.]({{}}/rancher/v2.5/en/monitoring-alerting/configuration/alertmanager/#example-route-config-for-cis-scan-alerts) While installing or upgrading the `rancher-cis-benchmark` application, set the following flag to `true` in the `values.yaml`: @@ -321,9 +321,9 @@ The `rancher-cis-benchmark` application supports two types of alerts: > **Prerequisite:** > -> Before enabling alerts for `rancher-cis-benchmark`, make sure to install the `rancher-monitoring` application and configure the Receivers and Routes. For more information, see [this section.]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration/alertmanager/) +> Before enabling alerts for `rancher-cis-benchmark`, make sure to install the `rancher-monitoring` application and configure the Receivers and Routes. For more information, see [this section.]({{}}/rancher/v2.5/en/monitoring-alerting/configuration/alertmanager/) > -> While configuring the routes for `rancher-cis-benchmark` alerts, you can specify the matching using the key-value pair `job: rancher-cis-scan`. An example route configuration is [here.]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration/alertmanager/#example-route-config-for-cis-scan-alerts) +> While configuring the routes for `rancher-cis-benchmark` alerts, you can specify the matching using the key-value pair `job: rancher-cis-scan`. An example route configuration is [here.]({{}}/rancher/v2.5/en/monitoring-alerting/configuration/alertmanager/#example-route-config-for-cis-scan-alerts) To configure alerts for a scan that runs on a schedule, diff --git a/content/rancher/v2.5/en/cli/_index.md b/content/rancher/v2.5/en/cli/_index.md index 7c1f5b96006..0413cdde5ed 100644 --- a/content/rancher/v2.5/en/cli/_index.md +++ b/content/rancher/v2.5/en/cli/_index.md @@ -33,7 +33,7 @@ If Rancher Server uses a self-signed certificate, Rancher CLI prompts you to con ### Project Selection -Before you can perform any commands, you must select a Rancher project to perform those commands against. To select a [project]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/) to work on, use the command `./rancher context switch`. When you enter this command, a list of available projects displays. Enter a number to choose your project. +Before you can perform any commands, you must select a Rancher project to perform those commands against. To select a [project]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/) to work on, use the command `./rancher context switch`. When you enter this command, a list of available projects displays. Enter a number to choose your project. **Example: `./rancher context switch` Output** ``` @@ -62,13 +62,13 @@ The following commands are available for use in Rancher CLI. | `apps, [app]` | Performs operations on catalog applications (i.e. individual [Helm charts](https://docs.helm.sh/developing_charts/) or Rancher charts. | | `catalog` | Performs operations on [catalogs]({{}}/rancher/v2.5/en/catalog/). | | `clusters, [cluster]` | Performs operations on your [clusters]({{}}/rancher/v2.5/en/cluster-provisioning/). | -| `context` | Switches between Rancher [projects]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/). For an example, see [Project Selection](#project-selection). | -| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/) and [workloads]({{}}/rancher/v2.5/en/k8s-in-rancher/workloads/)). Specify resources by name or ID. | +| `context` | Switches between Rancher [projects]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/). For an example, see [Project Selection](#project-selection). | +| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/) and [workloads]({{}}/rancher/v2.5/en/k8s-in-rancher/workloads/)). Specify resources by name or ID. | | `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | | `namespaces, [namespace]` |Performs operations on namespaces. | | `nodes, [node]` |Performs operations on nodes. | -| `projects, [project]` | Performs operations on [projects]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/). | +| `projects, [project]` | Performs operations on [projects]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/). | | `ps` | Displays [workloads]({{}}/rancher/v2.5/en/k8s-in-rancher/workloads) in a project. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | diff --git a/content/rancher/v2.5/en/cluster-admin/_index.md b/content/rancher/v2.5/en/cluster-admin/_index.md index 9b2c0d73d25..0dc0346a6be 100644 --- a/content/rancher/v2.5/en/cluster-admin/_index.md +++ b/content/rancher/v2.5/en/cluster-admin/_index.md @@ -36,4 +36,3 @@ Rancher contains a variety of tools that aren't included in Kubernetes to assist - Istio Service Mesh - OPA Gatekeeper -For more information, see [Tools]({{}}/rancher/v2.5/en/cluster-admin/tools/) diff --git a/content/rancher/v2.5/en/cluster-admin/cluster-access/cluster-members/_index.md b/content/rancher/v2.5/en/cluster-admin/cluster-access/cluster-members/_index.md index 9c4bf05aea6..2de644655de 100644 --- a/content/rancher/v2.5/en/cluster-admin/cluster-access/cluster-members/_index.md +++ b/content/rancher/v2.5/en/cluster-admin/cluster-access/cluster-members/_index.md @@ -10,7 +10,7 @@ aliases: If you want to provide a user with access and permissions to _all_ projects, nodes, and resources within a cluster, assign the user a cluster membership. ->**Tip:** Want to provide a user with access to a _specific_ project within a cluster? See [Adding Project Members]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/project-members/) instead. +>**Tip:** Want to provide a user with access to a _specific_ project within a cluster? See [Adding Project Members]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/project-members/) instead. There are two contexts where you can add cluster members: diff --git a/content/rancher/v2.5/en/cluster-admin/projects-and-namespaces/_index.md b/content/rancher/v2.5/en/cluster-admin/projects-and-namespaces/_index.md index b495d62f208..cc6f053a2fc 100644 --- a/content/rancher/v2.5/en/cluster-admin/projects-and-namespaces/_index.md +++ b/content/rancher/v2.5/en/cluster-admin/projects-and-namespaces/_index.md @@ -42,7 +42,7 @@ You can assign the following resources directly to namespaces: - [Workloads]({{}}/rancher/v2.5/en/k8s-in-rancher/workloads/) - [Load Balancers/Ingress]({{}}/rancher/v2.5/en/k8s-in-rancher/load-balancers-and-ingress/) - [Service Discovery Records]({{}}/rancher/v2.5/en/k8s-in-rancher/service-discovery/) -- [Persistent Volume Claims]({{}}/rancher/v2.5/en/k8s-in-rancher/volumes-and-storage/persistent-volume-claims/) +- [Persistent Volume Claims]({{}}/rancher/v2.5/en/cluster-admin/volumes-and-storage/) - [Certificates]({{}}/rancher/v2.5/en/k8s-in-rancher/certificates/) - [ConfigMaps]({{}}/rancher/v2.5/en/k8s-in-rancher/configmaps/) - [Registries]({{}}/rancher/v2.5/en/k8s-in-rancher/registries/) @@ -75,7 +75,7 @@ In the base version of Kubernetes, features like role-based access rights or clu You can use projects to perform actions such as: -- Assign users to a group of namespaces (i.e., [project membership]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/project-members)). +- Assign users to a group of namespaces (i.e., [project membership]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/project-members)). - Assign users specific roles in a project. A role can be owner, member, read-only, or [custom]({{}}/rancher/v2.5/en/admin-settings/rbac/default-custom-roles/). - Assign resources to the project. - Assign Pod Security Policies. @@ -165,12 +165,12 @@ To add members: ### 4. Optional: Add Resource Quotas -Resource quotas limit the resources that a project (and its namespaces) can consume. For more information, see [Resource Quotas]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/resource-quotas). +Resource quotas limit the resources that a project (and its namespaces) can consume. For more information, see [Resource Quotas]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/resource-quotas). To add a resource quota, 1. Click **Add Quota**. -1. Select a Resource Type. For more information, see [Resource Quotas.]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/). +1. Select a Resource Type. For more information, see [Resource Quotas.]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/resource-quotas/). 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. 1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit]({{}}/rancher/v2.5/en/project-admin/resource-quotas/) 1. Click **Create**. diff --git a/content/rancher/v2.5/en/cluster-admin/volumes-and-storage/examples/vsphere/_index.md b/content/rancher/v2.5/en/cluster-admin/volumes-and-storage/examples/vsphere/_index.md index cf7375dc2ad..e13c34e6174 100644 --- a/content/rancher/v2.5/en/cluster-admin/volumes-and-storage/examples/vsphere/_index.md +++ b/content/rancher/v2.5/en/cluster-admin/volumes-and-storage/examples/vsphere/_index.md @@ -5,7 +5,7 @@ aliases: - /rancher/v2.5/en/tasks/clusters/adding-storage/provisioning-storage/vsphere/ --- -To provide stateful workloads with vSphere storage, we recommend creating a vSphereVolume StorageClass. This practice dynamically provisions vSphere storage when workloads request volumes through a [persistent volume claim]({{}}/rancher/v2.5/en/k8s-in-rancher/volumes-and-storage/persistent-volume-claims/). +To provide stateful workloads with vSphere storage, we recommend creating a vSphereVolume StorageClass. This practice dynamically provisions vSphere storage when workloads request volumes through a persistent volume claim. In order to dynamically provision storage in vSphere, the vSphere provider must be [enabled.]({{}}/rancher/v2.5/en/cluster-provisioning/rke-clusters/cloud-providers/vsphere) diff --git a/content/rancher/v2.5/en/cluster-provisioning/cluster-capabilities-table/index.md b/content/rancher/v2.5/en/cluster-provisioning/cluster-capabilities-table/index.md index ecd96cc3210..16ee4674be7 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/cluster-capabilities-table/index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/cluster-capabilities-table/index.md @@ -14,7 +14,7 @@ headless: true | [Managing Persistent Volumes and Storage Classes]({{}}/rancher/v2.5/en/cluster-admin/volumes-and-storage/) | ✓ | ✓ | ✓ | ✓ | | [Managing Projects, Namespaces and Workloads]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/) | ✓ | ✓ | ✓ | ✓ | | [Using App Catalogs]({{}}/rancher/v2.5/en/catalog/) | ✓ | ✓ | ✓ | ✓ | -| [Configuring Tools (Alerts, Notifiers, Logging, Monitoring, Istio)]({{}}/rancher/v2.5/en/cluster-admin/tools/) | ✓ | ✓ | ✓ | ✓ | +| Configuring Tools (Alerts, Notifiers, Logging, Monitoring, Istio) | ✓ | ✓ | ✓ | ✓ | | [Running Security Scans]({{}}/rancher/v2.5/en/security/security-scan/) | ✓ | ✓ | ✓ | ✓ | | [Use existing configuration to create additional clusters]({{}}/rancher/v2.5/en/cluster-admin/cloning-clusters/)| ✓ | ✓ |✓ | | | [Ability to rotate certificates]({{}}/rancher/v2.5/en/cluster-admin/certificate-rotation/) | ✓ | ✓ | | | @@ -25,7 +25,7 @@ headless: true 1. Registered GKE and EKS clusters have the same options available as GKE and EKS clusters created from the Rancher UI. The difference is that when a registered cluster is deleted from the Rancher UI, [it is not destroyed.]({{}}/rancher/v2.5/en/cluster-provisioning/registered-clusters/#additional-features-for-registered-eks-and-gke-clusters) -2. Cluster configuration options can't be edited for registered clusters, except for [K3s and RKE2 clusters.]({{}}/rancher/v2.5/en/cluster-provisioning/imported-clusters/) +2. Cluster configuration options can't be edited for registered clusters, except for [K3s and RKE2 clusters.]({{}}/rancher/v2.5/en/cluster-provisioning/registered-clusters/) 3. For registered cluster nodes, the Rancher UI exposes the ability to cordon, drain, and edit the node. @@ -43,7 +43,7 @@ headless: true | [Managing Persistent Volumes and Storage Classes]({{}}/rancher/v2.5/en/cluster-admin/volumes-and-storage/) | ✓ | ✓ | ✓ | ✓ | | [Managing Projects, Namespaces and Workloads]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/) | ✓ | ✓ | ✓ | ✓ | | [Using App Catalogs]({{}}/rancher/v2.5/en/catalog/) | ✓ | ✓ | ✓ | ✓ | -| [Configuring Tools (Alerts, Notifiers, Logging, Monitoring, Istio)]({{}}/rancher/v2.5/en/cluster-admin/tools/) | ✓ | ✓ | ✓ | ✓ | +| Configuring Tools (Alerts, Notifiers, Logging, Monitoring, Istio) | ✓ | ✓ | ✓ | ✓ | | [Running Security Scans]({{}}/rancher/v2.5/en/security/security-scan/) | ✓ | ✓ | ✓ | ✓ | | [Use existing configuration to create additional clusters]({{}}/rancher/v2.5/en/cluster-admin/cloning-clusters/)| ✓ | ✓ |✓ | | | [Ability to rotate certificates]({{}}/rancher/v2.5/en/cluster-admin/certificate-rotation/) | ✓ | | ✓ | | @@ -52,7 +52,7 @@ headless: true | [Configuring Pod Security Policies]({{}}/rancher/v2.5/en/cluster-admin/pod-security-policy/) | ✓ | | ✓ | | | [Authorized Cluster Endpoint]({{}}/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/#authorized-cluster-endpoint) | ✓ | | | -1. Cluster configuration options can't be edited for registered clusters, except for [K3s and RKE2 clusters.]({{}}/rancher/v2.5/en/cluster-provisioning/imported-clusters/) +1. Cluster configuration options can't be edited for registered clusters, except for [K3s and RKE2 clusters.]({{}}/rancher/v2.5/en/cluster-provisioning/registered-clusters/) 2. For registered cluster nodes, the Rancher UI exposes the ability to cordon, drain, and edit the node. diff --git a/content/rancher/v2.5/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md b/content/rancher/v2.5/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md index f08ef05e22e..ebdf643296d 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md @@ -70,7 +70,7 @@ Use Rancher to set up and configure your Kubernetes cluster. 1. Optional: Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Optional: Add Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to the cluster. 1. Enter your Google project ID and your Google cloud credentials. -1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](./config-reference) +1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.]({{}}/rancher/v2.5/en/cluster-admin/editing-clusters/gke-config-reference) 1. Click **Create.** **Result:** You have successfully deployed a GKE cluster. diff --git a/content/rancher/v2.5/en/cluster-provisioning/registered-clusters/_index.md b/content/rancher/v2.5/en/cluster-provisioning/registered-clusters/_index.md index df9391f9454..34fd7d6a113 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/registered-clusters/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/registered-clusters/_index.md @@ -97,7 +97,7 @@ Greater management capabilities are now available for [registered GKE clusters.] After registering a cluster, the cluster owner can: - [Manage cluster access]({{}}/rancher/v2.5/en/admin-settings/rbac/cluster-project-roles/) through role-based access control -- Enable [monitoring, alerts and notifiers]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/) +- Enable [monitoring, alerts and notifiers]({{}}/rancher/v2.5/en/monitoring-alerting/) - Enable [logging]({{}}/rancher/v2.5/en/logging/v2.5/) - Enable [Istio]({{}}/rancher/v2.5/en/istio/v2.5/) - Use [pipelines]({{}}/rancher/v2.5/en/project-admin/pipelines/) @@ -138,7 +138,7 @@ The capabilities for registered clusters are listed in the table on [this page.] After registering a cluster, the cluster owner can: - [Manage cluster access]({{}}/rancher/v2.5/en/admin-settings/rbac/cluster-project-roles/) through role-based access control -- Enable [monitoring, alerts and notifiers]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/) +- Enable [monitoring, alerts and notifiers]({{}}/rancher/v2.5/en/monitoring-alerting/) - Enable [logging]({{}}/rancher/v2.5/en/logging/v2.5/) - Enable [Istio]({{}}/rancher/v2.5/en/istio/v2.5/) - Use [pipelines]({{}}/rancher/v2.5/en/project-admin/pipelines/) diff --git a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md index 7105f8937d3..df6208803e4 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md @@ -83,7 +83,7 @@ To enable project network isolation as a cluster option, you will need to use Ca ### Kubernetes Cloud Providers -You can configure a [Kubernetes cloud provider]({{}}/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/cloud-providers). If you want to use [volumes and storage]({{}}/rancher/v2.5/en/k8s-in-rancher/volumes-and-storage/) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider]({{}}/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/cloud-providers). If you want to use [volumes and storage]({{}}/rancher/v2.5/en/cluster-admin/volumes-and-storage/) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. >**Note:** If the cloud provider you want to use is not listed as an option, you will need to use the [config file option](#cluster-config-file) to configure the cloud provider. Please reference the [RKE cloud provider documentation]({{}}/rke/latest/en/config-options/cloud-providers/) on how to configure the cloud provider. @@ -286,7 +286,7 @@ See [Docker Root Directory](#docker-root-directory). ### enable_cluster_monitoring -Option to enable or disable [Cluster Monitoring]({{}}/rancher/v2.5/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/). +Option to enable or disable [Cluster Monitoring]({{}}/rancher/v2.5/en/monitoring-alerting/). ### enable_network_policy diff --git a/content/rancher/v2.5/en/faq/_index.md b/content/rancher/v2.5/en/faq/_index.md index 47366434f30..339e94a09fd 100644 --- a/content/rancher/v2.5/en/faq/_index.md +++ b/content/rancher/v2.5/en/faq/_index.md @@ -31,7 +31,7 @@ As of Rancher 2.3.0, we support Windows Server 1809 containers. For details on h **Does Rancher support Istio?** -As of Rancher 2.3.0, we support [Istio.]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/) +As of Rancher 2.3.0, we support [Istio.]({{}}/rancher/v2.5/en/istio/) Furthermore, Istio is implemented in our micro-PaaS "Rio", which works on Rancher 2.x along with any CNCF compliant Kubernetes cluster. You can read more about it [here](https://rio.io/) diff --git a/content/rancher/v2.5/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md b/content/rancher/v2.5/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md index 8e0e020ffa0..ec3ff56d2c7 100644 --- a/content/rancher/v2.5/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md +++ b/content/rancher/v2.5/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md @@ -11,7 +11,7 @@ aliases: This section describes how to set up your private registry so that when you install Rancher, Rancher will pull all the required images from this registry. -By default, all images used to [provision Kubernetes clusters]({{}}/rancher/v2.5/en/cluster-provisioning/) or launch any [tools]({{}}/rancher/v2.5/en/cluster-admin/tools/) in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. +By default, all images used to [provision Kubernetes clusters]({{}}/rancher/v2.5/en/cluster-provisioning/) or launch any tools in Rancher, e.g. monitoring and logging, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. Populating the private registry with images is the same process for installing Rancher with Docker and for installing Rancher on a Kubernetes cluster. diff --git a/content/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md b/content/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md index 8ef7afd2e77..60c84fdda6a 100644 --- a/content/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md +++ b/content/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md @@ -6,7 +6,7 @@ aliases: - /rancher/v2.5/en/upgrades/rollbacks/single-node-rollbacks --- -If a Rancher upgrade does not complete successfully, you'll have to roll back to your Rancher setup that you were using before [Docker Upgrade]({{}}/rancher/v2.5/en/upgrades/upgrades/single-node-upgrade). Rolling back restores: +If a Rancher upgrade does not complete successfully, you'll have to roll back to your Rancher setup that you were using before [Docker Upgrade]({{}}/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-upgrades). Rolling back restores: - Your previous version of Rancher. - Your data backup created before upgrade. @@ -59,9 +59,9 @@ If you have issues upgrading Rancher, roll it back to its latest known healthy s ``` You can obtain the name for your Rancher container by entering `docker ps`. -1. Move the backup tarball that you created during completion of [Docker Upgrade]({{}}/rancher/v2.5/en/upgrades/upgrades/single-node-upgrade/) onto your Rancher Server. Change to the directory that you moved it to. Enter `dir` to confirm that it's there. +1. Move the backup tarball that you created during completion of [Docker Upgrade]({{}}/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-upgrades) onto your Rancher Server. Change to the directory that you moved it to. Enter `dir` to confirm that it's there. - If you followed the naming convention we suggested in [Docker Upgrade]({{}}/rancher/v2.5/en/upgrades/upgrades/single-node-upgrade/), it will have a name similar to (`rancher-data-backup--.tar.gz`). + If you followed the naming convention we suggested in [Docker Upgrade]({{}}/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-upgrades), it will have a name similar to (`rancher-data-backup--.tar.gz`). 1. Run the following command to replace the data in the `rancher-data` container with the data in the backup tarball, replacing the placeholder. Don't forget to close the quotes. diff --git a/content/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md b/content/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md index a4b9b4b9583..bf63fce7721 100644 --- a/content/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md +++ b/content/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md @@ -361,4 +361,4 @@ Remove the previous Rancher server container. If you only stop the previous Ranc # Rolling Back -If your upgrade does not complete successfully, you can roll back Rancher server and its data back to its last healthy state. For more information, see [Docker Rollback]({{}}/rancher/v2.5/en/upgrades/rollbacks/single-node-rollbacks/). +If your upgrade does not complete successfully, you can roll back Rancher server and its data back to its last healthy state. For more information, see [Docker Rollback]({{}}/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks). diff --git a/content/rancher/v2.5/en/installation/requirements/ports/_index.md b/content/rancher/v2.5/en/installation/requirements/ports/_index.md index eec93a29b24..050c2812757 100644 --- a/content/rancher/v2.5/en/installation/requirements/ports/_index.md +++ b/content/rancher/v2.5/en/installation/requirements/ports/_index.md @@ -223,7 +223,7 @@ Note: Registered clusters were called imported clusters before Rancher v2.5. {{% accordion label="Click to expand" %}} -The following table depicts the port requirements for [registered clusters]({{}}/rancher/v2.5/en/cluster-provisioning/imported-clusters/). +The following table depicts the port requirements for [registered clusters]({{}}/rancher/v2.5/en/cluster-provisioning/registered-clusters/). {{< ports-imported-hosted >}} diff --git a/content/rancher/v2.5/en/installation/resources/advanced/api-audit-log/_index.md b/content/rancher/v2.5/en/installation/resources/advanced/api-audit-log/_index.md index 3f6dd0ce9a8..2031bc16ddf 100644 --- a/content/rancher/v2.5/en/installation/resources/advanced/api-audit-log/_index.md +++ b/content/rancher/v2.5/en/installation/resources/advanced/api-audit-log/_index.md @@ -70,7 +70,7 @@ kubectl -n cattle-system logs -f rancher-84d886bdbb-s4s69 rancher-audit-log #### Shipping the Audit Log -You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging]({{}}/rancher/v2.5/en/cluster-admin/tools/logging) for details. +You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Logging]({{}}/rancher/v2.5/en/logging) for details. ## Audit Log Samples diff --git a/content/rancher/v2.5/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md b/content/rancher/v2.5/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md index 3a58666d5da..1268d362783 100644 --- a/content/rancher/v2.5/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md +++ b/content/rancher/v2.5/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md @@ -7,7 +7,7 @@ aliases: This feature enables a UI that lets you create, read, update and delete virtual services and destination rules, which are traffic management features of Istio. -> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup) in order to use the feature. +> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster]({{}}/rancher/v2.5/en/istio/setup) in order to use the feature. To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.]({{}}/rancher/v2.5/en/installation/options/feature-flags/) diff --git a/content/rancher/v2.5/en/istio/_index.md b/content/rancher/v2.5/en/istio/_index.md index 4f6111057d7..96fee78c282 100644 --- a/content/rancher/v2.5/en/istio/_index.md +++ b/content/rancher/v2.5/en/istio/_index.md @@ -17,7 +17,7 @@ This core service mesh provides features that include but are not limited to the - **Security** with resources to authenticate and authorize traffic and users, mTLS included. - **Observability** of logs, metrics, and distributed traffic flows. -After [setting up istio]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup) you can leverage Istio's control plane functionality through the Cluster Explorer, `kubectl`, or `istioctl`. +After [setting up istio]({{}}/rancher/v2.5/en/istio/setup) you can leverage Istio's control plane functionality through the Cluster Explorer, `kubectl`, or `istioctl`. Istio needs to be set up by a `cluster-admin` before it can be used in a project. @@ -65,13 +65,13 @@ Note that this is not a production-qualified deployment of Jaeger. This deployme # Prerequisites -Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/resources) to run all of the components of Istio. +Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory]({{}}/rancher/v2.5/en/istio/resources) to run all of the components of Istio. If you are installing Istio on RKE2 cluster, some additional steps are required. For details, see [this section.](#additional-steps-for-installing-istio-on-an-rke2-cluster) # Setup Guide -Refer to the [setup guide]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup) for instructions on how to set up Istio and use it in a project. +Refer to the [setup guide]({{}}/rancher/v2.5/en/istio/setup) for instructions on how to set up Istio and use it in a project. # Remove Istio @@ -87,7 +87,7 @@ Another option is to manually uninstall istio resources one at a time, but leave # Accessing Visualizations -> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/rbac/) +> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.]({{}}/rancher/v2.5/en/istio/rbac/) After Istio is set up in a cluster, Grafana, Prometheus,and Kiali are available in the Rancher UI. diff --git a/content/rancher/v2.5/en/istio/configuration-reference/enable-istio-with-psp/_index.md b/content/rancher/v2.5/en/istio/configuration-reference/enable-istio-with-psp/_index.md index d3d2b0809a9..a98cbf8ffd6 100644 --- a/content/rancher/v2.5/en/istio/configuration-reference/enable-istio-with-psp/_index.md +++ b/content/rancher/v2.5/en/istio/configuration-reference/enable-istio-with-psp/_index.md @@ -2,7 +2,7 @@ title: Enable Istio with Pod Security Policies weight: 1 aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/setup/enable-istio-in-cluster/enable-istio-with-psp + - /rancher/v2.5/en/istio/setup/enable-istio-in-cluster/enable-istio-with-psp - /rancher/v2.5/en/istio/legacy/setup/enable-istio-in-cluster/enable-istio-with-psp - /rancher/v2.5/en/istio/v2.5/setup/enable-istio-in-cluster/enable-istio-with-psp - /rancher/v2.5/en/istio/v2.5/configuration-reference/enable-istio-with-psp @@ -102,7 +102,7 @@ Verify that the CNI is working by deploying a [sample application](https://istio ### 3. Install Istio -Follow the [primary instructions]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/enable-istio-in-cluster/), adding a custom answer: `istio_cni.enabled: true`. +Follow the [primary instructions]({{}}/rancher/v2.5/en/istio/setup/enable-istio-in-cluster/), adding a custom answer: `istio_cni.enabled: true`. After Istio has finished installing, the Apps page in System Projects should show both istio and `istio-cni` applications deployed successfully. Sidecar injection will now be functional. diff --git a/content/rancher/v2.5/en/istio/configuration-reference/selectors-and-scrape/_index.md b/content/rancher/v2.5/en/istio/configuration-reference/selectors-and-scrape/_index.md index f9f3cd833e4..818267243be 100644 --- a/content/rancher/v2.5/en/istio/configuration-reference/selectors-and-scrape/_index.md +++ b/content/rancher/v2.5/en/istio/configuration-reference/selectors-and-scrape/_index.md @@ -3,7 +3,7 @@ title: Selectors and Scrape Configs weight: 2 aliases: - /rancher/v2.5/en/istio/v2.5/configuration-reference/selectors-and-scrape - - /rancher/v2.5/en/cluster-admin/tools/istio/setup/node-selectors + - /rancher/v2.5/en/istio/setup/node-selectors --- The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false`, which enables monitoring across all namespaces by default. diff --git a/content/rancher/v2.5/en/istio/rbac/_index.md b/content/rancher/v2.5/en/istio/rbac/_index.md index 2ba726b15eb..9175e47d60f 100644 --- a/content/rancher/v2.5/en/istio/rbac/_index.md +++ b/content/rancher/v2.5/en/istio/rbac/_index.md @@ -2,7 +2,7 @@ title: Role-based Access Control weight: 3 aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/rbac + - /rancher/v2.5/en/istio/rbac - /rancher/v2.5/en/istio/v2.5/rbac --- diff --git a/content/rancher/v2.5/en/istio/release-notes/_index.md b/content/rancher/v2.5/en/istio/release-notes/_index.md index 9569861b218..855e663f020 100644 --- a/content/rancher/v2.5/en/istio/release-notes/_index.md +++ b/content/rancher/v2.5/en/istio/release-notes/_index.md @@ -1,7 +1,7 @@ --- title: Release Notes aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/release-notes + - /rancher/v2.5/en/istio/release-notes - /rancher/v2.5/en/istio/v2.5/release-notes --- diff --git a/content/rancher/v2.5/en/istio/resources/_index.md b/content/rancher/v2.5/en/istio/resources/_index.md index 274fcd34b34..aaec78266c8 100644 --- a/content/rancher/v2.5/en/istio/resources/_index.md +++ b/content/rancher/v2.5/en/istio/resources/_index.md @@ -4,7 +4,7 @@ weight: 1 aliases: - /rancher/v2.5/en/project-admin/istio/configuring-resource-allocations/ - /rancher/v2.5/en/project-admin/istio/config/ - - /rancher/v2.5/en/cluster-admin/tools/istio/resources + - /rancher/v2.5/en/istio/resources - /rancher/v2.5/en/istio/v2.5/resources --- diff --git a/content/rancher/v2.5/en/istio/setup/_index.md b/content/rancher/v2.5/en/istio/setup/_index.md index d91e57aba5c..2f590b97e0a 100644 --- a/content/rancher/v2.5/en/istio/setup/_index.md +++ b/content/rancher/v2.5/en/istio/setup/_index.md @@ -2,7 +2,7 @@ title: Setup Guide weight: 2 aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/setup + - /rancher/v2.5/en/istio/setup - /rancher/v2.5/en/istio/v2.5/setup/ --- @@ -14,18 +14,18 @@ If you use Istio for traffic management, you will need to allow external traffic This guide assumes you have already [installed Rancher,]({{}}/rancher/v2.5/en/installation) and you have already [provisioned a separate Kubernetes cluster]({{}}/rancher/v2.5/en/cluster-provisioning) on which you will install Istio. -The nodes in your cluster must meet the [CPU and memory requirements.]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/resources/) +The nodes in your cluster must meet the [CPU and memory requirements.]({{}}/rancher/v2.5/en/istio/resources/) The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) # Install -> **Quick Setup** If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/gateway) and [setting up Istio's components for traffic management.]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/set-up-traffic-management) +> **Quick Setup** If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway]({{}}/rancher/v2.5/en/istio/setup/gateway) and [setting up Istio's components for traffic management.]({{}}/rancher/v2.5/en/istio/setup/set-up-traffic-management) -1. [Enable Istio in the cluster.]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/enable-istio-in-cluster) -1. [Enable Istio in all the namespaces where you want to use it.]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/enable-istio-in-namespace) -1. [Add deployments and services that have the Istio sidecar injected.]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/deploy-workloads) -1. [Set up the Istio gateway. ]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/gateway) -1. [Set up Istio's components for traffic management.]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/set-up-traffic-management) +1. [Enable Istio in the cluster.]({{}}/rancher/v2.5/en/istio/setup/enable-istio-in-cluster) +1. [Enable Istio in all the namespaces where you want to use it.]({{}}/rancher/v2.5/en/istio/setup/enable-istio-in-namespace) +1. [Add deployments and services that have the Istio sidecar injected.]({{}}/rancher/v2.5/en/istio/setup/deploy-workloads) +1. [Set up the Istio gateway. ]({{}}/rancher/v2.5/en/istio/setup/gateway) +1. [Set up Istio's components for traffic management.]({{}}/rancher/v2.5/en/istio/setup/set-up-traffic-management) 1. [Generate traffic and see Istio in action.]({{}}/rancher/v2.5/en/istio/v2.5/setup/view-traffic/ ) diff --git a/content/rancher/v2.5/en/istio/setup/deploy-workloads/_index.md b/content/rancher/v2.5/en/istio/setup/deploy-workloads/_index.md index 4222e2c4e55..0d2027b380a 100644 --- a/content/rancher/v2.5/en/istio/setup/deploy-workloads/_index.md +++ b/content/rancher/v2.5/en/istio/setup/deploy-workloads/_index.md @@ -2,7 +2,7 @@ title: 3. Add Deployments and Services with the Istio Sidecar weight: 4 aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/setup/deploy-workloads + - /rancher/v2.5/en/istio/setup/deploy-workloads - /rancher/v2.5/en/istio/v2.5/setup/deploy-workloads --- @@ -347,4 +347,4 @@ spec: --- ``` -### [Next: Set up the Istio Gateway]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/gateway) +### [Next: Set up the Istio Gateway]({{}}/rancher/v2.5/en/istio/setup/gateway) diff --git a/content/rancher/v2.5/en/istio/setup/enable-istio-in-cluster/_index.md b/content/rancher/v2.5/en/istio/setup/enable-istio-in-cluster/_index.md index 1f7f9546c31..be1175394a7 100644 --- a/content/rancher/v2.5/en/istio/setup/enable-istio-in-cluster/_index.md +++ b/content/rancher/v2.5/en/istio/setup/enable-istio-in-cluster/_index.md @@ -2,7 +2,7 @@ title: 1. Enable Istio in the Cluster weight: 1 aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/setup/enable-istio-in-cluster + - /rancher/v2.5/en/istio/setup/enable-istio-in-cluster - /rancher/v2.5/en/istio/v2.5/setup/enable-istio-in-cluster --- @@ -16,7 +16,7 @@ aliases: 1. From the **Cluster Explorer**, navigate to available **Charts** in **Apps & Marketplace** 1. Select the Istio chart from the rancher provided charts 1. If you have not already installed your own monitoring app, you will be prompted to install the rancher-monitoring app. Optional: Set your Selector or Scrape config options on rancher-monitoring app install. -1. Optional: Configure member access and [resource limits]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/resources/) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. +1. Optional: Configure member access and [resource limits]({{}}/rancher/v2.5/en/istio/resources/) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. 1. Optional: Make additional configuration changes to values.yaml if needed. 1. Optional: Add additional resources or configuration via the [overlay file.]({{}}/rancher/v2.5/en/istio/v2.5/configuration-reference/#overlay-file) 1. Click **Install**. diff --git a/content/rancher/v2.5/en/istio/setup/enable-istio-in-namespace/_index.md b/content/rancher/v2.5/en/istio/setup/enable-istio-in-namespace/_index.md index e0671cc9f0a..04f868bdbf9 100644 --- a/content/rancher/v2.5/en/istio/setup/enable-istio-in-namespace/_index.md +++ b/content/rancher/v2.5/en/istio/setup/enable-istio-in-namespace/_index.md @@ -2,7 +2,7 @@ title: 2. Enable Istio in a Namespace weight: 2 aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/setup/enable-istio-in-namespace + - /rancher/v2.5/en/istio/setup/enable-istio-in-namespace - /rancher/v2.5/en/istio/v2.5/setup/enable-istio-in-namespace --- @@ -41,4 +41,4 @@ To add the annotation to a workload, > **NOTE:** If you are having issues with a Job you deployed not completing, you will need to add this annotation to your pod using the provided steps. Since Istio Sidecars run indefinitely, a Job cannot be considered complete even after its task has completed. -### [Next: Select the Nodes ]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/node-selectors) \ No newline at end of file +### [Next: Select the Nodes ]({{}}/rancher/v2.5/en/istio/setup/node-selectors) \ No newline at end of file diff --git a/content/rancher/v2.5/en/istio/setup/gateway/_index.md b/content/rancher/v2.5/en/istio/setup/gateway/_index.md index 9de3c567a77..ca85b25b367 100644 --- a/content/rancher/v2.5/en/istio/setup/gateway/_index.md +++ b/content/rancher/v2.5/en/istio/setup/gateway/_index.md @@ -2,7 +2,7 @@ title: 4. Set up the Istio Gateway weight: 5 aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/setup/gateway + - /rancher/v2.5/en/istio/setup/gateway - /rancher/v2.5/en/istio/v2.5/setup/gateway --- @@ -140,4 +140,4 @@ In the gateway resource, the selector refers to Istio's default ingress controll 1. Scroll down to the `istio-system` namespace. 1. Within `istio-system`, there is a workload named `istio-ingressgateway`. Click the name of this workload and go to the **Labels and Annotations** section. You should see that it has the key `istio` and the value `ingressgateway`. This confirms that the selector in the Gateway resource matches Istio's default ingress controller. -### [Next: Set up Istio's Components for Traffic Management]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/set-up-traffic-management) +### [Next: Set up Istio's Components for Traffic Management]({{}}/rancher/v2.5/en/istio/setup/set-up-traffic-management) diff --git a/content/rancher/v2.5/en/istio/setup/set-up-traffic-management/_index.md b/content/rancher/v2.5/en/istio/setup/set-up-traffic-management/_index.md index 4aa72b7174b..cb21962e371 100644 --- a/content/rancher/v2.5/en/istio/setup/set-up-traffic-management/_index.md +++ b/content/rancher/v2.5/en/istio/setup/set-up-traffic-management/_index.md @@ -2,7 +2,7 @@ title: 5. Set up Istio's Components for Traffic Management weight: 6 aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/setup/set-up-traffic-management + - /rancher/v2.5/en/istio/setup/set-up-traffic-management - /rancher/v2.5/en/istio/v2.5/setup/set-up-traffic-management --- @@ -74,4 +74,4 @@ spec: **Result:** When you generate traffic to this service (for example, by refreshing the ingress gateway URL), the Kiali traffic graph will reflect that traffic to the `reviews` service is divided evenly between `v1` and `v3`. -### [Next: Generate and View Traffic]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/setup/view-traffic) +### [Next: Generate and View Traffic]({{}}/rancher/v2.5/en/istio/setup/view-traffic) diff --git a/content/rancher/v2.5/en/istio/setup/view-traffic/_index.md b/content/rancher/v2.5/en/istio/setup/view-traffic/_index.md index 120be163d66..241bd837bd3 100644 --- a/content/rancher/v2.5/en/istio/setup/view-traffic/_index.md +++ b/content/rancher/v2.5/en/istio/setup/view-traffic/_index.md @@ -2,7 +2,7 @@ title: 6. Generate and View Traffic weight: 7 aliases: - - /rancher/v2.5/en/cluster-admin/tools/istio/setup/view-traffic + - /rancher/v2.5/en/istio/setup/view-traffic - /rancher/v2.5/en/istio/setup/view-traffic - /rancher/v2.5/en/istio/v2.5/setup/view-traffic --- diff --git a/content/rancher/v2.5/en/monitoring-alerting/_index.md b/content/rancher/v2.5/en/monitoring-alerting/_index.md index 1868ce97cdc..bfc64e38752 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/_index.md @@ -3,10 +3,6 @@ title: Monitoring and Alerting shortTitle: Monitoring/Alerting description: Prometheus lets you view metrics from your different Rancher and Kubernetes objects. Learn about the scope of monitoring and how to enable cluster monitoring weight: 13 -aliases: - - /rancher/v2.5/en/dashboard/monitoring-alerting - - /rancher/v2.5/en/dashboard/notifiers - - /rancher/v2.5/en/cluster-admin/tools/monitoring/ --- Using the `rancher-monitoring` application, you can quickly deploy leading open-source monitoring and alerting solutions onto your cluster. @@ -55,7 +51,7 @@ These default exporters automatically scrape metrics for CPU and memory from all ### Default Alerts -The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](./dashboard/accessing-the-alertmanager-ui) and click **Expand all groups.** +The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](./dashboards/#alertmanager-ui) and click **Expand all groups.** ### Components Exposed in the Rancher UI @@ -84,7 +80,7 @@ For information on configuring access to monitoring, see [this page.](./rbac) - [ServiceMonitor and PodMonitor](./configuration/servicemonitor-podmonitor) - [Receiver](./configuration/receiver) - [Route](./configuration/route) -- [PrometheusRule](./configuration/advanced/prometheusrule) +- [PrometheusRule](./configuration/advanced/prometheusrules) - [Prometheus](./configuration/advanced/prometheus) - [Alertmanager](./configuration/advanced/alertmanager) @@ -108,6 +104,4 @@ For more details on how to upgrade wins on existing Windows hosts, refer to the There is a [known issue](https://github.com/rancher/rancher/issues/28787#issuecomment-693611821) that K3s clusters require more default memory. If you are enabling monitoring on a K3s cluster, we recommend setting `prometheus.prometheusSpec.resources.memory.limit` to 2500 Mi and `prometheus.prometheusSpec.resources.memory.request` to 1750 Mi. -For tips on debugging high memory usage, see [this page.](./memory-usage) - -It is common that as the amount of metrics and deployments being monitors grows, Prometheus's memory and CPU needs outgrow the limits initially placed on them. If you see Prometheus commonly crashing, try increasing the allocated memory and setting alerts for when resource usage of Monitoring pods approaches limits placed on them. +For tips on debugging high memory usage, see [this page.](./guides/memory-usage) diff --git a/content/rancher/v2.5/en/monitoring-alerting/configuration/_index.md b/content/rancher/v2.5/en/monitoring-alerting/configuration/_index.md index b2bc291a6c4..5004adfbe26 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/configuration/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/configuration/_index.md @@ -2,7 +2,7 @@ title: Configuration weight: 5 aliases: - - /rancher/v2.5/en/monitoring-alerting/v2.5/configuration + - /rancher/v2.5/en/monitoring-alerting/configuration --- This page captures some of the most important options for configuring Monitoring V2 in the Rancher UI. diff --git a/content/rancher/v2.5/en/monitoring-alerting/configuration/advanced/prometheus/_index.md b/content/rancher/v2.5/en/monitoring-alerting/configuration/advanced/prometheus/_index.md index cde4e2aca63..358b0cc87a0 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/configuration/advanced/prometheus/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/configuration/advanced/prometheus/_index.md @@ -2,7 +2,7 @@ title: Prometheus Configuration weight: 1 aliases: - - /rancher/v2.5/en/monitoring-alerting/v2.5/configuration/prometheusrules + - /rancher/v2.5/en/monitoring-alerting/configuration/prometheusrules - /rancher/v2.5/en/monitoring-alerting/configuration/prometheusrules - /rancher/v2.5/en/monitoring-alerting/configuration/advanced/prometheusrules --- diff --git a/content/rancher/v2.5/en/monitoring-alerting/configuration/advanced/prometheusrules/_index.md b/content/rancher/v2.5/en/monitoring-alerting/configuration/advanced/prometheusrules/_index.md index cd94a0532a2..2a9b6d64eeb 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/configuration/advanced/prometheusrules/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/configuration/advanced/prometheusrules/_index.md @@ -5,8 +5,7 @@ weight: 3 A PrometheusRule defines a group of Prometheus alerting and/or recording rules. -> This section assumes familiarity with how monitoring components work together. For more information about Alertmanager, see [this section.](../how-monitoring-works/#how-alertmanager-works) - +> This section assumes familiarity with how monitoring components work together. For more information, see [this section.]({{}}/rancher/v2.5/en/monitoring-alerting/how-monitoring-works) ### Creating PrometheusRules in the Rancher UI diff --git a/content/rancher/v2.5/en/monitoring-alerting/configuration/examples/_index.md b/content/rancher/v2.5/en/monitoring-alerting/configuration/examples/_index.md index 594042f3ceb..7488fbf1273 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/configuration/examples/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/configuration/examples/_index.md @@ -21,4 +21,4 @@ An example PrometheusRule is on [this page.](https://github.com/prometheus-opera ### Alertmanager Config -For an example configuration, refer to [this section.](./alertmanager/#example-alertmanager-config) \ No newline at end of file +For an example configuration, refer to [this section.](../advanced/alertmanager/#example-alertmanager-config) \ No newline at end of file diff --git a/content/rancher/v2.5/en/monitoring-alerting/configuration/receiver/_index.md b/content/rancher/v2.5/en/monitoring-alerting/configuration/receiver/_index.md index 9a2c1c152dc..71dcad6a195 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/configuration/receiver/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/configuration/receiver/_index.md @@ -3,7 +3,7 @@ title: Receiver Configuration shortTitle: Receivers weight: 1 aliases: - - /rancher/v2.5/en/monitoring-alerting/v2.5/configuration/alertmanager + - /rancher/v2.5/en/monitoring-alerting/configuration/alertmanager - rancher/v2.5/en/monitoring-alerting/legacy/notifiers/ - /rancher/v2.5/en/cluster-admin/tools/notifiers - /rancher/v2.5/en/cluster-admin/tools/alerts diff --git a/content/rancher/v2.5/en/monitoring-alerting/configuration/route/_index.md b/content/rancher/v2.5/en/monitoring-alerting/configuration/route/_index.md index c37c4434cf3..5939e082fe5 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/configuration/route/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/configuration/route/_index.md @@ -10,7 +10,7 @@ When a Route is changed, the Prometheus Operator regenerates the Alertmanager cu For more information about configuring routes, refer to the [official Alertmanager documentation.](https://www.prometheus.io/docs/alerting/latest/configuration/#route) -> This section assumes familiarity with how monitoring components work together. For more information about Alertmanager, see [this section.](../../how-monitoring-works/#3-how-alertmanager-works) +> This section assumes familiarity with how monitoring components work together. For more information, see [this section.]({{}}/rancher/v2.5/en/monitoring-alerting/how-monitoring-works) - [Route Restrictions](#route-restrictions) - [Route Configuration](#route-configuration) diff --git a/content/rancher/v2.5/en/monitoring-alerting/expression/_index.md b/content/rancher/v2.5/en/monitoring-alerting/expression/_index.md index b6557e61642..072c0f1043a 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/expression/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/expression/_index.md @@ -4,8 +4,8 @@ weight: 6 aliases: - /rancher/v2.5/en/project-admin/tools/monitoring/expression - /rancher/v2.5/en/cluster-admin/tools/monitoring/expression - - /rancher/v2.5/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/expression - - /rancher/v2.5/en/monitoring-alerting/v2.5/configuration/expression + - /rancher/v2.5/en/monitoring-alerting/expression + - /rancher/v2.5/en/monitoring-alerting/configuration/expression - /rancher/v2.5/en/monitoring/alerting/configuration/expression --- diff --git a/content/rancher/v2.5/en/monitoring-alerting/guides/enable-monitoring/_index.md b/content/rancher/v2.5/en/monitoring-alerting/guides/enable-monitoring/_index.md index b26af3c7b68..0809ba3dbb8 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/guides/enable-monitoring/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/guides/enable-monitoring/_index.md @@ -12,7 +12,7 @@ You can enable monitoring with or without SSL. # Requirements - Make sure that you are allowing traffic on port 9796 for each of your nodes because Prometheus will scrape metrics from here. -- Make sure your cluster fulfills the resource requirements. The cluster should have at least 1950Mi memory available, 2700m CPU, and 50Gi storage. A breakdown of the resource limits and requests is [here.](./configuration/helm-chart-options/#setting-resource-limits-and-requests) +- Make sure your cluster fulfills the resource requirements. The cluster should have at least 1950Mi memory available, 2700m CPU, and 50Gi storage. A breakdown of the resource limits and requests is [here.]({{}}/rancher/v2.5/en/monitoring-alerting/configuration/helm-chart-options/#configuring-resource-limits-and-requests) - When installing monitoring on an RKE cluster using RancherOS or Flatcar Linux nodes, change the etcd node certificate directory to `/opt/rke/etc/kubernetes/ssl`. > **Note:** If you want to set up Alertmanager, Grafana or Ingress, it has to be done with the settings on the Helm chart deployment. It's problematic to create Ingress outside the deployment. @@ -21,7 +21,7 @@ You can enable monitoring with or without SSL. The resource requests and limits can be configured when installing `rancher-monitoring`. To configure Prometheus resources from the Rancher UI, click **Apps & Marketplace > Monitoring** in the upper left corner. -For more information about the default limits, see [this page.](./configuration/helm-chart-options/#setting-resource-limits-and-requests) +For more information about the default limits, see [this page.]({{}}/rancher/v2.5/en/monitoring-alerting/configuration/helm-chart-options/#configuring-resource-limits-and-requests) # Install the Monitoring Application @@ -33,7 +33,7 @@ For more information about the default limits, see [this page.](./configuration/ 1. In the Rancher UI, go to the cluster where you want to install monitoring and click **Cluster Explorer.** 1. Click **Apps.** 1. Click the `rancher-monitoring` app. -1. Optional: Click **Chart Options** and configure alerting, Prometheus and Grafana. For help, refer to the [configuration reference.](./configuration) +1. Optional: Click **Chart Options** and configure alerting, Prometheus and Grafana. For help, refer to the [configuration reference.]({{}}/rancher/v2.5/en/monitoring-alerting/configuration/helm-chart-options/) 1. Scroll to the bottom of the Helm chart README and click **Install.** **Result:** The monitoring app is deployed in the `cattle-monitoring-system` namespace. @@ -69,7 +69,7 @@ Then **Cert File Path** would be set to `/etc/alertmanager/secrets/cert.pem`. 1. In the Rancher UI, go to the cluster where you want to install monitoring and click **Cluster Explorer.** 1. Click **Apps.** 1. Click the `rancher-monitoring` app. -1. Optional: Click **Chart Options** and configure alerting, Prometheus and Grafana. For help, refer to the [configuration reference.](./configuration) +1. Optional: Click **Chart Options** and configure alerting, Prometheus and Grafana. For help, refer to the [configuration reference.]({{}}/rancher/v2.5/en/monitoring-alerting/configuration/helm-chart-options/) 1. Scroll to the bottom of the Helm chart README and click **Install.** **Result:** The monitoring app is deployed in the `cattle-monitoring-system` namespace. diff --git a/content/rancher/v2.5/en/monitoring-alerting/guides/migrating/_index.md b/content/rancher/v2.5/en/monitoring-alerting/guides/migrating/_index.md index 3a14cd9b46c..7a79aafc307 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/guides/migrating/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/guides/migrating/_index.md @@ -2,7 +2,7 @@ title: Migrating to Rancher v2.5 Monitoring weight: 9 aliases: - - /rancher/v2.5/en/monitoring-alerting/v2.5/migrating + - /rancher/v2.5/en/monitoring-alerting/migrating --- If you previously enabled Monitoring, Alerting, or Notifiers in Rancher before v2.5, there is no automatic upgrade path for switching to the new monitoring/alerting solution. Before deploying the new monitoring solution via Cluster Explore, you will need to disable and remove all existing custom alerts, notifiers and monitoring installations for the whole cluster and in all projects. @@ -34,7 +34,7 @@ Unlike in Monitoring & Alerting V1, both features are packaged in a single Helm Monitoring V2 can only be configured on the cluster level. Project-level monitoring and alerting is no longer supported. -For more information on how to configure Monitoring & Alerting V2, see [this page.]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration) +For more information on how to configure Monitoring & Alerting V2, see [this page.]({{}}/rancher/v2.5/en/monitoring-alerting/configuration) # Changes to Role-based Access Control @@ -128,11 +128,11 @@ or add the Prometheus Rule through the Cluster Explorer {{< img "/img/rancher/monitoring/migration/alert_2.4_to_2.5_target.png" "">}} -For more details on how to configure PrometheusRules in Monitoring V2 see [Monitoring Configuration]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration#prometheusrules). +For more details on how to configure PrometheusRules in Monitoring V2 see [Monitoring Configuration]({{}}/rancher/v2.5/en/monitoring-alerting/configuration#prometheusrules). ### Migrating Notifiers -There is no direct equivalent for how notifiers work in Monitoring V1. Instead you have to replicate the desired setup with [Routes and Receivers]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration#alertmanager-config) in Monitoring V2. +There is no direct equivalent for how notifiers work in Monitoring V1. Instead you have to replicate the desired setup with [Routes and Receivers]({{}}/rancher/v2.5/en/monitoring-alerting/configuration#alertmanager-config) in Monitoring V2. ### Migrating for RKE Template Users diff --git a/content/rancher/v2.5/en/monitoring-alerting/guides/persist-grafana/_index.md b/content/rancher/v2.5/en/monitoring-alerting/guides/persist-grafana/_index.md index e9d9e1afe6d..9bf0a5485f6 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/guides/persist-grafana/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/guides/persist-grafana/_index.md @@ -2,7 +2,7 @@ title: Persistent Grafana Dashboards weight: 6 aliases: - - /rancher/v2.5/en/monitoring-alerting/v2.5/persist-grafana + - /rancher/v2.5/en/monitoring-alerting/persist-grafana --- To allow the Grafana dashboard to persist after the Grafana instance restarts, add the dashboard configuration JSON into a ConfigMap. ConfigMaps also allow the dashboards to be deployed with a GitOps or CD based approach. This allows the dashboard to be put under version control. diff --git a/content/rancher/v2.5/en/monitoring-alerting/how-monitoring-works/_index.md b/content/rancher/v2.5/en/monitoring-alerting/how-monitoring-works/_index.md index 79738b202b0..6445df9e75a 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/how-monitoring-works/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/how-monitoring-works/_index.md @@ -101,7 +101,7 @@ While the Rancher UI forms only allow editing a routing tree that is two levels By editing the forms in the Rancher UI, you can set up a Receiver resource with all the information Alertmanager needs to send alerts to your notification system. -By editing custom YAML in the Alertmanager or Receiver configuration, you can also send alerts to multiple notification systems. For more information, see the section on configuring [Receivers.](./configuration/receiver/#configuring-multiple-receivers) +By editing custom YAML in the Alertmanager or Receiver configuration, you can also send alerts to multiple notification systems. For more information, see the section on configuring [Receivers.](../configuration/receiver/#configuring-multiple-receivers) # 4. Monitoring V2 Specific Components @@ -154,7 +154,7 @@ When the monitoring application is installed, you will be able to edit the follo | Route | Configuration block (part of Alertmanager) | Add identifying information to make alerts more meaningful and direct them to individual teams. Automatically updates the Alertmanager custom resource. | | PrometheusRule | Custom resource | For more advanced use cases, you may want to define what Prometheus metrics or time series database queries should result in alerts being fired. Automatically updates the Prometheus custom resource. | | Alertmanager | Custom resource | Edit this custom resource only if you need more advanced configuration options beyond what the Rancher UI exposes in the Routes and Receivers sections. For example, you might want to edit this resource to add a routing tree with more than two levels. | -| Prometheus | Custom resource | Edit this custom resource only if you need more advanced configuration beyond what can be configured using ServiceMonitors, PodMonitors, or [Rancher monitoring Helm chart options.](./configuration/helm-chart-options) | +| Prometheus | Custom resource | Edit this custom resource only if you need more advanced configuration beyond what can be configured using ServiceMonitors, PodMonitors, or [Rancher monitoring Helm chart options.](../configuration/helm-chart-options) | # 5. Scraping and Exposing Metrics diff --git a/content/rancher/v2.5/en/monitoring-alerting/rbac/_index.md b/content/rancher/v2.5/en/monitoring-alerting/rbac/_index.md index 04ecdfb0d7a..3a13f1fc5a1 100644 --- a/content/rancher/v2.5/en/monitoring-alerting/rbac/_index.md +++ b/content/rancher/v2.5/en/monitoring-alerting/rbac/_index.md @@ -4,7 +4,7 @@ shortTitle: RBAC weight: 2 aliases: - /rancher/v2.5/en/cluster-admin/tools/monitoring/rbac - - /rancher/v2.5/en/monitoring-alerting/v2.5/rbac + - /rancher/v2.5/en/monitoring-alerting/rbac - /rancher/v2.5/en/monitoring-alerting/grafana --- This section describes the expectations for RBAC for Rancher Monitoring. diff --git a/content/rancher/v2.5/en/overview/_index.md b/content/rancher/v2.5/en/overview/_index.md index a455410599d..b59a4ae6732 100644 --- a/content/rancher/v2.5/en/overview/_index.md +++ b/content/rancher/v2.5/en/overview/_index.md @@ -39,7 +39,7 @@ The Rancher API server is built on top of an embedded Kubernetes API server and - **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts]({{}}/rancher/v2.5/en/catalog/) that make it easy to repeatedly deploy applications. - **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration]({{}}/rancher/v2.5/en/project-admin/) and for [managing applications within projects.]({{}}/rancher/v2.5/en/k8s-in-rancher/) - **Pipelines:** Setting up a [pipeline]({{}}/rancher/v2.5/en/project-admin/pipelines/) can help developers deliver new software as quickly and efficiently as possible. Within Rancher, you can configure pipelines for each of your Rancher projects. -- **Istio:** Our [integration with Istio]({{}}/rancher/v2.5/en/cluster-admin/tools/istio/) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. +- **Istio:** Our [integration with Istio]({{}}/rancher/v2.5/en/istio/) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. ### Working with Cloud Infrastructure diff --git a/content/rancher/v2.5/en/pipelines/config/_index.md b/content/rancher/v2.5/en/pipelines/config/_index.md index a2ae7bc3c3d..75bb1cbeadc 100644 --- a/content/rancher/v2.5/en/pipelines/config/_index.md +++ b/content/rancher/v2.5/en/pipelines/config/_index.md @@ -303,7 +303,7 @@ timeout: 30 # Notifications -You can enable notifications to any [notifiers]({{}}/rancher/v2.5/en/cluster-admin/tools/notifiers/) based on the build status of a pipeline. Before enabling notifications, Rancher recommends [setting up notifiers]({{}}/rancher/v2.5/en/monitoring-alerting/legacy/notifiers/) so it will be easy to add recipients immediately. +You can enable notifications to any notifiers based on the build status of a pipeline. Before enabling notifications, Rancher recommends [setting up notifiers]({{}}/rancher/v2.5/en/monitoring-alerting/legacy/notifiers/) so it will be easy to add recipients immediately. ### Configuring Notifications by UI @@ -311,7 +311,7 @@ You can enable notifications to any [notifiers]({{}}/rancher/v2.5/en/cl 1. Select the conditions for the notification. You can select to get a notification for the following statuses: `Failed`, `Success`, `Changed`. For example, if you want to receive notifications when an execution fails, select **Failed**. -1. If you don't have any existing [notifiers]({{}}/rancher/v2.5/en/cluster-admin/tools/notifiers), Rancher will provide a warning that no notifiers are set up and provide a link to be able to go to the notifiers page. Follow the [instructions]({{}}/rancher/v2.5/en/monitoring-alerting/legacy/notifiers/) to add a notifier. If you already have notifiers, you can add them to the notification by clicking the **Add Recipient** button. +1. If you don't have any existing notifiers, Rancher will provide a warning that no notifiers are set up and provide a link to be able to go to the notifiers page. Follow the [instructions]({{}}/rancher/v2.5/en/monitoring-alerting/legacy/notifiers/) to add a notifier. If you already have notifiers, you can add them to the notification by clicking the **Add Recipient** button. > **Note:** Notifiers are configured at a cluster level and require a different level of permissions. diff --git a/content/rancher/v2.5/en/project-admin/namespaces/_index.md b/content/rancher/v2.5/en/project-admin/namespaces/_index.md index fc7a7a07cf2..f0480748393 100644 --- a/content/rancher/v2.5/en/project-admin/namespaces/_index.md +++ b/content/rancher/v2.5/en/project-admin/namespaces/_index.md @@ -12,7 +12,6 @@ Resources that you can assign directly to namespaces include: - [Workloads]({{}}/rancher/v2.5/en/k8s-in-rancher/workloads/) - [Load Balancers/Ingress]({{}}/rancher/v2.5/en/k8s-in-rancher/load-balancers-and-ingress/) - [Service Discovery Records]({{}}/rancher/v2.5/en/k8s-in-rancher/service-discovery/) -- [Persistent Volume Claims]({{}}/rancher/v2.5/en/k8s-in-rancher/volumes-and-storage/persistent-volume-claims/) - [Certificates]({{}}/rancher/v2.5/en/k8s-in-rancher/certificates/) - [ConfigMaps]({{}}/rancher/v2.5/en/k8s-in-rancher/configmaps/) - [Registries]({{}}/rancher/v2.5/en/k8s-in-rancher/registries/) @@ -35,7 +34,7 @@ Create a new namespace to isolate apps and resources in a project. 1. From the main menu, select **Namespace**. The click **Add Namespace**. -1. **Optional:** If your project has [Resource Quotas]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/resource-quotas) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). +1. **Optional:** If your project has [Resource Quotas]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/resource-quotas) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). 1. Enter a **Name** and then click **Create**. @@ -54,7 +53,7 @@ Cluster admins and members may occasionally need to move a namespace to another >**Notes:** > >- Don't move the namespaces in the `System` project. Moving these namespaces can adversely affect cluster networking. - >- You cannot move a namespace into a project that already has a [resource quota]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/) configured. + >- You cannot move a namespace into a project that already has a [resource quota]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/resource-quotas/) configured. >- If you move a namespace from a project that has a quota set to a project with no quota set, the quota is removed from the namespace. 1. Choose a new project for the new namespace and then click **Move**. Alternatively, you can remove the namespace from all projects by selecting **None**. @@ -65,4 +64,4 @@ Cluster admins and members may occasionally need to move a namespace to another You can always override the namespace default limit to provide a specific namespace with access to more (or less) project resources. -For more information, see how to [edit namespace resource quotas]({{}}/rancher/v2.5/en/project-admin//resource-quotas/override-namespace-default/). \ No newline at end of file +For more information, see how to [edit namespace resource quotas]({{}}/rancher/v2.5/en/project-admin/resource-quotas/override-namespace-default/). \ No newline at end of file diff --git a/content/rancher/v2.5/en/project-admin/project-members/_index.md b/content/rancher/v2.5/en/project-admin/project-members/_index.md index 2d0aceb9751..67d487cf142 100644 --- a/content/rancher/v2.5/en/project-admin/project-members/_index.md +++ b/content/rancher/v2.5/en/project-admin/project-members/_index.md @@ -3,7 +3,7 @@ title: Adding Users to Projects weight: 2505 aliases: - /rancher/v2.5/en/tasks/projects/add-project-members/ - - /rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/project-members/ + - /rancher/v2.5/en/cluster-admin/projects-and-namespaces/project-members/ --- If you want to provide a user with access and permissions to _specific_ projects and resources within a cluster, assign the user a project membership. @@ -14,7 +14,7 @@ You can add members to a project as it is created, or add them to an existing pr ### Adding Members to a New Project -You can add members to a project as you create it (recommended if possible). For details on creating a new project, refer to the [cluster administration section.]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/) +You can add members to a project as you create it (recommended if possible). For details on creating a new project, refer to the [cluster administration section.]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/) ### Adding Members to an Existing Project diff --git a/content/rancher/v2.5/en/project-admin/resource-quotas/_index.md b/content/rancher/v2.5/en/project-admin/resource-quotas/_index.md index d63f81dfadd..a0b948febb3 100644 --- a/content/rancher/v2.5/en/project-admin/resource-quotas/_index.md +++ b/content/rancher/v2.5/en/project-admin/resource-quotas/_index.md @@ -2,7 +2,7 @@ title: Project Resource Quotas weight: 2515 aliases: - - /rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/resource-quotas + - /rancher/v2.5/en/cluster-admin/projects-and-namespaces/resource-quotas --- In situations where several teams share a cluster, one team may overconsume the resources available: CPU, memory, storage, services, Kubernetes objects like pods or secrets, and so on. To prevent this overconsumption, you can apply a _resource quota_, which is a Rancher feature that limits the resources available to a project or namespace. @@ -15,7 +15,7 @@ Resource quotas in Rancher include the same functionality as the [native version ### Applying Resource Quotas to Existing Projects -Edit [resource quotas]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/resource-quotas) when: +Edit [resource quotas]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/resource-quotas) when: - You want to limit the resources that a project and its namespaces can use. - You want to scale the resources available to a project up or down when a research quota is already in effect. diff --git a/content/rancher/v2.5/en/project-admin/resource-quotas/override-container-default/_index.md b/content/rancher/v2.5/en/project-admin/resource-quotas/override-container-default/_index.md index 71a9db0d183..027506e48ed 100644 --- a/content/rancher/v2.5/en/project-admin/resource-quotas/override-container-default/_index.md +++ b/content/rancher/v2.5/en/project-admin/resource-quotas/override-container-default/_index.md @@ -9,7 +9,7 @@ To avoid setting these limits on each and every container during workload creati ### Editing the Container Default Resource Limit -Edit [container default resource limit]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/) when: +Edit [container default resource limit]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/resource-quotas/) when: - You have a CPU or Memory resource quota set on a project, and want to supply the corresponding default values for a container. - You want to edit the default container resource limit. diff --git a/content/rancher/v2.5/en/project-admin/resource-quotas/override-namespace-default/_index.md b/content/rancher/v2.5/en/project-admin/resource-quotas/override-namespace-default/_index.md index fd741be9d3b..ffe030b8832 100644 --- a/content/rancher/v2.5/en/project-admin/resource-quotas/override-namespace-default/_index.md +++ b/content/rancher/v2.5/en/project-admin/resource-quotas/override-namespace-default/_index.md @@ -5,16 +5,16 @@ weight: 2 Although the **Namespace Default Limit** propagates from the project to each namespace when created, in some cases, you may need to increase (or decrease) the quotas for a specific namespace. In this situation, you can override the default limits by editing the namespace. -In the diagram below, the Rancher administrator has a resource quota in effect for their project. However, the administrator wants to override the namespace limits for `Namespace 3` so that it has more resources available. Therefore, the administrator [raises the namespace limits]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/) for `Namespace 3` so that the namespace can access more resources. +In the diagram below, the Rancher administrator has a resource quota in effect for their project. However, the administrator wants to override the namespace limits for `Namespace 3` so that it has more resources available. Therefore, the administrator [raises the namespace limits]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/) for `Namespace 3` so that the namespace can access more resources. Namespace Default Limit Override ![Namespace Default Limit Override]({{}}/img/rancher/rancher-resource-quota-override.svg) -How to: [Editing Namespace Resource Quotas]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/) +How to: [Editing Namespace Resource Quotas]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/) ### Editing Namespace Resource Quotas -If there is a [resource quota]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/resource-quotas) configured for a project, you can override the namespace default limit to provide a specific namespace with access to more (or less) project resources. +If there is a [resource quota]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/resource-quotas) configured for a project, you can override the namespace default limit to provide a specific namespace with access to more (or less) project resources. 1. From the **Global** view, open the cluster that contains the namespace for which you want to edit the resource quota. @@ -24,7 +24,7 @@ If there is a [resource quota]({{}}/rancher/v2.5/en/k8s-in-rancher/proj 1. Edit the Resource Quota **Limits**. These limits determine the resources available to the namespace. The limits must be set within the configured project limits. - For more information about each **Resource Type**, see [Resource Quotas]({{}}/rancher/v2.5/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/). + For more information about each **Resource Type**, see [Resource Quotas]({{}}/rancher/v2.5/en/cluster-admin/projects-and-namespaces/resource-quotas/). >**Note:** > diff --git a/content/rancher/v2.5/en/project-admin/tools/_index.md b/content/rancher/v2.5/en/project-admin/tools/_index.md index 26142e90099..08b2fce4b15 100644 --- a/content/rancher/v2.5/en/project-admin/tools/_index.md +++ b/content/rancher/v2.5/en/project-admin/tools/_index.md @@ -14,11 +14,11 @@ Rancher contains a variety of tools that aren't included in Kubernetes to assist ## Notifiers and Alerts -Notifiers and alerts are two features that work together to inform you of events in the Rancher system. +Notifiers and alerts are two features that work together to inform you of events in the Rancher system. Before they can be enabled, the monitoring application must be installed. -[Notifiers]({{}}/rancher/v2.5/en/cluster-admin/tools/notifiers) are services that inform you of alert events. You can configure notifiers to send alert notifications to staff best suited to take corrective action. Notifications can be sent with Slack, email, PagerDuty, WeChat, and webhooks. +Notifiers are services that inform you of alert events. You can configure notifiers to send alert notifications to staff best suited to take corrective action. Notifications can be sent with Slack, email, PagerDuty, WeChat, and webhooks. -[Alerts]({{}}/rancher/v2.5/en/cluster-admin/tools/alerts) are rules that trigger those notifications. Before you can receive alerts, you must configure one or more notifier in Rancher. The scope for alerts can be set at either the cluster or project level. +Alerts are rules that trigger those notifications. Before you can receive alerts, you must configure one or more notifier in Rancher. The scope for alerts can be set at either the cluster or project level. ## Logging @@ -32,8 +32,8 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For details, refer to the [logging section.]({{}}/rancher/v2.5/en/cluster-admin/tools/logging) +For details, refer to the [logging section.]({{}}/rancher/v2.5/en/logging) ## Monitoring -Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.]({{}}/rancher/v2.5/en/cluster-admin/tools/monitoring) +Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.]({{}}/rancher/v2.5/en/monitoring-alerting) diff --git a/content/rancher/v2.5/en/security/cve/_index.md b/content/rancher/v2.5/en/security/cve/_index.md index 35952758423..7b7b61ece0d 100644 --- a/content/rancher/v2.5/en/security/cve/_index.md +++ b/content/rancher/v2.5/en/security/cve/_index.md @@ -18,4 +18,4 @@ Rancher is committed to informing the community of security issues in our produc | [CVE-2019-12274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12274) | Nodes using the built-in node drivers using a file path option allows the machine to read arbitrary files including sensitive ones from inside the Rancher server container. | 5 Jun 2019 | [Rancher v2.2.4](https://github.com/rancher/rancher/releases/tag/v2.2.4), [Rancher v2.1.10](https://github.com/rancher/rancher/releases/tag/v2.1.10) and [Rancher v2.0.15](https://github.com/rancher/rancher/releases/tag/v2.0.15) | | [CVE-2019-11202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11202) | The default admin, that is shipped with Rancher, will be re-created upon restart of Rancher despite being explicitly deleted. | 16 Apr 2019 | [Rancher v2.2.2](https://github.com/rancher/rancher/releases/tag/v2.2.2), [Rancher v2.1.9](https://github.com/rancher/rancher/releases/tag/v2.1.9) and [Rancher v2.0.14](https://github.com/rancher/rancher/releases/tag/v2.0.14) | | [CVE-2019-6287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6287) | Project members continue to get access to namespaces from projects that they were removed from if they were added to more than one project. | 29 Jan 2019 | [Rancher v2.1.6](https://github.com/rancher/rancher/releases/tag/v2.1.6) and [Rancher v2.0.11](https://github.com/rancher/rancher/releases/tag/v2.0.11) | -| [CVE-2018-20321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20321) | Any project member with access to the `default` namespace can mount the `netes-default` service account in a pod and then use that pod to execute administrative privileged commands against the Kubernetes cluster. | 29 Jan 2019 | [Rancher v2.1.6](https://github.com/rancher/rancher/releases/tag/v2.1.6) and [Rancher v2.0.11](https://github.com/rancher/rancher/releases/tag/v2.0.11) - Rolling back from these versions or greater have specific [instructions]({{}}/rancher/v2.5/en/upgrades/rollbacks/). | \ No newline at end of file +| [CVE-2018-20321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20321) | Any project member with access to the `default` namespace can mount the `netes-default` service account in a pod and then use that pod to execute administrative privileged commands against the Kubernetes cluster. | 29 Jan 2019 | [Rancher v2.1.6](https://github.com/rancher/rancher/releases/tag/v2.1.6) and [Rancher v2.0.11](https://github.com/rancher/rancher/releases/tag/v2.0.11) - Rolling back from these versions or greater have specific [instructions]({{}}/rancher/v2.5/en/installation/install-rancher-on-k8s/rollbacks). | \ No newline at end of file diff --git a/content/rancher/v2.5/en/system-tools/_index.md b/content/rancher/v2.5/en/system-tools/_index.md index 35b1b4770ea..2daccc1de76 100644 --- a/content/rancher/v2.5/en/system-tools/_index.md +++ b/content/rancher/v2.5/en/system-tools/_index.md @@ -81,7 +81,7 @@ The following are the options for the stats command: # Remove ->**Warning:** This command will remove data from your etcd nodes. Make sure you have created a [backup of etcd]({{}}/rancher/v2.5/en/backups/backups) before executing the command. +>**Warning:** This command will remove data from your etcd nodes. Make sure you have created a [backup of etcd]({{}}/rancher/v2.5/en/backups/rancher-backups) before executing the command. When you install Rancher on a Kubernetes cluster, it will create Kubernetes resources to run and to store configuration data. If you want to remove Rancher from your cluster, you can use the `remove` subcommand to remove the Kubernetes resources. When you use the `remove` subcommand, the following resources will be removed: @@ -101,7 +101,7 @@ When you install Rancher on a Kubernetes cluster, it will create Kubernetes reso When you run the command below, all the resources listed [above](#remove) will be removed from the cluster. ->**Warning:** This command will remove data from your etcd nodes. Make sure you have created a [backup of etcd]({{}}/rancher/v2.5/en/backups/backups) before executing the command. +>**Warning:** This command will remove data from your etcd nodes. Make sure you have created a [backup of etcd]({{}}/rancher/v2.5/en/backups/rancher-backups) before executing the command. ``` ./system-tools remove --kubeconfig --namespace diff --git a/content/rancher/v2.6/en/backups/docker-installs/docker-restores/_index.md b/content/rancher/v2.6/en/backups/docker-installs/docker-restores/_index.md index 5724e0f378a..8fa8b8cb302 100644 --- a/content/rancher/v2.6/en/backups/docker-installs/docker-restores/_index.md +++ b/content/rancher/v2.6/en/backups/docker-installs/docker-restores/_index.md @@ -35,7 +35,7 @@ You can obtain `` and `` by loggi ## Restoring Backups -Using a [backup]({{}}/rancher/v2.6/en/backups/backups/single-node-backups/) that you created earlier, restore Rancher to its last known healthy state. +Using a [backup]({{}}/rancher/v2.6/en/backups/docker-installs/docker-backups) that you created earlier, restore Rancher to its last known healthy state. 1. Using a remote Terminal connection, log into the node running your Rancher Server. @@ -44,9 +44,9 @@ Using a [backup]({{}}/rancher/v2.6/en/backups/backups/single-node-backu ``` docker stop ``` -1. Move the backup tarball that you created during completion of [Creating Backups—Docker Installs]({{}}/rancher/v2.6/en/backups/backups/single-node-backups/) onto your Rancher Server. Change to the directory that you moved it to. Enter `dir` to confirm that it's there. +1. Move the backup tarball that you created during completion of [Creating Backups—Docker Installs]({{}}/rancher/v2.6/en/backups/docker-installs/docker-backups) onto your Rancher Server. Change to the directory that you moved it to. Enter `dir` to confirm that it's there. - If you followed the naming convention we suggested in [Creating Backups—Docker Installs]({{}}/rancher/v2.6/en/backups/backups/single-node-backups/), it will have a name similar to `rancher-data-backup--.tar.gz`. + If you followed the naming convention we suggested in [Creating Backups—Docker Installs]({{}}/rancher/v2.6/en/backups/docker-installs/docker-backups/), it will have a name similar to `rancher-data-backup--.tar.gz`. 1. Enter the following command to delete your current state data and replace it with your backup data, replacing the placeholders. Don't forget to close the quotes. diff --git a/content/rancher/v2.6/en/best-practices/rancher-managed/monitoring/_index.md b/content/rancher/v2.6/en/best-practices/rancher-managed/monitoring/_index.md index b11094a8742..cd8ccf860b1 100644 --- a/content/rancher/v2.6/en/best-practices/rancher-managed/monitoring/_index.md +++ b/content/rancher/v2.6/en/best-practices/rancher-managed/monitoring/_index.md @@ -95,7 +95,7 @@ Sometimes it is useful to monitor workloads from the outside. For this, you can If you have a (micro)service architecture where multiple individual workloads within your cluster are communicating with each other, it is really important to have detailed metrics and traces about this traffic to understand how all these workloads are communicating with each other and where a problem or bottleneck may be. -Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click](https://rancher.com/docs/rancher/v2.6/en/cluster-admin/tools/istio/) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. +Of course you can monitor all this internal traffic in all your workloads and expose these metrics to Prometheus. But this can quickly become quite work intensive. Service Meshes like Istio, which can be installed with [a click](https://rancher.com/docs/rancher/v2.6/en/istio/) in Rancher, can do this automatically and provide rich telemetry about the traffic between all services. # Real User Monitoring diff --git a/content/rancher/v2.6/en/best-practices/rancher-server/deployment-types/_index.md b/content/rancher/v2.6/en/best-practices/rancher-server/deployment-types/_index.md index 22aca1336d6..2c9d5a218b1 100644 --- a/content/rancher/v2.6/en/best-practices/rancher-server/deployment-types/_index.md +++ b/content/rancher/v2.6/en/best-practices/rancher-server/deployment-types/_index.md @@ -33,5 +33,5 @@ However, metrics-driven capacity planning analysis should be the ultimate guidan Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with Prometheus, a leading open-source monitoring solution, and Grafana, which lets you visualize the metrics from Prometheus. -After you [enable monitoring]({{}}/rancher/v2.6/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/) in the cluster, you can set up [a notification channel]({{}}/rancher/v2.6/en/cluster-admin/tools/notifiers/) and [cluster alerts]({{}}/rancher/v2.6/en/cluster-admin/tools/alerts/) to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. +After you [enable monitoring]({{}}/rancher/v2.6/en/monitoring-alerting) in the cluster, you can set up alerts to let you know if your cluster is approaching its capacity. You can also use the Prometheus and Grafana monitoring framework to establish a baseline for key metrics as you scale. diff --git a/content/rancher/v2.6/en/cis-scans/_index.md b/content/rancher/v2.6/en/cis-scans/_index.md index 3146626291c..a9a1c897886 100644 --- a/content/rancher/v2.6/en/cis-scans/_index.md +++ b/content/rancher/v2.6/en/cis-scans/_index.md @@ -232,9 +232,9 @@ Alerts can be configured to be sent out for a scan that runs on a schedule. > **Prerequisite:** > -> Before enabling alerts for `rancher-cis-benchmark`, make sure to install the `rancher-monitoring` application and configure the Receivers and Routes. For more information, see [this section.]({{}}/rancher/v2.6/en/monitoring-alerting/v2.5/configuration/alertmanager/) +> Before enabling alerts for `rancher-cis-benchmark`, make sure to install the `rancher-monitoring` application and configure the Receivers and Routes. For more information, see [this section.]({{}}/rancher/v2.6/en/monitoring-alerting/configuration) > -> While configuring the routes for `rancher-cis-benchmark` alerts, you can specify the matching using the key-value pair `job: rancher-cis-scan`. An example route configuration is [here.]({{}}/rancher/v2.6/en/monitoring-alerting/v2.5/configuration/alertmanager/#example-route-config-for-cis-scan-alerts) +> While configuring the routes for `rancher-cis-benchmark` alerts, you can specify the matching using the key-value pair `job: rancher-cis-scan`. An example route configuration is [here.]({{}}/rancher/v2.6/en/monitoring-alerting/configuration/receiver/#example-route-config-for-cis-scan-alerts) While installing or upgrading the `rancher-cis-benchmark` Helm chart, set the following flag to `true` in the `values.yaml`: @@ -258,9 +258,9 @@ The CIS Benchmark application supports two types of alerts: > **Prerequisite:** > -> Before enabling alerts for `rancher-cis-benchmark`, make sure to install the `rancher-monitoring` application and configure the Receivers and Routes. For more information, see [this section.]({{}}/rancher/v2.6/en/monitoring-alerting/v2.5/configuration/alertmanager/) +> Before enabling alerts for `rancher-cis-benchmark`, make sure to install the `rancher-monitoring` application and configure the Receivers and Routes. For more information, see [this section.]({{}}/rancher/v2.6/en/monitoring-alerting/configuration) > -> While configuring the routes for `rancher-cis-benchmark` alerts, you can specify the matching using the key-value pair `job: rancher-cis-scan`. An example route configuration is [here.]({{}}/rancher/v2.6/en/monitoring-alerting/v2.5/configuration/alertmanager/#example-route-config-for-cis-scan-alerts) +> While configuring the routes for `rancher-cis-benchmark` alerts, you can specify the matching using the key-value pair `job: rancher-cis-scan`. An example route configuration is [here.]({{}}/rancher/v2.6/en/monitoring-alerting/configuration/receiver/#example-route-config-for-cis-scan-alerts) To configure alerts for a scan that runs on a schedule, diff --git a/content/rancher/v2.6/en/cli/_index.md b/content/rancher/v2.6/en/cli/_index.md index 488ae5d45f0..202c00de29f 100644 --- a/content/rancher/v2.6/en/cli/_index.md +++ b/content/rancher/v2.6/en/cli/_index.md @@ -31,7 +31,7 @@ If Rancher Server uses a self-signed certificate, Rancher CLI prompts you to con ### Project Selection -Before you can perform any commands, you must select a Rancher project to perform those commands against. To select a [project]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/) to work on, use the command `./rancher context switch`. When you enter this command, a list of available projects displays. Enter a number to choose your project. +Before you can perform any commands, you must select a Rancher project to perform those commands against. To select a [project]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/) to work on, use the command `./rancher context switch`. When you enter this command, a list of available projects displays. Enter a number to choose your project. **Example: `./rancher context switch` Output** ``` @@ -60,13 +60,13 @@ The following commands are available for use in Rancher CLI. | `apps, [app]` | Performs operations on catalog applications (i.e. individual [Helm charts](https://docs.helm.sh/developing_charts/) or Rancher charts. | | `catalog` | Performs operations on [catalogs]({{}}/rancher/v2.6/en/catalog/). | | `clusters, [cluster]` | Performs operations on your [clusters]({{}}/rancher/v2.6/en/cluster-provisioning/). | -| `context` | Switches between Rancher [projects]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/). For an example, see [Project Selection](#project-selection). | -| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/) and [workloads]({{}}/rancher/v2.6/en/k8s-in-rancher/workloads/)). Specify resources by name or ID. | +| `context` | Switches between Rancher [projects]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/). For an example, see [Project Selection](#project-selection). | +| `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/) and [workloads]({{}}/rancher/v2.6/en/k8s-in-rancher/workloads/)). Specify resources by name or ID. | | `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | | `namespaces, [namespace]` |Performs operations on namespaces. | | `nodes, [node]` |Performs operations on nodes. | -| `projects, [project]` | Performs operations on [projects]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/). | +| `projects, [project]` | Performs operations on [projects]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/). | | `ps` | Displays [workloads]({{}}/rancher/v2.6/en/k8s-in-rancher/workloads) in a project. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | diff --git a/content/rancher/v2.6/en/cluster-admin/_index.md b/content/rancher/v2.6/en/cluster-admin/_index.md index 41e10fe38ee..7919b01b210 100644 --- a/content/rancher/v2.6/en/cluster-admin/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/_index.md @@ -30,4 +30,4 @@ Rancher contains a variety of tools that aren't included in Kubernetes to assist - Istio Service Mesh - OPA Gatekeeper -For more information, see [Tools]({{}}/rancher/v2.6/en/cluster-admin/tools/) +Tools can be installed through **Apps & Marketplace.** \ No newline at end of file diff --git a/content/rancher/v2.6/en/cluster-admin/cluster-access/cluster-members/_index.md b/content/rancher/v2.6/en/cluster-admin/cluster-access/cluster-members/_index.md index 62a58bbaaf8..31d8aaeb564 100644 --- a/content/rancher/v2.6/en/cluster-admin/cluster-access/cluster-members/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/cluster-access/cluster-members/_index.md @@ -5,7 +5,7 @@ weight: 2020 If you want to provide a user with access and permissions to _all_ projects, nodes, and resources within a cluster, assign the user a cluster membership. ->**Tip:** Want to provide a user with access to a _specific_ project within a cluster? See [Adding Project Members]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/project-members/) instead. +>**Tip:** Want to provide a user with access to a _specific_ project within a cluster? See [Adding Project Members]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/project-members/) instead. There are two contexts where you can add cluster members: diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md index b483cdedbec..7fce0b1bf2f 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md @@ -321,7 +321,7 @@ See [Docker Root Directory](#docker-root-directory). ### enable_cluster_monitoring -Option to enable or disable [Cluster Monitoring]({{}}/rancher/v2.6/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/). +Option to enable or disable [Cluster Monitoring]({{}}/rancher/v2.6/en/monitoring-alerting/). ### enable_network_policy diff --git a/content/rancher/v2.6/en/cluster-admin/projects-and-namespaces/_index.md b/content/rancher/v2.6/en/cluster-admin/projects-and-namespaces/_index.md index b75ee1ed178..0a568d7748d 100644 --- a/content/rancher/v2.6/en/cluster-admin/projects-and-namespaces/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/projects-and-namespaces/_index.md @@ -70,7 +70,7 @@ In the base version of Kubernetes, features like role-based access rights or clu You can use projects to perform actions such as: -- Assign users to a group of namespaces (i.e., [project membership]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/project-members)). +- Assign users to a group of namespaces (i.e., [project membership]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/project-members)). - Assign users specific roles in a project. A role can be owner, member, read-only, or [custom]({{}}/rancher/v2.6/en/admin-settings/rbac/default-custom-roles/). - Assign resources to the project. - Assign Pod Security Policies. @@ -160,12 +160,12 @@ To add members: ### 4. Optional: Add Resource Quotas -Resource quotas limit the resources that a project (and its namespaces) can consume. For more information, see [Resource Quotas]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/resource-quotas). +Resource quotas limit the resources that a project (and its namespaces) can consume. For more information, see [Resource Quotas]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/resource-quotas). To add a resource quota, 1. In the **Resource Quotas** tab, click **Add Resource**. -1. Select a **Resource Type**. For more information, see [Resource Quotas.]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/). +1. Select a **Resource Type**. For more information, see [Resource Quotas.]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/resource-quotas/). 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. 1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit]({{}}/rancher/v2.6/en/project-admin/resource-quotas/) 1. Click **Create**. diff --git a/content/rancher/v2.6/en/cluster-provisioning/cluster-capabilities-table/index.md b/content/rancher/v2.6/en/cluster-provisioning/cluster-capabilities-table/index.md index 8afe468bcdb..45208cb4621 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/cluster-capabilities-table/index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/cluster-capabilities-table/index.md @@ -12,7 +12,7 @@ headless: true | [Managing Persistent Volumes and Storage Classes]({{}}/rancher/v2.6/en/cluster-admin/volumes-and-storage/) | ✓ | ✓ | ✓ | ✓ | | [Managing Projects, Namespaces and Workloads]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/) | ✓ | ✓ | ✓ | ✓ | | [Using App Catalogs]({{}}/rancher/v2.6/en/catalog/) | ✓ | ✓ | ✓ | ✓ | -| [Configuring Tools (Alerts, Notifiers, Logging, Monitoring, Istio)]({{}}/rancher/v2.6/en/cluster-admin/tools/) | ✓ | ✓ | ✓ | ✓ | +| Configuring Tools (Alerts, Notifiers, Logging, Monitoring, Istio) | ✓ | ✓ | ✓ | ✓ | | [Running Security Scans]({{}}/rancher/v2.6/en/security/security-scan/) | ✓ | ✓ | ✓ | ✓ | | [Use existing configuration to create additional clusters]({{}}/rancher/v2.6/en/cluster-admin/cloning-clusters/)| ✓ | ✓ | ✓ | | | [Ability to rotate certificates]({{}}/rancher/v2.6/en/cluster-admin/certificate-rotation/) | ✓ | ✓ | | | @@ -20,9 +20,9 @@ headless: true | [Cleaning Kubernetes components when clusters are no longer reachable from Rancher]({{}}/rancher/v2.6/en/cluster-admin/cleaning-cluster-nodes/) | ✓ | | | | | [Configuring Pod Security Policies]({{}}/rancher/v2.6/en/cluster-admin/pod-security-policy/) | ✓ | ✓ | || -1. Registered GKE and EKS clusters have the same options available as GKE and EKS clusters created from the Rancher UI. The difference is that when a registered cluster is deleted from the Rancher UI, [it is not destroyed.]({{}}/rancher/v2.5/en/cluster-provisioning/registered-clusters/#additional-features-for-registered-eks-and-gke-clusters) +1. Registered GKE and EKS clusters have the same options available as GKE and EKS clusters created from the Rancher UI. The difference is that when a registered cluster is deleted from the Rancher UI, it is not destroyed. -2. Cluster configuration options can't be edited for registered clusters, except for [K3s and RKE2 clusters.]({{}}/rancher/v2.5/en/cluster-provisioning/imported-clusters/) +2. Cluster configuration options can't be edited for registered clusters, except for [K3s and RKE2 clusters.]({{}}/rancher/v2.6/en/cluster-provisioning/registered-clusters/) 3. For registered cluster nodes, the Rancher UI exposes the ability to cordon, drain, and edit the node. diff --git a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md index 40aaf4671ee..7a28ca8c9d6 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md @@ -64,7 +64,7 @@ Use Rancher to set up and configure your Kubernetes cluster. 1. Optional: Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Optional: Add Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to the cluster. 1. Enter your Google project ID and your Google cloud credentials. -1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.](./config-reference) +1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.]({{}}/rancher/v2.5/en/cluster-admin/editing-clusters/gke-config-reference) 1. Click **Create**. **Result:** You have successfully deployed a GKE cluster. diff --git a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md index 56072f0b67d..7b15a24c723 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md @@ -88,7 +88,7 @@ After registering a cluster, the cluster owner can: - [Manage cluster access]({{}}/rancher/v2.6/en/admin-settings/rbac/cluster-project-roles/) through role-based access control - Enable [monitoring, alerts and notifiers]({{}}/rancher/v2.6/en/monitoring-alerting/v2.5/) - Enable [logging]({{}}/rancher/v2.6/en/logging/v2.5/) -- Enable [Istio]({{}}/rancher/v2.6/en/istio/v2.5/) +- Enable [Istio]({{}}/rancher/v2.6/en/istio/) - Use [pipelines]({{}}/rancher/v2.6/en/project-admin/pipelines/) - Manage projects and workloads diff --git a/content/rancher/v2.6/en/faq/_index.md b/content/rancher/v2.6/en/faq/_index.md index 834fe3e7fd2..4fc0889d102 100644 --- a/content/rancher/v2.6/en/faq/_index.md +++ b/content/rancher/v2.6/en/faq/_index.md @@ -29,7 +29,7 @@ As of Rancher 2.3.0, we support Windows Server 1809 containers. For details on h **Does Rancher support Istio?** -As of Rancher 2.3.0, we support [Istio.]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/) +As of Rancher 2.3.0, we support [Istio.]({{}}/rancher/v2.6/en/istio/) Furthermore, Istio is implemented in our micro-PaaS "Rio", which works on Rancher 2.x along with any CNCF compliant Kubernetes cluster. You can read more about it [here](https://rio.io/) diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md index ccff2bdb10a..dd361d3ff13 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md @@ -5,7 +5,7 @@ weight: 200 This section describes how to set up your private registry so that when you install Rancher, Rancher will pull all the required images from this registry. -By default, all images used to [provision Kubernetes clusters]({{}}/rancher/v2.6/en/cluster-provisioning/) or launch any [tools]({{}}/rancher/v2.6/en/cluster-admin/tools/) in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. +By default, all images used to [provision Kubernetes clusters]({{}}/rancher/v2.6/en/cluster-provisioning/) or launch any tools in Rancher, e.g. monitoring, pipelines, alerts, are pulled from Docker Hub. In an air gapped installation of Rancher, you will need a private registry that is located somewhere accessible by your Rancher server. Then, you will load the registry with all the images. Populating the private registry with images is the same process for installing Rancher with Docker and for installing Rancher on a Kubernetes cluster. diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md index 48940f5479e..4e27d103300 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md @@ -3,7 +3,7 @@ title: Rolling Back Rancher Installed with Docker weight: 1015 --- -If a Rancher upgrade does not complete successfully, you'll have to roll back to your Rancher setup that you were using before [Docker Upgrade]({{}}/rancher/v2.6/en/upgrades/upgrades/single-node-upgrade). Rolling back restores: +If a Rancher upgrade does not complete successfully, you'll have to roll back to your Rancher setup that you were using before [Docker Upgrade]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-upgrades). Rolling back restores: - Your previous version of Rancher. - Your data backup created before upgrade. @@ -56,9 +56,9 @@ If you have issues upgrading Rancher, roll it back to its latest known healthy s ``` You can obtain the name for your Rancher container by entering `docker ps`. -1. Move the backup tarball that you created during completion of [Docker Upgrade]({{}}/rancher/v2.6/en/upgrades/upgrades/single-node-upgrade/) onto your Rancher Server. Change to the directory that you moved it to. Enter `dir` to confirm that it's there. +1. Move the backup tarball that you created during completion of [Docker Upgrade]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-upgrades) onto your Rancher Server. Change to the directory that you moved it to. Enter `dir` to confirm that it's there. - If you followed the naming convention we suggested in [Docker Upgrade]({{}}/rancher/v2.6/en/upgrades/upgrades/single-node-upgrade/), it will have a name similar to (`rancher-data-backup--.tar.gz`). + If you followed the naming convention we suggested in [Docker Upgrade]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-upgrades), it will have a name similar to (`rancher-data-backup--.tar.gz`). 1. Run the following command to replace the data in the `rancher-data` container with the data in the backup tarball, replacing the placeholder. Don't forget to close the quotes. diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md index ca931e7fa79..7ee1d1f9328 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md @@ -355,4 +355,4 @@ Remove the previous Rancher server container. If you only stop the previous Ranc # Rolling Back -If your upgrade does not complete successfully, you can roll back Rancher server and its data back to its last healthy state. For more information, see [Docker Rollback]({{}}/rancher/v2.6/en/upgrades/rollbacks/single-node-rollbacks/). +If your upgrade does not complete successfully, you can roll back Rancher server and its data back to its last healthy state. For more information, see [Docker Rollback]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/). diff --git a/content/rancher/v2.6/en/installation/requirements/ports/_index.md b/content/rancher/v2.6/en/installation/requirements/ports/_index.md index c90d0d13ae5..e7be796f7d0 100644 --- a/content/rancher/v2.6/en/installation/requirements/ports/_index.md +++ b/content/rancher/v2.6/en/installation/requirements/ports/_index.md @@ -224,7 +224,7 @@ Note: Registered clusters were called imported clusters before Rancher v2.5. {{% accordion label="Click to expand" %}} -The following table depicts the port requirements for [registered clusters]({{}}/rancher/v2.6/en/cluster-provisioning/imported-clusters/). +The following table depicts the port requirements for [registered clusters]({{}}/rancher/v2.6/en/cluster-provisioning/registered-clusters/). {{< ports-imported-hosted >}} diff --git a/content/rancher/v2.6/en/installation/resources/advanced/api-audit-log/_index.md b/content/rancher/v2.6/en/installation/resources/advanced/api-audit-log/_index.md index d780f8a4192..c1442bc14e5 100644 --- a/content/rancher/v2.6/en/installation/resources/advanced/api-audit-log/_index.md +++ b/content/rancher/v2.6/en/installation/resources/advanced/api-audit-log/_index.md @@ -60,7 +60,7 @@ kubectl -n cattle-system logs -f rancher-84d886bdbb-s4s69 rancher-audit-log #### Shipping the Audit Log -You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging]({{}}/rancher/v2.6/en/cluster-admin/tools/logging) for details. +You can enable Rancher's built in log collection and shipping for the cluster to ship the audit and other services logs to a supported collection endpoint. See [Rancher Tools - Logging]({{}}/rancher/v2.6/en/logging) for details. ## Audit Log Samples diff --git a/content/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md b/content/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md index 6b11ca1383f..3cffc99e63a 100644 --- a/content/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md +++ b/content/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md @@ -5,7 +5,7 @@ weight: 2 This feature enables a UI that lets you create, read, update and delete virtual services and destination rules, which are traffic management features of Istio. -> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup) in order to use the feature. +> **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster]({{}}/rancher/v2.6/en/istio/setup) in order to use the feature. To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.]({{}}/rancher/v2.6/en/installation/options/feature-flags/) diff --git a/content/rancher/v2.6/en/istio/_index.md b/content/rancher/v2.6/en/istio/_index.md index 23030d5bb41..e594a127fc9 100644 --- a/content/rancher/v2.6/en/istio/_index.md +++ b/content/rancher/v2.6/en/istio/_index.md @@ -15,7 +15,7 @@ This core service mesh provides features that include but are not limited to the - **Security** with resources to authenticate and authorize traffic and users, mTLS included. - **Observability** of logs, metrics, and distributed traffic flows. -After [setting up istio]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. +After [setting up istio]({{}}/rancher/v2.6/en/istio/setup) you can leverage Istio's control plane functionality through the Rancher UI, `kubectl`, or `istioctl`. Istio needs to be set up by a `cluster-admin` before it can be used in a project. @@ -61,7 +61,7 @@ Note that this is not a production-qualified deployment of Jaeger. This deployme # Prerequisites -Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/resources) to run all of the components of Istio. +Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough [CPU and memory]({{}}/rancher/v2.6/en/istio/resources) to run all of the components of Istio. If you are installing Istio on RKE2 cluster, some additional steps are required. For details, see [this section.](#additional-steps-for-installing-istio-on-an-rke2-cluster) @@ -69,7 +69,7 @@ Note that Istio v2 (upstream Istio v1.7+) cannot be upgraded in an air gapped en # Setup Guide -Refer to the [setup guide]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup) for instructions on how to set up Istio and use it in a project. +Refer to the [setup guide]({{}}/rancher/v2.6/en/istio/setup) for instructions on how to set up Istio and use it in a project. # Remove Istio @@ -85,7 +85,7 @@ Another option is to manually uninstall istio resources one at a time, but leave # Accessing Visualizations -> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/rbac/) +> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.]({{}}/rancher/v2.6/en/istio/rbac/) After Istio is set up in a cluster, Grafana, Prometheus, and Kiali are available in the Rancher UI. @@ -123,12 +123,12 @@ By default, each Rancher-provisioned cluster has one NGINX ingress controller al ![In an Istio-enabled cluster, you can have two ingresses: the default Nginx ingress, and the default Istio controller.]({{}}/img/rancher/istio-ingress.svg) - Additional Istio Ingress gateways can be enabled via the [overlay file]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference/#overlay-file). + Additional Istio Ingress gateways can be enabled via the [overlay file]({{}}/rancher/v2.6/en/istio/configuration-reference/#overlay-file). ### Egress Support -By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference/#overlay-file). +By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file]({{}}/rancher/v2.6/en/istio/configuration-reference/#overlay-file). # Additional Steps for Installing Istio on an RKE2 Cluster -To install Istio on an RKE2 cluster, follow the steps in [this section.]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference/rke2/) +To install Istio on an RKE2 cluster, follow the steps in [this section.]({{}}/rancher/v2.6/en/istio/configuration-reference/rke2/) diff --git a/content/rancher/v2.6/en/istio/resources/_index.md b/content/rancher/v2.6/en/istio/resources/_index.md index cfa228d0591..bb40d0fc6b5 100644 --- a/content/rancher/v2.6/en/istio/resources/_index.md +++ b/content/rancher/v2.6/en/istio/resources/_index.md @@ -38,7 +38,7 @@ To configure the resources allocated to an Istio component, 1. In the left navigation bar, click **Apps & Marketplace**. 1. Click **Installed Apps**. 1. Go to the `istio-system` namespace. In one of the Istio workloads, such as `rancher-istio`, click **⋮ > Edit/Upgrade**. -1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference/#overlay-file). For more information about editing the overlay file, see [this section.](./#editing-the-overlay-file) +1. Click **Upgrade** to edit the base components via changes to the values.yaml or add an [overlay file]({{}}/rancher/v2.6/en/istio/configuration-reference/#overlay-file). For more information about editing the overlay file, see [this section.](./#editing-the-overlay-file) 1. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations. 1. Click **Upgrade**. to rollout changes diff --git a/content/rancher/v2.6/en/istio/setup/_index.md b/content/rancher/v2.6/en/istio/setup/_index.md index 4e148e0761c..27c126a8d77 100644 --- a/content/rancher/v2.6/en/istio/setup/_index.md +++ b/content/rancher/v2.6/en/istio/setup/_index.md @@ -11,18 +11,18 @@ If you use Istio for traffic management, you will need to allow external traffic This guide assumes you have already [installed Rancher,]({{}}/rancher/v2.6/en/installation) and you have already [provisioned a separate Kubernetes cluster]({{}}/rancher/v2.6/en/cluster-provisioning) on which you will install Istio. -The nodes in your cluster must meet the [CPU and memory requirements.]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/resources/) +The nodes in your cluster must meet the [CPU and memory requirements.]({{}}/rancher/v2.6/en/istio/resources/) The workloads and services that you want to be controlled by Istio must meet [Istio's requirements.](https://istio.io/docs/setup/additional-setup/requirements/) # Install -> **Quick Setup** If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/gateway) and [setting up Istio's components for traffic management.]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/set-up-traffic-management) +> **Quick Setup** If you don't need external traffic to reach Istio, and you just want to set up Istio for monitoring and tracing traffic within the cluster, skip the steps for [setting up the Istio gateway]({{}}/rancher/v2.6/en/istio/setup/gateway) and [setting up Istio's components for traffic management.]({{}}/rancher/v2.6/en/istio/setup/set-up-traffic-management) -1. [Enable Istio in the cluster.]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/enable-istio-in-cluster) -1. [Enable Istio in all the namespaces where you want to use it.]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/enable-istio-in-namespace) -1. [Add deployments and services that have the Istio sidecar injected.]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/deploy-workloads) -1. [Set up the Istio gateway. ]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/gateway) -1. [Set up Istio's components for traffic management.]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/set-up-traffic-management) -1. [Generate traffic and see Istio in action.]({{}}/rancher/v2.6/en/istio/v2.5/setup/view-traffic/ ) +1. [Enable Istio in the cluster.]({{}}/rancher/v2.6/en/istio/setup/enable-istio-in-cluster) +1. [Enable Istio in all the namespaces where you want to use it.]({{}}/rancher/v2.6/en/istio/setup/enable-istio-in-namespace) +1. [Add deployments and services that have the Istio sidecar injected.]({{}}/rancher/v2.6/en/istio/setup/deploy-workloads) +1. [Set up the Istio gateway. ]({{}}/rancher/v2.6/en/istio/setup/gateway) +1. [Set up Istio's components for traffic management.]({{}}/rancher/v2.6/en/istio/setup/set-up-traffic-management) +1. [Generate traffic and see Istio in action.]({{}}/rancher/v2.6/en/istio/setup/view-traffic/ ) diff --git a/content/rancher/v2.6/en/istio/setup/deploy-workloads/_index.md b/content/rancher/v2.6/en/istio/setup/deploy-workloads/_index.md index ccd81244727..cf91f928e8c 100644 --- a/content/rancher/v2.6/en/istio/setup/deploy-workloads/_index.md +++ b/content/rancher/v2.6/en/istio/setup/deploy-workloads/_index.md @@ -353,4 +353,4 @@ spec: --- ``` -### [Next: Set up the Istio Gateway]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/gateway) +### [Next: Set up the Istio Gateway]({{}}/rancher/v2.6/en/istio/setup/gateway) diff --git a/content/rancher/v2.6/en/istio/setup/enable-istio-in-cluster/_index.md b/content/rancher/v2.6/en/istio/setup/enable-istio-in-cluster/_index.md index 1e93c8e9964..62ab5e95d28 100644 --- a/content/rancher/v2.6/en/istio/setup/enable-istio-in-cluster/_index.md +++ b/content/rancher/v2.6/en/istio/setup/enable-istio-in-cluster/_index.md @@ -6,9 +6,9 @@ weight: 1 >**Prerequisites:** > >- Only a user with the `cluster-admin` [Kubernetes default role](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) assigned can configure and install Istio in a Kubernetes cluster. ->- If you have pod security policies, you will need to install Istio with the CNI enabled. For details, see [this section.]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference/enable-istio-with-psp) ->- To install Istio on an RKE2 cluster, additional steps are required. For details, see [this section.]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference/rke2/) ->- To install Istio in a cluster where project network isolation is enabled, additional steps are required. For details, see [this section.]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference/canal-and-project-network) +>- If you have pod security policies, you will need to install Istio with the CNI enabled. For details, see [this section.]({{}}/rancher/v2.6/en/istio/configuration-reference/enable-istio-with-psp) +>- To install Istio on an RKE2 cluster, additional steps are required. For details, see [this section.]({{}}/rancher/v2.6/en/istio/configuration-reference/rke2/) +>- To install Istio in a cluster where project network isolation is enabled, additional steps are required. For details, see [this section.]({{}}/rancher/v2.6/en/istio/configuration-reference/canal-and-project-network) 1. Click **☰ > Cluster Management**. 1. Go to the where you want to enable Istio and click **Explore**. @@ -16,13 +16,13 @@ weight: 1 1. Click **Charts**. 1. Click **Istio**. 1. If you have not already installed your own monitoring app, you will be prompted to install the rancher-monitoring app. Optional: Set your Selector or Scrape config options on rancher-monitoring app install. -1. Optional: Configure member access and [resource limits]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/resources/) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. +1. Optional: Configure member access and [resource limits]({{}}/rancher/v2.6/en/istio/resources/) for the Istio components. Ensure you have enough resources on your worker nodes to enable Istio. 1. Optional: Make additional configuration changes to values.yaml if needed. -1. Optional: Add additional resources or configuration via the [overlay file.]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference/#overlay-file) +1. Optional: Add additional resources or configuration via the [overlay file.]({{}}/rancher/v2.6/en/istio/configuration-reference/#overlay-file) 1. Click **Install**. **Result:** Istio is installed at the cluster level. # Additional Config Options -For more information on configuring Istio, refer to the [configuration reference.]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference) +For more information on configuring Istio, refer to the [configuration reference.]({{}}/rancher/v2.6/en/istio/configuration-reference) diff --git a/content/rancher/v2.6/en/istio/setup/enable-istio-in-namespace/_index.md b/content/rancher/v2.6/en/istio/setup/enable-istio-in-namespace/_index.md index e91a907159b..0fb60ad19c4 100644 --- a/content/rancher/v2.6/en/istio/setup/enable-istio-in-namespace/_index.md +++ b/content/rancher/v2.6/en/istio/setup/enable-istio-in-namespace/_index.md @@ -42,4 +42,4 @@ To add the annotation to a workload, > **NOTE:** If you are having issues with a Job you deployed not completing, you will need to add this annotation to your pod using the provided steps. Since Istio Sidecars run indefinitely, a Job cannot be considered complete even after its task has completed. -### [Next: Select the Nodes ]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/node-selectors) \ No newline at end of file +### [Next: Select the Nodes ]({{}}/rancher/v2.6/en/istio/setup/node-selectors) \ No newline at end of file diff --git a/content/rancher/v2.6/en/istio/setup/gateway/_index.md b/content/rancher/v2.6/en/istio/setup/gateway/_index.md index 84fa9861a2f..5cd58e34e0e 100644 --- a/content/rancher/v2.6/en/istio/setup/gateway/_index.md +++ b/content/rancher/v2.6/en/istio/setup/gateway/_index.md @@ -144,4 +144,4 @@ In the gateway resource, the selector refers to Istio's default ingress controll 1. Scroll down to the `istio-system` namespace. 1. Within `istio-system`, there is a workload named `istio-ingressgateway`. Click the name of this workload and go to the **Labels and Annotations** section. You should see that it has the key `istio` and the value `ingressgateway`. This confirms that the selector in the Gateway resource matches Istio's default ingress controller. -### [Next: Set up Istio's Components for Traffic Management]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/set-up-traffic-management) +### [Next: Set up Istio's Components for Traffic Management]({{}}/rancher/v2.6/en/istio/setup/set-up-traffic-management) diff --git a/content/rancher/v2.6/en/istio/setup/set-up-traffic-management/_index.md b/content/rancher/v2.6/en/istio/setup/set-up-traffic-management/_index.md index fcea1ba888f..a323135e3d5 100644 --- a/content/rancher/v2.6/en/istio/setup/set-up-traffic-management/_index.md +++ b/content/rancher/v2.6/en/istio/setup/set-up-traffic-management/_index.md @@ -73,4 +73,4 @@ spec: **Result:** When you generate traffic to this service (for example, by refreshing the ingress gateway URL), the Kiali traffic graph will reflect that traffic to the `reviews` service is divided evenly between `v1` and `v3`. -### [Next: Generate and View Traffic]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/setup/view-traffic) +### [Next: Generate and View Traffic]({{}}/rancher/v2.6/en/istio/setup/view-traffic) diff --git a/content/rancher/v2.6/en/istio/setup/view-traffic/_index.md b/content/rancher/v2.6/en/istio/setup/view-traffic/_index.md index 0828f5ab9ac..0c1b5597b15 100644 --- a/content/rancher/v2.6/en/istio/setup/view-traffic/_index.md +++ b/content/rancher/v2.6/en/istio/setup/view-traffic/_index.md @@ -9,7 +9,7 @@ This section describes how to view the traffic that is being managed by Istio. The Istio overview page provides a link to the Kiali dashboard. From the Kiali dashboard, you are able to view graphs for each namespace. The Kiali graph provides a powerful way to visualize the topology of your Istio service mesh. It shows you which services communicate with each other. ->**Prerequisite:** To enable traffic to show up in the graph, ensure you have prometheus installed in the cluster. Rancher-istio installs Kiali configured by default to work with the rancher-monitoring chart. You can use rancher-monitoring or install your own monitoring solution. Optional: you can change configuration on how data scraping occurs by setting the [Selectors & Scrape Configs]({{}}/rancher/v2.6/en/istio/v2.5/configuration-reference/selectors-and-scrape) options. +>**Prerequisite:** To enable traffic to show up in the graph, ensure you have prometheus installed in the cluster. Rancher-istio installs Kiali configured by default to work with the rancher-monitoring chart. You can use rancher-monitoring or install your own monitoring solution. Optional: you can change configuration on how data scraping occurs by setting the [Selectors & Scrape Configs]({{}}/rancher/v2.6/en/istio/configuration-reference/selectors-and-scrape) options. To see the traffic graph, diff --git a/content/rancher/v2.6/en/monitoring-alerting/_index.md b/content/rancher/v2.6/en/monitoring-alerting/_index.md index 58f968dedea..cd2b721917d 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/_index.md @@ -51,7 +51,7 @@ These default exporters automatically scrape metrics for CPU and memory from all ### Default Alerts -The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](./dashboard/accessing-the-alertmanager-ui) and click **Expand all groups**. +The monitoring application deploys some alerts by default. To see the default alerts, go to the [Alertmanager UI](./dashboards/#alertmanager-ui) and click **Expand all groups.** ### Components Exposed in the Rancher UI @@ -80,7 +80,7 @@ For information on configuring access to monitoring, see [this page.](./rbac) - [ServiceMonitor and PodMonitor](./configuration/servicemonitor-podmonitor) - [Receiver](./configuration/receiver) - [Route](./configuration/route) -- [PrometheusRule](./configuration/advanced/prometheusrule) +- [PrometheusRule](./configuration/advanced/prometheusrules) - [Prometheus](./configuration/advanced/prometheus) - [Alertmanager](./configuration/advanced/alertmanager) @@ -90,8 +90,6 @@ For more information on `rancher-monitoring` chart options, including options to # Windows Cluster Support -_Available as of v2.5.8_ - When deployed onto an RKE1 Windows cluster, Monitoring V2 will now automatically deploy a [windows-exporter](https://github.com/prometheus-community/windows_exporter) DaemonSet and set up a ServiceMonitor to collect metrics from each of the deployed Pods. This will populate Prometheus with `windows_` metrics that are akin to the `node_` metrics exported by [node_exporter](https://github.com/prometheus/node_exporter) for Linux hosts. To be able to fully deploy Monitoring V2 for Windows, all of your Windows hosts must have a minimum [wins](https://github.com/rancher/wins) version of v0.1.0. @@ -104,4 +102,4 @@ For more details on how to upgrade wins on existing Windows hosts, refer to the There is a [known issue](https://github.com/rancher/rancher/issues/28787#issuecomment-693611821) that K3s clusters require more default memory. If you are enabling monitoring on a K3s cluster, we recommend to setting `prometheus.prometheusSpec.resources.memory.limit` to 2500 Mi and `prometheus.prometheusSpec.resources.memory.request` to 1750 Mi. -For tips on debugging high memory usage, see [this page.](./memory-usage) +For tips on debugging high memory usage, see [this page.](./guides/memory-usage) diff --git a/content/rancher/v2.6/en/monitoring-alerting/configuration/advanced/prometheusrules/_index.md b/content/rancher/v2.6/en/monitoring-alerting/configuration/advanced/prometheusrules/_index.md index 1e1a5c76cb9..b0a6a064fcd 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/configuration/advanced/prometheusrules/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/configuration/advanced/prometheusrules/_index.md @@ -5,7 +5,7 @@ weight: 3 A PrometheusRule defines a group of Prometheus alerting and/or recording rules. -> This section assumes familiarity with how monitoring components work together. For more information, see [this section.](../../../how-monitoring-works) +> This section assumes familiarity with how monitoring components work together. For more information, see [this section.]({{}}/rancher/v2.6/en/monitoring-alerting/how-monitoring-works) ### Creating PrometheusRules in the Rancher UI diff --git a/content/rancher/v2.6/en/monitoring-alerting/configuration/examples/_index.md b/content/rancher/v2.6/en/monitoring-alerting/configuration/examples/_index.md index 730227d9c22..8cb06b633d3 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/configuration/examples/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/configuration/examples/_index.md @@ -22,4 +22,4 @@ An example PrometheusRule is on [this page.](https://github.com/prometheus-opera ### Alertmanager Config -For an example configuration, refer to [this section.](./alertmanager/#example-alertmanager-config) \ No newline at end of file +For an example configuration, refer to [this section.](../advanced/alertmanager/#example-alertmanager-config) \ No newline at end of file diff --git a/content/rancher/v2.6/en/monitoring-alerting/configuration/helm-chart-options/_index.md b/content/rancher/v2.6/en/monitoring-alerting/configuration/helm-chart-options/_index.md index 63d82575b08..78b4e977b87 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/configuration/helm-chart-options/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/configuration/helm-chart-options/_index.md @@ -49,7 +49,7 @@ If the scrape configuration you want cannot be specified via a ServiceMonitor or A [scrape_config section](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) specifies a set of targets and parameters describing how to scrape them. In the general case, one scrape configuration specifies a single job. -An example of where this might be used is with Istio. For more information, see [this section.](https://rancher.com/docs/rancher/v2.5/en/istio/v2.5/configuration-reference/selectors-and-scrape) +An example of where this might be used is with Istio. For more information, see [this section.]({{}}/rancher/v2.6/en/istio/configuration-reference/selectors-and-scrape) # Configuring Applications Packaged within Monitoring v2 @@ -64,7 +64,7 @@ But in the top level chart you can add values that override values that exist in ### Increase the Replicas of Alertmanager -As part of the chart deployment options, you can opt to increase the number of replicas of the Alertmanager deployed onto your cluster. The replicas can all be managed using the same underlying Alertmanager Config Secret. For more information on the Alertmanager Config Secret, refer to [this section.](../configuration/advanced/alertmanager/#multiple-alertmanager-replicas) +As part of the chart deployment options, you can opt to increase the number of replicas of the Alertmanager deployed onto your cluster. The replicas can all be managed using the same underlying Alertmanager Config Secret. For more information on the Alertmanager Config Secret, refer to [this section.](../advanced/alertmanager/#multiple-alertmanager-replicas) ### Configuring the Namespace for a Persistent Grafana Dashboard diff --git a/content/rancher/v2.6/en/monitoring-alerting/configuration/route/_index.md b/content/rancher/v2.6/en/monitoring-alerting/configuration/route/_index.md index acf7c886b6b..4fc0019c79f 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/configuration/route/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/configuration/route/_index.md @@ -10,7 +10,7 @@ When a Route is changed, the Prometheus Operator regenerates the Alertmanager cu For more information about configuring routes, refer to the [official Alertmanager documentation.](https://www.prometheus.io/docs/alerting/latest/configuration/#route) -> This section assumes familiarity with how monitoring components work together. For more information about Alertmanager, see [this section.](../../how-monitoring-works/#3-how-alertmanager-works) +> This section assumes familiarity with how monitoring components work together. For more information, see [this section.]({{}}/rancher/v2.6/en/monitoring-alerting/how-monitoring-works) - [Route Restrictions](#route-restrictions) - [Route Configuration](#route-configuration) diff --git a/content/rancher/v2.6/en/monitoring-alerting/dashboards/_index.md b/content/rancher/v2.6/en/monitoring-alerting/dashboards/_index.md index 6cb39b708df..a6882eaba28 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/dashboards/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/dashboards/_index.md @@ -15,15 +15,15 @@ To see the default dashboards for time series data visualization, go to the Graf ### Customizing Grafana -To view and customize the PromQL queries powering the Grafana dashboard, see [this page.](./customize-grafana) +To view and customize the PromQL queries powering the Grafana dashboard, see [this page.](../guides/customize-grafana) ### Persistent Grafana Dashboards -To create a persistent Grafana dashboard, see [this page.](./persist-grafana) +To create a persistent Grafana dashboard, see [this page.](../guides/persist-grafana) ### Access to Grafana -For information about role-based access control for Grafana, see [this section.](./rbac/#role-based-access-control-for-grafana) +For information about role-based access control for Grafana, see [this section.](../rbac/#role-based-access-control-for-grafana) # Alertmanager UI @@ -48,7 +48,7 @@ To see the Alertmanager UI, **Result:** The Alertmanager UI opens in a new tab. For help with configuration, refer to the [official Alertmanager documentation.](https://prometheus.io/docs/alerting/latest/alertmanager/) -For more information on configuring Alertmanager in Rancher, see [this page.](./configuration/alertmanager) +For more information on configuring Alertmanager in Rancher, see [this page.](../configuration/advanced/alertmanager)
The Alertmanager UI
![Alertmanager UI]({{}}/img/rancher/alertmanager-ui.png) @@ -56,7 +56,7 @@ For more information on configuring Alertmanager in Rancher, see [this page.](./ ### Viewing Default Alerts -To see alerts that are fired by default, go to the [Alertmanager UI](./alertmanager-ui) and click **Expand all groups**. +To see alerts that are fired by default, go to the Alertmanager UI and click **Expand all groups**. # Prometheus UI @@ -104,4 +104,4 @@ You can also see the rules in the Prometheus UI:
Rules in the Prometheus UI
![PrometheusRules UI]({{}}/img/rancher/prometheus-rules-ui.png) -For more information on configuring PrometheusRules in Rancher, see [this page.](./configuration/prometheusrules) \ No newline at end of file +For more information on configuring PrometheusRules in Rancher, see [this page.](../configuration/advanced/prometheusrules) \ No newline at end of file diff --git a/content/rancher/v2.6/en/monitoring-alerting/guides/enable-monitoring/_index.md b/content/rancher/v2.6/en/monitoring-alerting/guides/enable-monitoring/_index.md index f9017589b16..0ed53172f55 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/guides/enable-monitoring/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/guides/enable-monitoring/_index.md @@ -12,7 +12,7 @@ You can enable monitoring with or without SSL. # Requirements - Make sure that you are allowing traffic on port 9796 for each of your nodes because Prometheus will scrape metrics from here. -- Make sure your cluster fulfills the resource requirements. The cluster should have at least 1950Mi memory available, 2700m CPU, and 50Gi storage. A breakdown of the resource limits and requests is [here.](./configuration/helm-chart-options/#setting-resource-limits-and-requests) +- Make sure your cluster fulfills the resource requirements. The cluster should have at least 1950Mi memory available, 2700m CPU, and 50Gi storage. A breakdown of the resource limits and requests is [here.]({{}}/rancher/v2.6/en/monitoring-alerting/configuration/helm-chart-options/#configuring-resource-limits-and-requests) - When installing monitoring on an RKE cluster using RancherOS or Flatcar Linux nodes, change the etcd node certificate directory to `/opt/rke/etc/kubernetes/ssl`. > **Note:** If you want to set up Alertmanager, Grafana or Ingress, it has to be done with the settings on the Helm chart deployment. It's problematic to create Ingress outside the deployment. @@ -21,7 +21,7 @@ You can enable monitoring with or without SSL. The resource requests and limits can be configured when installing `rancher-monitoring`. To configure Prometheus resources from the Rancher UI, click **Apps & Marketplace > Monitoring** in the upper left corner. -For more information about the default limits, see [this page.](./configuration/helm-chart-options/#setting-resource-limits-and-requests) +For more information about the default limits, see [this page.]({{}}/rancher/v2.6/en/monitoring-alerting/configuration/helm-chart-options/#configuring-resource-limits-and-requests) # Install the Monitoring Application @@ -32,14 +32,14 @@ For more information about the default limits, see [this page.](./configuration/ 1. Click **Apps & Marketplace**. 1. Click **Charts**. 1. Click the **Monitoring** app. -1. Optional: Click **Chart Options** and configure alerting, Prometheus and Grafana. For help, refer to the [configuration reference.](./configuration) +1. Optional: Click **Chart Options** and configure alerting, Prometheus and Grafana. For help, refer to the [configuration reference.]({{}}/rancher/v2.6/en/monitoring-alerting/configuration/helm-chart-options/) 1. Scroll to the bottom of the Helm chart README and click **Install**. **Result:** The monitoring app is deployed in the `cattle-monitoring-system` namespace. ### Enable Monitoring for use with SSL -1. Follow the steps on [this page]({{}}/rancher/v2.5/en/k8s-in-rancher/secrets/) to create a secret in order for SSL to be used for alerts. +1. Follow the steps on [this page]({{}}/rancher/v2.6/en/k8s-in-rancher/secrets/) to create a secret in order for SSL to be used for alerts. - The secret should be created in the `cattle-monitoring-system` namespace. If it doesn't exist, create it first. - Add the `ca`, `cert`, and `key` files to the secret. 1. In the upper left corner, click **☰ > Cluster Management**. diff --git a/content/rancher/v2.6/en/monitoring-alerting/how-monitoring-works/_index.md b/content/rancher/v2.6/en/monitoring-alerting/how-monitoring-works/_index.md index 2634ce07000..9e7690d7de3 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/how-monitoring-works/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/how-monitoring-works/_index.md @@ -102,7 +102,7 @@ While the Rancher UI forms only allow editing a routing tree that is two levels By editing the forms in the Rancher UI, you can set up a Receiver resource with all the information Alertmanager needs to send alerts to your notification system. -By editing custom YAML in the Alertmanager or Receiver configuration, you can also send alerts to multiple notification systems. For more information, see the section on configuring [Receivers.](./configuration/receiver/#configuring-multiple-receivers) +By editing custom YAML in the Alertmanager or Receiver configuration, you can also send alerts to multiple notification systems. For more information, see the section on configuring [Receivers.](../configuration/receiver/#configuring-multiple-receivers) # 4. Monitoring V2 Specific Components @@ -155,7 +155,7 @@ When the monitoring application is installed, you will be able to edit the follo | Route | Configuration block (part of Alertmanager) | Add identifying information to make alerts more meaningful and direct them to individual teams. Automatically updates the Alertmanager custom resource. | | PrometheusRule | Custom resource | For more advanced use cases, you may want to define what Prometheus metrics or time series database queries should result in alerts being fired. Automatically updates the Prometheus custom resource. | | Alertmanager | Custom resource | Edit this custom resource only if you need more advanced configuration options beyond what the Rancher UI exposes in the Routes and Receivers sections. For example, you might want to edit this resource to add a routing tree with more than two levels. | -| Prometheus | Custom resource | Edit this custom resource only if you need more advanced configuration beyond what can be configured using ServiceMonitors, PodMonitors, or [Rancher monitoring Helm chart options.](./configuration/helm-chart-options) | +| Prometheus | Custom resource | Edit this custom resource only if you need more advanced configuration beyond what can be configured using ServiceMonitors, PodMonitors, or [Rancher monitoring Helm chart options.](../configuration/helm-chart-options) | # 5. Scraping and Exposing Metrics diff --git a/content/rancher/v2.6/en/overview/_index.md b/content/rancher/v2.6/en/overview/_index.md index 20c68062441..ace5de83354 100644 --- a/content/rancher/v2.6/en/overview/_index.md +++ b/content/rancher/v2.6/en/overview/_index.md @@ -39,7 +39,7 @@ The Rancher API server is built on top of an embedded Kubernetes API server and - **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts]({{}}/rancher/v2.6/en/catalog/) that make it easy to repeatedly deploy applications. - **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration]({{}}/rancher/v2.6/en/project-admin/) and for [managing applications within projects.]({{}}/rancher/v2.6/en/k8s-in-rancher/) - **Pipelines:** Setting up a [pipeline]({{}}/rancher/v2.6/en/project-admin/pipelines/) can help developers deliver new software as quickly and efficiently as possible. Within Rancher, you can configure pipelines for each of your Rancher projects. -- **Istio:** Our [integration with Istio]({{}}/rancher/v2.6/en/cluster-admin/tools/istio/) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. +- **Istio:** Our [integration with Istio]({{}}/rancher/v2.6/en/istio/) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. ### Working with Cloud Infrastructure diff --git a/content/rancher/v2.6/en/pipelines/config/_index.md b/content/rancher/v2.6/en/pipelines/config/_index.md index 570626d58f0..af0a6811d27 100644 --- a/content/rancher/v2.6/en/pipelines/config/_index.md +++ b/content/rancher/v2.6/en/pipelines/config/_index.md @@ -301,7 +301,7 @@ timeout: 30 # Notifications -You can enable notifications to any [notifiers]({{}}/rancher/v2.6/en/cluster-admin/tools/notifiers/) based on the build status of a pipeline. Before enabling notifications, Rancher recommends [setting up notifiers]({{}}/rancher/v2.6/en/monitoring-alerting/legacy/notifiers/) so it will be easy to add recipients immediately. +You can enable notifications to any notifiers based on the build status of a pipeline. Before enabling notifications, Rancher recommends [setting up notifiers]({{}}/rancher/v2.6/en/monitoring-alerting/legacy/notifiers/) so it will be easy to add recipients immediately. ### Configuring Notifications by UI @@ -309,7 +309,7 @@ You can enable notifications to any [notifiers]({{}}/rancher/v2.6/en/cl 1. Select the conditions for the notification. You can select to get a notification for the following statuses: `Failed`, `Success`, `Changed`. For example, if you want to receive notifications when an execution fails, select **Failed**. -1. If you don't have any existing [notifiers]({{}}/rancher/v2.6/en/cluster-admin/tools/notifiers), Rancher will provide a warning that no notifiers are set up and provide a link to be able to go to the notifiers page. Follow the [instructions]({{}}/rancher/v2.6/en/monitoring-alerting/legacy/notifiers/) to add a notifier. If you already have notifiers, you can add them to the notification by clicking the **Add Recipient** button. +1. If you don't have any existing notifiers, Rancher will provide a warning that no notifiers are set up and provide a link to be able to go to the notifiers page. Follow the [instructions]({{}}/rancher/v2.6/en/monitoring-alerting/legacy/notifiers/) to add a notifier. If you already have notifiers, you can add them to the notification by clicking the **Add Recipient** button. > **Note:** Notifiers are configured at a cluster level and require a different level of permissions. diff --git a/content/rancher/v2.6/en/project-admin/namespaces/_index.md b/content/rancher/v2.6/en/project-admin/namespaces/_index.md index 9bb9d9aad46..fa0849e4e7f 100644 --- a/content/rancher/v2.6/en/project-admin/namespaces/_index.md +++ b/content/rancher/v2.6/en/project-admin/namespaces/_index.md @@ -34,7 +34,7 @@ Create a new namespace to isolate apps and resources in a project. 1. Click **Cluster > Projects/Namespaces**. 1. Go to the project where you want to add a namespace and click **Create Namespace**. Alternately, go to **Not in a Project** to create a namespace not associated with a project. -1. **Optional:** If your project has [Resource Quotas]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/resource-quotas) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). +1. **Optional:** If your project has [Resource Quotas]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/resource-quotas) in effect, you can override the default resource **Limits** (which places a cap on the resources that the namespace can consume). 1. Enter a **Name** and then click **Create**. @@ -54,7 +54,7 @@ Cluster admins and members may occasionally need to move a namespace to another >**Notes:** > >- Don't move the namespaces in the `System` project. Moving these namespaces can adversely affect cluster networking. - >- You cannot move a namespace into a project that already has a [resource quota]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/) configured. + >- You cannot move a namespace into a project that already has a [resource quota]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/resource-quotas/) configured. >- If you move a namespace from a project that has a quota set to a project with no quota set, the quota is removed from the namespace. 1. Choose a new project for the new namespace and then click **Move**. Alternatively, you can remove the namespace from all projects by selecting **None**. diff --git a/content/rancher/v2.6/en/project-admin/project-members/_index.md b/content/rancher/v2.6/en/project-admin/project-members/_index.md index e1ddaf0d780..da9c400ca2f 100644 --- a/content/rancher/v2.6/en/project-admin/project-members/_index.md +++ b/content/rancher/v2.6/en/project-admin/project-members/_index.md @@ -11,7 +11,7 @@ You can add members to a project as it is created, or add them to an existing pr ### Adding Members to a New Project -You can add members to a project as you create it (recommended if possible). For details on creating a new project, refer to the [cluster administration section.]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/) +You can add members to a project as you create it (recommended if possible). For details on creating a new project, refer to the [cluster administration section.]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/) ### Adding Members to an Existing Project diff --git a/content/rancher/v2.6/en/project-admin/resource-quotas/_index.md b/content/rancher/v2.6/en/project-admin/resource-quotas/_index.md index 94a3a3bdaa9..a48b8b41625 100644 --- a/content/rancher/v2.6/en/project-admin/resource-quotas/_index.md +++ b/content/rancher/v2.6/en/project-admin/resource-quotas/_index.md @@ -13,7 +13,7 @@ Resource quotas in Rancher include the same functionality as the [native version ### Applying Resource Quotas to Existing Projects -Edit [resource quotas]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/resource-quotas) when: +Edit [resource quotas]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/resource-quotas) when: - You want to limit the resources that a project and its namespaces can use. - You want to scale the resources available to a project up or down when a research quota is already in effect. diff --git a/content/rancher/v2.6/en/project-admin/resource-quotas/override-container-default/_index.md b/content/rancher/v2.6/en/project-admin/resource-quotas/override-container-default/_index.md index 7f4b83d543c..6770d7415eb 100644 --- a/content/rancher/v2.6/en/project-admin/resource-quotas/override-container-default/_index.md +++ b/content/rancher/v2.6/en/project-admin/resource-quotas/override-container-default/_index.md @@ -9,7 +9,7 @@ To avoid setting these limits on each and every container during workload creati ### Editing the Container Default Resource Limit -Edit [container default resource limit]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/) when: +Edit [container default resource limit]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/resource-quotas/) when: - You have a CPU or Memory resource quota set on a project, and want to supply the corresponding default values for a container. - You want to edit the default container resource limit. diff --git a/content/rancher/v2.6/en/project-admin/resource-quotas/override-namespace-default/_index.md b/content/rancher/v2.6/en/project-admin/resource-quotas/override-namespace-default/_index.md index ca70a38855f..f3b1fb5097d 100644 --- a/content/rancher/v2.6/en/project-admin/resource-quotas/override-namespace-default/_index.md +++ b/content/rancher/v2.6/en/project-admin/resource-quotas/override-namespace-default/_index.md @@ -5,16 +5,16 @@ weight: 2 Although the **Namespace Default Limit** propagates from the project to each namespace when created, in some cases, you may need to increase (or decrease) the quotas for a specific namespace. In this situation, you can override the default limits by editing the namespace. -In the diagram below, the Rancher administrator has a resource quota in effect for their project. However, the administrator wants to override the namespace limits for `Namespace 3` so that it has more resources available. Therefore, the administrator [raises the namespace limits]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/) for `Namespace 3` so that the namespace can access more resources. +In the diagram below, the Rancher administrator has a resource quota in effect for their project. However, the administrator wants to override the namespace limits for `Namespace 3` so that it has more resources available. Therefore, the administrator [raises the namespace limits]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/) for `Namespace 3` so that the namespace can access more resources. Namespace Default Limit Override ![Namespace Default Limit Override]({{}}/img/rancher/rancher-resource-quota-override.svg) -How to: [Editing Namespace Resource Quotas]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/) +How to: [Editing Namespace Resource Quotas]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/) ### Editing Namespace Resource Quotas -If there is a [resource quota]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/resource-quotas) configured for a project, you can override the namespace default limit to provide a specific namespace with access to more (or less) project resources. +If there is a [resource quota]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/resource-quotas) configured for a project, you can override the namespace default limit to provide a specific namespace with access to more (or less) project resources. 1. In the upper left corner, click **☰ > Cluster Management**. 1. On the **Clusters** page, go to the cluster where you want to edit a namespace resource quota and click **Explore**. @@ -22,7 +22,7 @@ If there is a [resource quota]({{}}/rancher/v2.6/en/k8s-in-rancher/proj 1. Find the namespace for which you want to edit the resource quota. Click **⋮ > Edit Config**. 1. Edit the resource limits. These limits determine the resources available to the namespace. The limits must be set within the configured project limits. - For more information about each **Resource Type**, see [Resource Quotas]({{}}/rancher/v2.6/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/). + For more information about each **Resource Type**, see [Resource Quotas]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/resource-quotas/). >**Note:** > diff --git a/content/rancher/v2.6/en/project-admin/tools/_index.md b/content/rancher/v2.6/en/project-admin/tools/_index.md index 63483dbd18d..a35a719eb11 100644 --- a/content/rancher/v2.6/en/project-admin/tools/_index.md +++ b/content/rancher/v2.6/en/project-admin/tools/_index.md @@ -14,11 +14,11 @@ Rancher contains a variety of tools that aren't included in Kubernetes to assist ## Notifiers and Alerts -Notifiers and alerts are two features that work together to inform you of events in the Rancher system. +Notifiers and alerts are two features that work together to inform you of events in the Rancher system. Before they can be enabled, the monitoring application must be installed. -[Notifiers]({{}}/rancher/v2.6/en/cluster-admin/tools/notifiers) are services that inform you of alert events. You can configure notifiers to send alert notifications to staff best suited to take corrective action. Notifications can be sent with Slack, email, PagerDuty, WeChat, and webhooks. +Notifiers are services that inform you of alert events. You can configure notifiers to send alert notifications to staff best suited to take corrective action. Notifications can be sent with Slack, email, PagerDuty, WeChat, and webhooks. -[Alerts]({{}}/rancher/v2.6/en/cluster-admin/tools/alerts) are rules that trigger those notifications. Before you can receive alerts, you must configure one or more notifier in Rancher. The scope for alerts can be set at either the cluster or project level. +Alerts are rules that trigger those notifications. Before you can receive alerts, you must configure one or more notifier in Rancher. The scope for alerts can be set at either the cluster or project level. ## Logging @@ -32,8 +32,8 @@ Logging is helpful because it allows you to: Rancher can integrate with Elasticsearch, splunk, kafka, syslog, and fluentd. -For details, refer to the [logging section.]({{}}/rancher/v2.6/en/cluster-admin/tools/logging) +For details, refer to the [logging section.]({{}}/rancher/v2.6/en/logging) ## Monitoring -Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.]({{}}/rancher/v2.6/en/cluster-admin/tools/monitoring) +Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.]({{}}/rancher/v2.6/en/monitoring-alerting) diff --git a/content/rancher/v2.6/en/security/cve/_index.md b/content/rancher/v2.6/en/security/cve/_index.md index 62b11d159ae..8efae8b0dfc 100644 --- a/content/rancher/v2.6/en/security/cve/_index.md +++ b/content/rancher/v2.6/en/security/cve/_index.md @@ -15,4 +15,4 @@ Rancher is committed to informing the community of security issues in our produc | [CVE-2019-12274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12274) | Nodes using the built-in node drivers using a file path option allows the machine to read arbitrary files including sensitive ones from inside the Rancher server container. | 5 Jun 2019 | [Rancher v2.2.4](https://github.com/rancher/rancher/releases/tag/v2.2.4), [Rancher v2.1.10](https://github.com/rancher/rancher/releases/tag/v2.1.10) and [Rancher v2.0.15](https://github.com/rancher/rancher/releases/tag/v2.0.15) | | [CVE-2019-11202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11202) | The default admin, that is shipped with Rancher, will be re-created upon restart of Rancher despite being explicitly deleted. | 16 Apr 2019 | [Rancher v2.2.2](https://github.com/rancher/rancher/releases/tag/v2.2.2), [Rancher v2.1.9](https://github.com/rancher/rancher/releases/tag/v2.1.9) and [Rancher v2.0.14](https://github.com/rancher/rancher/releases/tag/v2.0.14) | | [CVE-2019-6287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6287) | Project members continue to get access to namespaces from projects that they were removed from if they were added to more than one project. | 29 Jan 2019 | [Rancher v2.1.6](https://github.com/rancher/rancher/releases/tag/v2.1.6) and [Rancher v2.0.11](https://github.com/rancher/rancher/releases/tag/v2.0.11) | -| [CVE-2018-20321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20321) | Any project member with access to the `default` namespace can mount the `netes-default` service account in a pod and then use that pod to execute administrative privileged commands against the Kubernetes cluster. | 29 Jan 2019 | [Rancher v2.1.6](https://github.com/rancher/rancher/releases/tag/v2.1.6) and [Rancher v2.0.11](https://github.com/rancher/rancher/releases/tag/v2.0.11) - Rolling back from these versions or greater have specific [instructions]({{}}/rancher/v2.6/en/upgrades/rollbacks/). | \ No newline at end of file +| [CVE-2018-20321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20321) | Any project member with access to the `default` namespace can mount the `netes-default` service account in a pod and then use that pod to execute administrative privileged commands against the Kubernetes cluster. | 29 Jan 2019 | [Rancher v2.1.6](https://github.com/rancher/rancher/releases/tag/v2.1.6) and [Rancher v2.0.11](https://github.com/rancher/rancher/releases/tag/v2.0.11) - Rolling back from these versions or greater have specific [instructions]({{}}/rancher/v2.5/en/installation/install-rancher-on-k8s/rollbacks). | \ No newline at end of file diff --git a/content/rancher/v2.6/en/system-tools/_index.md b/content/rancher/v2.6/en/system-tools/_index.md index 6d0de7671d1..f5836651274 100644 --- a/content/rancher/v2.6/en/system-tools/_index.md +++ b/content/rancher/v2.6/en/system-tools/_index.md @@ -81,7 +81,7 @@ The following are the options for the stats command: # Remove ->**Warning:** This command will remove data from your etcd nodes. Make sure you have created a [backup of etcd]({{}}/rancher/v2.6/en/backups/backups) before executing the command. +>**Warning:** This command will remove data from your etcd nodes. Make sure you have created a [backup of etcd]({{}}/rancher/v2.6/en/backups/rancher-backups) before executing the command. When you install Rancher on a Kubernetes cluster, it will create Kubernetes resources to run and to store configuration data. If you want to remove Rancher from your cluster, you can use the `remove` subcommand to remove the Kubernetes resources. When you use the `remove` subcommand, the following resources will be removed: @@ -101,7 +101,7 @@ When you install Rancher on a Kubernetes cluster, it will create Kubernetes reso When you run the command below, all the resources listed [above](#remove) will be removed from the cluster. ->**Warning:** This command will remove data from your etcd nodes. Make sure you have created a [backup of etcd]({{}}/rancher/v2.6/en/backups/backups) before executing the command. +>**Warning:** This command will remove data from your etcd nodes. Make sure you have created a [backup of etcd]({{}}/rancher/v2.6/en/backups/rancher-backups) before executing the command. ``` ./system-tools remove --kubeconfig --namespace diff --git a/layouts/_default/list.html b/layouts/_default/list.html index 495a9d74776..06ceb47beee 100644 --- a/layouts/_default/list.html +++ b/layouts/_default/list.html @@ -27,7 +27,7 @@ {{ $productVersion := printf "%s/%s" $product $version}} {{ if in .Dir "/v2.x" }}
- We are transitioning to versioned documentation. The v2.x docs will no longer be maintained. For Rancher v2.5 docs, go here. For Rancher v2.0-v2.4 docs, go here. + We are transitioning to versioned documentation. The v2.x docs will no longer be maintained. Rancher v2.6 docsRancher v2.5 docsRancher v2.0-2.4 docs
{{end}} {{ if in .Dir "/pipelines" }} From 768144eb417669d92b48e1986fa39531126631b5 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Tue, 31 Aug 2021 20:41:08 -0700 Subject: [PATCH 05/29] More link fixes --- content/rancher/v2.5/en/logging/_index.md | 2 +- content/rancher/v2.6/en/admin-settings/_index.md | 2 +- .../provisioning-new-storage/_index.md | 2 +- .../node-requirements/_index.md | 2 +- content/rancher/v2.6/en/installation/_index.md | 2 +- .../install-rancher-on-k8s/_index.md | 12 ++++++------ .../install-rancher-on-k8s/upgrades/_index.md | 4 ++-- .../air-gap/install-rancher/_index.md | 6 +++--- .../docker-install-commands/_index.md | 2 +- .../air-gap/launch-kubernetes/_index.md | 2 +- .../air-gap/populate-private-registry/_index.md | 4 ++-- .../air-gap/prepare-nodes/_index.md | 16 ++++++++-------- .../behind-proxy/install-rancher/_index.md | 2 +- .../behind-proxy/launch-kubernetes/_index.md | 2 +- .../behind-proxy/prepare-nodes/_index.md | 6 +++--- .../single-node-docker/_index.md | 2 +- .../single-node-docker/advanced/_index.md | 2 +- .../v2.6/en/installation/requirements/_index.md | 2 +- .../v2.6/en/installation/resources/_index.md | 10 +++++----- .../resources/choosing-version/_index.md | 4 ++-- .../resources/feature-flags/_index.md | 6 +++--- .../feature-flags/continuous-delivery/_index.md | 2 +- .../enable-not-default-storage-drivers/_index.md | 2 +- .../istio-virtual-service-ui/_index.md | 2 +- .../resources/helm-version/_index.md | 2 +- .../resources/k8s-tutorials/ha-RKE/_index.md | 4 ++-- .../infra-for-ha-with-external-db/_index.md | 10 +++++----- .../infra-for-ha/_index.md | 8 ++++---- .../infra-for-rke2-ha/_index.md | 8 ++++---- .../resources/upgrading-cert-manager/_index.md | 2 +- content/rancher/v2.6/en/logging/_index.md | 2 +- 31 files changed, 67 insertions(+), 67 deletions(-) diff --git a/content/rancher/v2.5/en/logging/_index.md b/content/rancher/v2.5/en/logging/_index.md index 8684dbc462b..3d7ff5feb72 100644 --- a/content/rancher/v2.5/en/logging/_index.md +++ b/content/rancher/v2.5/en/logging/_index.md @@ -12,7 +12,7 @@ aliases: The [Banzai Cloud Logging operator](https://banzaicloud.com/docs/one-eye/logging-operator/) now powers Rancher's logging solution in place of the former, in-house solution. -For an overview of the changes in v2.5, see [this section.](/{{}}/rancher/v2.5/en/logging/architecture/#changes-in-rancher-v2-5) For information about migrating from Logging V1, see [this page.](./migrating) +For an overview of the changes in v2.5, see [this section.]({{}}/rancher/v2.5/en/logging/architecture/#changes-in-rancher-v2-5) For information about migrating from Logging V1, see [this page.](./migrating) - [Enabling Logging](#enabling-logging) - [Uninstall Logging](#uninstall-logging) diff --git a/content/rancher/v2.6/en/admin-settings/_index.md b/content/rancher/v2.6/en/admin-settings/_index.md index 2251daf238a..4b73dc848be 100644 --- a/content/rancher/v2.6/en/admin-settings/_index.md +++ b/content/rancher/v2.6/en/admin-settings/_index.md @@ -47,4 +47,4 @@ For more information on how metadata works and how to configure metadata config, ## Enabling Experimental Features -Rancher includes some features that are experimental and disabled by default. Feature flags were introduced to allow you to try these features. For more information, refer to the section about [feature flags.]({{}}/rancher/v2.6/en/installation/options/feature-flags/) +Rancher includes some features that are experimental and disabled by default. Feature flags were introduced to allow you to try these features. For more information, refer to the section about [feature flags.]({{}}/rancher/v2.6/en/installation/resources/feature-flags/) diff --git a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/provisioning-new-storage/_index.md b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/provisioning-new-storage/_index.md index df6977e5fe6..2d2fb6176ca 100644 --- a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/provisioning-new-storage/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/provisioning-new-storage/_index.md @@ -37,7 +37,7 @@ Local | `local` Network File System | `nfs` hostPath | `host-path` -To use a storage provisioner that is not on the above list, you will need to use a [feature flag to enable unsupported storage drivers.]({{}}/rancher/v2.6/en/installation/options/feature-flags/enable-not-default-storage-drivers/) +To use a storage provisioner that is not on the above list, you will need to use a [feature flag to enable unsupported storage drivers.]({{}}/rancher/v2.6/en/installation/resources/feature-flags/enable-not-default-storage-drivers/) ### 1. Add a storage class and configure it to use your storage diff --git a/content/rancher/v2.6/en/cluster-provisioning/node-requirements/_index.md b/content/rancher/v2.6/en/cluster-provisioning/node-requirements/_index.md index f8d03ebc979..5bb0d3cbdb1 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/node-requirements/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/node-requirements/_index.md @@ -22,7 +22,7 @@ For details on which OS and Docker versions were tested with each Rancher versio All supported operating systems are 64-bit x86. -If you plan to use ARM64, see [Running on ARM64 (Experimental).]({{}}/rancher/v2.6/en/installation/options/arm64-platform/) +If you plan to use ARM64, see [Running on ARM64 (Experimental).]({{}}/rancher/v2.6/en/installation/resources/advanced/arm64-platform/) For information on how to install Docker, refer to the official [Docker documentation.](https://docs.docker.com/) diff --git a/content/rancher/v2.6/en/installation/_index.md b/content/rancher/v2.6/en/installation/_index.md index 7c86faa4c76..19ad04b60dd 100644 --- a/content/rancher/v2.6/en/installation/_index.md +++ b/content/rancher/v2.6/en/installation/_index.md @@ -90,5 +90,5 @@ In the Rancher installation instructions, we recommend using K3s or RKE to set u Refer to the [docs about options for Docker installs]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker) for details about other configurations including: - With [API auditing to record all transactions]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/#api-audit-log) -- With an [external load balancer]({{}}/rancher/v2.6/en/installation/options/single-node-install-external-lb/) +- With an [external load balancer]({{}}/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb/) - With a [persistent data store]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/#persistent-data) diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md index 5c64ff7c0c3..918e85e91fc 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md @@ -34,7 +34,7 @@ For help setting up a Kubernetes cluster, we provide these tutorials: The following CLI tools are required for setting up the Kubernetes cluster. Please make sure these tools are installed and available in your `$PATH`. - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) - Kubernetes command-line tool. -- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/options/helm-version) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. +- [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. Refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/resources/helm-version) to choose a version of Helm to install Rancher. Refer to the [instructions provided by the Helm project](https://helm.sh/docs/intro/install/) for your specific platform. ### Ingress Controller (For Hosted Kubernetes) @@ -48,11 +48,11 @@ Rancher is installed using the [Helm](https://helm.sh/) package manager for Kube For systems without direct internet access, see [Air Gap: Kubernetes install]({{}}/rancher/v2.6/en/installation/air-gap-installation/install-rancher/). -To choose a Rancher version to install, refer to [Choosing a Rancher Version.]({{}}/rancher/v2.6/en/installation/options/server-tags) +To choose a Rancher version to install, refer to [Choosing a Rancher Version.]({{}}/rancher/v2.6/en/installation/resources/choosing-version) -To choose a version of Helm to install Rancher with, refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/options/helm-version) +To choose a version of Helm to install Rancher with, refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/resources/helm-version) -> **Note:** The installation instructions assume you are using Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 migration docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) This [section]({{}}/rancher/v2.6/en/installation/options/helm2) provides a copy of the older installation instructions for Rancher installed on an RKE Kubernetes cluster with Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. +> **Note:** The installation instructions assume you are using Helm 3. To set up Rancher, @@ -109,7 +109,7 @@ This step is only required to use certificates issued by Rancher's generated CA {{% accordion id="cert-manager" label="Click to Expand" %}} -> **Important:** Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation]({{}}/rancher/v2.6/en/installation/options/upgrading-cert-manager/). +> **Important:** Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade documentation]({{}}/rancher/v2.6/en/installation/resources/upgrading-cert-manager/). These instructions are adapted from the [official cert-manager documentation](https://cert-manager.io/docs/installation/kubernetes/#installing-with-helm). @@ -283,4 +283,4 @@ That's it. You should have a functional Rancher server. In a web browser, go to the DNS name that forwards traffic to your load balancer. Then you should be greeted by the colorful login page. -Doesn't work? Take a look at the [Troubleshooting]({{}}/rancher/v2.6/en/installation/options/troubleshooting/) Page +Doesn't work? Take a look at the [Troubleshooting]({{}}/rancher/v2.6/en/installation/resources/troubleshooting/) Page diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/upgrades/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/upgrades/_index.md index 917ff0136ff..562a1d8223b 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/upgrades/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/upgrades/_index.md @@ -45,7 +45,7 @@ If you are upgrading to Rancher v2.5 from a Rancher server that was started with ### For upgrades with cert-manager older than 0.8.0 -[Let's Encrypt will be blocking cert-manager instances older than 0.8.0 starting November 1st 2019.](https://community.letsencrypt.org/t/blocking-old-cert-manager-versions/98753) Upgrade cert-manager to the latest version by following [these instructions.]({{}}/rancher/v2.6/en/installation/options/upgrading-cert-manager) +[Let's Encrypt will be blocking cert-manager instances older than 0.8.0 starting November 1st 2019.](https://community.letsencrypt.org/t/blocking-old-cert-manager-versions/98753) Upgrade cert-manager to the latest version by following [these instructions.]({{}}/rancher/v2.6/en/installation/resources/upgrading-cert-manager) # Upgrade Outline @@ -156,7 +156,7 @@ If you are currently running the cert-manger whose version is older than v0.11, helm delete rancher -n cattle-system ``` -2. Uninstall and reinstall `cert-manager` according to the instructions on the [Upgrading Cert-Manager]({{}}/rancher/v2.6/en/installation/options/upgrading-cert-manager) page. +2. Uninstall and reinstall `cert-manager` according to the instructions on the [Upgrading Cert-Manager]({{}}/rancher/v2.6/en/installation/resources/upgrading-cert-manager) page. 3. Reinstall Rancher to the latest version with all your settings. Take all the values from the step 1 and append them to the command using `--set key=value`. Note: There will be many more options from the step 1 that need to be appended. diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/_index.md index ddeeedf93c1..589cbd0870c 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/_index.md @@ -28,7 +28,7 @@ This section describes installing Rancher: From a system that has access to the internet, fetch the latest Helm chart and copy the resulting manifests to a system that has access to the Rancher server cluster. -1. If you haven't already, install `helm` locally on a workstation that has internet access. Note: Refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/options/helm-version) to choose a version of Helm to install Rancher. +1. If you haven't already, install `helm` locally on a workstation that has internet access. Note: Refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/resources/helm-version) to choose a version of Helm to install Rancher. 2. Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{}}/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/#helm-chart-repositories). {{< release-channel >}} @@ -79,7 +79,7 @@ Based on the choice your made in [2. Choose your SSL Configuration](#2-choose-yo By default, Rancher generates a CA and uses cert-manager to issue the certificate for access to the Rancher server interface. > **Note:** -> Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade cert-manager documentation]({{}}/rancher/v2.6/en/installation/options/upgrading-cert-manager/). +> Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.11.0, please see our [upgrade cert-manager documentation]({{}}/rancher/v2.6/en/installation/resources/upgrading-cert-manager/). ### 1. Add the cert-manager repo @@ -238,4 +238,4 @@ These resources could be helpful when installing Rancher: - [Rancher Helm chart options]({{}}/rancher/v2.6/en/installation/resources/chart-options/) - [Adding TLS secrets]({{}}/rancher/v2.6/en/installation/resources/encryption/tls-secrets/) -- [Troubleshooting Rancher Kubernetes Installations]({{}}/rancher/v2.6/en/installation/options/troubleshooting/) +- [Troubleshooting Rancher Kubernetes Installations]({{}}/rancher/v2.6/en/installation/resources/troubleshooting/) diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/docker-install-commands/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/docker-install-commands/_index.md index aa4d5512d87..97aeffdccaa 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/docker-install-commands/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/docker-install-commands/_index.md @@ -18,7 +18,7 @@ For security purposes, SSL (Secure Sockets Layer) is required when using Rancher > **Do you want to..**. > -> - Configure custom CA root certificate to access your services? See [Custom CA root certificate]({{}}/rancher/v2.6/en/installation/options/custom-ca-root-certificate/). +> - Configure custom CA root certificate to access your services? See [Custom CA root certificate]({{}}/rancher/v2.6/en/installation/resources/custom-ca-root-certificate/). > - Record all transactions with the Rancher API? See [API Auditing]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/#api-audit-log). Choose from the following options: diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/launch-kubernetes/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/launch-kubernetes/_index.md index e1151c61742..f58ef372b27 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/launch-kubernetes/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/launch-kubernetes/_index.md @@ -215,6 +215,6 @@ Save a copy of the following files in a secure location: ### Issues or errors? -See the [Troubleshooting]({{}}/rancher/v2.6/en/installation/options/troubleshooting/) page. +See the [Troubleshooting]({{}}/rancher/v2.6/en/installation/resources/troubleshooting/) page. ### [Next: Install Rancher](../install-rancher) diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md index dd361d3ff13..2c27c28bb2c 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry/_index.md @@ -53,7 +53,7 @@ In a Kubernetes Install, if you elect to use the Rancher default self-signed TLS 1. Fetch the latest `cert-manager` Helm chart and parse the template for image details: - > **Note:** Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.12.0, please see our [upgrade documentation]({{}}/rancher/v2.6/en/installation/options/upgrading-cert-manager/). + > **Note:** Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.12.0, please see our [upgrade documentation]({{}}/rancher/v2.6/en/installation/resources/upgrading-cert-manager/). ```plain helm repo add jetstack https://charts.jetstack.io @@ -225,7 +225,7 @@ The workstation must have Docker 18.02+ in order to support manifests, which are **For Kubernetes Installs using Rancher Generated Self-Signed Certificate:** In a Kubernetes Install, if you elect to use the Rancher default self-signed TLS certificates, you must add the [`cert-manager`](https://hub.helm.sh/charts/jetstack/cert-manager) image to `rancher-images.txt` as well. You skip this step if you are using you using your own certificates. 1. Fetch the latest `cert-manager` Helm chart and parse the template for image details: - > **Note:** Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.12.0, please see our [upgrade documentation]({{}}/rancher/v2.6/en/installation/options/upgrading-cert-manager/). + > **Note:** Recent changes to cert-manager require an upgrade. If you are upgrading Rancher and using a version of cert-manager older than v0.12.0, please see our [upgrade documentation]({{}}/rancher/v2.6/en/installation/resources/upgrading-cert-manager/). ```plain helm repo add jetstack https://charts.jetstack.io helm repo update diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/prepare-nodes/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/prepare-nodes/_index.md index b7ccd17637b..e054670c0a0 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/prepare-nodes/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/prepare-nodes/_index.md @@ -27,7 +27,7 @@ These hosts will be disconnected from the internet, but require being able to co Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.]({{}}/rancher/v2.6/en/installation/requirements/) -For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/options/ec2-node) for setting up nodes as instances in Amazon EC2. +For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node) for setting up nodes as instances in Amazon EC2. ### 2. Set up External Datastore @@ -41,7 +41,7 @@ For a high-availability K3s installation, you will need to set up one of the fol When you install Kubernetes, you will pass in details for K3s to connect to the database. -For an example of one way to set up the database, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/options/rds) for setting up a MySQL database on Amazon's RDS service. +For an example of one way to set up the database, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/rds) for setting up a MySQL database on Amazon's RDS service. For the complete list of options that are available for configuring a K3s cluster datastore, refer to the [K3s documentation.]({{}}/k3s/latest/en/installation/datastore/) @@ -58,9 +58,9 @@ For your implementation, consider if you want or need to use a Layer-4 or Layer- - **A layer-4 load balancer** is the simpler of the two choices, in which you are forwarding TCP traffic to your nodes. We recommend configuring your load balancer as a Layer 4 balancer, forwarding traffic to ports TCP/80 and TCP/443 to the Rancher management cluster nodes. The Ingress controller on the cluster will redirect HTTP traffic to HTTPS and terminate SSL/TLS on port TCP/443. The Ingress controller will forward traffic to port TCP/80 to the Ingress pod in the Rancher deployment. - **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination) -For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nginx/) +For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nginx/) -For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nlb/) +For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nlb/) > **Important:** > Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend dedicating the `local` cluster to Rancher and no other applications. @@ -106,7 +106,7 @@ These hosts will be disconnected from the internet, but require being able to co Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.]({{}}/rancher/v2.6/en/installation/requirements/) -For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/options/ec2-node) for setting up nodes as instances in Amazon EC2. +For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node/) for setting up nodes as instances in Amazon EC2. ### 2. Set up the Load Balancer @@ -121,9 +121,9 @@ For your implementation, consider if you want or need to use a Layer-4 or Layer- - **A layer-4 load balancer** is the simpler of the two choices, in which you are forwarding TCP traffic to your nodes. We recommend configuring your load balancer as a Layer 4 balancer, forwarding traffic to ports TCP/80 and TCP/443 to the Rancher management cluster nodes. The Ingress controller on the cluster will redirect HTTP traffic to HTTPS and terminate SSL/TLS on port TCP/443. The Ingress controller will forward traffic to port TCP/80 to the Ingress pod in the Rancher deployment. - **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination) -For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nginx/) +For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nginx/) -For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nlb/) +For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nlb/) > **Important:** > Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend dedicating the `local` cluster to Rancher and no other applications. @@ -158,7 +158,7 @@ This host will be disconnected from the Internet, but needs to be able to connec Make sure that your node fulfills the general installation requirements for [OS, Docker, hardware, and networking.]({{}}/rancher/v2.6/en/installation/requirements/) -For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/options/ec2-node) for setting up nodes as instances in Amazon EC2. +For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node/) for setting up nodes as instances in Amazon EC2. ### 2. Set up a Private Docker Registry diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md index bdfb4b94d26..7a921690368 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md @@ -84,4 +84,4 @@ These resources could be helpful when installing Rancher: - [Rancher Helm chart options]({{}}/rancher/v2.6/en/installation/resources/chart-options/) - [Adding TLS secrets]({{}}/rancher/v2.6/en/installation/resources/encryption/tls-secrets/) -- [Troubleshooting Rancher Kubernetes Installations]({{}}/rancher/v2.6/en/installation/options/troubleshooting/) +- [Troubleshooting Rancher Kubernetes Installations]({{}}/rancher/v2.6/en/installation/resources/troubleshooting/) diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/launch-kubernetes/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/launch-kubernetes/_index.md index 18038f5f6f7..574e881c4c8 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/launch-kubernetes/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/launch-kubernetes/_index.md @@ -146,6 +146,6 @@ Save a copy of the following files in a secure location: ### Issues or errors? -See the [Troubleshooting]({{}}/rancher/v2.6/en/installation/options/troubleshooting/) page. +See the [Troubleshooting]({{}}/rancher/v2.6/en/installation/resources/troubleshooting/) page. ### [Next: Install Rancher](../install-rancher) diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/prepare-nodes/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/prepare-nodes/_index.md index 8338901c524..6d8aaf813e3 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/prepare-nodes/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/prepare-nodes/_index.md @@ -25,7 +25,7 @@ These hosts will connect to the internet through an HTTP proxy. Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.]({{}}/rancher/v2.6/en/installation/requirements/) -For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/options/ec2-node) for setting up nodes as instances in Amazon EC2. +For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node/) for setting up nodes as instances in Amazon EC2. ### 2. Set up the Load Balancer @@ -40,9 +40,9 @@ For your implementation, consider if you want or need to use a Layer-4 or Layer- - **A layer-4 load balancer** is the simpler of the two choices, in which you are forwarding TCP traffic to your nodes. We recommend configuring your load balancer as a Layer 4 balancer, forwarding traffic to ports TCP/80 and TCP/443 to the Rancher management cluster nodes. The Ingress controller on the cluster will redirect HTTP traffic to HTTPS and terminate SSL/TLS on port TCP/443. The Ingress controller will forward traffic to port TCP/80 to the Ingress pod in the Rancher deployment. - **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination) -For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nginx/) +For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nginx/) -For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nlb/) +For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nlb/) > **Important:** > Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend dedicating the `local` cluster to Rancher and no other applications. diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/_index.md index ff055b79d9f..46a9f84099c 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/_index.md @@ -9,7 +9,7 @@ Rancher can be installed by running a single Docker container. In this installation scenario, you'll install Docker on a single Linux host, and then deploy Rancher on your host using a single Docker container. > **Want to use an external load balancer?** -> See [Docker Install with an External Load Balancer]({{}}/rancher/v2.6/en/installation/options/single-node-install-external-lb) instead. +> See [Docker Install with an External Load Balancer]({{}}/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb) instead. A Docker installation of Rancher is recommended only for development and testing purposes. The ability to migrate Rancher to a high-availability cluster depends on the Rancher version: diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/_index.md index 8e1eeb5686c..9433691166b 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/_index.md @@ -3,7 +3,7 @@ title: Advanced Options for Docker Installs weight: 5 --- -When installing Rancher, there are several [advanced options]({{}}/rancher/v2.6/en/installation/options/) that can be enabled: +When installing Rancher, there are several advanced options that can be enabled: - [Custom CA Certificate](#custom-ca-certificate) - [API Audit Log](#api-audit-log) diff --git a/content/rancher/v2.6/en/installation/requirements/_index.md b/content/rancher/v2.6/en/installation/requirements/_index.md index 45656a5371a..a67cc851715 100644 --- a/content/rancher/v2.6/en/installation/requirements/_index.md +++ b/content/rancher/v2.6/en/installation/requirements/_index.md @@ -52,7 +52,7 @@ Some distributions of Linux may have default firewall rules that block communica If you don't feel comfortable doing so you might check suggestions in the [respective issue](https://github.com/rancher/rancher/issues/28840). Some users were successful [creating a separate firewalld zone with a policy of ACCEPT for the Pod CIDR](https://github.com/rancher/rancher/issues/28840#issuecomment-787404822). -If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).]({{}}/rancher/v2.6/en/installation/options/arm64-platform/) +If you plan to run Rancher on ARM64, see [Running on ARM64 (Experimental).]({{}}/rancher/v2.6/en/installation/resources/advanced/arm64-platform/) ### RKE Specific Requirements diff --git a/content/rancher/v2.6/en/installation/resources/_index.md b/content/rancher/v2.6/en/installation/resources/_index.md index e98296cd2dc..94fe05dda8c 100644 --- a/content/rancher/v2.6/en/installation/resources/_index.md +++ b/content/rancher/v2.6/en/installation/resources/_index.md @@ -19,8 +19,8 @@ An air gapped environment could be where Rancher server will be installed offlin When installing Rancher, there are several advanced options that can be enabled during installation. Within each install guide, these options are presented. Learn more about these options: -- [Custom CA Certificate]({{}}/rancher/v2.6/en/installation/options/custom-ca-root-certificate/) -- [API Audit Log]({{}}/rancher/v2.6/en/installation/options/api-audit-log/) -- [TLS Settings]({{}}/rancher/v2.6/en/installation/options/tls-settings/) -- [etcd configuration]({{}}/rancher/v2.6/en/installation/options/etcd/) -- [Local System Charts for Air Gap Installations]({{}}/rancher/v2.6/en/installation/options/local-system-charts) | v2.3.0 | +- [Custom CA Certificate]({{}}/rancher/v2.6/en/installation/resources/custom-ca-root-certificate/) +- [API Audit Log]({{}}/rancher/v2.6/en/installation/resources/advanced/api-audit-log/) +- [TLS Settings]({{}}/rancher/v2.6/en/installation/resources/tls-settings/) +- [etcd configuration]({{}}/rancher/v2.6/en/installation/resources/advanced/etcd/) +- [Local System Charts for Air Gap Installations]({{}}/rancher/v2.6/en/installation/resources/local-system-charts) | v2.3.0 | diff --git a/content/rancher/v2.6/en/installation/resources/choosing-version/_index.md b/content/rancher/v2.6/en/installation/resources/choosing-version/_index.md index ce7da1573b6..0505311ab2a 100644 --- a/content/rancher/v2.6/en/installation/resources/choosing-version/_index.md +++ b/content/rancher/v2.6/en/installation/resources/choosing-version/_index.md @@ -5,7 +5,7 @@ weight: 1 This section describes how to choose a Rancher version. -For a high-availability installation of Rancher, which is recommended for production, the Rancher server is installed using a **Helm chart** on a Kubernetes cluster. Refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/options/helm-version) to choose a version of Helm to install Rancher. +For a high-availability installation of Rancher, which is recommended for production, the Rancher server is installed using a **Helm chart** on a Kubernetes cluster. Refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/resources/helm-version) to choose a version of Helm to install Rancher. For Docker installations of Rancher, which is used for development and testing, you will install Rancher as a **Docker image**. @@ -14,7 +14,7 @@ For Docker installations of Rancher, which is used for development and testing, When installing, upgrading, or rolling back Rancher Server when it is [installed on a Kubernetes cluster]({{}}/rancher/v2.6/en/installation/install-rancher-on-k8s/), Rancher server is installed using a Helm chart on a Kubernetes cluster. Therefore, as you prepare to install or upgrade a high availability Rancher configuration, you must add a Helm chart repository that contains the charts for installing Rancher. -Refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/options/helm-version) to choose a version of Helm to install Rancher. +Refer to the [Helm version requirements]({{}}/rancher/v2.6/en/installation/resources/helm-version) to choose a version of Helm to install Rancher. ### Helm Chart Repositories diff --git a/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md b/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md index f895a0067a5..eae48b246e9 100644 --- a/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md +++ b/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md @@ -2,7 +2,7 @@ title: Enabling Experimental Features weight: 17 --- -Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type]({{}}/rancher/v2.6/en/installation/options/feature-flags/enable-not-default-storage-drivers) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. +Rancher includes some features that are experimental and disabled by default. You might want to enable these features, for example, if you decide that the benefits of using an [unsupported storage type]({{}}/rancher/v2.6/en/installation/resources/feature-flags/enable-not-default-storage-drivers) outweighs the risk of using an untested feature. Feature flags were introduced to allow you to try these features that are not enabled by default. The features can be enabled in three ways: @@ -28,8 +28,8 @@ The following is a list of the feature flags available in Rancher: - `token-hashing`: This feature enables one-way [hashing of tokens]({{}}/rancher/v2.6/en/api/api-tokens) and cannot be disabled once enabled. - `fleet`: Rancher comes with [Fleet]({{}}/rancher/v2.6/en/deploy-across-clusters/fleet) preinstalled in v2.5+. Rancher v2.6's new provisioning system leverages Fleet's bundle deployment capabilities in order to manage clusters at scale. Therefore, in Rancher v2.6, Fleet can no longer be disabled. If Fleet was disabled in Rancher v2.5.x, it will become enabled if Rancher is upgraded to v2.6.x. - `continuous-delivery`: In Rancher v2.5.x, Fleet came with a GitOps feature that could not be disabled separately from Fleet. In Rancher v2.6, the `continuous-delivery` feature flag was introduced to allow the GitOps feature of Fleet to be disabled. For more information, see [this page.](./continuous-delivery) -- `istio-virtual-service-ui`: This feature enables a [UI to create, read, update, and delete Istio virtual services and destination rules]({{}}/rancher/v2.6/en/installation/options/feature-flags/istio-virtual-service-ui), which are traffic management features of Istio. -- `unsupported-storage-drivers`: This feature [allows unsupported storage drivers.]({{}}/rancher/v2.6/en/installation/options/feature-flags/enable-not-default-storage-drivers) In other words, it enables types for storage providers and provisioners that are not enabled by default. +- `istio-virtual-service-ui`: This feature enables a [UI to create, read, update, and delete Istio virtual services and destination rules]({{}}/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui), which are traffic management features of Istio. +- `unsupported-storage-drivers`: This feature [allows unsupported storage drivers.]({{}}/rancher/v2.6/en/installation/resources/feature-flags/enable-not-default-storage-drivers) In other words, it enables types for storage providers and provisioners that are not enabled by default. The below table shows the availability and default value for feature flags in Rancher: diff --git a/content/rancher/v2.6/en/installation/resources/feature-flags/continuous-delivery/_index.md b/content/rancher/v2.6/en/installation/resources/feature-flags/continuous-delivery/_index.md index 5d19657238b..c3fb7f798ef 100644 --- a/content/rancher/v2.6/en/installation/resources/feature-flags/continuous-delivery/_index.md +++ b/content/rancher/v2.6/en/installation/resources/feature-flags/continuous-delivery/_index.md @@ -5,7 +5,7 @@ weight: 3 As of Rancher v2.5, [Fleet]({{}}/rancher/v2.6/en/deploy-across-clusters/fleet) comes preinstalled in Rancher, and as of Rancher v2.6, Fleet can no longer be fully disabled. However, the Fleet feature for GitOps continuous delivery may be disabled using the `continuous-delivery` feature flag. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.]({{}}/rancher/v2.6/en/installation/options/feature-flags/) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.]({{}}/rancher/v2.6/en/installation/resources/feature-flags/) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/content/rancher/v2.6/en/installation/resources/feature-flags/enable-not-default-storage-drivers/_index.md b/content/rancher/v2.6/en/installation/resources/feature-flags/enable-not-default-storage-drivers/_index.md index a5e33d41b91..05affcc91ad 100644 --- a/content/rancher/v2.6/en/installation/resources/feature-flags/enable-not-default-storage-drivers/_index.md +++ b/content/rancher/v2.6/en/installation/resources/feature-flags/enable-not-default-storage-drivers/_index.md @@ -5,7 +5,7 @@ weight: 1 This feature allows you to use types for storage providers and provisioners that are not enabled by default. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.]({{}}/rancher/v2.6/en/installation/options/feature-flags/) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.]({{}}/rancher/v2.6/en/installation/resources/feature-flags/) Environment Variable Key | Default Value | Description ---|---|--- diff --git a/content/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md b/content/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md index 3cffc99e63a..0b5a1395ab6 100644 --- a/content/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md +++ b/content/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui/_index.md @@ -7,7 +7,7 @@ This feature enables a UI that lets you create, read, update and delete virtual > **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster]({{}}/rancher/v2.6/en/istio/setup) in order to use the feature. -To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.]({{}}/rancher/v2.6/en/installation/options/feature-flags/) +To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.]({{}}/rancher/v2.6/en/installation/resources/feature-flags/) Environment Variable Key | Default Value | Status | Available as of ---|---|---|--- diff --git a/content/rancher/v2.6/en/installation/resources/helm-version/_index.md b/content/rancher/v2.6/en/installation/resources/helm-version/_index.md index 7536abc4f31..0fd69cfb62f 100644 --- a/content/rancher/v2.6/en/installation/resources/helm-version/_index.md +++ b/content/rancher/v2.6/en/installation/resources/helm-version/_index.md @@ -5,7 +5,7 @@ weight: 3 This section contains the requirements for Helm, which is the tool used to install Rancher on a high-availability Kubernetes cluster. -> The installation instructions have been updated for Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 Migration Docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) [This section]({{}}/rancher/v2.6/en/installation/options/helm2) provides a copy of the older high-availability Rancher installation instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. +> The installation instructions have been updated for Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 Migration Docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) [This section]({{}}/rancher/v2.0-v2.4/en/installation/resources/advanced/helm2/) provides a copy of the older high-availability Rancher installation instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. - Helm v3.2.x or higher is required to install or upgrade Rancher v2.5. - Helm v2.16.0 or higher is required for Kubernetes v1.16. For the default Kubernetes version, refer to the [release notes](https://github.com/rancher/rke/releases) for the version of RKE that you are using. diff --git a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md index 69cea0c3ebb..225ede6223e 100644 --- a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md +++ b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md @@ -81,7 +81,7 @@ ingress: > > Please see the [RKE Documentation]({{}}/rke/latest/en/config-options/) for the full list of options and capabilities. > -> For tuning your etcd cluster for larger Rancher installations, see the [etcd settings guide]({{}}/rancher/v2.6/en/installation/options/etcd/). +> For tuning your etcd cluster for larger Rancher installations, see the [etcd settings guide]({{}}/rancher/v2.6/en/installation/resources/advanced/etcd/). ### 2. Run RKE @@ -162,7 +162,7 @@ Save a copy of the following files in a secure location: ### Issues or errors? -See the [Troubleshooting]({{}}/rancher/v2.6/en/installation/options/troubleshooting/) page. +See the [Troubleshooting]({{}}/rancher/v2.6/en/installation/resources/troubleshooting/) page. ### [Next: Install Rancher]({{}}/rancher/v2.6/en/installation/k8s-install/helm-rancher/) diff --git a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-ha-with-external-db/_index.md b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-ha-with-external-db/_index.md index 9b64023e7b6..4e13afe13a8 100644 --- a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-ha-with-external-db/_index.md +++ b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-ha-with-external-db/_index.md @@ -22,7 +22,7 @@ To install the Rancher management server on a high-availability K3s cluster, we Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.]({{}}/rancher/v2.6/en/installation/requirements/) -For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/options/ec2-node) for setting up nodes as instances in Amazon EC2. +For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node) for setting up nodes as instances in Amazon EC2. ### 2. Set up External Datastore @@ -32,7 +32,7 @@ For a high-availability K3s installation, you will need to set a [MySQL](https:/ When you install Kubernetes using the K3s installation script, you will pass in details for K3s to connect to the database. -For an example of one way to set up the MySQL database, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/options/rds/) for setting up MySQL on Amazon's RDS service. +For an example of one way to set up the MySQL database, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/rds/) for setting up MySQL on Amazon's RDS service. For the complete list of options that are available for configuring a K3s cluster datastore, refer to the [K3s documentation.]({{}}/k3s/latest/en/installation/datastore/) @@ -47,11 +47,11 @@ When Rancher is installed (also in a later step), the Rancher system creates an For your implementation, consider if you want or need to use a Layer-4 or Layer-7 load balancer: - **A layer-4 load balancer** is the simpler of the two choices, in which you are forwarding TCP traffic to your nodes. We recommend configuring your load balancer as a Layer 4 balancer, forwarding traffic to ports TCP/80 and TCP/443 to the Rancher management cluster nodes. The Ingress controller on the cluster will redirect HTTP traffic to HTTPS and terminate SSL/TLS on port TCP/443. The Ingress controller will forward traffic to port TCP/80 to the Ingress pod in the Rancher deployment. -- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.6/en/installation/options/chart-options/#external-tls-termination) +- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.6/en/installation/resources/chart-options/#external-tls-termination) -For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nginx/) +For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nginx/) -For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nlb/) +For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nlb/) > **Important:** > Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend dedicating the `local` cluster to Rancher and no other applications. diff --git a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-ha/_index.md b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-ha/_index.md index f08a02bffdb..6c55c72f305 100644 --- a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-ha/_index.md +++ b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-ha/_index.md @@ -25,7 +25,7 @@ The etcd database requires an odd number of nodes so that it can always elect a Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.]({{}}/rancher/v2.6/en/installation/requirements/) -For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/options/ec2-node/) for setting up nodes as instances in Amazon EC2. +For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node/) for setting up nodes as instances in Amazon EC2. ### 2. Set up the Load Balancer @@ -38,11 +38,11 @@ When Rancher is installed (also in a later step), the Rancher system creates an For your implementation, consider if you want or need to use a Layer-4 or Layer-7 load balancer: - **A layer-4 load balancer** is the simpler of the two choices, in which you are forwarding TCP traffic to your nodes. We recommend configuring your load balancer as a Layer 4 balancer, forwarding traffic to ports TCP/80 and TCP/443 to the Rancher management cluster nodes. The Ingress controller on the cluster will redirect HTTP traffic to HTTPS and terminate SSL/TLS on port TCP/443. The Ingress controller will forward traffic to port TCP/80 to the Ingress pod in the Rancher deployment. -- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.6/en/installation/options/chart-options/#external-tls-termination) +- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.6/en/installation/resources/chart-options/#external-tls-termination) -For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nginx/) +For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nginx/) -For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/options/nlb/) +For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nlb/) > **Important:** > Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend dedicating the `local` cluster to Rancher and no other applications. diff --git a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-rke2-ha/_index.md b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-rke2-ha/_index.md index e7a456b6dce..82eb68522f7 100644 --- a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-rke2-ha/_index.md +++ b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-rke2-ha/_index.md @@ -19,7 +19,7 @@ To install the Rancher management server on a high-availability RKE2 cluster, we Make sure that your nodes fulfill the general installation requirements for [OS, container runtime, hardware, and networking.]({{}}/rancher/v2.x/en/installation/requirements/) -For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.x/en/installation/options/ec2-node) for setting up nodes as instances in Amazon EC2. +For an example of one way to set up Linux nodes, refer to this [tutorial]({{}}/rancher/v2.x/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node) for setting up nodes as instances in Amazon EC2. ### 2. Set up the Load Balancer @@ -32,11 +32,11 @@ When Rancher is installed (also in a later step), the Rancher system creates an For your implementation, consider if you want or need to use a Layer-4 or Layer-7 load balancer: - **A layer-4 load balancer** is the simpler of the two choices, in which you are forwarding TCP traffic to your nodes. We recommend configuring your load balancer as a Layer 4 balancer, forwarding traffic to ports TCP/80 and TCP/443 to the Rancher management cluster nodes. The Ingress controller on the cluster will redirect HTTP traffic to HTTPS and terminate SSL/TLS on port TCP/443. The Ingress controller will forward traffic to port TCP/80 to the Ingress pod in the Rancher deployment. -- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.x/en/installation/options/chart-options/#external-tls-termination) +- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.x/en/installation/resources/chart-options/#external-tls-termination) -For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.x/en/installation/options/nginx/) +For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nginx/) -For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.x/en/installation/options/nlb/) +For a how-to guide for setting up an Amazon ELB Network Load Balancer, refer to [this page.]({{}}/rancher/v2.x/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nlb/) > **Important:** > Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend dedicating the `local` cluster to Rancher and no other applications. diff --git a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md index 882f41a4229..cd76d1dcec0 100644 --- a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md +++ b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md @@ -29,7 +29,7 @@ To address these changes, this guide will do two things: The namespace used in these instructions depends on the namespace cert-manager is currently installed in. If it is in kube-system use that in the instructions below. You can verify by running `kubectl get pods --all-namespaces` and checking which namespace the cert-manager-\* pods are listed in. Do not change the namespace cert-manager is running in or this can cause issues. -> These instructions have been updated for Helm 3. If you are still using Helm 2, refer to [these instructions.]({{}}/rancher/v2.6/en/installation/options/upgrading-cert-manager/helm-2-instructions) +> These instructions have been updated for Helm 3. If you are still using Helm 2, refer to [these instructions.]({{}}/rancher/v2.6/en/installation/resoruces/upgrading-cert-manager/helm-2-instructions) In order to upgrade cert-manager, follow these instructions: diff --git a/content/rancher/v2.6/en/logging/_index.md b/content/rancher/v2.6/en/logging/_index.md index 41e570078dd..a22e38febac 100644 --- a/content/rancher/v2.6/en/logging/_index.md +++ b/content/rancher/v2.6/en/logging/_index.md @@ -8,7 +8,7 @@ weight: 15 The [Banzai Cloud Logging operator](https://banzaicloud.com/docs/one-eye/logging-operator/) now powers Rancher's logging solution in place of the former, in-house solution. -For an overview of the changes in v2.5, see [this section.](/{{}}/rancher/v2.6/en/logging/architecture/#changes-in-rancher-v2-5) For information about migrating from Logging V1, see [this page.](./migrating) +For an overview of the changes in v2.5, see [this section.]({{}}/rancher/v2.6/en/logging/architecture/#changes-in-rancher-v2-5) For information about migrating from Logging V1, see [this page.](./migrating) - [Enabling Logging](#enabling-logging) - [Uninstall Logging](#uninstall-logging) From 040cb9646ce4478f5ac11dc75a997fc429164f49 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Wed, 1 Sep 2021 01:01:12 -0700 Subject: [PATCH 06/29] Fix more links --- .../config-private-registry/_index.md | 2 +- .../v2.6/en/backups/back-up-rancher/_index.md | 2 +- .../backups/configuration/storage-config/_index.md | 2 +- .../docker-installs/docker-backups/_index.md | 3 +-- .../rancher-managed/monitoring/_index.md | 4 ++-- content/rancher/v2.6/en/cli/_index.md | 2 +- .../v2.6/en/cluster-admin/cluster-access/_index.md | 2 +- .../en/cluster-admin/cluster-access/ace/_index.md | 2 +- .../cluster-capabilities-table/index.md | 4 ++-- .../hosted-kubernetes-clusters/gke/_index.md | 2 +- .../registered-clusters/_index.md | 4 ++-- .../multi-cluster-apps/_index.md | 2 +- content/rancher/v2.6/en/installation/_index.md | 2 +- .../installation/install-rancher-on-k8s/_index.md | 4 ++-- .../install-rancher-on-k8s/chart-options/_index.md | 13 +++++-------- .../install-rancher-on-k8s/rollbacks/_index.md | 2 +- .../air-gap/install-rancher/_index.md | 4 ++-- .../behind-proxy/install-rancher/_index.md | 2 +- .../single-node-docker/_index.md | 4 ++-- .../single-node-docker/advanced/_index.md | 4 ++-- .../single-node-docker/proxy/_index.md | 2 +- .../v2.6/en/installation/requirements/_index.md | 2 +- .../resources/advanced/firewall/_index.md | 2 +- .../single-node-install-external-lb/_index.md | 7 ++----- .../resources/upgrading-cert-manager/_index.md | 4 +--- .../helm-2-instructions/_index.md | 2 -- content/rancher/v2.6/en/k8s-in-rancher/_index.md | 2 -- .../configuration/receiver/_index.md | 2 +- .../guides/customize-grafana/_index.md | 2 +- .../guides/enable-monitoring/_index.md | 4 ++-- .../monitoring-alerting/guides/migrating/_index.md | 6 +++--- .../guides/monitoring-workloads/_index.md | 2 +- .../guides/persist-grafana/_index.md | 2 +- content/rancher/v2.6/en/overview/_index.md | 3 ++- .../overview/architecture-recommendations/_index.md | 2 +- content/rancher/v2.6/en/security/cve/_index.md | 2 +- 36 files changed, 50 insertions(+), 62 deletions(-) diff --git a/content/rancher/v2.6/en/admin-settings/config-private-registry/_index.md b/content/rancher/v2.6/en/admin-settings/config-private-registry/_index.md index e5a28be8010..16690af8bd3 100644 --- a/content/rancher/v2.6/en/admin-settings/config-private-registry/_index.md +++ b/content/rancher/v2.6/en/admin-settings/config-private-registry/_index.md @@ -9,7 +9,7 @@ There are two main ways to set up private registries in Rancher: by setting up t This section is about configuring the global default private registry, and focuses on how to configure the registry from the Rancher UI after Rancher is installed. -For instructions on setting up a private registry with command line options during the installation of Rancher, refer to the [air gapped Docker installation]({{}}/rancher/v2.6/en/installation/air-gap-single-node) or [air gapped Kubernetes installation]({{}}/rancher/v2.6/en/installation/air-gap-high-availability) instructions. +For instructions on setting up a private registry with command line options during the installation of Rancher, refer to the [air gapped installation guide]({{}}/rancher/v2.6/en/installation/other-installation-methods/air-gap). If your private registry requires credentials, it cannot be used as the default registry. There is no global way to set up a private registry with authorization for every Rancher-provisioned cluster. Therefore, if you want a Rancher-provisioned cluster to pull images from a private registry with credentials, you will have to [pass in the registry credentials through the advanced cluster options](#setting-a-private-registry-with-credentials-when-deploying-a-cluster) every time you create a new cluster. diff --git a/content/rancher/v2.6/en/backups/back-up-rancher/_index.md b/content/rancher/v2.6/en/backups/back-up-rancher/_index.md index 19540e76574..acfe23fc3fb 100644 --- a/content/rancher/v2.6/en/backups/back-up-rancher/_index.md +++ b/content/rancher/v2.6/en/backups/back-up-rancher/_index.md @@ -3,7 +3,7 @@ title: Backing up Rancher weight: 1 --- -In this section, you'll learn how to back up Rancher running on any Kubernetes cluster. To backup Rancher installed with Docker, refer the instructions for [single node backups]({{}}/rancher/v2.6/en/backups/v2.5/docker-installs/docker-backups) +In this section, you'll learn how to back up Rancher running on any Kubernetes cluster. To backup Rancher installed with Docker, refer the instructions for [single node backups]({{}}/rancher/v2.6/en/backups/docker-installs/docker-backups) The backup-restore operator needs to be installed in the local cluster, and only backs up the Rancher app. The backup and restore operations are performed only in the local Kubernetes cluster. diff --git a/content/rancher/v2.6/en/backups/configuration/storage-config/_index.md b/content/rancher/v2.6/en/backups/configuration/storage-config/_index.md index bca87c404c8..09d8eda1868 100644 --- a/content/rancher/v2.6/en/backups/configuration/storage-config/_index.md +++ b/content/rancher/v2.6/en/backups/configuration/storage-config/_index.md @@ -26,7 +26,7 @@ You can choose to not have any operator-level storage location configured. If yo | Parameter | Description | | -------------- | -------------- | -| Credential Secret | Choose the credentials for S3 from your secrets in Rancher. [Example]({{}}/rancher/v2.6/en/backups/v2.5/examples/#example-credential-secret-for-storing-backups-in-s3). | +| Credential Secret | Choose the credentials for S3 from your secrets in Rancher. [Example]({{}}/rancher/v2.6/en/backups/examples/#example-credential-secret-for-storing-backups-in-s3). | | Bucket Name | Enter the name of the [S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html) where the backups will be stored. Default: `rancherbackups`. | | Region | The [AWS region](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) where the S3 bucket is located. | | Folder | The [folder in the S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-folders.html) where the backups will be stored. | diff --git a/content/rancher/v2.6/en/backups/docker-installs/docker-backups/_index.md b/content/rancher/v2.6/en/backups/docker-installs/docker-backups/_index.md index fb437f4eeb5..d3e8118e56c 100644 --- a/content/rancher/v2.6/en/backups/docker-installs/docker-backups/_index.md +++ b/content/rancher/v2.6/en/backups/docker-installs/docker-backups/_index.md @@ -4,7 +4,6 @@ shortTitle: Backups weight: 3 --- - After completing your Docker installation of Rancher, we recommend creating backups of it on a regular basis. Having a recent backup will let you recover quickly from an unexpected disaster. ## Before You Start @@ -68,4 +67,4 @@ This procedure creates a backup that you can restore if Rancher encounters a dis docker start ``` -**Result:** A backup tarball of your Rancher Server data is created. See [Restoring Backups: Docker Installs]({{}}/rancher/v2.6/en/backups/restorations/single-node-restoration) if you need to restore backup data. +**Result:** A backup tarball of your Rancher Server data is created. See [Restoring Backups: Docker Installs]({{}}/rancher/v2.6/en/backups/docker-installs/docker-restores) if you need to restore backup data. diff --git a/content/rancher/v2.6/en/best-practices/rancher-managed/monitoring/_index.md b/content/rancher/v2.6/en/best-practices/rancher-managed/monitoring/_index.md index cd8ccf860b1..f9c8c028497 100644 --- a/content/rancher/v2.6/en/best-practices/rancher-managed/monitoring/_index.md +++ b/content/rancher/v2.6/en/best-practices/rancher-managed/monitoring/_index.md @@ -103,7 +103,7 @@ Monitoring the availability and performance of all your internal workloads is vi # Security Monitoring -In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans]({{}}/rancher/v2.6/en/cis-scans/v2.5/) which check if the cluster is configured according to security best practices. +In addition to monitoring workloads to detect performance, availability or scalability problems, the cluster and the workloads running into it should also be monitored for potential security problems. A good starting point is to frequently run and alert on [CIS Scans]({{}}/rancher/v2.6/en/cis-scans/) which check if the cluster is configured according to security best practices. For the workloads, you can have a look at Kubernetes and Container security solutions like [Falko](https://falco.org/), [Aqua Kubernetes Security](https://www.aquasec.com/solutions/kubernetes-container-security/), [SysDig](https://sysdig.com/). @@ -117,4 +117,4 @@ When setting up alerts, configure them for all the workloads that are critical t If an alert starts firing, but there is nothing you can do about it at the moment, it's also fine to silence the alert for a certain amount of time, so that you can look at it later. -You can find more information on how to set up alerts and notification channels in the [Rancher Documentation]({{}}/rancher/v2.6/en/monitoring-alerting/v2.5). \ No newline at end of file +You can find more information on how to set up alerts and notification channels in the [Rancher Documentation]({{}}/rancher/v2.6/en/monitoring-alerting). \ No newline at end of file diff --git a/content/rancher/v2.6/en/cli/_index.md b/content/rancher/v2.6/en/cli/_index.md index 202c00de29f..89928a7dc9b 100644 --- a/content/rancher/v2.6/en/cli/_index.md +++ b/content/rancher/v2.6/en/cli/_index.md @@ -58,7 +58,7 @@ The following commands are available for use in Rancher CLI. | Command | Result | |---|---| | `apps, [app]` | Performs operations on catalog applications (i.e. individual [Helm charts](https://docs.helm.sh/developing_charts/) or Rancher charts. | -| `catalog` | Performs operations on [catalogs]({{}}/rancher/v2.6/en/catalog/). | +| `catalog` | Performs operations on [catalogs]({{}}/rancher/v2.6/en/helm-charts/). | | `clusters, [cluster]` | Performs operations on your [clusters]({{}}/rancher/v2.6/en/cluster-provisioning/). | | `context` | Switches between Rancher [projects]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/). For an example, see [Project Selection](#project-selection). | | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/) and [workloads]({{}}/rancher/v2.6/en/k8s-in-rancher/workloads/)). Specify resources by name or ID. | diff --git a/content/rancher/v2.6/en/cluster-admin/cluster-access/_index.md b/content/rancher/v2.6/en/cluster-admin/cluster-access/_index.md index d6f576b0443..9d092a24550 100644 --- a/content/rancher/v2.6/en/cluster-admin/cluster-access/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/cluster-access/_index.md @@ -20,7 +20,7 @@ Rancher provides an intuitive user interface for interacting with your clusters. You can use the Kubernetes command-line tool, [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), to manage your clusters. You have two options for using kubectl: -- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell]({{}}/rancher/v2.6/en/k8s-in-rancher/kubectl/). +- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell]({{}}/rancher/v2.6/en/cluster-access/kubectl/). - **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](./kubectl/). ### Rancher CLI diff --git a/content/rancher/v2.6/en/cluster-admin/cluster-access/ace/_index.md b/content/rancher/v2.6/en/cluster-admin/cluster-access/ace/_index.md index a3aeb428feb..c7776bb0543 100644 --- a/content/rancher/v2.6/en/cluster-admin/cluster-access/ace/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/cluster-access/ace/_index.md @@ -13,7 +13,7 @@ This kubeconfig file and its contents are specific to the cluster you are viewin After you download the kubeconfig file, you will be able to use the kubeconfig file and its Kubernetes [contexts](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#kubectl-context-and-configuration) to access your downstream cluster. -If admins have [enforced TTL on kubeconfig tokens]({{}}/rancher/v2.6/en/api/api-tokens/#setting-ttl-on-kubeconfig-tokens), the kubeconfig file requires [rancher cli](../cli) to be present in your PATH. +If admins have [enforced TTL on kubeconfig tokens]({{}}/rancher/v2.6/en/api/api-tokens/#setting-ttl-on-kubeconfig-tokens), the kubeconfig file requires [rancher cli]({{}}/rancher/v2.6/en/cluster-admin/cluster-access/ace) to be present in your PATH. ### Two Authentication Methods for RKE Clusters diff --git a/content/rancher/v2.6/en/cluster-provisioning/cluster-capabilities-table/index.md b/content/rancher/v2.6/en/cluster-provisioning/cluster-capabilities-table/index.md index 45208cb4621..b1701f346b3 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/cluster-capabilities-table/index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/cluster-capabilities-table/index.md @@ -11,12 +11,12 @@ headless: true | [Managing Nodes]({{}}/rancher/v2.6/en/cluster-admin/nodes) | ✓ | ✓ | ✓ | ✓3 | | [Managing Persistent Volumes and Storage Classes]({{}}/rancher/v2.6/en/cluster-admin/volumes-and-storage/) | ✓ | ✓ | ✓ | ✓ | | [Managing Projects, Namespaces and Workloads]({{}}/rancher/v2.6/en/cluster-admin/projects-and-namespaces/) | ✓ | ✓ | ✓ | ✓ | -| [Using App Catalogs]({{}}/rancher/v2.6/en/catalog/) | ✓ | ✓ | ✓ | ✓ | +| [Using App Catalogs]({{}}/rancher/v2.6/en/helm-charts/) | ✓ | ✓ | ✓ | ✓ | | Configuring Tools (Alerts, Notifiers, Logging, Monitoring, Istio) | ✓ | ✓ | ✓ | ✓ | | [Running Security Scans]({{}}/rancher/v2.6/en/security/security-scan/) | ✓ | ✓ | ✓ | ✓ | | [Use existing configuration to create additional clusters]({{}}/rancher/v2.6/en/cluster-admin/cloning-clusters/)| ✓ | ✓ | ✓ | | | [Ability to rotate certificates]({{}}/rancher/v2.6/en/cluster-admin/certificate-rotation/) | ✓ | ✓ | | | -| [Ability to [backup]({{}}/rancher/v2.5/en/cluster-admin/backing-up-etcd/) and [restore]({{}}/rancher/v2.5/en/cluster-admin/restoring-etcd/) Rancher-launched clusters | ✓ | ✓ | | ✓4 | +| [Ability to [backup]({{}}/rancher/v2.6/en/cluster-admin/backing-up-etcd/) and [restore]({{}}/rancher/v2.6/en/cluster-admin/restoring-etcd/) Rancher-launched clusters | ✓ | ✓ | | ✓4 | | [Cleaning Kubernetes components when clusters are no longer reachable from Rancher]({{}}/rancher/v2.6/en/cluster-admin/cleaning-cluster-nodes/) | ✓ | | | | | [Configuring Pod Security Policies]({{}}/rancher/v2.6/en/cluster-admin/pod-security-policy/) | ✓ | ✓ | || diff --git a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md index 7a28ca8c9d6..0f1d1eec0e1 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md @@ -64,7 +64,7 @@ Use Rancher to set up and configure your Kubernetes cluster. 1. Optional: Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 1. Optional: Add Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to the cluster. 1. Enter your Google project ID and your Google cloud credentials. -1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.]({{}}/rancher/v2.5/en/cluster-admin/editing-clusters/gke-config-reference) +1. Fill out the rest of the form. For help, refer to the [GKE cluster configuration reference.]({{}}/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference) 1. Click **Create**. **Result:** You have successfully deployed a GKE cluster. diff --git a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md index 7b15a24c723..7bfa2eff0cb 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md @@ -86,8 +86,8 @@ The control that Rancher has to manage a registered cluster depends on the type After registering a cluster, the cluster owner can: - [Manage cluster access]({{}}/rancher/v2.6/en/admin-settings/rbac/cluster-project-roles/) through role-based access control -- Enable [monitoring, alerts and notifiers]({{}}/rancher/v2.6/en/monitoring-alerting/v2.5/) -- Enable [logging]({{}}/rancher/v2.6/en/logging/v2.5/) +- Enable [monitoring, alerts and notifiers]({{}}/rancher/v2.6/en/monitoring-alerting/) +- Enable [logging]({{}}/rancher/v2.6/en/logging/) - Enable [Istio]({{}}/rancher/v2.6/en/istio/) - Use [pipelines]({{}}/rancher/v2.6/en/project-admin/pipelines/) - Manage projects and workloads diff --git a/content/rancher/v2.6/en/deploy-across-clusters/multi-cluster-apps/_index.md b/content/rancher/v2.6/en/deploy-across-clusters/multi-cluster-apps/_index.md index 8ac2808287a..65e1978953d 100644 --- a/content/rancher/v2.6/en/deploy-across-clusters/multi-cluster-apps/_index.md +++ b/content/rancher/v2.6/en/deploy-across-clusters/multi-cluster-apps/_index.md @@ -76,7 +76,7 @@ In the **Upgrades** section, select the upgrade strategy to use, when you decide ### Roles -In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications]({{}}/rancher/v2.6/en/catalog/launching-apps), that specific user's permissions are used for creation of all workloads/resources that is required by the app. +In the **Roles** section, you define the role of the multi-cluster application. Typically, when a user [launches catalog applications]({{}}/rancher/v2.6/en/helm-charts), that specific user's permissions are used for creation of all workloads/resources that is required by the app. For multi-cluster applications, the application is deployed by a _system user_ and is assigned as the creator of all underlying resources. A _system user_ is used instead of the actual user due to the fact that the actual user could be removed from one of the target projects. If the actual user was removed from one of the projects, then that user would no longer be able to manage the application for the other projects. diff --git a/content/rancher/v2.6/en/installation/_index.md b/content/rancher/v2.6/en/installation/_index.md index 19ad04b60dd..9b7866d3bc9 100644 --- a/content/rancher/v2.6/en/installation/_index.md +++ b/content/rancher/v2.6/en/installation/_index.md @@ -61,7 +61,7 @@ Our [instructions for installing Rancher on Kubernetes]({{}}/rancher/v2 When the nodes in your Kubernetes cluster are running and fulfill the [node requirements,]({{}}/rancher/v2.6/en/installation/requirements) you will use Helm to deploy Rancher onto Kubernetes. Helm uses Rancher's Helm chart to install a replica of Rancher on each node in the Kubernetes cluster. We recommend using a load balancer to direct traffic to each replica of Rancher in the cluster. -For a longer discussion of Rancher architecture, refer to the [architecture overview,]({{}}/rancher/v2.6/en/overview/architecture) [recommendations for production-grade architecture,]({{}}/rancher/v2.6/en/overview/architecture-recommendations) or our [best practices guide.]({{}}/rancher/v2.6/en/best-practices/deployment-types) +For a longer discussion of Rancher architecture, refer to the [architecture overview,]({{}}/rancher/v2.6/en/overview/architecture) [recommendations for production-grade architecture,]({{}}/rancher/v2.6/en/overview/architecture-recommendations) or our [best practices guide.]({{}}/rancher/v2.6/en/best-practices/rancher-server/deployment-types) # Prerequisites Before installing Rancher, make sure that your nodes fulfill all of the [installation requirements.]({{}}/rancher/v2.6/en/installation/requirements/) diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md index 918e85e91fc..24b1e7f9260 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md @@ -46,7 +46,7 @@ For an example of how to deploy an ingress on EKS, refer to [this section.]({{}}/rancher/v2.6/en/installation/air-gap-installation/install-rancher/). +For systems without direct internet access, see [Air Gap: Kubernetes install]({{}}/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/). To choose a Rancher version to install, refer to [Choosing a Rancher Version.]({{}}/rancher/v2.6/en/installation/resources/choosing-version) @@ -240,7 +240,7 @@ helm install rancher rancher-latest/rancher \ --set privateCA=true ``` -Now that Rancher is deployed, see [Adding TLS Secrets]({{}}/rancher/v2.6/en/installation/resources/encryption/tls-secrets/) to publish the certificate files so Rancher and the Ingress controller can use them. +Now that Rancher is deployed, see [Adding TLS Secrets]({{}}/rancher/v2.6/en/installation/resources/tls-secrets/) to publish the certificate files so Rancher and the Ingress controller can use them. {{% /tab %}} {{% /tabs %}} diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/_index.md index d15aa59fadc..b40974f5729 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/_index.md @@ -41,7 +41,7 @@ For information on enabling experimental features, refer to [this page.]({{}}/rancher/v2.6/en/installation/api-auditing) level. 0 is off. [0-3] | +| `auditLog.level` | 0 | `int` - set the [API Audit Log]({{}}/rancher/v2.6/en/installation/resources/advanced/api-audit-log) level. 0 is off. [0-3] | | `auditLog.maxAge` | 1 | `int` - maximum number of days to retain old audit log files (only applies when `auditLog.destination` is set to `hostPath`) | | `auditLog.maxBackup` | 1 | `int` - maximum number of audit log files to retain (only applies when `auditLog.destination` is set to `hostPath`) | | `auditLog.maxSize` | 100 | `int` - maximum size in megabytes of the audit log file before it gets rotated (only applies when `auditLog.destination` is set to `hostPath`) | @@ -70,7 +70,7 @@ For information on enabling experimental features, refer to [this page.]({{}}/rancher/v2.6/en/installation/api-auditing/). +Enabling the [API Audit Log]({{}}/rancher/v2.6/en/installation/resources/advanced/api-audit-log) You can collect this log as you would any container log. Enable [logging]({{}}/rancher/v2.6/en/logging) for the `System` Project on the Rancher server cluster. @@ -100,7 +100,7 @@ To set a different TLS configuration, you can use the `CATTLE_TLS_MIN_VERSION` a --set 'extraEnv[0].value=1.0' ``` -See [TLS settings]({{}}/rancher/v2.6/en/admin-settings/tls-settings) for more information and options. +See [TLS settings]({{}}/rancher/v2.6/en/installation/resources/tls-settings) for more information and options. ### Import `local` Cluster @@ -159,10 +159,7 @@ kubectl -n cattle-system create secret generic tls-ca-additional --from-file=ca- ### Private Registry and Air Gap Installs -For details on installing Rancher with a private registry, see: - -- [Air Gap: Docker Install]({{}}/rancher/v2.6/en/installation/air-gap-single-node/) -- [Air Gap: Kubernetes Install]({{}}/rancher/v2.6/en/installation/air-gap-high-availability/) +For details on installing Rancher with a private registry, see the [air gap installation docs.]({{}}/rancher/v2.6/en/installation/other-installation-methods/air-gap) # External TLS Termination @@ -170,7 +167,7 @@ We recommend configuring your load balancer as a Layer 4 balancer, forwarding pl You may terminate the SSL/TLS on a L7 load balancer external to the Rancher cluster (ingress). Use the `--set tls=external` option and point your load balancer at port http 80 on all of the Rancher cluster nodes. This will expose the Rancher interface on http port 80. Be aware that clients that are allowed to connect directly to the Rancher cluster will not be encrypted. If you choose to do this we recommend that you restrict direct access at the network level to just your load balancer. -> **Note:** If you are using a Private CA signed certificate, add `--set privateCA=true` and see [Adding TLS Secrets - Using a Private CA Signed Certificate]({{}}/rancher/v2.6/en/installation/resources/encryption/tls-secrets/) to add the CA cert for Rancher. +> **Note:** If you are using a Private CA signed certificate, add `--set privateCA=true` and see [Adding TLS Secrets - Using a Private CA Signed Certificate]({{}}/rancher/v2.6/en/installation/resources/tls-secrets/) to add the CA cert for Rancher. Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md index 9829b8a0620..763d0197652 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md @@ -56,7 +56,7 @@ A restore is performed by creating a Restore custom resource. endpoint: s3.us-west-2.amazonaws.com ``` - For help configuring the Restore, refer to the [configuration reference]({{}}/rancher/v2.6/en/backups/v2.5/configuration/restore-config/) and to the [examples.]({{}}/rancher/v2.6/en/backups/v2.5/examples/) + For help configuring the Restore, refer to the [configuration reference]({{}}/rancher/v2.6/en/backups/configuration/restore-config/) and to the [examples.]({{}}/rancher/v2.6/en/backups/examples/) 1. Click **Create**. diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/_index.md index 589cbd0870c..d2be9a4a1ef 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/air-gap/install-rancher/_index.md @@ -186,7 +186,7 @@ If you are using a Private CA signed cert, add `--set privateCA=true` following **Optional**: To install a specific Rancher version, set the `rancherImageTag` value, example: `--set rancherImageTag=v2.3.6` -Then refer to [Adding TLS Secrets]({{}}/rancher/v2.6/en/installation/resources/encryption/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. +Then refer to [Adding TLS Secrets]({{}}/rancher/v2.6/en/installation/resources/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. # 4. Install Rancher @@ -237,5 +237,5 @@ The installation is complete. These resources could be helpful when installing Rancher: - [Rancher Helm chart options]({{}}/rancher/v2.6/en/installation/resources/chart-options/) -- [Adding TLS secrets]({{}}/rancher/v2.6/en/installation/resources/encryption/tls-secrets/) +- [Adding TLS secrets]({{}}/rancher/v2.6/en/installation/resources/tls-secrets/) - [Troubleshooting Rancher Kubernetes Installations]({{}}/rancher/v2.6/en/installation/resources/troubleshooting/) diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md index 7a921690368..f645ea3385a 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/behind-proxy/install-rancher/_index.md @@ -83,5 +83,5 @@ You can now navigate to `https://rancher.example.com` and start using Rancher. These resources could be helpful when installing Rancher: - [Rancher Helm chart options]({{}}/rancher/v2.6/en/installation/resources/chart-options/) -- [Adding TLS secrets]({{}}/rancher/v2.6/en/installation/resources/encryption/tls-secrets/) +- [Adding TLS secrets]({{}}/rancher/v2.6/en/installation/resources/tls-secrets/) - [Troubleshooting Rancher Kubernetes Installations]({{}}/rancher/v2.6/en/installation/resources/troubleshooting/) diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/_index.md index 46a9f84099c..c047052f024 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/_index.md @@ -35,7 +35,7 @@ For security purposes, SSL (Secure Sockets Layer) is required when using Rancher > > - Use a proxy? See [HTTP Proxy Configuration]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/proxy/) > - Configure custom CA root certificate to access your services? See [Custom CA root certificate]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/#custom-ca-certificate/) -> - Complete an Air Gap Installation? See [Air Gap: Docker Install]({{}}/rancher/v2.6/en/installation/air-gap-single-node/) +> - Complete an Air Gap Installation? See [Air Gap: Docker Install]({{}}/rancher/v2.6/en/installation/other-installation-methods/air-gap/) > - Record all transactions with the Rancher API? See [API Auditing](./advanced/#api-audit-log) Choose from the following options: @@ -169,5 +169,5 @@ Refer to [this page](./troubleshooting) for frequently asked questions and troub ## What's Next? -- **Recommended:** Review [Single Node Backup and Restore]({{}}/rancher/v2.6/en/installation/backups-and-restoration/single-node-backup-and-restoration/). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. +- **Recommended:** Review [Single Node Backup and Restore]({{}}/rancher/v2.6/en/backups/docker-installs). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. - Create a Kubernetes cluster: [Provisioning Kubernetes Clusters]({{}}/rancher/v2.6/en/cluster-provisioning/). diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/_index.md index 9433691166b..6686fef83cd 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/advanced/_index.md @@ -42,7 +42,7 @@ The API Audit Log records all the user and system transactions made through Ranc The API Audit Log writes to `/var/log/auditlog` inside the rancher container by default. Share that directory as a volume and set your `AUDIT_LEVEL` to enable the log. -See [API Audit Log]({{}}/rancher/v2.6/en/installation/api-auditing) for more information and options. +See [API Audit Log]({{}}/rancher/v2.6/en/installation/resources/advanced/api-audit-log) for more information and options. Privileged access is [required.]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher) @@ -69,7 +69,7 @@ docker run -d --restart=unless-stopped \ Privileged access is [required.]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher) -See [TLS settings]({{}}/rancher/v2.6/en/admin-settings/tls-settings) for more information and options. +See [TLS settings]({{}}/rancher/v2.6/en/installation/resources/tls-settings) for more information and options. ### Air Gap diff --git a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/proxy/_index.md b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/proxy/_index.md index 254e9f2744c..1ac4a66c017 100644 --- a/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/proxy/_index.md +++ b/content/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/proxy/_index.md @@ -17,7 +17,7 @@ Make sure `NO_PROXY` contains the network addresses, network address ranges and ## Docker Installation -Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation]({{}}/rancher/v2.6/en/installation/single-node-install/) are: +Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Docker Installation]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker/) are: - `localhost` - `127.0.0.1` diff --git a/content/rancher/v2.6/en/installation/requirements/_index.md b/content/rancher/v2.6/en/installation/requirements/_index.md index a67cc851715..6ca43607b08 100644 --- a/content/rancher/v2.6/en/installation/requirements/_index.md +++ b/content/rancher/v2.6/en/installation/requirements/_index.md @@ -30,7 +30,7 @@ Make sure the node(s) for the Rancher server fulfill the following requirements: - [Port Requirements](#port-requirements) - [Dockershim Support](#dockershim-support) -For a list of best practices that we recommend for running the Rancher server in production, refer to the [best practices section.]({{}}/rancher/v2.6/en/best-practices/deployment-types/) +For a list of best practices that we recommend for running the Rancher server in production, refer to the [best practices section.]({{}}/rancher/v2.6/en/best-practices/rancher-server/deployment-types/) The Rancher UI works best in Firefox or Chrome. diff --git a/content/rancher/v2.6/en/installation/resources/advanced/firewall/_index.md b/content/rancher/v2.6/en/installation/resources/advanced/firewall/_index.md index 8046dce750e..291cee6d594 100644 --- a/content/rancher/v2.6/en/installation/resources/advanced/firewall/_index.md +++ b/content/rancher/v2.6/en/installation/resources/advanced/firewall/_index.md @@ -32,7 +32,7 @@ You can check the default firewall rules with this command: sudo iptables --list ``` -This section describes how to use `firewalld` to apply the [firewall port rules]({{}}/rancher/v2.6/en/installation/references) for nodes in a high-availability Rancher server cluster. +This section describes how to use `firewalld` to apply the [firewall port rules]({{}}/rancher/v2.6/en/installation/requirements/ports) for nodes in a high-availability Rancher server cluster. # Prerequisite diff --git a/content/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb/_index.md b/content/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb/_index.md index 2d41260e061..a2a0cf80ba5 100644 --- a/content/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb/_index.md +++ b/content/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb/_index.md @@ -9,9 +9,6 @@ A layer-7 load balancer can be beneficial if you want to centralize your TLS ter This install procedure walks you through deployment of Rancher using a single container, and then provides a sample configuration for a layer-7 NGINX load balancer. -> **Want to skip the external load balancer?** -> See [Docker Installation]({{}}/rancher/v2.6/en/installation/single-node) instead. - ## Requirements for OS, Docker, Hardware, and Networking Make sure that your node fulfills the general [installation requirements.]({{}}/rancher/v2.6/en/installation/requirements/) @@ -161,7 +158,7 @@ http { ## What's Next? -- **Recommended:** Review [Single Node Backup and Restore]({{}}/rancher/v2.6/en/installation/backups-and-restoration/single-node-backup-and-restoration/). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. +- **Recommended:** Review [Single Node Backup and Restore]({{}}/rancher/v2.6/en/backups/docker-installs/). Although you don't have any data you need to back up right now, we recommend creating backups after regular Rancher use. - Create a Kubernetes cluster: [Provisioning Kubernetes Clusters]({{}}/rancher/v2.6/en/cluster-provisioning/).
@@ -174,7 +171,7 @@ For help troubleshooting certificates, see [this section.]({{}}/rancher ### API Auditing -If you want to record all transactions with the Rancher API, enable the [API Auditing]({{}}/rancher/v2.6/en/installation/api-auditing) feature by adding the flags below into your install command. +If you want to record all transactions with the Rancher API, enable the [API Auditing]({{}}/rancher/v2.6/en/installation/resources/advanced/api-audit-log) feature by adding the flags below into your install command. -e AUDIT_LEVEL=1 \ -e AUDIT_LOG_PATH=/var/log/auditlog/rancher-api-audit.log \ diff --git a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md index cd76d1dcec0..b9f549ae06d 100644 --- a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md +++ b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md @@ -23,8 +23,6 @@ To address these changes, this guide will do two things: > The reason is that when Helm upgrades Rancher, it will reject the upgrade and show error messages if the running Rancher app does not match the chart template used to install it. Because cert-manager changed its API group and we cannot modify released charts for Rancher, there will always be a mismatch on the cert-manager's API version, therefore the upgrade will be rejected. -> For reinstalling Rancher with Helm, please check [Option B: Reinstalling Rancher Chart]({{}}/rancher/v2.6/en/installation/upgrades-rollbacks/upgrades/ha/) under the upgrade Rancher section. - # Upgrade Cert-Manager The namespace used in these instructions depends on the namespace cert-manager is currently installed in. If it is in kube-system use that in the instructions below. You can verify by running `kubectl get pods --all-namespaces` and checking which namespace the cert-manager-\* pods are listed in. Do not change the namespace cert-manager is running in or this can cause issues. @@ -110,7 +108,7 @@ In order to upgrade cert-manager, follow these instructions: Before you can perform the upgrade, you must prepare your air gapped environment by adding the necessary container images to your private registry and downloading or rendering the required Kubernetes manifest files. -1. Follow the guide to [Prepare your Private Registry]({{}}/rancher/v2.6/en/installation/air-gap-installation/prepare-private-reg/) with the images needed for the upgrade. +1. Follow the guide to [Prepare your Private Registry]({{}}/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry) with the images needed for the upgrade. 1. From a system connected to the internet, add the cert-manager repo to Helm diff --git a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md index 41ff74f7bf7..413c2400159 100644 --- a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md +++ b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md @@ -23,8 +23,6 @@ To address these changes, this guide will do two things: > The reason is that when Helm upgrades Rancher, it will reject the upgrade and show error messages if the running Rancher app does not match the chart template used to install it. Because cert-manager changed its API group and we cannot modify released charts for Rancher, there will always be a mismatch on the cert-manager's API version, therefore the upgrade will be rejected. -> For reinstalling Rancher with Helm, please check [Option B: Reinstalling Rancher Chart]({{}}/rancher/v2.6/en/installation/upgrades-rollbacks/upgrades/ha/) under the upgrade Rancher section. - ## Upgrade Cert-Manager Only > **Note:** diff --git a/content/rancher/v2.6/en/k8s-in-rancher/_index.md b/content/rancher/v2.6/en/k8s-in-rancher/_index.md index dfec3a6550a..5df2b8677ad 100644 --- a/content/rancher/v2.6/en/k8s-in-rancher/_index.md +++ b/content/rancher/v2.6/en/k8s-in-rancher/_index.md @@ -58,8 +58,6 @@ For more information, see [Pipelines]({{}}/rancher/v2.6/en/k8s-in-ranch Besides launching individual components of an application, you can use the Rancher catalog to start launching applications, which are Helm charts. -For more information, see [Applications in a Project]({{}}/rancher/v2.6/en/catalog/apps/). - ## Kubernetes Resources Within the context of a Rancher project or namespace, _resources_ are files and data that support operation of your pods. Within Rancher, certificates, registries, and secrets are all considered resources. However, Kubernetes classifies resources as different types of [secrets](https://kubernetes.io/docs/concepts/configuration/secret/). Therefore, within a single project or namespace, individual resources must have unique names to avoid conflicts. Although resources are primarily used to carry sensitive information, they have other uses as well. diff --git a/content/rancher/v2.6/en/monitoring-alerting/configuration/receiver/_index.md b/content/rancher/v2.6/en/monitoring-alerting/configuration/receiver/_index.md index 0286920a405..d1754f86d81 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/configuration/receiver/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/configuration/receiver/_index.md @@ -287,7 +287,7 @@ spec: # key: string ``` -For more information on enabling alerting for `rancher-cis-benchmark`, see [this section.]({{}}/rancher/v2.5/en/cis-scans/v2.5/#enabling-alerting-for-rancher-cis-benchmark) +For more information on enabling alerting for `rancher-cis-benchmark`, see [this section.]({{}}/rancher/v2.6/en/cis-scans/#enabling-alerting-for-rancher-cis-benchmark) # Trusted CA for Notifiers diff --git a/content/rancher/v2.6/en/monitoring-alerting/guides/customize-grafana/_index.md b/content/rancher/v2.6/en/monitoring-alerting/guides/customize-grafana/_index.md index 225cc83b2ba..c6154f6ff50 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/guides/customize-grafana/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/guides/customize-grafana/_index.md @@ -9,7 +9,7 @@ In this section, you'll learn how to customize the Grafana dashboard to show met Before you can customize a Grafana dashboard, the `rancher-monitoring` application must be installed. -To see the links to the external monitoring UIs, including Grafana dashboards, you will need at least a [project-member role.]({{}}/rancher/v2.5/en/monitoring-alerting/rbac/#users-with-rancher-cluster-manager-based-permissions) +To see the links to the external monitoring UIs, including Grafana dashboards, you will need at least a [project-member role.]({{}}/rancher/v2.6/en/monitoring-alerting/rbac/#users-with-rancher-cluster-manager-based-permissions) ### Signing in to Grafana diff --git a/content/rancher/v2.6/en/monitoring-alerting/guides/enable-monitoring/_index.md b/content/rancher/v2.6/en/monitoring-alerting/guides/enable-monitoring/_index.md index 0ed53172f55..cf84b6cbf65 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/guides/enable-monitoring/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/guides/enable-monitoring/_index.md @@ -3,7 +3,7 @@ title: Enable Monitoring weight: 1 --- -As an [administrator]({{}}/rancher/v2.5/en/admin-settings/rbac/global-permissions/) or [cluster owner]({{}}/rancher/v2.5/en/admin-settings/rbac/cluster-project-roles/#cluster-roles), you can configure Rancher to deploy Prometheus to monitor your Kubernetes cluster. +As an [administrator]({{}}/rancher/v2.6/en/admin-settings/rbac/global-permissions/) or [cluster owner]({{}}/rancher/v2.6/en/admin-settings/rbac/cluster-project-roles/#cluster-roles), you can configure Rancher to deploy Prometheus to monitor your Kubernetes cluster. This page describes how to enable monitoring and alerting within a cluster using the new monitoring application. @@ -53,7 +53,7 @@ For more information about the default limits, see [this page.]({{}}/ra **Result:** The monitoring app is deployed in the `cattle-monitoring-system` namespace. -When [creating a receiver,]({{}}/rancher/v2.5/en/monitoring-alerting/configuration/alertmanager/#creating-receivers-in-the-rancher-ui) SSL-enabled receivers such as email or webhook will have a **SSL** section with fields for **CA File Path**, **Cert File Path**, and **Key File Path**. Fill in these fields with the paths to each of `ca`, `cert`, and `key`. The path will be of the form `/etc/alertmanager/secrets/name-of-file-in-secret`. +When [creating a receiver,]({{}}/rancher/v2.6/en/monitoring-alerting/configuration/advanced/alertmanager/#creating-receivers-in-the-rancher-ui) SSL-enabled receivers such as email or webhook will have a **SSL** section with fields for **CA File Path**, **Cert File Path**, and **Key File Path**. Fill in these fields with the paths to each of `ca`, `cert`, and `key`. The path will be of the form `/etc/alertmanager/secrets/name-of-file-in-secret`. For example, if you created a secret with these key-value pairs: diff --git a/content/rancher/v2.6/en/monitoring-alerting/guides/migrating/_index.md b/content/rancher/v2.6/en/monitoring-alerting/guides/migrating/_index.md index 184c327fc6d..ac6aab36c76 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/guides/migrating/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/guides/migrating/_index.md @@ -32,7 +32,7 @@ Unlike in Monitoring & Alerting V1, both features are packaged in a single Helm Monitoring V2 can only be configured on the cluster level. Project-level monitoring and alerting is no longer supported. -For more information on how to configure Monitoring & Alerting V2, see [this page.]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration) +For more information on how to configure Monitoring & Alerting V2, see [this page.]({{}}/rancher/v2.6/en/monitoring-alerting/configuration) # Changes to Role-based Access Control @@ -126,11 +126,11 @@ or add the Prometheus Rule through the Cluster Explorer {{< img "/img/rancher/monitoring/migration/alert_2.4_to_2.5_target.png" "">}} -For more details on how to configure PrometheusRules in Monitoring V2 see [Monitoring Configuration]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration#prometheusrules). +For more details on how to configure PrometheusRules in Monitoring V2 see [Monitoring Configuration]({{}}/rancher/v2.6/en/monitoring-alerting/configuration/prometheusrules). ### Migrating Notifiers -There is no direct equivalent for how notifiers work in Monitoring V1. Instead you have to replicate the desired setup with [Routes and Receivers]({{}}/rancher/v2.5/en/monitoring-alerting/v2.5/configuration#alertmanager-config) in Monitoring V2. +There is no direct equivalent for how notifiers work in Monitoring V1. Instead you have to replicate the desired setup with Routes and Receivers in Monitoring V2. ### Migrating for RKE Template Users diff --git a/content/rancher/v2.6/en/monitoring-alerting/guides/monitoring-workloads/_index.md b/content/rancher/v2.6/en/monitoring-alerting/guides/monitoring-workloads/_index.md index 2397003911c..10de8484a9a 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/guides/monitoring-workloads/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/guides/monitoring-workloads/_index.md @@ -12,7 +12,7 @@ The steps for setting up monitoring for workloads depend on whether you want bas If you only need CPU and memory time series for the workload, you don't need to deploy a ServiceMonitor or PodMonitor because the monitoring application already collects metrics data on resource usage by default. The resource usage time series data is in Prometheus's local time series database. -Grafana shows the data in aggregate, but you can see the data for the individual workload by using a PromQL query that extracts the data for that workload. Once you have the PromQL query, you can execute the query individually in the Prometheus UI and see the time series visualized there, or you can use the query to customize a Grafana dashboard to display the workload metrics. For examples of PromQL queries for workload metrics, see [this section.](https://rancher.com/docs/rancher/v2.5/en/monitoring-alerting/configuration/expression/#workload-metrics) +Grafana shows the data in aggregate, but you can see the data for the individual workload by using a PromQL query that extracts the data for that workload. Once you have the PromQL query, you can execute the query individually in the Prometheus UI and see the time series visualized there, or you can use the query to customize a Grafana dashboard to display the workload metrics. For examples of PromQL queries for workload metrics, see [this section.](https://rancher.com/docs/rancher/v2.6/en/monitoring-alerting/expression/#workload-metrics) To set up custom metrics for your workload, you will need to set up an exporter and create a new ServiceMonitor custom resource to configure Prometheus to scrape metrics from your exporter. diff --git a/content/rancher/v2.6/en/monitoring-alerting/guides/persist-grafana/_index.md b/content/rancher/v2.6/en/monitoring-alerting/guides/persist-grafana/_index.md index 6f67d38b292..4e36acf3341 100644 --- a/content/rancher/v2.6/en/monitoring-alerting/guides/persist-grafana/_index.md +++ b/content/rancher/v2.6/en/monitoring-alerting/guides/persist-grafana/_index.md @@ -17,7 +17,7 @@ To allow the Grafana dashboard to persist after the Grafana instance restarts, a > > - The monitoring application needs to be installed. > - To create the persistent dashboard, you must have at least the **Manage Config Maps** Rancher RBAC permissions assigned to you in the project or namespace that contains the Grafana Dashboards. This correlates to the `monitoring-dashboard-edit` or `monitoring-dashboard-admin` Kubernetes native RBAC Roles exposed by the Monitoring chart. -> - To see the links to the external monitoring UIs, including Grafana dashboards, you will need at least a [project-member role.]({{}}/rancher/v2.5/en/monitoring-alerting/rbac/#users-with-rancher-cluster-manager-based-permissions) +> - To see the links to the external monitoring UIs, including Grafana dashboards, you will need at least a [project-member role.]({{}}/rancher/v2.6/en/monitoring-alerting/rbac/#users-with-rancher-cluster-manager-based-permissions) ### 1. Get the JSON model of the dashboard that you want to persist diff --git a/content/rancher/v2.6/en/overview/_index.md b/content/rancher/v2.6/en/overview/_index.md index ace5de83354..781c5572dbd 100644 --- a/content/rancher/v2.6/en/overview/_index.md +++ b/content/rancher/v2.6/en/overview/_index.md @@ -2,6 +2,7 @@ title: Overview weight: 1 --- + Rancher is a container management platform built for organizations that deploy containers in production. Rancher makes it easy to run Kubernetes everywhere, meet IT requirements, and empower DevOps teams. # Run Kubernetes Everywhere @@ -36,7 +37,7 @@ The Rancher API server is built on top of an embedded Kubernetes API server and ### Working with Kubernetes - **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes]({{}}/rancher/v2.6/en/cluster-provisioning/) on existing nodes, or perform [Kubernetes upgrades.]({{}}/rancher/v2.6/en/cluster-admin/upgrading-kubernetes) -- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts]({{}}/rancher/v2.6/en/catalog/) that make it easy to repeatedly deploy applications. +- **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts]({{}}/rancher/v2.6/en/helm-charts/) that make it easy to repeatedly deploy applications. - **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration]({{}}/rancher/v2.6/en/project-admin/) and for [managing applications within projects.]({{}}/rancher/v2.6/en/k8s-in-rancher/) - **Pipelines:** Setting up a [pipeline]({{}}/rancher/v2.6/en/project-admin/pipelines/) can help developers deliver new software as quickly and efficiently as possible. Within Rancher, you can configure pipelines for each of your Rancher projects. - **Istio:** Our [integration with Istio]({{}}/rancher/v2.6/en/istio/) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. diff --git a/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md b/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md index 186ef9429e9..c53af953f71 100644 --- a/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md +++ b/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md @@ -102,7 +102,7 @@ With that said, it is safe to use all three roles on three nodes when setting up Because no additional workloads will be deployed on the Rancher server cluster, in most cases it is not necessary to use the same architecture that we recommend for the scalability and reliability of downstream clusters. -For more best practices for downstream clusters, refer to the [production checklist]({{}}/rancher/v2.6/en/cluster-provisioning/production) or our [best practices guide.]({{}}/rancher/v2.6/en/best-practices/v2.5/) +For more best practices for downstream clusters, refer to the [production checklist]({{}}/rancher/v2.6/en/cluster-provisioning/production) or our [best practices guide.]({{}}/rancher/v2.6/en/best-practices/) # Architecture for an Authorized Cluster Endpoint diff --git a/content/rancher/v2.6/en/security/cve/_index.md b/content/rancher/v2.6/en/security/cve/_index.md index 8efae8b0dfc..afd2bc0c0c9 100644 --- a/content/rancher/v2.6/en/security/cve/_index.md +++ b/content/rancher/v2.6/en/security/cve/_index.md @@ -15,4 +15,4 @@ Rancher is committed to informing the community of security issues in our produc | [CVE-2019-12274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12274) | Nodes using the built-in node drivers using a file path option allows the machine to read arbitrary files including sensitive ones from inside the Rancher server container. | 5 Jun 2019 | [Rancher v2.2.4](https://github.com/rancher/rancher/releases/tag/v2.2.4), [Rancher v2.1.10](https://github.com/rancher/rancher/releases/tag/v2.1.10) and [Rancher v2.0.15](https://github.com/rancher/rancher/releases/tag/v2.0.15) | | [CVE-2019-11202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11202) | The default admin, that is shipped with Rancher, will be re-created upon restart of Rancher despite being explicitly deleted. | 16 Apr 2019 | [Rancher v2.2.2](https://github.com/rancher/rancher/releases/tag/v2.2.2), [Rancher v2.1.9](https://github.com/rancher/rancher/releases/tag/v2.1.9) and [Rancher v2.0.14](https://github.com/rancher/rancher/releases/tag/v2.0.14) | | [CVE-2019-6287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6287) | Project members continue to get access to namespaces from projects that they were removed from if they were added to more than one project. | 29 Jan 2019 | [Rancher v2.1.6](https://github.com/rancher/rancher/releases/tag/v2.1.6) and [Rancher v2.0.11](https://github.com/rancher/rancher/releases/tag/v2.0.11) | -| [CVE-2018-20321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20321) | Any project member with access to the `default` namespace can mount the `netes-default` service account in a pod and then use that pod to execute administrative privileged commands against the Kubernetes cluster. | 29 Jan 2019 | [Rancher v2.1.6](https://github.com/rancher/rancher/releases/tag/v2.1.6) and [Rancher v2.0.11](https://github.com/rancher/rancher/releases/tag/v2.0.11) - Rolling back from these versions or greater have specific [instructions]({{}}/rancher/v2.5/en/installation/install-rancher-on-k8s/rollbacks). | \ No newline at end of file +| [CVE-2018-20321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20321) | Any project member with access to the `default` namespace can mount the `netes-default` service account in a pod and then use that pod to execute administrative privileged commands against the Kubernetes cluster. | 29 Jan 2019 | [Rancher v2.1.6](https://github.com/rancher/rancher/releases/tag/v2.1.6) and [Rancher v2.0.11](https://github.com/rancher/rancher/releases/tag/v2.0.11) - Rolling back from these versions or greater have specific [instructions]({{}}/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks). | \ No newline at end of file From 8d8c0e71a08f09ba2eea42e48c5c8eb7a63cb6dd Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Wed, 1 Sep 2021 13:48:22 -0400 Subject: [PATCH 07/29] Updated ARM64 argument for v2.0-v2.4, v2.5, v2.6 --- .../resources/advanced/arm64-platform/_index.md | 17 +++++++++-------- .../resources/advanced/arm64-platform/_index.md | 17 ++++++++++++++++- .../resources/advanced/arm64-platform/_index.md | 17 ++++++++++++++++- 3 files changed, 41 insertions(+), 10 deletions(-) diff --git a/content/rancher/v2.0-v2.4/en/installation/resources/advanced/arm64-platform/_index.md b/content/rancher/v2.0-v2.4/en/installation/resources/advanced/arm64-platform/_index.md index f022f52f21d..03bcfbede09 100644 --- a/content/rancher/v2.0-v2.4/en/installation/resources/advanced/arm64-platform/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/resources/advanced/arm64-platform/_index.md @@ -12,20 +12,21 @@ aliases: The following options are available when using an ARM64 platform: - Running Rancher on ARM64 based node(s) - - For only [Docker Install]({{}}/rancher/v2.0-v2.4/en/installation/other-installation-methods/single-node-docker). Please note how to update the following installation command: + - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install]({{}}/rancher/v2.0-v2.4/en/installation/other-installation-methods/single-node-docker) link: ``` + # In the last line `rancher/rancher:vX.Y.Z`, be certain to replace "X.Y.Z" with a released version in which ARM64 builds exist. For example, if your matching version is v2.5.8, you would fill in this line with `rancher/rancher:v2.5.8`. docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 \ --privileged \ - rancher/rancher:vX.Y.Z + rancher/rancher:vX.Y.Z ``` -In the last line `rancher/rancher:vX.Y.Z`, be certain to replace "X.Y.Z" with a released version in which ARM64 builds only exist. For example, if your matching version is v2.5.8, you would fill in this line with `rancher/rancher:v2.5.8`. - -> **Note:** To check if your specific released version supports an ARM64 platform, you may navigate to your version's release notes in the following two ways: - -> - Manually find your version using https://github.com/rancher/rancher/releases. -> - Go directly to your version using the tag and the specific version number. If you plan to use v2.5.8, for example, you may navigate to https://github.com/rancher/rancher/releases/tag/v2.5.8. +> **Note:** To check if your specific released version is compatible with the ARM64 architecture, you may navigate to your +> version's release notes in the following two ways: +> +> - Manually find your version using https://github.com/rancher/rancher/releases. +> - Go directly to your version using the tag and the specific version number. If you plan to use v2.5.8, for example, you may +> navigate to https://github.com/rancher/rancher/releases/tag/v2.5.8. - Create custom cluster and adding ARM64 based node(s) - Kubernetes cluster version must be 1.12 or higher diff --git a/content/rancher/v2.5/en/installation/resources/advanced/arm64-platform/_index.md b/content/rancher/v2.5/en/installation/resources/advanced/arm64-platform/_index.md index d39ba54f471..654f54f148f 100644 --- a/content/rancher/v2.5/en/installation/resources/advanced/arm64-platform/_index.md +++ b/content/rancher/v2.5/en/installation/resources/advanced/arm64-platform/_index.md @@ -12,7 +12,22 @@ aliases: The following options are available when using an ARM64 platform: - Running Rancher on ARM64 based node(s) - - Only [Docker Install]({{}}/rancher/v2.5/en/installation/other-installation-methods/single-node-docker) + - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install]({{}}/rancher/v2.0-v2.4/en/installation/other-installation-methods/single-node-docker) link: + + ``` + # In the last line `rancher/rancher:vX.Y.Z`, be certain to replace "X.Y.Z" with a released version in which ARM64 builds exist. For example, if your matching version is v2.5.8, you would fill in this line with `rancher/rancher:v2.5.8`. + docker run -d --restart=unless-stopped \ + -p 80:80 -p 443:443 \ + --privileged \ + rancher/rancher:vX.Y.Z + ``` +> **Note:** To check if your specific released version is compatible with the ARM64 architecture, you may navigate to your +> version's release notes in the following two ways: +> +> - Manually find your version using https://github.com/rancher/rancher/releases. +> - Go directly to your version using the tag and the specific version number. If you plan to use v2.5.8, for example, you may +> navigate to https://github.com/rancher/rancher/releases/tag/v2.5.8. + - Create custom cluster and adding ARM64 based node(s) - Kubernetes cluster version must be 1.12 or higher - CNI Network Provider must be [Flannel]({{}}/rancher/v2.5/en/faq/networking/cni-providers/#flannel) diff --git a/content/rancher/v2.6/en/installation/resources/advanced/arm64-platform/_index.md b/content/rancher/v2.6/en/installation/resources/advanced/arm64-platform/_index.md index 65c24d0d7a4..9bc042f366d 100644 --- a/content/rancher/v2.6/en/installation/resources/advanced/arm64-platform/_index.md +++ b/content/rancher/v2.6/en/installation/resources/advanced/arm64-platform/_index.md @@ -10,7 +10,22 @@ weight: 3 The following options are available when using an ARM64 platform: - Running Rancher on ARM64 based node(s) - - Only [Docker Install]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker) + - Only for Docker Install. Please note that the following installation command replaces the examples found in the [Docker Install]({{}}/rancher/v2.0-v2.4/en/installation/other-installation-methods/single-node-docker) link: + + ``` + # In the last line `rancher/rancher:vX.Y.Z`, be certain to replace "X.Y.Z" with a released version in which ARM64 builds exist. For example, if your matching version is v2.5.8, you would fill in this line with `rancher/rancher:v2.5.8`. + docker run -d --restart=unless-stopped \ + -p 80:80 -p 443:443 \ + --privileged \ + rancher/rancher:vX.Y.Z + ``` +> **Note:** To check if your specific released version is compatible with the ARM64 architecture, you may navigate to your +> version's release notes in the following two ways: +> +> - Manually find your version using https://github.com/rancher/rancher/releases. +> - Go directly to your version using the tag and the specific version number. If you plan to use v2.5.8, for example, you may +> navigate to https://github.com/rancher/rancher/releases/tag/v2.5.8. + - Create custom cluster and adding ARM64 based node(s) - Kubernetes cluster version must be 1.12 or higher - CNI Network Provider must be [Flannel]({{}}/rancher/v2.6/en/faq/networking/cni-providers/#flannel) From 41b71e772709404817e0bd51a488ac44d26bb420 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Wed, 1 Sep 2021 23:10:02 +0000 Subject: [PATCH 08/29] Fix typos --- .../installation/install-rancher-on-k8s/rollbacks/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md index 763d0197652..e4dafe6f7e7 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md @@ -18,7 +18,7 @@ A restore is performed by creating a Restore custom resource. > **Important** > > * Follow the instructions from this page for restoring rancher on the same cluster where it was backed up from. In order to migrate rancher to a new cluster, follow the steps to [migrate rancher.]({{}}/rancher/v2.6/en/backups/migrating-rancher) -> * While restoring rancher on the same setup, the rancher deployment is manually scaled down before the restore starts then the operator will scale it back up once restore completes. So Rancher will be unavailable during the restore. +> * While restoring Rancher on the same setup, the Rancher deployment is manually scaled down before the restore starts, then the operator will scale it back up once the restore completes. So Rancher will be unavailable during the restore. ### Scale the Rancher Deployment to 0 @@ -60,7 +60,7 @@ A restore is performed by creating a Restore custom resource. 1. Click **Create**. -**Result:** The backup file is created and updated to the target storage location. The resources are restored in this order: +**Result:** The Rancher deployment is manually scaled down before the restore starts then, the operator will scale it back up once the restore completes. The resources are restored in this order: 1. Custom Resource Definitions (CRDs) 2. Cluster-scoped resources From 43cf5a961900fa38836a4d55b37ee7f1fb3a4124 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Wed, 1 Sep 2021 16:49:26 -0700 Subject: [PATCH 09/29] Correction to bootstrap password doc --- .../en/installation/resources/bootstrap-password/_index.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/installation/resources/bootstrap-password/_index.md b/content/rancher/v2.6/en/installation/resources/bootstrap-password/_index.md index 4cd48755b10..ac6534aafdd 100644 --- a/content/rancher/v2.6/en/installation/resources/bootstrap-password/_index.md +++ b/content/rancher/v2.6/en/installation/resources/bootstrap-password/_index.md @@ -9,8 +9,13 @@ The bootstrap password is randomly generated if it is not set during installatio ### Specifying the Bootstrap Password in Helm Installs -For a Helm install, users can specify the bootstrap password variable by configuring it in the Helm chart values with `.Values.bootstrapPassword`. The password will be stored in a Kubernetes secret and the UI will show instructions for how to retrieve password on `note.txt` after Rancher is installed. +For a Helm install, users can specify the bootstrap password variable by configuring it in the Helm chart values with `.Values.bootstrapPassword`. +The password will be stored in a Kubernetes secret. After Rancher is installed, the UI will show instructions for how to retrieve the password using kubectl: + +``` +kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{ .data.bootstrapPassword|base64decode}}{{ "\n" }}' +``` ### Specifying the Bootstrap Password in Docker Installs From 200f306d70ac30f15d473320d66a4171bf123f2e Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Wed, 1 Sep 2021 19:02:21 -0700 Subject: [PATCH 10/29] Add Docker command to get bootstrap password --- .../installation/resources/bootstrap-password/_index.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/installation/resources/bootstrap-password/_index.md b/content/rancher/v2.6/en/installation/resources/bootstrap-password/_index.md index ac6534aafdd..f0875b5e8a2 100644 --- a/content/rancher/v2.6/en/installation/resources/bootstrap-password/_index.md +++ b/content/rancher/v2.6/en/installation/resources/bootstrap-password/_index.md @@ -19,4 +19,10 @@ kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{ ### Specifying the Bootstrap Password in Docker Installs -For a Docker install, you can specify the bootstrap password by passing `-e CATTLE_BOOTSTRAP_PASSWORD=password` to the Docker install command. \ No newline at end of file +For a Docker install, you can specify the bootstrap password by passing `-e CATTLE_BOOTSTRAP_PASSWORD=password` to the Docker install command. + +The password will be stored in the Docker container logs. After Rancher is installed, the UI will show instructions for how to retrieve the password using the Docker container ID: + +``` +docker logs container-id 2>&1 | grep "Bootstrap Password:" +``` \ No newline at end of file From 6e6eb6811fcf4a31a2decc76d37039778ae1d09f Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Thu, 2 Sep 2021 12:39:31 -0400 Subject: [PATCH 11/29] Added ECR plugin private registry info --- .../rke-config-reference/_index.md | 2 +- .../private-registries/_index.md | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md index 7fce0b1bf2f..a5dcb2060e3 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md @@ -127,7 +127,7 @@ The private registry configuration option tells Rancher where to pull the [syste - **System images** are components needed to maintain the Kubernetes cluster. - **Add-ons** are used to deploy several cluster components, including network plug-ins, the ingress controller, the DNS provider, or the metrics server. -See the [RKE documentation on private registries]({{}}/rke/latest/en/config-options/private-registries/) for more information on the private registry for components applied during the provisioning of the cluster. +To learn how to set up an **ECR private registry** and for more information on the private registry for components applied during the provisioning of the cluster, see the [RKE documentation on private registries]({{}}/rke/latest/en/config-options/private-registries/). ### Authorized Cluster Endpoint diff --git a/content/rke/latest/en/config-options/private-registries/_index.md b/content/rke/latest/en/config-options/private-registries/_index.md index 1d3226826ba..a0932eb75d0 100644 --- a/content/rke/latest/en/config-options/private-registries/_index.md +++ b/content/rke/latest/en/config-options/private-registries/_index.md @@ -48,3 +48,38 @@ As of v0.1.10, you have to configure your private registry credentials, but you Before v0.1.10, you had to configure your private registry credentials **and** update the names of all the [system images]({{}}/rke/latest/en/config-options/system-images/) in the `cluster.yml` so that the image names would have the private registry URL appended before each image name. + +### ECR Private Registry Setup + +There are two ways in which to provide ECR credentials to set up your ECR private registry: using an instance profile or adding a configuration snippet, which are hard-coded credentials in environment variables for the `kubelet` and credentials under the`credentialPlugin`. + + - **Instance Profile**: An instance profile is the preferred and more secure approach to provide ECR credentials (when running in EC2, etc.). The instance profile will be autodetected and use these credentials by default (using the Go AWS SDK credential lookup process). + + - **Configuration Snippet**: You will use the configuration snippet below rather than an instance profile only if the following conditions exist in your node: + + - Node is not an EC2 instance + - Node is an EC2 instance but does not have an instance profile configured + - Node is an EC2 instance and has an instance profile configured but has no permissions for ECR + +> **Note:** The ECR credentials are only used in the `kubelet` and `credentialPlugin` areas. This is important to remember if you have issues while creating a new cluster or when pulling images during reconcile/upgrades. +> +> - Kubelet: For add-ons, custom workloads, etc., the instance profile or credentials are used by the +> downstream cluster nodes +> - Pulling system images (directly via Docker): For bootstrap, upgrades, reconcile, etc., the instance profile +> or credentials are used by nodes running RKE or running the Rancher pods. + +``` + # Configuration snippet to be used when the instance profile is unavailable. + services: + kubelet: + extra_env: + - "AWS_ACCESS_KEY_ID=ACCESSKEY" + - "AWS_SECRET_ACCESS_KEY=SECRETKEY" + private_registries: + - url: ACCOUNTID.dkr.ecr.ap-southeast-2.amazonaws.com + is_default: true + ecrCredentialPlugin: + aws_access_key_id: "ACCESSKEY" + aws_secret_access_key: "SECRETKEY" +``` + \ No newline at end of file From 5fd87d531ad60a5ef462754857ccd22700b065da Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Thu, 2 Sep 2021 16:45:20 -0400 Subject: [PATCH 12/29] Updated RKE page for ECR plugin fixes --- .../en/config-options/private-registries/_index.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/rke/latest/en/config-options/private-registries/_index.md b/content/rke/latest/en/config-options/private-registries/_index.md index a0932eb75d0..b1dcdab23b9 100644 --- a/content/rke/latest/en/config-options/private-registries/_index.md +++ b/content/rke/latest/en/config-options/private-registries/_index.md @@ -49,11 +49,11 @@ As of v0.1.10, you have to configure your private registry credentials, but you Before v0.1.10, you had to configure your private registry credentials **and** update the names of all the [system images]({{}}/rke/latest/en/config-options/system-images/) in the `cluster.yml` so that the image names would have the private registry URL appended before each image name. -### ECR Private Registry Setup +### Amazon Elastic Container Registry (ECR) Private Registry Setup -There are two ways in which to provide ECR credentials to set up your ECR private registry: using an instance profile or adding a configuration snippet, which are hard-coded credentials in environment variables for the `kubelet` and credentials under the`credentialPlugin`. +[Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html) is an AWS managed container image registry service that is secure, scalable, and reliable. There are two ways in which to provide ECR credentials to set up your ECR private registry: using an instance profile or adding a configuration snippet, which are hard-coded credentials in environment variables for the `kubelet` and credentials under the `ecrCredentialPlugin`. - - **Instance Profile**: An instance profile is the preferred and more secure approach to provide ECR credentials (when running in EC2, etc.). The instance profile will be autodetected and use these credentials by default (using the Go AWS SDK credential lookup process). + - **Instance Profile**: An instance profile is the preferred and more secure approach to provide ECR credentials (when running in EC2, etc.). The instance profile will be autodetected and used by default. For more information on configuring an instance profile with ECR permissions, go [here](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security-iam.html). - **Configuration Snippet**: You will use the configuration snippet below rather than an instance profile only if the following conditions exist in your node: @@ -61,7 +61,7 @@ There are two ways in which to provide ECR credentials to set up your ECR privat - Node is an EC2 instance but does not have an instance profile configured - Node is an EC2 instance and has an instance profile configured but has no permissions for ECR -> **Note:** The ECR credentials are only used in the `kubelet` and `credentialPlugin` areas. This is important to remember if you have issues while creating a new cluster or when pulling images during reconcile/upgrades. +> **Note:** The ECR credentials are only used in the `kubelet` and `ecrCredentialPlugin` areas. This is important to remember if you have issues while creating a new cluster or when pulling images during reconcile/upgrades. > > - Kubelet: For add-ons, custom workloads, etc., the instance profile or credentials are used by the > downstream cluster nodes @@ -76,7 +76,7 @@ There are two ways in which to provide ECR credentials to set up your ECR privat - "AWS_ACCESS_KEY_ID=ACCESSKEY" - "AWS_SECRET_ACCESS_KEY=SECRETKEY" private_registries: - - url: ACCOUNTID.dkr.ecr.ap-southeast-2.amazonaws.com + - url: ACCOUNTID.dkr.ecr.region.amazonaws.com is_default: true ecrCredentialPlugin: aws_access_key_id: "ACCESSKEY" From 0c42bef53d847469ed490e00c41653f446edd449 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Thu, 2 Sep 2021 17:28:01 -0400 Subject: [PATCH 13/29] Updated 2.6 with ECR reg link --- .../editing-clusters/rke-config-reference/_index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md index a5dcb2060e3..2b9ca444871 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md @@ -127,7 +127,9 @@ The private registry configuration option tells Rancher where to pull the [syste - **System images** are components needed to maintain the Kubernetes cluster. - **Add-ons** are used to deploy several cluster components, including network plug-ins, the ingress controller, the DNS provider, or the metrics server. -To learn how to set up an **ECR private registry** and for more information on the private registry for components applied during the provisioning of the cluster, see the [RKE documentation on private registries]({{}}/rke/latest/en/config-options/private-registries/). +For more information on setting up a private registry for components applied during the provisioning of the cluster, see the [RKE documentation on private registries]({{}}/rke/latest/en/config-options/private-registries/). + +Rancher v2.6 introduced the ability to configure [ECR registries for RKE clusters]({{}}/rke/latest/en/config-options/private-registries/#amazon-elastic-container-registry-ecr-private-registry-setup). ### Authorized Cluster Endpoint From 48d371012525ab3b0e18166c4e03c87145db0c68 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Fri, 3 Sep 2021 11:46:36 -0400 Subject: [PATCH 14/29] Fixed broken link under cloud credentials --- .../editing-clusters/aks-config-reference/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference/_index.md index d98ecd08b34..7f5b7d14e9b 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference/_index.md @@ -19,7 +19,7 @@ Rancher can configure member roles for AKS clusters in the same way as any other # Cloud Credentials -> The configuration information in this section assumes you have already set up a service principal for Rancher. For step-by-step instructions for how to set up the service principal, see [this section.]({{}}/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-cluster/aks/#prerequisites-in-microsoft-azure) +> The configuration information in this section assumes you have already set up a service principal for Rancher. For step-by-step instructions for how to set up the service principal, see [this section.]({{}}/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/#prerequisites-in-microsoft-azure) ### Tenant ID From 68ac41114f741fdb23a6c8809f0f16c8f33b66c4 Mon Sep 17 00:00:00 2001 From: David Noland Date: Fri, 3 Sep 2021 18:50:21 -0700 Subject: [PATCH 15/29] Fix reset password command Command in doc currently doesn't work if you have rancher audit logs enabled because "grep 1/1" will not grab any results: $ kubectl --kubeconfig $KUBECONFIG -n cattle-system exec $(kubectl --kubeconfig $KUBECONFIG -n cattle-system get pods -l app=rancher | grep '1/1' | head -1 | awk '{ print $1 }') -- reset-password error: pod, type/name or --filename must be specified Example of what pod results look like when audit logs are enabled: $ kubectl get pods -l app=rancher -n cattle-system NAME READY STATUS RESTARTS AGE rancher-79c8ffd84b-cjxb4 2/2 Running 0 13m rancher-79c8ffd84b-tcpc5 2/2 Running 0 10m --- content/rancher/v2.6/en/faq/technical/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/faq/technical/_index.md b/content/rancher/v2.6/en/faq/technical/_index.md index be1cca30b3e..c616ebfd0d8 100644 --- a/content/rancher/v2.6/en/faq/technical/_index.md +++ b/content/rancher/v2.6/en/faq/technical/_index.md @@ -15,7 +15,7 @@ New password for default administrator (user-xxxxx): Kubernetes install (Helm): ``` $ KUBECONFIG=./kube_config_rancher-cluster.yml -$ kubectl --kubeconfig $KUBECONFIG -n cattle-system exec $(kubectl --kubeconfig $KUBECONFIG -n cattle-system get pods -l app=rancher | grep '1/1' | head -1 | awk '{ print $1 }') -- reset-password +$ kubectl --kubeconfig $KUBECONFIG -n cattle-system exec $(kubectl --kubeconfig $KUBECONFIG -n cattle-system get pods -l app=rancher --no-headers | head -1 | awk '{ print $1 }') -c rancher -- reset-password New password for default administrator (user-xxxxx): ``` From cb3b46995ba4a4e7c7830cb8ce0cef3790b23474 Mon Sep 17 00:00:00 2001 From: claycooper Date: Sun, 5 Sep 2021 21:39:10 -0400 Subject: [PATCH 16/29] Update _index.md Fixed links to cert-manager install section --- .../v2.6/en/installation/install-rancher-on-k8s/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md index 24b1e7f9260..a1d2ec29ddc 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md @@ -97,8 +97,8 @@ There are three recommended options for the source of the certificate used for T | Configuration | Helm Chart Option | Requires cert-manager | | ------------------------------ | ----------------------- | ------------------------------------- | -| Rancher Generated Certificates (Default) | `ingress.tls.source=rancher` | [yes](#5-install-cert-manager) | -| Let’s Encrypt | `ingress.tls.source=letsEncrypt` | [yes](#5-install-cert-manager) | +| Rancher Generated Certificates (Default) | `ingress.tls.source=rancher` | [yes](#4-install-cert-manager) | +| Let’s Encrypt | `ingress.tls.source=letsEncrypt` | [yes](#4-install-cert-manager) | | Certificates from Files | `ingress.tls.source=secret` | no | ### 4. Install cert-manager From b356dfc3a7a52d19552f14dab53b826189c3dd3a Mon Sep 17 00:00:00 2001 From: Felipe Cecagno Date: Mon, 6 Sep 2021 14:45:49 -0300 Subject: [PATCH 17/29] fix: Google page to authorize service account --- .../v2.6/en/admin-settings/authentication/google/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/admin-settings/authentication/google/_index.md b/content/rancher/v2.6/en/admin-settings/authentication/google/_index.md index 8ddd5e36326..2ac8b6cb8c9 100644 --- a/content/rancher/v2.6/en/admin-settings/authentication/google/_index.md +++ b/content/rancher/v2.6/en/admin-settings/authentication/google/_index.md @@ -84,7 +84,7 @@ Using the Unique ID of the service account key, register it as an Oauth Client u 1. Get the Unique ID of the key you just created. If it's not displayed in the list of keys right next to the one you created, you will have to enable it. To enable it, click **Unique ID** and click **OK**. This will add a **Unique ID** column to the list of service account keys. Save the one listed for the service account you created. NOTE: This is a numeric key, not to be confused with the alphanumeric field **Key ID**. ![Service account Unique ID]({{}}/img/rancher/Google-Select-UniqueID-column.png) -1. Go to the [**Manage OAuth Client Access** page.](https://admin.google.com/AdminHome?chromeless=1#OGX:ManageOauthClients) +1. Go to the [**Domain-wide Delegation** page.](https://admin.google.com/ac/owl/domainwidedelegation) 1. Add the Unique ID obtained in the previous step in the **Client Name** field. 1. In the **One or More API Scopes** field, add the following scopes: ``` From e82a085f81a4048b9e13db8edfe1ad59bb254645 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Tue, 7 Sep 2021 16:28:14 +0000 Subject: [PATCH 18/29] Add back correct fix --- .../en/installation/install-rancher-on-k8s/rollbacks/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md index e4dafe6f7e7..652e9057515 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/rollbacks/_index.md @@ -60,7 +60,7 @@ A restore is performed by creating a Restore custom resource. 1. Click **Create**. -**Result:** The Rancher deployment is manually scaled down before the restore starts then, the operator will scale it back up once the restore completes. The resources are restored in this order: +**Result:** The backup file is created and updated to the target storage location. The resources are restored in this order: 1. Custom Resource Definitions (CRDs) 2. Cluster-scoped resources From 4529663c29719792cc33bcb20267fd26d5039c0e Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Tue, 7 Sep 2021 16:44:05 -0400 Subject: [PATCH 19/29] Capped region for consistency --- .../rke/latest/en/config-options/private-registries/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rke/latest/en/config-options/private-registries/_index.md b/content/rke/latest/en/config-options/private-registries/_index.md index b1dcdab23b9..89453fe9511 100644 --- a/content/rke/latest/en/config-options/private-registries/_index.md +++ b/content/rke/latest/en/config-options/private-registries/_index.md @@ -76,7 +76,7 @@ Before v0.1.10, you had to configure your private registry credentials **and** u - "AWS_ACCESS_KEY_ID=ACCESSKEY" - "AWS_SECRET_ACCESS_KEY=SECRETKEY" private_registries: - - url: ACCOUNTID.dkr.ecr.region.amazonaws.com + - url: ACCOUNTID.dkr.ecr.REGION.amazonaws.com is_default: true ecrCredentialPlugin: aws_access_key_id: "ACCESSKEY" From 4a5ee01c18c378692144bdfdc743e38c6fcefdda Mon Sep 17 00:00:00 2001 From: Jen Travinski Date: Tue, 7 Sep 2021 18:24:44 -0400 Subject: [PATCH 20/29] Documented that AKS cluster might take hours to show up in Cluster To register list, based on region. (#3488) * Added note about AKS cluster under admin * Added note about AKS cluster under provisioning * Updated UI code for admin/provisioning note * Updated provisioning after clarifying region and UI command * Updated admin after clarifying region and UI command * Corrected UI tag --- .../editing-clusters/aks-config-reference/_index.md | 2 ++ .../hosted-kubernetes-clusters/aks/_index.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference/_index.md index 7f5b7d14e9b..02b70c5ee55 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/aks-config-reference/_index.md @@ -169,6 +169,8 @@ The first way to ensure that Rancher is running on the same [NAT](https://docs.m The second way is to run a command to register the cluster with Rancher. Once the cluster is provisioned, you can run the displayed command anywhere you can connect to the cluster’s Kubernetes API. This command is displayed in a pop-up when you provision an AKS cluster with a private API endpoint enabled. +> **Note:** Please be aware that when registering an existing AKS cluster, the cluster might take some time, possibly hours, to appear in the `Cluster To register` dropdown list. This outcome will be based on region. + For more information about connecting to an AKS private cluster, see the [AKS documentation.](https://docs.microsoft.com/en-us/azure/aks/private-clusters#options-for-connecting-to-the-private-cluster) # Node Pools diff --git a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md index 618b8ec318b..64157308900 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md @@ -144,6 +144,8 @@ The first way to ensure that Rancher is running on the same [NAT](https://docs.m The second way is to run a command to register the cluster with Rancher. Once the cluster is provisioned, you can run the displayed command anywhere you can connect to the cluster’s Kubernetes API. This command is displayed in a pop-up when you provision an AKS cluster with a private API endpoint enabled. +> **Note:** Please be aware that when registering an existing AKS cluster, the cluster might take some time, possibly hours, to appear in the `Cluster To register` dropdown list. This outcome will be based on region. + For more information about connecting to an AKS private cluster, see the [AKS documentation.](https://docs.microsoft.com/en-us/azure/aks/private-clusters#options-for-connecting-to-the-private-cluster) # Syncing From 98eac8e277c5d8c6691c26a88f124060876629bd Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 9 Sep 2021 13:42:47 -0700 Subject: [PATCH 21/29] Update steps for rolling back rancher on v2.5.0+ (#3501) * Update steps for rolling back rancher on v2.5.0+ * Change placeholder character --- .../rollbacks/_index.md | 38 ++++++++++++++----- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/content/rancher/v2.5/en/installation/install-rancher-on-k8s/rollbacks/_index.md b/content/rancher/v2.5/en/installation/install-rancher-on-k8s/rollbacks/_index.md index acf3b933318..7fd6ec3e73b 100644 --- a/content/rancher/v2.5/en/installation/install-rancher-on-k8s/rollbacks/_index.md +++ b/content/rancher/v2.5/en/installation/install-rancher-on-k8s/rollbacks/_index.md @@ -25,7 +25,16 @@ A restore is performed by creating a Restore custom resource. > **Important** > > * Follow the instructions from this page for restoring rancher on the same cluster where it was backed up from. In order to migrate rancher to a new cluster, follow the steps to [migrate rancher.]({{}}/rancher/v2.5/en/backups/migrating-rancher) -> * While restoring rancher on the same setup, the operator will scale down the rancher deployment when restore starts, and it will scale back up the deployment once restore completes. So Rancher will be unavailable during the restore. +> * While restoring Rancher on the same setup, the Rancher deployment is manually scaled down before the restore starts, then the operator will scale it back up once the restore completes. So Rancher will be unavailable during the restore. + +### Scale the Rancher Deployment to 0 + +1. From the **Global** view, hover over the **local** cluster. +1. Under **Projects in local**, click on **System**. +1. From the **cattle-system** namespace section, find the `rancher-hook` deployment. +1. Select **⋮ > Edit**. +1. Change **Scalable deployment of _ pods** to `0`. +1. Scroll to the bottom and click **Save**. ### Create the Restore Custom Resource @@ -56,7 +65,7 @@ A restore is performed by creating a Restore custom resource. 1. Click **Create.** -**Result:** The rancher-operator scales down the rancher deployment during restore, and scales it back up once the restore completes. The resources are restored in this order: +**Result:** The backup file is created and updated to the target storage location. The resources are restored in this order: 1. Custom Resource Definitions (CRDs) 2. Cluster-scoped resources @@ -69,14 +78,25 @@ kubectl get pods -n cattle-resources-system kubectl logs -n cattle-resources-system -f ``` -### Roll back to the previous Rancher version +### Roll back to a previous Rancher version -Rancher can be rolled back using the Rancher UI. +Rancher can be rolled back using the Helm CLI. To roll back to the previous version: -1. In the Rancher UI, go to the local cluster. -1. Go to the System project. -1. Edit Rancher deployment and modify image to version that you are rolling back to. -1. Save changes made. +```yaml +helm rollback rancher -n cattle-system +``` + +If the previous revision is not the intended target, you can specify a revision to roll back to. To see the deployment history: + +```yaml +helm history rancher -n cattle-system +``` + +When the target revision is determined, perform the rollback. This example will roll back to revision `3`: + +```yaml +helm rollback rancher 3 -n cattle-system +``` # Rolling Back to Rancher v2.2-v2.4+ @@ -88,4 +108,4 @@ For information on how to roll back Rancher installed with Docker, refer to [thi # Rolling Back to Rancher v2.0-v2.1 -Rolling back to Rancher v2.0-v2.1 is no longer supported. The instructions for rolling back to these versions are preserved [here]({{}}/rancher/v2.0-v2.4/en/backups/restore/rke-restore/v2.0-v2.1) and are intended to be used only in cases where upgrading to Rancher v2.2+ is not feasible. \ No newline at end of file +Rolling back to Rancher v2.0-v2.1 is no longer supported. The instructions for rolling back to these versions are preserved [here]({{}}/rancher/v2.0-v2.4/en/backups/restore/rke-restore/v2.0-v2.1) and are intended to be used only in cases where upgrading to Rancher v2.2+ is not feasible. From 465a0d465ad6ad8f76a377cc4aa6f85aa7971972 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 9 Sep 2021 13:42:59 -0700 Subject: [PATCH 22/29] Update K3s server config options (#3502) --- .../install-options/server-config/_index.md | 51 ++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/content/k3s/latest/en/installation/install-options/server-config/_index.md b/content/k3s/latest/en/installation/install-options/server-config/_index.md index a60c075bbd5..687133583d8 100644 --- a/content/k3s/latest/en/installation/install-options/server-config/_index.md +++ b/content/k3s/latest/en/installation/install-options/server-config/_index.md @@ -39,6 +39,21 @@ In this section, you'll learn how to configure the K3s server. | `--datastore-cafile` value | `K3S_DATASTORE_CAFILE` | TLS Certificate Authority file used to secure datastore backend communication | | `--datastore-certfile` value | `K3S_DATASTORE_CERTFILE` | TLS certification file used to secure datastore backend communication | | `--datastore-keyfile` value | `K3S_DATASTORE_KEYFILE` | TLS key file used to secure datastore backend communication | +| `--etcd-expose-metrics` | N/A | Expose etcd metrics to client interface. (Default false) | +| `--etcd-disable-snapshots` | N/A | Disable automatic etcd snapshots | +| `--etcd-snapshot-name` value | N/A | Set the base name of etcd snapshots. Default: etcd-snapshot- (default: "etcd-snapshot") | +| `--etcd-snapshot-schedule-cron` value | N/A | Snapshot interval time in cron spec. eg. every 5 hours '* */5 * * *' (default: "0 */12 * * *") | +| `--etcd-snapshot-retention` value | N/A | Number of snapshots to retain (Default: 5) | +| `--etcd-snapshot-dir` value | N/A | Directory to save db snapshots. (Default location: ${data-dir}/db/snapshots) | +| `--etcd-s3` | N/A | Enable backup to S3 | +| `--etcd-s3-endpoint` value | N/A | S3 endpoint url (default: "s3.amazonaws.com") | +| `--etcd-s3-endpoint-ca` value | N/A | S3 custom CA cert to connect to S3 endpoint | +| `--etcd-s3-skip-ssl-verify` | N/A | Disables S3 SSL certificate validation | +| `--etcd-s3-access-key` value | `AWS_ACCESS_KEY_ID` | S3 access key | +| `--etcd-s3-secret-key` value | `AWS_SECRET_ACCESS_KEY` | S3 secret key | +| `--etcd-s3-bucket` value | N/A | S3 bucket name | +| `--etcd-s3-region` value | N/A | S3 region / bucket location (optional) (default: "us-east-1") | +| `--etcd-s3-folder` value | N/A | S3 folder | ### Cluster Options @@ -66,6 +81,10 @@ K3s agent options are available as server options because the server has the age | `--with-node-id` | N/A | Append id to node name | (agent/node) | `--node-label` value | N/A | Registering and starting kubelet with set of labels | | `--node-taint` value | N/A | Registering kubelet with set of taints | +| `--image-credential-provider-bin-dir` value | N/A | The path to the directory where credential provider plugin binaries are located (default: "/var/lib/rancher/credentialprovider/bin") | +| `--image-credential-provider-config` value | N/A | The path to the credential provider plugin config file (default: "/var/lib/rancher/credentialprovider/config.yaml") | +| `--selinux` | `K3S_SELINUX` | Enable SELinux in containerd | +| `--lb-server-port` value | `K3S_LB_SERVER_PORT` | Local port for supervisor client load-balancer. If the supervisor and apiserver are not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer. (default: 6444) | ### Agent Runtime @@ -74,6 +93,7 @@ K3s agent options are available as server options because the server has the age | `--docker` | N/A | Use docker instead of containerd | (agent/runtime) | `--container-runtime-endpoint` value | N/A | Disable embedded containerd and use alternative CRI implementation | | `--pause-image` value | "docker.io/rancher/pause:3.1" | Customized pause image for containerd or Docker sandbox | +| `--snapshotter` value | N/A | Override default containerd snapshotter (default: "overlayfs") | | `--private-registry` value | "/etc/rancher/k3s/registries.yaml" | Private registry configuration file | ### Agent Networking @@ -94,6 +114,7 @@ the agent options are there because the server has the agent process embedded wi | Flag | Default | Description | |------|---------|-------------| +| `--debug` | N/A | Turn on debug logs | | `-v` value | 0 | Number for the log level verbosity | | `--vmodule` value | N/A | Comma-separated list of pattern=N settings for file-filtered logging | | `--log value, -l` value | N/A | Log to file | @@ -122,6 +143,7 @@ the agent options are there because the server has the agent process embedded wi |------|---------|-------------| | `--cluster-cidr` value | "10.42.0.0/16" | Network CIDR to use for pod IPs | | `--service-cidr` value | "10.43.0.0/16" | Network CIDR to use for services IPs | +| `--service-node-port-range` value | "30000-32767" | Port range to reserve for services with NodePort visibility | | `--cluster-dns` value | "10.43.0.10" | Cluster IP for coredns service. Should be in your service-cidr range | | `--cluster-domain` value | "cluster.local" | Cluster Domain | | `--flannel-backend` value | "vxlan" | One of 'none', 'vxlan', 'ipsec', 'host-gw', or 'wireguard' | @@ -148,6 +170,7 @@ the agent options are there because the server has the agent process embedded wi | `--disable` value | Do not deploy packaged components and delete any deployed components (valid items: coredns, servicelb, traefik,local-storage, metrics-server) | | `--disable-scheduler` | Disable Kubernetes default scheduler | | `--disable-cloud-controller` | Disable k3s default cloud controller manager | +| `--disable-kube-proxy` | Disable running kube-proxy | | `--disable-network-policy` | Disable k3s default network policy controller | ### Customized Flags for Kubernetes Processes @@ -190,6 +213,7 @@ USAGE: k3s server [OPTIONS] OPTIONS: + --config FILE, -c FILE (config) Load configuration from FILE (default: "/etc/rancher/k3s/config.yaml") [$K3S_CONFIG_FILE] --debug (logging) Turn on debug logs [$K3S_DEBUG] -v value (logging) Number for the log level verbosity (default: 0) --vmodule value (logging) Comma-separated list of pattern=N settings for file-filtered logging --log value, -l value (logging) Log to file @@ -202,6 +226,7 @@ OPTIONS: --data-dir value, -d value (data) Folder to hold state default /var/lib/rancher/k3s or ${HOME}/.rancher/k3s if not root --cluster-cidr value (networking) Network CIDR to use for pod IPs (default: "10.42.0.0/16") --service-cidr value (networking) Network CIDR to use for services IPs (default: "10.43.0.0/16") + --service-node-port-range value (networking) Port range to reserve for services with NodePort visibility (default: "30000-32767") --cluster-dns value (networking) Cluster IP for coredns service. Should be in your service-cidr range (default: 10.43.0.10) --cluster-domain value (networking) Cluster Domain (default: "cluster.local") --flannel-backend value (networking) One of 'none', 'vxlan', 'ipsec', 'host-gw', or 'wireguard' (default: "vxlan") @@ -217,18 +242,37 @@ OPTIONS: --datastore-cafile value (db) TLS Certificate Authority file used to secure datastore backend communication [$K3S_DATASTORE_CAFILE] --datastore-certfile value (db) TLS certification file used to secure datastore backend communication [$K3S_DATASTORE_CERTFILE] --datastore-keyfile value (db) TLS key file used to secure datastore backend communication [$K3S_DATASTORE_KEYFILE] + --etcd-expose-metrics (db) Expose etcd metrics to client interface. (Default false) + --etcd-disable-snapshots (db) Disable automatic etcd snapshots + --etcd-snapshot-name value (db) Set the base name of etcd snapshots. Default: etcd-snapshot- (default: "etcd-snapshot") + --etcd-snapshot-schedule-cron value (db) Snapshot interval time in cron spec. eg. every 5 hours '* */5 * * *' (default: "0 */12 * * *") + --etcd-snapshot-retention value (db) Number of snapshots to retain Default: 5 (default: 5) + --etcd-snapshot-dir value (db) Directory to save db snapshots. (Default location: ${data-dir}/db/snapshots) + --etcd-s3 (db) Enable backup to S3 + --etcd-s3-endpoint value (db) S3 endpoint url (default: "s3.amazonaws.com") + --etcd-s3-endpoint-ca value (db) S3 custom CA cert to connect to S3 endpoint + --etcd-s3-skip-ssl-verify (db) Disables S3 SSL certificate validation + --etcd-s3-access-key value (db) S3 access key [$AWS_ACCESS_KEY_ID] + --etcd-s3-secret-key value (db) S3 secret key [$AWS_SECRET_ACCESS_KEY] + --etcd-s3-bucket value (db) S3 bucket name + --etcd-s3-region value (db) S3 region / bucket location (optional) (default: "us-east-1") + --etcd-s3-folder value (db) S3 folder --default-local-storage-path value (storage) Default local storage path for local provisioner storage class --disable value (components) Do not deploy packaged components and delete any deployed components (valid items: coredns, servicelb, traefik, local-storage, metrics-server) --disable-scheduler (components) Disable Kubernetes default scheduler --disable-cloud-controller (components) Disable k3s default cloud controller manager + --disable-kube-proxy (components) Disable running kube-proxy --disable-network-policy (components) Disable k3s default network policy controller --node-name value (agent/node) Node name [$K3S_NODE_NAME] --with-node-id (agent/node) Append id to node name --node-label value (agent/node) Registering and starting kubelet with set of labels --node-taint value (agent/node) Registering kubelet with set of taints + --image-credential-provider-bin-dir value (agent/node) The path to the directory where credential provider plugin binaries are located (default: "/var/lib/rancher/credentialprovider/bin") + --image-credential-provider-config value (agent/node) The path to the credential provider plugin config file (default: "/var/lib/rancher/credentialprovider/config.yaml") --docker (agent/runtime) Use docker instead of containerd --container-runtime-endpoint value (agent/runtime) Disable embedded containerd and use alternative CRI implementation --pause-image value (agent/runtime) Customized pause image for containerd or docker sandbox (default: "docker.io/rancher/pause:3.1") + --snapshotter value (agent/runtime) Override default containerd snapshotter (default: "overlayfs") --private-registry value (agent/runtime) Private registry configuration file (default: "/etc/rancher/k3s/registries.yaml") --node-ip value, -i value (agent/networking) IP address to advertise for node --node-external-ip value (agent/networking) External IP address to advertise for node @@ -237,14 +281,19 @@ OPTIONS: --flannel-conf value (agent/networking) Override default flannel config file --kubelet-arg value (agent/flags) Customized flag for kubelet process --kube-proxy-arg value (agent/flags) Customized flag for kube-proxy process + --protect-kernel-defaults (agent/node) Kernel tuning behavior. If set, error if kernel tunables are different than kubelet defaults. --rootless (experimental) Run rootless --agent-token value (experimental/cluster) Shared secret used to join agents to the cluster, but not servers [$K3S_AGENT_TOKEN] --agent-token-file value (experimental/cluster) File containing the agent secret [$K3S_AGENT_TOKEN_FILE] --server value, -s value (experimental/cluster) Server to connect to, used to join a cluster [$K3S_URL] --cluster-init (experimental/cluster) Initialize new cluster master [$K3S_CLUSTER_INIT] --cluster-reset (experimental/cluster) Forget all peers and become a single cluster new cluster master [$K3S_CLUSTER_RESET] + --cluster-reset-restore-path value (db) Path to snapshot file to be restored --secrets-encryption (experimental) Enable Secret encryption at rest + --system-default-registry value (image) Private registry to be used for all system images [$K3S_SYSTEM_DEFAULT_REGISTRY] + --selinux (agent/node) Enable SELinux in containerd [$K3S_SELINUX] + --lb-server-port value (agent/node) Local port for supervisor client load-balancer. If the supervisor and apiserver are not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer. (default: 6444) [$K3S_LB_SERVER_PORT] --no-flannel (deprecated) use --flannel-backend=none --no-deploy value (deprecated) Do not deploy packaged components (valid items: coredns, servicelb, traefik, local-storage, metrics-server) --cluster-secret value (deprecated) use --token [$K3S_CLUSTER_SECRET] -``` \ No newline at end of file +``` From f702871fb9990adb82b7bf1f6bca63edc92e80f2 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Thu, 9 Sep 2021 14:37:31 -0700 Subject: [PATCH 23/29] Respond to feedback on cluster template docs (#3485) * Respond to feedback on cluster template docs * Respond to feedback on cluster template doc --- .../cluster-templates/_index.md | 40 ++++++++++++++++--- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/content/rancher/v2.6/en/admin-settings/cluster-templates/_index.md b/content/rancher/v2.6/en/admin-settings/cluster-templates/_index.md index 2be5e058afb..9173fe65f45 100644 --- a/content/rancher/v2.6/en/admin-settings/cluster-templates/_index.md +++ b/content/rancher/v2.6/en/admin-settings/cluster-templates/_index.md @@ -9,6 +9,8 @@ Cluster templates encompass both Kubernetes configuration and node pool configur - [RKE2 Cluster Template](#rke2-cluster-template) - [Adding a Cluster Template to Rancher](#adding-a-cluster-template-to-rancher) - [Creating a Cluster from a Cluster Template](#creating-a-cluster-from-a-cluster-template) +- [Updating a Cluster Created from a Cluster Template](#updating-a-cluster-created-from-a-cluster-template) +- [Deploying Clusters from a Template with Fleet](#deploying-clusters-from-a-template-with-fleet) - [Uninstalling Cluster Templates](#uninstalling-cluster-templates) - [Configuration Options](#configuration-options) @@ -32,11 +34,16 @@ The example repository for an RKE2 cluster template is [here](https://github.com # Adding a Cluster Template to Rancher -> **Prerequisite:** You will need permission to configure a Helm chart repository in Rancher. +In this section, you'll learn how to add the cluster template to the `local` cluster's chart repo list. The result is that Rancher will include the cluster template as an option when users install new Kubernetes clusters. + +> **Prerequisites:** +> +> - You will need permission to install Helm charts on the `local` Kubernetes cluster that Rancher is installed on. +> - In order for the chart to appear in the form for creating new clusters, the chart must have the annotation `catalog.cattle.io/type: cluster-template`. 1. Go to a cluster template example repository. Rancher's examples are in [this GitHub repository.](https://github.com/rancher/cluster-template-examples) As of Rancher v2.6.0, we provide an RKE2 cluster template and add to more in the future. 1. Fork the repository. -1. Optional: Edit the cluster options by editing the `values.yaml` file. For help editing the file, see the cluster template's Helm chart README. Note that in order for the chart to appear in the form for creating new clusters, the chart must have the annotation `catalog.cattle.io/type: cluster-template`. +1. Optional: Edit the cluster options by editing the `values.yaml` file. For help editing the file, see the cluster template's Helm chart README. 1. Add the chart repository to Rancher. Click **☰ > Cluster Management**. 1. Go to the `local` cluster and click **Explore.** 1. In the left navigation bar, click **Apps & Marketplace > Chart Repositories.** @@ -54,15 +61,36 @@ The example repository for an RKE2 cluster template is [here](https://github.com > **Prerequisites:** > > - You will need permission to provision new Kubernetes clusters. -> - You will need permission to install Helm charts on the `local` Kubernetes cluster that the Rancher management server is installed on. -> - In order to use a template as part of continuous delivery/GitOps, the cluster template needs to be deployed in the `fleet-local` namespace of the `local` cluster. +> - You will need cloud credentials for provisioning infrastructure using the template. > - In order to show in the form for creating new clusters, the cluster template's Helm chart must have the `catalog.cattle.io/type: cluster-template` annotation. +1. Click **☰ > Cluster Management**. +1. On the **Clusters** page, click **Create.** +1. Click the name of your cluster template. +1. Finish installing the Helm chart. + +**Result:** After Rancher provisions the new cluster, it is managed in the same way as any other Rancher-launched Kubernetes cluster. You can configure any options through the UI if the cluster template has options for the user to choose from. + +# Updating a Cluster Created from a Cluster Template + +You can update any clusters using a template from the **Apps & Marketplace > Installed Apps** page, given there is a new version of a template being used by those clusters. + +# Deploying Clusters from a Template with Fleet + +> **Prerequisites:** +> +> - You will need permission to provision new Kubernetes clusters. +> - You will need cloud credentials for provisioning infrastructure using the template. +> - In order to show in the form for creating new clusters, the cluster template's Helm chart must have the `catalog.cattle.io/type:cluster-template` annotation. +> - In order to use a template as part of continuous delivery/GitOps, the cluster template needs to be deployed in the `fleet-local` namespace of the `local` cluster. +> - All values must be set in the `values.yaml` of the template. +> - Fleet repositories must follow the guidelines on [this page.](http://fleet.rancher.io/gitrepo-structure/) For RKE2 cluster templates, that means a `fleet.yaml` file must be added to the repository. + 1. Click **☰ > Cluster Management**. 1. On the **Clusters** page, click **Create.** 1. Click **Create Cluster from Template.** -**Result:** After Rancher provisions the new cluster, it is managed in the same way as any other Rancher-launched Kubernetes cluster. +**Result:** After Rancher provisions the new cluster, it is managed by Fleet. # Uninstalling Cluster Templates @@ -73,6 +101,8 @@ The example repository for an RKE2 cluster template is [here](https://github.com **Result:** The cluster template is uninstalled. This action does not affect clusters created with the cluster template. +An admin with access to the `local` cluster can also remove a cluster deployed via cluster templates through the **Apps & Marketplace > Installed Apps** page. + # Configuration Options Cluster templates are flexible enough that they can be used to configure all of the following options: From 6c8e45b38a15645d159a24da51de107928a9869a Mon Sep 17 00:00:00 2001 From: Jen Travinski Date: Thu, 9 Sep 2021 17:47:01 -0400 Subject: [PATCH 24/29] Documented three-node vs. single node Rancher for managing downstream clusters (#3492) * Updated Rancher node verbiage v2.0-v2.4 * Updated Rancher node verbiage v2.5 * Updated Rancher node verbiage v2.6 --- .../en/cluster-provisioning/node-requirements/_index.md | 4 ++-- .../v2.5/en/cluster-provisioning/node-requirements/_index.md | 4 ++-- .../v2.6/en/cluster-provisioning/node-requirements/_index.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/content/rancher/v2.0-v2.4/en/cluster-provisioning/node-requirements/_index.md b/content/rancher/v2.0-v2.4/en/cluster-provisioning/node-requirements/_index.md index a3ea0e34f85..81b0972581d 100644 --- a/content/rancher/v2.0-v2.4/en/cluster-provisioning/node-requirements/_index.md +++ b/content/rancher/v2.0-v2.4/en/cluster-provisioning/node-requirements/_index.md @@ -3,9 +3,9 @@ title: Node Requirements for Rancher Managed Clusters weight: 1 --- -This page describes the requirements for the Rancher managed Kubernetes clusters where your apps and services will be installed. These downstream clusters should be separate from the cluster (or single node) running Rancher. +This page describes the requirements for the Rancher managed Kubernetes clusters where your apps and services will be installed. These downstream clusters should be separate from the three-node cluster running Rancher. -> If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.]({{}}/rancher/v2.0-v2.4/en/installation/requirements/) +> If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.]({{}}/rancher/v2.0-v2.4/en/installation/requirements/) Make sure the nodes for the Rancher server fulfill the following requirements: diff --git a/content/rancher/v2.5/en/cluster-provisioning/node-requirements/_index.md b/content/rancher/v2.5/en/cluster-provisioning/node-requirements/_index.md index 6faea856e22..6798b1b53f3 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/node-requirements/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/node-requirements/_index.md @@ -3,9 +3,9 @@ title: Node Requirements for Rancher Managed Clusters weight: 1 --- -This page describes the requirements for the Rancher managed Kubernetes clusters where your apps and services will be installed. These downstream clusters should be separate from the cluster (or single node) running Rancher. +This page describes the requirements for the Rancher managed Kubernetes clusters where your apps and services will be installed. These downstream clusters should be separate from the three-node cluster running Rancher. -> If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.]({{}}/rancher/v2.5/en/installation/requirements/) +> If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.]({{}}/rancher/v2.5/en/installation/requirements/) Make sure the nodes for the Rancher server fulfill the following requirements: diff --git a/content/rancher/v2.6/en/cluster-provisioning/node-requirements/_index.md b/content/rancher/v2.6/en/cluster-provisioning/node-requirements/_index.md index 5bb0d3cbdb1..bd24c9adeb8 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/node-requirements/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/node-requirements/_index.md @@ -3,9 +3,9 @@ title: Node Requirements for Rancher Managed Clusters weight: 1 --- -This page describes the requirements for the Rancher managed Kubernetes clusters where your apps and services will be installed. These downstream clusters should be separate from the cluster (or single node) running Rancher. +This page describes the requirements for the Rancher managed Kubernetes clusters where your apps and services will be installed. These downstream clusters should be separate from the three-node cluster running Rancher. -> If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.]({{}}/rancher/v2.6/en/installation/requirements/) +> If Rancher is installed on a high-availability Kubernetes cluster, the Rancher server three-node cluster and downstream clusters have different requirements. For Rancher installation requirements, refer to the node requirements in the [installation section.]({{}}/rancher/v2.6/en/installation/requirements/) Make sure the nodes for the Rancher server fulfill the following requirements: From 98465f5126c039f4afcf3f04e2dacf68739334e1 Mon Sep 17 00:00:00 2001 From: Jen Travinski Date: Fri, 10 Sep 2021 12:07:33 -0400 Subject: [PATCH 25/29] Updated typo in Fleet diagram (#3504) * Updated Fleet diagram * Replaced png w/ svg file --- .../fleet/architecture/_index.md | 2 +- .../fleet/architecture/_index.md | 2 +- static/img/rancher/fleet-architecture.png | Bin 85204 -> 0 bytes static/img/rancher/fleet-architecture.svg | 1956 +++++++++++++++++ 4 files changed, 1958 insertions(+), 2 deletions(-) delete mode 100644 static/img/rancher/fleet-architecture.png create mode 100644 static/img/rancher/fleet-architecture.svg diff --git a/content/rancher/v2.5/en/deploy-across-clusters/fleet/architecture/_index.md b/content/rancher/v2.5/en/deploy-across-clusters/fleet/architecture/_index.md index 1f6493e7f2f..620747b01ca 100644 --- a/content/rancher/v2.5/en/deploy-across-clusters/fleet/architecture/_index.md +++ b/content/rancher/v2.5/en/deploy-across-clusters/fleet/architecture/_index.md @@ -5,5 +5,5 @@ weight: 1 Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, or Kustomize or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy everything in the cluster. This gives you a high degree of control, consistency, and auditability. Fleet focuses not only on the ability to scale, but to give one a high degree of control and visibility to exactly what is installed on the cluster. -![Architecture]({{}}/img/rancher/fleet-architecture.png) +![Architecture]({{}}/img/rancher/fleet-architecture.svg) diff --git a/content/rancher/v2.6/en/deploy-across-clusters/fleet/architecture/_index.md b/content/rancher/v2.6/en/deploy-across-clusters/fleet/architecture/_index.md index 1f6493e7f2f..620747b01ca 100644 --- a/content/rancher/v2.6/en/deploy-across-clusters/fleet/architecture/_index.md +++ b/content/rancher/v2.6/en/deploy-across-clusters/fleet/architecture/_index.md @@ -5,5 +5,5 @@ weight: 1 Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, or Kustomize or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy everything in the cluster. This gives you a high degree of control, consistency, and auditability. Fleet focuses not only on the ability to scale, but to give one a high degree of control and visibility to exactly what is installed on the cluster. -![Architecture]({{}}/img/rancher/fleet-architecture.png) +![Architecture]({{}}/img/rancher/fleet-architecture.svg) diff --git a/static/img/rancher/fleet-architecture.png b/static/img/rancher/fleet-architecture.png deleted file mode 100644 index f8584482ca2ab47c606af38798fb9999fc9715e1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 85204 zcmd43$L_4m+Ap@HBiYs`ouMb5Z^<6)Epiw_)8q!4rb*HnkVBI*+=1`PQ{R;z*8BM! z%UAG9z5a_-MHTgg-;?V9v<&IL{>T6JAOHBrKmMyC3-&+$@n8OL`1e2mFaHx<`Hz49 zum9~I|M>o2%hO-lBd?n5AOFN3e;xf3L&|<${)r3!#IR@>{+(7)F-7hC?=D;565Mb5 zw92b2{p%SF!H|C;%)cv9JlB8a#~WStznJTBbL=b1$QzaMj+Q_VM|;VcsG1^|K>&@Z2Uf9Ng{D z`0T<-b)JD5TqVt15BAK%40HOe#_EH}H(Pv87gA9N^z{4K_Ah#G|HOD1PWco56!yn` zyLt5{N|!v)W#xmgrjM^wnsTpN_W&4rc8El&E5@p!X)kX9jU#y8rE}u+>2J%r=}p^k zi=H!)xVuIJsa%P2g^MEl#R<}SpKK;Fx%l1urJ#eHU$=@Zz2OkpKwpj}5r%}Fzv+h5 zXSLxq^ujaVLPuI3(*6U^;P#`-Y7#+gp=RZq8dz(;Kjg;G#$+n?SY>6(<1bEzq)W;f$`VVWF!qvEgqf}bC`tq z?U|WmVf5lY7M_z&SIXnlEAHG4sPAr@b}oim0+RPB5V}~WQEm%OSkg~8vmRuUtMDKf z`Td6Bsj*+#v|q$ZbChE0yVX-A+^#sHGxeLMXc=Lwi%6G^UKF!DsvM(pT)Q4r`M_6= zVJEDj(}lxwc$!DX=JBAQ860bQ?39Qp)|1cd3}rb-n|!+?no0*7g+~vM_MWA-E%rG~ zDQ5#UettT+>ZgaY$M|AUm?RQz1-+fAHg)^GZZsj=lTBn-EmDZFWB0;V$FkYdWa_a> z?iWY{(WGp`JTUzZaHoqTw=);W z%=v2)qAN+z27V#_yqCgMqwFJjE~QT+)fb;}#Nnp)BKZ9#^#)l;W;8@uq~Vk&v3xss z9Q)|;hr%2>N7SWBzF{WQN0XB&fo-hLZn^27;Zf(rqGw9rKtsIsif{MZxPF3*8uMdZ z*C7^~X5!q3`|zsRS9y0}qk+9&%%e9~!T}RSFdtq5Ecx^Rs&VYBGR#YZ+NGKbDx6{h&tC$ivt?SaP?;E`tvDSBK)8r-1DRqb{kHX<9Alj&Gx1^hiZlY>h{PzZPh= zVO@qY3|?B!-TZW&;9|3B#kHBl#tEBMEePJ;`kV~%B%0KW2V#oiPZy2k&u)4A(5;h3 z!({b=vBl|WA*!C>@h0Y(NcrEDdi6A(|8N)65OJa~cWr*|)did1(kGLJ61S%L{6*^R z#ai3&mTWq8@ee80IEGD|;WZ}T;W3J`UX)(`e)GLZ(qBL8?1o~op#UAjH>qE&OKUhK zE|CkGW-AI;3wZPrQN)`k_W+63kJppQvQ(ANWJQTTKSr8lm!Gu5w{0!>TVILp=CY zpVgXA+e?$r8_5UPwso1=c4?;gx3L|rMZR*#@PGV#hnLfB>C{1#Ggh*IMYq+YfEvf8r&6@ZnygYrr6$i-(8r$;^ zdwJ3`Md{7v3S#)TE?x{CLh@6<3Q1{NLdzyQ zF>12itJ%1nU%!&gf%gpA=0v^T(e0-E9D93j-1+;MrHRnrn{JXvl3HOq^}imAC}iu# zPjg~z9tsNdc27nMg(b|!^BGH++nwf$cHWOi zh&TGp#vh}ofB%DqYi!aZUT^lr}*vRiB_8uwbyBSix zzKHc^%V~{2rg^ouO05UEK7QICVGpOxVeRr54MFq0?0B=N1qsurBO;;P)NLcJe!mqU z>jxWahFvgRCie^z7YQ5rS1#ifn`GKb60Qd75-d?nrMmGwkJ#~nZul1riHr6WL3N6H z&O36>Jo^*65>x~)o`FDE!DH|fT&Pql8$fQ3Z?Eg1Rj~T?r48G@Cv;|RIr|g+4W-;i zQ}lr=ZKO-Ycjup(+eUrx>7dnrrJ1V1qWNT!HX2d+R~2(wj~F8i2$^A?^-jf^_rz%? zlY;fx0a6iWyP6fT{)&QY&O*-4)ojh<_iMB0Ab!q+55vy8RQZ*E>I6j<;;4VpiPn5= zmRLQ*@~Gph=>x^#FB_(HtQY^eWjuD8Tp=>Am@qr-+3x10sM{DhnK4rdEne0fZgq<2 z-i?F!HkrT7BQl2{>X<^5c$6s^Vy}KhJmgBxPksv?I_1p16Vs_Ki|yA%OMlBkb7^Po zKB0vxrQ07)y-1NRTB)*@h0ACR)=#wA>08@ZEl6iK60c2ujLd}hxut0F?s(zDGq@_| z5sqbil#x+s&o}KWGtb90dF`+)WyUPyS|4$T&NO^@zK_E*k`|=JnBYOKdE2&}eJPhI zFnI?6xbTC7dFt;C3F_Svx$fcI7=(6ox_xS75oaah#VN>-TwV{G9G`SL66Te>xm5f{_!jwIFI_o|_Qs}sEH$1I=Ms`KFMjqtGiZq`y@8c0(1}bE#HNPX zm6U$VVcaFx)=RtT$`dnsu36(_76Y8Jm^DU7iyA9F2wd7YaE=KWSV`{=fIVO2Uw_@g z8QI(iV-M2KRE( z+quxKGZ{ZrW#RU#Bw0Od>bQ7B4^}FRCeC-y=Z;&2TERYiqawtfZk)(*6uoQ{S zU1~rpau*%JM?puTlfI)YM6;RuCv7zbmrWdN@=WvH(?Oztg_?3w_}s7;C#rETJX!a9 zBY}%MW3+b))mPs_e@5yu7+_s-b0bn=RLGaAxprEk?D3;>@sJihr6%#7fyOn$=7fbD z@&zuf3a{Yl*W}Y#{+P9%n1p-1Q`J_0l56?FEDk_g5uc7wGfTWsqtfGEK3Y9E#;f`u zdbs+$i!9fzAx6GvE`Oazg$y_P_S|zssQL1e*`k`!Y|5Ew=I2fb%OfibT@LMHs-I1r z?32gky~PaTFgr*j;;0_*yEX~#sP;fGFP^C%lIK`F8m;|~;x}V-4zav$IM?RVi?%_d$uWM*mc*N%~DP(Vcx<^;9 zBKjtL_>UMbE|>UHqgkXD7T377(Nwue!(nacKCt*xTJ+r}#E+$LDSk3liqMNw;+Q06 zI5K#lQl^t6;l}Sm?lN-P4O5G2>wRl`|6U+nY?f)(&N%k;WBs~%t5)T)!X1lL-l;f=cmI+6x`-Th^+G!*CSzb&b zpuc>Nnk$D9ao6uQNZ&sEIa^}?5f<{r``84H?WxaaT6)I1TchB8el)*n)w=g|&A^E2 zHqU%4cs$*=z!kVg3aIvdqIKSwZmtA0@4~k<-P;OSL86GIo4hJ-5$KnYm}fyp<=gSN z^Y;1h^>{VO)9WRgYx(&hKg}>mvxoEeh@EDc4@bzAx%V#lshNN-_-#20OVRTp&cDT+ zN>_aJK6-yA8;^}rX61=EN*-8e)PocIk4Hm|z>p+L7XC|M+Pbn{0)>dj=;$HW?VfXTA?c;Nw-$Tc|KzUyeTgzVIT?`%Ed^vN z)I%{mj*kp(jbr&08O7K9Qj>EsNxW>hr_R4^O@Gs1Cq9z0yXo#*mRPYZaj_KgGlXu& zhR0P@Pha^Wn|u80Hx`7BXg6`7d6kYiUqU<;^p8~<;QJ#aE?o>?Wb^7Uy_+5bSQ7&etoZy z^|-G8Fehg9U;3^2L3ld7^(f8TSz)%f#A*~@$ZHUexiGh0b_Tzg4#SItTeLc}$>LYi zGaMbD@ovx`YA@#4I3)D#%dizaP?@1A$v4X^Ht~(^@m838c?r4ADmt?+6!R{F8{%KX z&)BtkL%<{lG0bMAj<-4H?iYXHNy|yOyTi9<21Mu-E-jo^bxqCck1ee}JMxKJ7JrGz zgTdVEkrPiQdTl+aZpr&aaUlPWT4rvg{}N{f)H4ru0Km``RoVC67vCIzR^*0J94@SU z9ZUs)g*CFm}PSJdd2; zh%BuKbvbODvZw!Q=qDLk%FZt<(G^pqOU$kDz%`rM zcc7i%p5SQQS`24(KbV{)9a4v>R?Q8F?Zfwrg%a{IptJcZ0{u35c|^*%dJJE;t^mA9 zR=IsJGPTd%u`Z}DJ))xuw47fEtOC5?i2qyByap8rj`^?hWq-?$>xh+ zQxaU97V|!FZm0_)HoRZ-e$iFgAV1+5x8u`FB;N4z&myG}nq?qqCf(t|^By-_u2tW_ zql7H>Wf(vIp=B5lD!tfAGJx{6APrCi6hGer;CV$SJKrZC#hrISG#39itAz3*olDw{ zI%Bdd2d7ZM%a)j0e5^{eFO@)YwvWONu?@npCyICo{6>1r#$X3b2O zct~qyvkSL@J59{6GNcSKJSKWfUTex-GspG;S+T3@2SG*B%W;mv6&?EFom>~c8gQBj zoow?fB7h4WSlYjp!7@2;WV-8nIhFf|^Y-4huHCdK#X1NXYZpI!dyT ze3K$FjwC$NP2h;TeF7-Q17BrCc5Q#FlkY39apJ++!iCjxyK|Ct(baMz!0Dlt1OylS zSmW}!uC^;}MU#yLg$>TRdU>Zu(sAhj6!6XSuSG4{x=mrNKwXn$uW@q$<{{7L?e5k$ zRgOvJxK2y8Kl8}e|Kvd0rRuk+vY zRQ`B{X8z}gCb>Bf42dh_%-6u%zYGZuq|Q#U?)3`~ozcjuVY;qN4jI|T^Q%k>@i1p+ z;po?lY8U`fVxcIZ21%bO7N$aNiPIT=lS0l6O@#;7wDU+eKGyDtast?(?vq^Efz zOF#aVWWk3`G}!~G&D*n|G!XAnfttj@E=zna%fK#g1w4|`8JxAw1&nxHt(70^?9Jtc zJOlfACBKX+*dys)2PH897*OJy9Cf3J%lUdt&y}P5<&xyGUEV4HS)VTueF1;Y$Ok;>B7h3z0Qn2ilWHx)ChO6#Ie2-F%7n$DOTn=p9lm=_@Fa<-jjv z?+Ufv(J=ow{8~uUfC)37;kD^Rn@x3MVprYoq8sz)nZ*?~MQ#eOJFf7|-;=oz&EdYL zQ9TVumrtXxgnqgQ?XJ(4ZYvqWmkK2X2c*{mK}y zB@9#CDF4{O1C2N9o>A~|Z-Pbnl;}9_5L-qk(609(US!ll{pu%tHktD<0~2CW@0mQR zn_s=}`}IJ}Z7JnbUSFQ?i3^1KlvA9O@#W@eypb1!x7oLJpF)JB;8#A~t<8{Ac6mPG)E9%*;9X;Y^nCF%WvJJ7QU&7zfWAWAX z`vdhfY+zUv!2L6NE&SH6WCAKnoJ9s2T`{idS@rdoRG7&r=fJzQ&XPx73vQKpLMZ{; zyt$b4UO|syV4)k~J=3rg!^hQf0&XBe;?Hk+jO9^Jf`JiC$0l{6F0bSlezI2@@#9~qWC14nHEM zo`P0EN~ytY(6npik|MF3T|xLq=9^8R3eNN}b3Q#IDb1x8FPMzD-U#OrXJni&&25w3 z7`Kg?>~Q)4RVD}&3{rSAbdOuV-(!w)F{%vqkpaM(S~-g&O)8vtNX@h~eh#@9rBJKh z8~Gg$Z4;Ya|FnS*yS@N;x0abeQy-;>b@`sZ4v<^CIYgX(%Sw1W*`8;HWyR$A{Sv9h z8ybCEtk|RDlT@aNdy6W?cQDkA>XL4zQ#d`L`Y5FP&F;kk%*^w1Xh=5!#nE$d{q=Tv zQ%NdJH?O*N1&(4nB!xLvlw?%{g95960e6DiF@9v@*y$|f&|7p$#w!2FZ_Iv`diy-B zFIHHUg@%2eOt)}%Tp(#(Vq3-W4_TW>`Vq;GyvR%qUje2>qe&DP=qkwn&EN2`V3d z;ON6TraiZ?GM($%FVJfy99lN613Lop)?%fyDmkA}d~Ee^jQ&aOlFW-fbuQ8h=DqmG z+o#L)#QOB5FfD61mGv9McE7*o4M<*nkWGw33dCq6(*Aa8sSk%T+=8LUh|n= z(p-AbmOJc1Aho0i5X5Vn)CQP9+V8h>pJot)gwH5?YS*lI5LSnDn9IE+&5fC6V?q5b zzm;*#wuueC85V?tC`~c}=wpy2x@``N8Csyyj79p(M`j=Fq=_`%4ma9U*& z`aJamztZkpwo*;)3qf??NuKi7PqJLtfw5Cc)Bt#S=d2x1S!w_WD?n_v)$zX+CqY65+&ZvKEf!=EA4Z@H7*z*${tui4p?K$#fLhJ5CR}1Sv~@a zo@c!m2^+JovVIyQ2QmW_{A5AjnScDYx%0yDO4u&Xh_?F9???Wb1uCDXNg+#pM#uWx zf}=#5c0Ouh=lkz;z`_v-%^+W<>YnK#o<)RwjneqG-j{gH@yB3;I3Z>Cpzd+EGV{$! ze6ljOV%DbyBJ~zMPZ<_XL<;aWhz&a-YGsU=qGK51;~<^HN^uVX!{X$cnWHOu`0C<< z)#0`dEo&7Tw;XV#&PaU>X0~^3wIg%+WU$Wgc5f%qy&Qm5r|d+fb=!XM06s>`1xkQl z`lRu0szFIl-H6{!n^;OuF~D;X#czf78k0yOZmj?hnwqhiB7+c|~IrdZ@|TWG!!d4Pl46 z$!zvK%?(?ujc)_w;j@W?G33zAHybG1`fckg%XhGDZ%35)RqXr?QB8RUR2K^FfD4cw zQ`P$O){x^Q(y#9BwhCkRs=g@QEkug8C*mc^3>ex2;ui@o@K^5K;ZQdf)A=STD(PF^ z+zCJYrruVcNZ0)u^!dZq?vB)*Ew;{dL2A{vEF=0S@>%&O#hs5#HD>*5s@p$l95Wen#gQ zBs#wej)|RCOx|maC1flp1N%y$iO00J@MZ_fYV-03i80m$@vse|2%$gPBK0(Qd((sZ zlUm;vpz`3}OM}RVh(`W+b+;VaC2NqD7JN7Q>Q>X~HrWm?Bbc4Y=H;_CKi5`t`#aer z`ciOedr&Wj%&+$0$}J{mkhk*NKMZumPuvmHUmAc)^aC1(E1oA@Gz^tz5N!P#g*-jv zb8Gp8?>es~@TX-O-iL7*uG6@uzh#_{Q4kMJ16rtKz!j;xDoQMQ*)1>X&|8Is6u@cw z#FQ@IC<2IrC(MBMI3(z>1~OFKT{!(NE%_-SCynl9I<&HcTBDAh8IBNMr6PhyMwNa_ zNedDuF8)r}m%z20I~RmOLXRnU!&7z>Biw%()2(V5&-esyIM7#+jp7FOfcSCY+!dLy zS96r%*|K!dTayJox*%+FGlsS;O_OFG-o8i(6hotuU`-zl79VI$v_u*vWnNOWoGL)u z0skOBcdZSuZPKB9vI5bV#0Q>4v0NvylohF4-Sd7kE#ormV0H({MyuUAe$|Yj2@2cx zGdWe_S@YQCpNgf!I*4|acTCuA8D_X!7(I8Nno$btH}p)HlXYwBV#Ny5VIVu=nz;KL zB-bEH-mlje-;8eI!Ck)1;zJ$u1mycUduskR=`eVy*b02T)QkG#fX_?3q><@hFQ(F{ z%Q7KrvWMoDKsXt_`Drarwn8Sj&akI+4ha&Sy|Yf?cT<5S`AnBwx1{%^#2-c+h%6pY zXW~xzh2-*Fj(QPGbRD@w5=4C8OV*r9I`*>yKVF_TN!6a8c{@P4kQbK^oI1o6g)z9mo8+Xp?j z#io>2@iCju5}2q);XXZ47yC>0j#MJdz7=e6kn-z!vw%Mkx&QfT{XNDx2KQJ2DG;62 zC0=pA`A6(e$B{D)Rb~c7DK^(?UWG^~c-(rzw#1i$zAx$d3h6dk^Rake;R@|y>G#PF z1HpYCFpu8aG>L$u5gYum&2MLFL3W6B37?K2H)f@9HLM}I;J^m(!=crAzHh=X)l!s8 zHh8nQ?4#TFT&O}GIWr5VZz9u8!MdeYe!}p@+@j&QJkXoAZ#u-O`#C@=JeZN2i(~#q zja!mmIH)P!?{J_b@ot|9+tgb(10Vqt84zWqpp~d*8M|KY2#1TTjLEcmZ0GXD&{Ug3 zTS($hf28s4eC07b{C)El-Yp8=F+PW!Bi1p|H*7e}8{@#Q@j3MfHkzt_w|ovj->_oB zZxw}SWUpKMi-AP7Z~bFPXW&AarJrc#54_cuMhfrmh7H+gV7AaSwi zpW_KvdG4`)z((7Y=(2p-B9TM%Dx3G-O`!%K@7erak8>=28nO1GF5+`O=2s=n9WjEx z%`%!VD|@{A@VKUgNw`n2%>SOp4w@orFfy)XgwtT-rIiGNed`u|eBgR%%8G+r7oZpwLg z6u(wr^vNN3A^o^ji1|}Syl-DTNWR<$2?IUQ!yqfM?K^j$jKq5;_~x~H<_@1HpO zkS& z?BQvfwV2Ar#j?ihH=@?>X$W9FlxXF?O8{Y&tBBDpmH(c{Mx4Vm+!BJ!Oqg+==si3r zd3Gc)aNw6ALBV z4gxR7a_h$@DJ6F=Pi89VHk5Sg_FKOF&7C*i%xr&%SUYH{As;CkaVS~(KoT8mbvPe6 z)GrVisQAJH@bS0zED5?=0#DGk&gH2*bQVACwVPRw{H>dJaUxG_hT%=`?_-ASxwWB4F`G`KAO5fQ21LBSZg@B5mF{X#E9$pscN8R8uF$w^+46G0 zEBl+^BZ%+0E;AWO+;AyV=XacN`5||RS_0?d9}B&ES1XI7#Bic4jSx~?jzXTq1#%_@#Pdl?^p!xei~+hV%Ep) z*^Y@}qvgvL#XnU^}CR_e|;;q4DyrKN~wIR^ar=W}A}m0*!Yy{RE~ z8PXN+mURq#E#6Y4Et5WHmYeQ)WK*=oQUYNg>6K@|FR(e1CJXRAu_U z$Ap`I+{9eB=KDk1$wwHYY5EgJE+B9s=-flSKR{|q=65jIHLkyh`6_k@%SbGnRlW8j zjQ8R!_lguX4;8y00L2Q%db1L6&h6ZIWr;9V0f-XuNiBpPtXMXm3*&XbzoHpi2lvP+ z{JA^i3VC_l>@xv06RVB6NgBQ!{B=!f*H#s&f9lN{IMY66cuLeu@g%eMxHA|!;g)vP zSJ)Msv>Dx&$$OsgdqD3Hk~mmAJ_k63(i7J^?F>H-k{oX{8hJ6+c**bFa&+di*`T$GOq|O&a%O zDazjR?Uh^@y#Z5yb|q8km%BB>e131vz#{(sme&FvJy=Z(Vtz0de$wv>QYa?A?jdhO zJuv&rvWhZ-i~x#erMJakw~=ytVNABKa4=`+6_mllFQ9bI&AY8bv%72FcHz1B;Wo_n zfsyh!ME8*)5}?wX^!2uy{tAZ3VVbQJOp2~vF&N;ug&#R6Hmgy1h8Iy!= zajdAYdzgKS=;1Tkd+T(ZD#F|~>v*v3PPIUpZTb3h(jN3>MrIah@7!+-Vy>Ihl z{Q)r!dcciupBQ&NX6j;mxRm+7n;J@Xvjix5>SXKkR_m66C;T%#54jz;F@_Cp_N30^ z4QC%(Va~AwEJ01ot{S(4l?8w9ws8SY*D)=YO=Y<|(iw6Exz^`QM3!JlJ?+>2lbfgj zG@GcU*yPQoeDfCOK@Oyjj@R3_BDp_3q`CG%3NV^YM+Obhj$v?Kda;(X%}uFe<9=Ik?E9m-`h#>gel0%$iRaDF4e| z+54I)TA1n`Tj(IcV#e2fVNs#rUYdb7c#{u;t(!hf~SEK6Dd^dx)xOh6;Y)3-YEgjpdZqFG_AdZuGc43y( zIH=+5RAlA9#W@V)44)}SurRQP`0kxAL3^eToczS!KkUNOxMEHu^`pG@&8soS_B0*) z*|!VB{bqSBnhgexVMW|HlhmlKiTpBN9g4T~n^COhqZk6+mKn|d+?;O6${wh2I)b%} zJ|=|djUV-4ChF_psifMQK|ZH`qSVG8s70k$*R|Vk26+$hInt>7z3!+3_Q5_ct2^y6 zo>_8}2RrEa_)0djgA6KtEOJ%G{*Vqq)zjM-wqP`ny!wXmX&LE=AXGC+8H8B~cRpil zndR??TDQ-y3A9|gn|eJI>QONi0)3mtytW4tqp)KIr1x4MSTXVA7esB?xnT=}k1tW; zK-$RQK`!>(ed#UkJ{j8JX(Ol0^9l<#2B7tJ%Z?ucZd|_DHJ}weinU*}-Qr_ER2~!K(dr!qDi2ix4RtBHvBj zC6!ilUQx(}jNk2Kn~cL+irbP?1R-4Soh08kuEz0JFBL$-#e!=no>y#%YmvLIRKVrhFbbGMIZ+#!$*yJy`sE8!OcD zt)W)(nt+D+X$l{2NOZl`WCf+paDNE=WN2N~AHM)GyR^8q;=2F9B#}ZUh=Ty#s2$KB z2o!#y?bT?pLI2edPBm7tgdHkSGp-hD^C1s3a$BrazK$7hC>B3%dAT$pfd|rF>9?Tm?21&%^=itw3Q-ASzv%j#} zL6yvAAhG5_bgRavs^`(p{mtVqeXr7*c_alfvWe3zR|5Em1h3H;rb-)8DS zFwK&yU&pvYdIdLy8|hxfdU^LB00s=;+*RL}Fb3HBjZUa>5iyxGpDBP8+6Q zvFA+^+)_UK*rju*>VNi&VF)$yi&&^IgqxEyVjH44sBW@ml4ZwKDuUVNH#H zVfj-RF=9*8sTp_B(*x>%wQTndo$S08r=EZ4Sk!xdInotgZQVKzSmDwcf}7<%X!Im} zV(BWOO!P=~=*f|ra#wBDENc>~ayWsCTK;EiG}<1m;X=e2isap^$>msTsQ}j_ksGe) znu8%{dxQF7hvj4~8vj@wcFpl|WDLEgr=54IDAb6m4CTUx4(M;l9QWW(Ff`4c*6=y< z%?y)ZR~E}PLtKoxVsmRyBDDXMDE5Om7?OO=1)cmP^#CJ6fi$Ul#Sk!%)5E6x=O8^K zhQzckBBqmFybtZKmD_#ABzof;Z1zC8zuRW_&M{Ymc#t8T%dM$Z)m7^Grq}_jCvlpf z^nhqi%l}%)k}s5sXX`J9V%`(K-5}9eY#)1+C^&Y58#+PV^3o03pF>mNaMc>9`1u0P3A$4bWM6T3|uFys;sgM2;JZ}YtCIzdT75jK~h1b&FdUwXfi zc4?}J1+ZbmA$?+6(A*OU3-pj&$hSu1IReL2i)0-Wqj?2;0eC6kmHNrXWAZW3GIAl0 zbSh=!3b4ys;)-m-M`Z}|NjzmAiVVU#OagsFpr|pH*hBrbW%g!_&zF zONyt`TcARUaB9gTjm%G?@7MG+jGB$#H%q_{8%~Sk*#fmfkrd|fcSxo4C~wtkZMSMv zz%kQ*qz-B|a(h@#k~eWO;cq3JRVE2mBJbZbl$_homx+)IL!=v-Pl|c*_7`Q}PL1AR z4(lyGczvUCd5sWZ_7Y;iW6j5>2#J0@b2=~m>n)z)UxeuGTdqHUw?~B^(&!$?;At6i zX!oE8g3Bn3*2?#@5a}&vU6!*t#oN+xb(` z`4k-&v$Do}+gqr7zk*RkY=t4k{4al2LQswR#RYS6I_(htvU zf`Xja$MEbqzDe3EgMm0dhq6X4nmajI9udmmkjw%Orv-%$0Gm^Ow94To(6L} z5yW*viVfV#ZJl9|H|BV`4QH zgk1Z2$Qx>1(IDS`7kl-dkGHg zn=?7}Dw`1ozE}30juODoH%i*(@AvB0I-xe$>S#cybD4}*h~8pK3T;IzE9;ExH%rmn zlDd9+(JSnMRZK5PXHBNqi>P4FXycs>0weSK)tcIOCGN0`e zdm#!N>==!%t;llufYdh``P_JUQzgiBm>l&?2meZq?P*cW(56P;iji?af#0;HG`WbA zp(+kSS1HmIGNi9{t`frD4pfEL6(mZiM^8U#@rDfDXB0vx6N%o%5sgRbpHG~jFxV1E zgcKsZ(ps~9I%90YCRSMNEUMt?&o8)o>(^FTL=?_yVJ9bj-4Zai>BS3z-LD*X z^!YK4z=B{#Pe#X zZq)}c#MZa*GOH_0V4tBNo2m1$>Y7ujEr?Wy5wX^5JjaK0U3f#WyPGle+?Hj^oNe3q zVK-Dej?pNa&B{Uq8Dxr-NMdTd%FJ;LD5{w=yzANP=w!Z#PJkMaC_Rx#10qD+v1Ejt zJ0m(+@EeJe>U&?fY=DlsU>_&kMG(J;zY*&b z+`K!Vp4TqqCq)ka`%Zou8yS7@U)<^+v&Z4!cuh9E0@GIf{n84O^09U76pPo@kK4v$ zRDI*tvH0#cz`;vPbvQ4Ll(!@SEFqGfrDq4?>f7Q5S^% z)w{QkG>MwLb9 zx!FT$v7B%*=PfxUFnM?=$cKGzoJP8s@r(M^Wb2kPc7cUOg*&!TRn|`WQbJR!c?=Y-jk)DaK(&B(yt()lukfhDHdx!-GqN(! z5|fcJle%s1WMz6&>n^XOIgf^^yu8g-_4}p<#@t-SR~+C{buK{gl9q~ccX({B+%;7+ zH-#gCmq6e{IeB!%4=%eu)QSC&7+8{0G%QHoGJYG z&o7$p{Jbgr|KC5>dRZd7nlqY&gn>jx{Hm%`_(Tu>b)EfI)oeX2C-$(-*Ei={`C@6W z?JrXgKKd#?tCCTbsQ8XTn-JaeHO(8_^Em~C*jm_Tiq^PU;gy6+w^9ae*J2sZ&CXEitw39o#-zdzf3+=-b`lD z4Y0iV_We4~X!}BW??yX0{Lm~3V?AZ|=NezTi`~Uq5gLAK<#!%wGUn_v4}Z@=K0R0E zcm!RvJF-h!Z$2vJi}mZ|U8jvRjA`IQ(GFXhn&#Y66I{3EmhJ)i!|kEl=8MD2JHzgl zjSk!x3EtcG$nTET#h%=nzP@W{Br>wSOmA@2$xmzdnGDam@stFhPj3aOU_G3jLKgW9 z_g0P-nI_BMjqO^~+YMhmppp;#CQ;z6cYw_+VY~88+we?PXvyXc?LIklXL{MO8o6bQ zkC;23(}SmaVq+uNlI#1^DyY(S!MBf(OJOsq^GAZRY@cACs9`gCcP7rqNyvh|8RtAP zVm3l8<4=AuoGE`kF{7;{9F6(YN|JD5O3wmUx!c)(i+C)e+VNP@eQ)B^T0Y___+E77 z(qGFG!XnSAESx)M>tSM4d34Ho5_2J5jyG3rc4l2lBXcU;r#3(u{Vef=2Fkg>iK&KB7*G~&&al|>amv5;=eAMlsceUjUA$4-4hqf6eKRZ9 zmPVjOMB=QBU)Rq^9mv#26R;-dg(#ykV*G|q=*;zB+B!H(9ADP*z7f$xhrC2uL*IPnxseQ`EhC4A)ZD}N6WaPu`0vlWZLfbx z2ptQlzi@`Tbq9L`4}Go^GS*dFwlU z$tG`|-Ri#Le3rSgo}>u9+}OYi{9dl<>@Ylck5zifK{W8<{0f`hiK3j2HDiYx%cr}y zly0rW7^c+oZZu}dU+#>Iem zCc^&i-(0N`w>ip`KO%t**;=N6(|XVLmf5*GIOGtnp3ft;pitI+i%p-}J|ng4sNa$V zR<3UO?$JsK>@WktM^D^l)Po#sNU>ly4?*`y=PKT{=ZO_MhbMYlhaLn;!sYm^M;6Cw z_@5EqQ3vX*{h67sk)u+uh++?&@Z|TPG~Ec^iCSr}3{2KA%klrY*oXKys9a}X3NJno zS3I}4NGuvUL7pHfZ7@Cg*|tEAz0ywZgSEU z=9@P3L!JfCh_vE1jXu)so70T2QdtdAiH~vkz#a>h1Wk>SB@LMEus| zU7z^dGA@BT(;6x)Gf@wJZO>u4c`&j(l@v#)?-SJ2g0VK~3@V-zMJcQMP|$d#^GW<; z5}O*{MPhuQSETbUc7LrwySRkkm6C+CI*1Ew=EWw7tN`Td_6Z66>` zqo5;O=Yr+vDXbZ~zq-7(=3~Mop6#xdn~UGC@)J^ z_W3;!wNv(U22N=G_v&x@8EJS)ZWG))GHyU{x8^U3!-x5tj(UHrCPKvd%cMcOr_(Wx z|Jk&gK1PmSnBf3LN9v+EJ8}!_^2{qt`TbnW_=fpyPX@&kf#J+A2IKhxi{Pl=$9@RD z=TM+3GLZRY_=Ddp>c*^cG{I2;|U`zV@ zS-6@awiIvS!83QxWhaW47@Q&W&{>9yoYS4O_)Z@7j8_<#a}Xm9kA3?Z_n^Yg-V|#JpVm%?>ru|l9v6}ihZ^hw+Ek#%aaLF z|D8zi)Lp4m4tu=D`OhT!m!%!396M}#IWtE$t8(~~@cU!%RXDU^_$86H5$|3b=*U}xu zwabK_;z-pwHhZ{dZq=;Ddq`I1#>K`p_j+x za>|lCNW>k-Z!UNeTxKC!XUkmH3!c z9y70RRQs~)8cLuxr}cHyYwtoJVCib>C5i?ZS=ISmeE#3zWL^$i*mW&@TXCGwi}~8F z;hA%+=19oi-d>~sagSB7u1Ur^L7^YI(!=D}H2Sqp;cr?7-9sE3ynqbX{pmXg=; z{}{kh)StbT1si-~(OZ!xbi_mhAFE&#%VsisFp5K?f64+yr3B5i>9LZgRS`ijh2UpK z9tZypTB$9}&fm9Eo|N3*TE`R~GEq31y~Jz9oPT9yO}6)cLL6M(+1lH%5j|>3o)O15 zY2`^#L$I1Ya05$y@x|aX>3>a#o3L&bK05bgzK+qsv2PFnBPC4}&mLK9Vdx`icDjn^ zF(&oj)lm{@_k6Vf&^PsPX}yoP^XrXmse2&>G`&tsuTRS=-H$-0=*+oRa0d-=ak{R& z!s!f_;R{_9=K{mGZLtJ7ed~evE9wTH)xhpjhGeaoI`yOUO+3h-8G(2HR7wn-7#nL? zP1BqlQ;{p{*95I6S+UdK`|<3$lP-9ygwMvb_WbK$M^KTBXB z+>~Jd|MbFhN)S#wW}o}oA=}QJ{8@aHO_w){CsK$ z^WKts&YVBb5|HQS2_QeQ|Krs$2#``;REw@Nw1J1g;YfOCYxrxXn8rdD%Kdk4w<(0U ze(a9$Zw~Ol(bb_p6);+%YasBZmiwIyXyT0y5;%IH-=H2YIZ=Zk7sgfn*z6C*B=4UOWT#wS=t&i*^TSt81-uP82py54}{?U zD$PHaOWKruH4q34oSLhsv~a$8BxFb@ytc;yK>Xau>WB9w{h1Vp+lDLy1ph3>1d{5n zRa{`t%BGlnBJjA8%K7# zbHBO6C&Blp;A&@g1ta}#L7F;b)g&Y{@(EJtalYICT!s19Roj1dbK|eSpHzMI_hTG= zvABXeSK;osW$~rf;+Oq}(!a?6LSvRa0cOz<>~LH_!wh`F2mNfQQX1$E#bwjI7L3O?9I z>UYQSjO(TD$<0JG4udMyGou=j0p~WrC+!8`ZGXls0d2lnGP;DFx(jC_{HW~DySA2%O_!Q5*ugA9U~)oO#1sI zAL#t1z9jj-cb~-Ow=Ix>lcRA+s(&9M$&25VjD&&uw-t%*m_n_)z{`~U((u-nsE1}3 z1zto))fshdt-vX=qVav&=mq0sPb++NJyB#<(SN;*o|%M17@goPrLy+8WGPD-jm_^S zIU+R@*GdvOClQ20FO^U=W$POb&)ki#DV=>ThQ?2uKln-6tDu#S0Y!^ zZph@~{Hs!L$gse*jL&y&ho?UHgvj@;V=zzATgZmepTSoQ={xs{!&elVuvP<$?XAtw zO9l_umL`+thH8_H>=HK63mdZA5 zZQ59!Uu;$o8Er{Wk(HBcj>O@wcx<`0#w%U39j?p9ofU&HvnSx&x9ffrLY(VCdY04dZQN3ap@b!``-W5T>aQ^O*JS

RzSoNizS4*U1^Y+oAVpCU@mG%CZnQ2j~wsXh^#&zNRn7uZU&yTa5XJt*G zWD(hNtiT} z37#^ywLZgV`^j@Q19usCqJ_gIPHdD$WE$6>;Mev#O1Ck~xohYAatH*1YO#wwZhK??2OOY$q)@_3 z76sGgsh&_l$5dF|SB%js0VbN6wC`cO)HKmILa$h_)4~wSDO%ZA@Jr^KU>%s^snO=R z#fi-NM6GO70jHU_T^3&}K)E#G$kH7wg3sdj1y}7LY<~Z3MaQPR5-}QgGd{PRev&>G#6apQ5L?vR7xIoVButP>rie2fLH)gW%;|WM$oJ+E-FM zX?;efUDq)}YF<)OQcLg(EtwjGehBjh*R~pxOZji8cnF-POxpSdy5UvB)wvwetBxq>6caMX4_Jps5Hb>lm$-DdELFl!SDiwMoh(BxWgh~EEdiT^BtXI7lw+A z_3tN?U+hxQChsPsYUf1dY;rRBI@`os2VihQ-rswR@#_Y+>leq{>tpiuorkEpVshH>DQvcNDtuemiqMkl{DtnxXYb6Rr_2Azyuw2 ziVM;;{r&tF&++t3`sMV8S(U&X;v!wX{`Pg|&X4b> z@`o|F#TFHp@s!+!dXFs?6B7yg#rw!*&!7K#tV*}gp_RAKb#TSGHBk-c{avrvCFqy- zl2(+k8y^czIwW9Z1`oeyTsLX-JbcF0Em4zts=$8Tq)zUszC}m+)#GQcD?-XuOVQ%S zt&PN>FvDZjoBZwDfbIeI=`!6X71oip?1kTAI*NWiJS4kz!Y%Rc_fX7toK>&Tzl>z} zcLn2*+>3FUd)t0S7<%Yrf(%{6XaQzVuk5!+o^}g-kuVxWAd``6m#$|*t;CA!Lm6|U+f6^6_SsygwLGGLWnmdlEu2z@ z;Jfg{EUgn0_aH0lN`MvV9p6TYU41LfjSmG1V?ZhCQyZji&9X5t9D2Ciqvk3unp>9TLB* zqZ6K5Fm@i2_jLe*PoCa;dG8^!*HhQ91YGh$J7qzwDf z%q0Czy+6h**?}RQVcl9G)t8o)RYteEtvhtZysFOabJu3L(v@vC{Hzav%i?Hr)ty%m zEYz<(J=|D0U6MravC#~% zU3uYlWoaIsw<0U!gsuX1y~?XXxmOfS^m;wZiF#8U59s`IMn+RQ@OG*Z8K zx-PbAtdGTzD3Sq6)wInH@hi3>qjC-DPpP8!&~fas51HhYZ4G3W(y1KtqIVzZn1cT* z!W<9vO!a%wv$vUvK=L|skl4|oNhj>up+Ud*ffxkUGIb@qFTV&)^aEQ$zn>@R{;@a4 zkr}wB`bFzgg-;~!`JA{Io+Ai|yw`o*q6a@+T(H=t&27?zbzAB*7I2)>$4v=h_@Y7`?$?IV9zn266}Pp8#(@eSi-3NOC%SLhn3&2;tUjgz>dxr! zMD`Z)Lx*I`%VV9CB3P(L?%Qe&nFCl;^GgL`6a3*ldE;rNdbJ@OxwxlPlU=zSSEN-` zROE&hx2CtZ(lk9?zjL?0`YJ?n5Lnz}I;-X643?vxeWy9Rxd0y(&sLt!sY*Y4`LYVc zu8UW$17@@gS$WXKgnhEETHcU ziNcJPD@mE8%6xar?>FSF9>VpGuZ{ z@f9vx;GLAK-FLpeYSgwW9vXDq_eljYsGmuS415&kD|G{|hfZAhdA>%1&t)NAz+qy9 z$0!7REqNFg5a1(J6uQnp>Hsl8EHZ7G1U>zLmo{^0igs=yK>3_1vQwvd%oPE?9`x&k z<>YGCuYTT7Pr2sGZQ9ZRxWaYgCl<%$2kw(Otx;k}n@yC;#59QU> zgL5o<5@9p}iOI3nB%ejsnwlEj3Xv*p)Rl8|`MANkH`PAs*D6jCuX~B(gY#C}Go{f@~&cW=KpIbGwy)npQoL zu&Iy49m2Vsfj|u5L)qLs*_Si%X66T%rHKRxky$@!mHP=I?;kNj3MM6S?_3T;6KDXtFfL=P1$EXJXfTHr^+lfL5CNO1U z%}ZU&m%+gwz+BD?2xtM6vRQY1A~6SvAZcXe9=CaiB8x(#-D=@<(Y(JeC%}cUT8p|! zT++mZdG2Kr(Q~LZfXrY*CTINT=SSYpo;6fZ>nAtIDHQfB0l#j1!FX+9C`4ZXGY+soYawuLex2NsV$h8?%+)miRwj7rV_bxJ}~G7-|N zfa}Wrj9wO!J%8Bp#xU!Cf7$I#_bur<+pYdKfch^uCFukm7Do8t-yk;f zZG5nc6uZemh>3~Gc9_(va;WmBQz>+qgm2)8BlOH>etwp(=QnLR2SYi{4%{wQAR)sd z0gcgosyjdYrFkRBA$NRP7fvW}6fY=ymdE*VB2mfkv;q_V^reZSk&9m&W2El*Dgih+ z15et2lveXrS6bjq%mtsCEDsuY!Vx8qG*WFCpEH%m7Yqx_CL#m-E!+yVnD| zFoF)rns|ajgur_^4G4VSW8R?D7uR)TNMa6R*TJ4GZ?@F?E>rp*n`+B_9;Jz@2?HJL zZjBPuqZw70W&mnJp}R-<0odck6yi@?@6wW0J#a=1S&|2u$G zN(l)Gvhwn6EK#oS$c0x#QL?3T?2ZQdaJ}-Ru0!XY0?3mKux+NG9Og*vKUm>Ln5-4# zSe>n+cg(*5AW19NQg=dHUPeYqRrS>=Udv<%9r>;ikQX#6PiEh16dSIKKxa|sK{YM} z7GN7{0v7GEFxssD#xBL4#-?yL=eP?NcS}p2`MQQcGouM>*+*lJ?zJUj0<8!tOp)LK0IgWE4;a& zBGV+YHA_xocm+~S-0(I)G%9N9I6!mx1j z*ay-_DZquAf;9A44Sl}`Urge$_z|yP>W=u~ZFtWQ!T`{#BnTZ6k~Uzn;NUREYdLIKeF13w0V3t+ zSwRTba0IOd_GUqV9stdspApc`wQT+5NeYrFE{Ih{5(P=vw>0pDv4zp*y*c$hMA&Jw zrHM{}%|YyWKX>aw#t*%0><^ecB4-=yirZ=C7BYv~4WP-HKy4>{0uGQQLwJ2ldFRd@ zlV9K7fTs~KPCs|iiMV$!Nt0a$d7%ZQW(xp`=|$4Lkdr5sNEjF(eEekb*k12LI>0!h znv+Ttk{vI7-=S}OK_M48E$o{2BiBm*=UBR^2?Ifi5JE9m#`aKXs3jkPJ1b9-Qn%GY|xch>3u}k(T9`k$n!;j-ZmqE&4 zP8FcGd+<;S5?DF2p|8VquLYhGYIW&I6(cd}&f|=RD$9<5zw6i2)0T=LU{7+2wSm3> z#z8nEcW~o^prAI2`M#W?eAe%(>Q~pNOCct9W*V>CsFuDK@hE|vF`Qi7p79a^%VA3^ zY8v8!%?{zL+%b0u1(3&qn0nE6K_=C%JP9_qZs=MHSbo_KR2U#MTTKuD6V1J*@KF2rEy3xxt=tL;8pEQGwpF$mK^?ZU1r>9=p+raXQeEo-7fX~Y4Z zso{5u`-Z2ZVaScMgTiCGMMR zveMG$7K{fg{Q%?mP;&%Rt_9LkQK=1V*X<&if+MAP`?n29N~DvsYt@-1j=66VQKf#_aQA{+-k|1N^}Bt4Nx#Sv@wO~=jLpHhbqX%C~%>C z9Obc<-^>F^wFR)qBEXI@&<@lfAz@_@2?Z9OQo1>5g)kly6O$b>#zrZ6HE?u|G}|r4 zZz%1=hKrmM0y1yf{K4;Q2uB(u-|^=xkqzKE;gKFd-w+am3P&tdV$d_e(d^e(haG|R z!~;A8$c*^3D)`+UV`J)$I$f+)Pk~zHNk4iKJ>`2+b1?hXI0gDHLlV(ya3zKZZU8yP zIy2+ojK8i13f=xfMq{YcE7uVwZP}Lm20bamu*wv8g=tglbAU^E_oD}wQMiMV#tCxl z*0ciM$u}=Um_q2ue-h$mJR)e+x^{to9Y3B8LahvcVE5arq(N*N@_>fg%bpyvZ@$3` zss3i>UFSss!2D>n?4=tvV2R@(ix6y%j{13fH^DY?1EWMN6M~jU6_JR>61fgbyrY3re!KP6xBOpaQ#Cn{a00!p<0UX4AnP|G2&GqGW zq~ai8?+g%TPabeJb;BzEY_Pj(A0n8f9MlmAoRWYS?49ow@*)d*-_oL5#ZwhPuYoog zszg0DEu&$kFq4g7Rry@8zgz3~3uL$k5Qx z0FcZU~9!H$9+0)`9b%a(3o5a{~r8x4{L!Q+%61;Yt3v1T#nLmGZEWwM`S zM~J)n7Ro)0s~np=L-t3rofQB_5~@<_r!BezZ){9k_h zvMMtYMaO!J3nw{A7%rfIxd%ZNu=y^-$B&Do{r&yhVEJq^$Z~=GfY$qAcNhM6%@f@P zHh%ujjQtMtzrM2@a##)ZY$d_TLVe4^b9fxWsAt}*aKrYnc7728?5$*OsUtXm9ARm? zFYPznfu-H>*chZ=1i0g37r#iY@7li-Q}%H0A=)G;2EbVXO~3!6Bt1zR=$9@~=mxOB zpIH|1l5=3Y$Y7CoX##>_kiMXqE{ZTA&|N(}tOz)^e-#Qpu#(m^{nAfrvAPmAFx5li zHU`vNUk{amt|-XP#SH`#e1WPW1tEQCVvqMxg<-^wGc@$*%wylJ-X*zJCD4@Iz3 zoh`kst}9T?Lkg73%;){B?<5Y<7*f*H>k}&q=juouv)7iVr?ZL+Z3*?%iGkg*GRNIO zWr1w;ARQ_?q7l$pYcyx$8u=r0OkXLT0J@oTyxZ4aO%Db$~j1UqJRx{UU?s) z2fhKAQNVp8&zI8$gr7s^%dHyv{5{(_*uaVJd)IZ0e2P5ePxTt!GqZX3!$h1HF^yg0bLj9 zdSbwJk+viGEALe?fEd#RuFBgM7I03H=~+c z-_2hS=L1)+VjM-)1aP;Asm`##z-So7?9+o?dw7;bb;csn1`@g+XYBi5cv5q zhnA%yd95Nbt}|DWMRXvGsD|QjwCJZ#wo^>2U!EUN)JTg26!Q*o2j#j*HACNhhflsm zv>YO(24K2@fq{eKHt+|!3WN+(C`O4ERTEiKmy+9?2oTL|cA#Pn(h^o?b8Qhqhhw+3*RStkaUebc4jymQwzAiW z9Z&PvO!|!(Bk@!GH{NhbfW)H=N_SiG&B3{OsDO6?CmvmKtC$IuwI#7L3voK?9O zc{}8I^S{rE_l zY;y92@2@$p0cKT&eF^2UNQ6S5K##mELC>jwFT$_jVH$90Yqpt293B@n4W|H6$~=0S ztrXz-IZz>BiD6i#e4Tuoy~21B(NR$EJ`q4?{(3To)39=7g5PnXgVE6UgF@6)=I}xg z$VVfgW~muC$>-r`Ulv5(^Ma_fI_xGR_H~;N2 zu%&Pm=aM1L-I9rywCN2B@;Xd2u)r61*eT7pJ`$=s0Xw@2wLua&K}7 z^Cam=PQ#}lko1+7LWvhE1Kz4Q-CKM}s0t`5ka!4RSbnKF$Q-TEuA!Eya}(;&8npc#d;}=Ghj?f9HqC3E)TT--nFY4qq z%+5pgq4wlpRxrEnd1yf?3L+5RfnfXt@M9Sis!4(YT|sOEOM{G>1ey?C0RD7MgrFl5 z>|1gyw2xqfG(+@U62RPA;sYVV53FoL1t$^IGp@>baN4!zsI6Fb-2%X|U|GOp-25$; zC%fW6En_=>UKZ!F(0~McZp&_vpZqX5EyAnN(6KyjMSzEJ)=ZNLsM>jZN^(Hc`*U9AY@jq2F3=;_jJy}!J)NlUoy{}jEbSJZ)!tpl7` zI@SY=JO^M*6L-6g%E+c-u^$mg#3&?5`K}LfaY;};M#yk516G;{QnG(}!90`-B7i6c zMMkEAcY)5K49cgj=cMr32s1($&@qyLg{FcanBW)`Qgi=Vpo|_i*Su31@+s^j)E0%G z6X!{}6<`M;i-Uq^H`c-mzMHBmh(hyTb--5e1#|!eg@;ef?*07C=q(Za?gM1RXJovpAiNse)YRm<<>CyiC1sbux;``FkH%yB)0A7dj?9VkUj6^ye( zmsBG3=%8MZNu~a1z=b;u5~W<|!+LP$iEhstFyatSNspCs`tY0-#ps8YdHqj!*K@+I ziZSN{P1{>{Ss0Kd_(rr3M@h%5rmJfaU|*FH*LvagRl&frIxwH7kwl%MnNfy}7G` zA=)G=zxS?9(jM*`4+{!<4+jY@0?@i`cEvCNch>N_Cr;g2BNub&)`P(eut`=>ZK7P~ zo)2a~_ZN(H1Lo*o?my483Yo{+MP6TO4(tc~s-I^AVNE3TFf(5xyn6jQ9?pca!;)AX z2%R#CgHeboLS0+eeRaqiVk2Z~J77~|Kp+UQC;`y5g}-?5bEOCHs}3??Xvj%KerDBI zvIbhip>Ou!SSH}{-hO`Y8(Yb6vT>jlZ!VW^w}LXNntAsI!iA^|2~4cp{e*@fAv_aO zx*-7ttX8DUKsSgfNU(eF&JL}Ad=CQ9-V$CCl5Id6pZ?MaEP|>m=;QP!a2>WmDO z-W?_w0ftp^gH())=B-H@99IY&K%pQa0QSMnd?GE_n5zYcfDW=DJA-uOQox8Il)y2a z0PNO5jH3b61IbX}RD4sV8x7aU`EvwqfB6DNSBsH6g6JBO zo{8(y7|43Qoc{MOegoiQKlAfyRZt1ej|jU9Mgzt%irNEEWdv#9lRwl53-k3Nf>Zl9 zL8==E_7;eB1E}lm@2?Ii2Du(|RLLOH3FX=myD6Ixc3stIvAwOJncDvP))>xjs|t-v z=zvh+1I`o#ak0gz9^i_bkmVfKZ&Fg#fGh}-JxHK$2QvWoD}g~4fH$N5EYxG+AHM;! zVwOR?$h0jv0j$LA+iOmjxf&LPxgnd}190O%jCw15IScxqo}=$^cfj-k1P6S_9-&(EkfU(mDDE=j_f-E0Q>=+Mo zt5O81Bv>jB|F6*C17(|04>CrS0{7()RmP90(K*B53%QoYUo%$0TE&N+0+K0 z!+f_tiUq)dVegfrg;!6@ZBbDS9_- z&2nIOrm+It|2?U1_6k8e>s~Y<2SJN@MEbz;WEB)bRA=swLjq5LkZ1ZME1`LBIfDF% z{6kTva4-YXIf_)U)pkNWJEaLbkh26ag0QLYVqy+W>=KTGh+SRX0OE0+WluqZ@_SkT zt^;)ZHsV3&)sQF^g-J(m|2c?Jc{~ zeZ}I3Dv=c1` z3A6y}qkOnXD4T&4o9CvVnra!5J1{s%hhI2j0zC*^mFKv*vp?DDf~;oRkscizjvE9n zMkmlR#MsACvhr?F-Cz|?CJDA0G2hsMNtrq;U<9x{*j!r|SAZ)npjX)eVv8!_2-{j~ zFAe^Yzd-T;b=W_6Ygc}R_tlR`B6u+?lp&yi1jq@HEz%e1ypGE4WnKjV+QykN%{bDz za;d#dBy2I+N@Cy`A(`5Y^Y z=KNF&9S}L7R`O6zuq}{X%CjD%1mdvJNgRc_1I#~Lvo7tv&?ps=QwRlX)W@=9I|DJy zWTYW_uP_U|!2nS0!CPokAg6Mcp99?pDQ#7ZeW^^&0MXCD=(|sAzFjj9ah;_B1unHm44J8=LQsig_sw(vhIXG&`VP3#32gMm++r zy@9qLnp z+NAtxt%Y)c7yxqA&r<4dS!mmTp;4 z2m&6L06E#eYJ;xEIkO&G$d&6X3J^y}cmX;tGI}6#LSo7?X~u3&3wICqd7~;gkeuMy z@OqB3XDde^8WI-j1gH5n8yTkCZoz@s{IG;YVI*wyt}8?efej*J%i%k_Az|p=2_X*9%=;b6 z2JL$I6xj6-0LsQuPbwV9!D1V0$ULxPvGMUxCvE}V6UcZuD?uTgFB0#(WnsgRiNtcPMQa#1(J{pT!E^)Sv`GQOT4JUgz_m87yxYXPb!7j zSZ1~W_|bLhe*)MB@H%QURLwS33t-|0$qU&xYQKZZ7wUBL*qVcngpg zc=zQf=1y&JD`3k1tYZoKv&Vmhp&>6Y5gwI8bwd@h3WPWkAZDV{a!|sCwp!RNpJ&9M z>9)i0?>6*y!)}tGg*KsrGnhSS94C;Afv5;`_fCga1PB>B4MFI#Ilg+%q6`*(z9JB- zP66M6`JqBF0}(pq#Gx8dJjr?MKp-tGlHXtkNHT%9O-RHbW%XpiV6eQunE3gGpc4x; ztk8dM2M3Y{s0YuyzzCC1Hz;3#Sl#+(dUGAusCr@A_p9g}f48ZTkiZ*24_+)ox9&)^ z7v|56s2B^@iR^D@U31U}@d3)*0XbC<&OqpC2Z9J97E=~z2v9Ibh0C3Bsx~#sPvZ%X zt`)m1qImsh+p4Y78ShM8#N;-C(7sLHARFt^&Ak=VdR^ zlX*aUvQaat;iuhTpCwRsNsn%7Jt?Xz|=O6n`93Km`~X!=nskk9Rv(w=kZ{k zO)Im5{~0|Gnntp3ecp}s0SZ^6;MCc;ecevLU>3g|S3srTogKgQ0ys8oS|b_=2lE{G z^4w)@H10nmIRX1Zl>6^_;x=Z=U7+XvpOrpCczRGIYMY~f)#GV{By1))yKU_L-%}M+ zh2CmZYc&Pk012W%Y~KUG8iUM@zA_KkFTzOJjw-%P?(@$5=L|Jbm`ZN;3p17Y%S+s~ zEm_xZ2+1CwzAT=(@#c+`vt9fvsoUP~3?$=UYdw#pJKH<(oDBQRQ;O-l*8{WQAH&Q0 zC#%bLADWn$m~{qz9eJ`OQ?T&+(RqQ)%asa>iWFt#-HQy zdi1`dqZGt~#zZx?yu!lr-d+q;dlX$}pZUhCo*ymsk(>kF{{0uGK;@Hy4i`Wlk6E}) zAx5@JF3H9C_%$btKq2<2rse>YtKg5`UcJ!@Ca&fZH@xpD?t{Emy{}M~ISop`S7~W! zlaG}5B}o0^;^OCuPd=s)+jAkO^L@*$qam;=)PB_;_PK^BW4WZ?ubzMi_~l3lo!*@3)7? zGRcxtQiAj@yn6x_enx<8qZJH~Ddy;Xjl{?}ZCj*XI#YIjBs*{*Q0ykzuG6PaV>n*eeC?XkF$TBJo(J;H1GL;&HltEP+8KU zp$u+2d2(kGJeGPMoA%~EvSj{w=sUhQZ{A4Xxbgm#^7%)w#`K&Vbyxm-HNZY7(R+p* z``>@K3uW@A!i+E14Y0>6Af;V}V}t8yT%o&u7FwLnmC(LYPP8(-efw3f-6YD=pEmfbZ>z@o9cNg^bPC#Gi#74507ChYmtFkko?j7v$d^DZ^|9ud2nT7XI75jvQ zxfmrA`NgYWw)VD=`3Yt1$v7}>JyE7dB;I8!>3y9DyUB}o)7J=gBx_(RJd5Vox`+fZ z`hCZnqP>O6xrWpEQSrwL*z5%zuvVYjy@aK{Y*B0wvLt2~t0@0_|Av-9OVHfvx?s+q ze}a{!re#l$4byHmhkA8aT`q2#8ga{$HR9GMYv8<0R&|RVF-PMj)r1!A4GB4M9@U@H ze!H?}B+Es3-u=%JHqFu4^HJ{S_`-^DQWe4ErJo)r_lRC`xpV%%E>rHoZB(VLoOORQ zU?8<1)PbXI?Lb&Q!OCo6s|IcLs;az^!<EkKc9)G$T?U}{s`ePX)drGkuO0GSZ&;GHJ z>#PJ0z1k|4(_D@2bKI={K5G+1yKjB3pJ&-sa)HNhY6VKmmqb2(Us@O6a_nAWvbMbV zt%|8m?=+7}CgwNQM^N}+6}OqI5V{_a_ngNngtkh;Vt$GHnfz-jApU zD9MEq>B)6E{1&}R6nB@ftt7>f@7cpbQw!U}cGsDSpNBOx z*N5vGGr1SjR<~tEyTqA4KE)X>1*!G|ExOeXT zt5E-;=fohq@RwP(S#K%2)-)*&dP(rke~+RhK*+R8qR3`Do%StNla_va5VM5cQj2yb z{iRd2*7q^+Wzq&cEo?<)T56!{&oax$72nnV%kG8GpZT+&%7L!T^GDSy?#7HSEF9dM zs>L1T>`NUNXSf*9nfJzCYF0$()u~5N)O$ej?s}R|K0<0_jF*5PSA-N|2L}c&8C6rP ztge3U?4;4t(;NAb&4%81TlqLz3sn0p=;2NE1_lNcVz+=Gdvk>GCzxTkUoTuN5#Goj z;FKEToSRXm#nH#Dti`|jiE?Yfz=DlGtEA;fT zLF#lhIQ-I=w^tv@E`XA{&yNU_w3D+lBdC~hv#YDCuX!v^L3w_+nVH$j$_fJm1Btu4 zdwNEOC&g}0PtSdLedF(;dpS5bbc&pmrUSl9^Y|7>&gG~m{dVi-C35Yywzhbcw4=M% z_Wx`*EIn7?YB^;|HbT#^X+C``poDb&Jmyouid&h$gj`Sbzi0o{pLnEnXk>A{f~Bsn z{Q11c_#$WSl;Js*T9`Bt;5+`@Mp&yKSqH?(09K4#affUMNTj}=9GVpxS9EXRW&#er zpK*`y_J-}FqBJP{Jf_$U?=Ea#xgq({poN=|8~!Z5#Vzpow$O8MxAcDLlj_q^0bn&3 za$l++E_*f8|N8Xi2V(e<czF$**KKvx^o9BDvZuF} z)^1e<#|gP_jbFLY#eF=`E0}@D0OzmU;S=6%UeT^_?Vs>4B0YuED5d^Y5WGmz{t+{> z$f>`{cWqWg^ws$Ue(^bw0e<%PdqNR-uq{Pft14W?1H;3^GqbeRRy#K|G{nf8OJo}v zKUD(|>%y{aEnQ81etvabPB_^)nQQ;=LJA%C<3E=2)R(xRy&811qwRQ_!Ax9k`aLuD z+XHG%;~ki^vhaA?!v_;K+=4b)^scR?xK?bFDJ8yIdqylO68aV)NR3{U^zk`VR8&Mk zOX~}722kP;>sC69Hc5;-zLV2R1@dx@%(J1PK{><&$^t-#_5=8d<=liyYB?1Do&nuP z)gmWo?Vbhk?Vc~c;}q>oa;ionRp)a@hG9S4 z%)-I~ayBg#=?>V~T&aIMJ2zJbrIY)!0}^(VKd1nz38aw!N(~PTcf}o$^N3JNU~W*o z2{!Y|yC;)MUtuUX@H+8n;C0HX7lB2C)suh4WVMGMUI=}uG%ziwQ0zZL=bRV3`1V`7 z-No@;CoH~83@4nS&t@NAb-)y-tk5&c27UY(82<9*BhVK_$#!{oc=%#)r=Y_UtQ5Kp zo1aPPR#kraatlf!;Pne5jhfI>ogl>nyzT(wo>aYJt*LeqASs$RZ}vl(uL^YH#x#8q z0P`_W*d{x4=w)RBb3SyMq<{PwVwAgfDdn zQ@o=+2iM52BUFtxJPx&udcAEfTECh??Poaq6}PW!o$OS*rc$F>H-2;4GNIeeo$sv5 z4IVJ%cYqPt@B`5I#t;=}9yd_A@F1rxK63K|PQ&FvgOL2Wc|79k&+p$U_wUcLDVhej zQ~d7T8bF_4vfnm>19A#vNDv~oK(M5q#D4TO%~~iF>m6990!NBhK1ctwHNU}=mz}*6 z9f!w}QBnSYXx`!jtgZc1o;gqSpS1ne%B(=?%iWTzXoHtvVPWygs3LarR%~VBIpKmp zT&lChBLY&h9{9TO6ur&y(L%!(Ir z1I$^1r#Jm7{^BD&EaoZ_u9K46x>kkF=^IxLVCc(WFWS;)yaJW%?$f7FCuO_FA2di1 zY-LV&LOStb=^Mc}rQ{s_xW9vbp$&ZtPWJ#+`*X^#{r%O_(g3e`(X53qASfY(p^6}Q zmM;RsqI0LA+_Z^*x*0exZn^XA?YcLwxuke`*DFv`ameL2_q1hOlS5nWfR_}11qUD& zZBU;|Yr;#`K-MSptGT2Xj`2XRBir1rW_1s}Wc?=z;SaiQbN2Ft-CzfKBwfhe#g(;^ z!eb&41@r#puT$E?{XdP!N_#j>eUcfp_bK`il3@SXi7id}49i61(geqz=!xS8iuIZ$ zubn@lnlkR@&3Cr=Jpg;Wxh zTGBhWN?yKiY&miRs|_2C^W#Wgp9hXCfkI)HCpL=X$Wyy#LmbLt{eCpXhEa1Hx_SSX z`=;jU3uTF~v-j`F^PA-AIQU7#);8zW3;X`#M(0MV1*R9QKkSSDe(qu9)M4&7$0yYH zsfosgUb)0I2i)Wmy9a~91?-YOmKPc!B0<>wn>g1ApD)z=k&VU>j8dp|GwJn0GSMHx zd0#6%jUY>-&(sWN#S@H~fL%r>Cxcyu1%eJi6R@wt z6oKT5D^@pBn?1yR&HMF|Gum+rUQOwiN7iCduuUG#} z`S$7578yFD@qW%Y2qX+`vEX8_ z9sjlzE8MJ)3~*O{6RrzEcuII##ZO!1ubL&yQgph}IAr!fy#7?~t82nVF|!<8Dj~04 zYi1#mJKeiYz)fhk$0`_opsPYN$;!^oGcj@ZzI|`b8|}nCArKooyU?q*LG-Ss?K$Hj zZijqFJ*n5X7o;-<%G&_Y8J#Vrw#^o2-RBnwLZrs)gqY#X@E8QYd%+e*n@Q(!IjJ$F zklV2(iO=GsR^sK#D+gb^{XZ(au1)>ho60E(wtZSGezPKWw2djuKi$oYePg?;qKE3r z(O=VCGsn)kaX6|4`q(d>`o2&}Mw8O_JYDkOiDR0J)Z5}!w7!yDL1e+!08dP!{I66k z{nL%fgfdiic ztjC8b!}_&^Oe-)UguV*HI*3E);X^v$wYyIi-53hB?HdNE?AYU!4-LsJS=XqM0a$bt z>i6V;ikV<7zc1u|pk5Fb=>1lH6+co+mo|CHUC(34uy4#}O(3i_aHRUVRK0I|{63i5 z@xwjJ#m9mx9;dea^E^1Yq{i}pB_4P&ayPS@-3XK>{5Wxg|i1#xS~ zYj8?RGN`Jm0u4J1G!tY-K5>g?0D(Z_6pUU92i^p|g*YIQFMY3z-wX>9f8=uVl(z|h zD^G17cTRRcOV#qv#f;@&KL@WdzU+BeAsWP774**`@7+69bZLk_?(U(2JwlomF)d;@ zhzLFQmxh6douN-_chYFBu_fc$Fa70hQukLxpVfapCmD2>e>=#aqkvS2lpj}!qf4~i zp=XO8=w8i6-=!r51U7^Bp@3Y9h^}n4LLWeyAmW;woSc=dts-JZEl^pFEN7%t^61Ts zg6R}{E?I|2M1AxXU*rcyJbL7f`yg;m$YXA)oOR-PafUxa#*vnINcePh^wZGuS%cE7 ztbCBRivR38muQMDEbiEOZ&Avj5Be6$!#mX{K023(1!b6D30!Qc(nk*FJn}2VHS$Xn zZQ$&{9;MgJm4EO9Z&GC1bf~I)?rfg&jBKNwPr}bW%D!i}hYzK7GMqNs)Uod`anqLt zNwXZ>L~R-q4@L1I#+zkbPqjx#Ulv>DVm+d+rKOFC@MUv358wV-_r|Q@#l>M=qp{`1 zaI5R~4^@BuI`rny)+pIH(G@jiyJxzG_t(EXOBb0TTbq7fZTRH3*wZ{5q_6(VM;2mF zJ@h0VReJwP(d+G0Jn>N`JRf%ciPW52b0J@I_4!_mdSsV-n3%Dhew6OEeAhZAoQd&q zlC_Fmdz+We02}fRmUJi6Le&rSdk1p6-5#JmXYmT9t=br-W;m20bh)c(ExvqgqBe@3 zwd!R4ledkZ7|50L{jPAFJW`RuhRnlX&fmMJar6%tz)yAM)qrz$ZccG|;|AG<>9?cS zCAH75aMw@#wb_|sL4$iP%;-?;d{0By_g?R&4Mq2@S2im=F>OH^adk}_Q`Npd51ZSb zC$XbWNC}kM;RZH+`(XsXxZQ&co!{l&**Bz}8w< zX?yL2j`s*-w7^^XB$`OVW9?t3?V1-qWU=&o*iofGDd?{!eDXL@m{7G0_lM~Z#ee2} zswqaKJ@2;iU8Q5U$kPDBtT!arG*iv&oV<$zU2H5LCdyl`;S%Gw9cQj``cqvf|01=! zX3t*vlFNE**~(>Wzhd7`q&LY~Hfy7;k3Y{Dy8gzmDsO?t`kvcG)iYb=1jQ3%W{xk5 zE@yVT1>i~Zr{*Zx)V|QAre^V!OPvuupfL2^`*ViBLVA8+>+>tIhDPMd46Xh$yxh#n zH5^3JPLZ!?(c09JDj*T0W+1%=l|L1;SX^_y*C!NZYnQz8afYP-*}XRKT)+G?@uay} zLImRgQPlcm_8ZnV<{N5e2v6Jy>mk`xCY;c2-+{H75RXea)^SWO*oh`%sKGPcCw-Ew zdtAvT?3ez1Up5)1SM*gsMr75(CE}a2>8?~9_w7wCvJ{#kWz#4OO^5{v?EbUzS_5S+ z%PZX*lj7^$bw@#L+pPn^DR@{(@;qo*U{lgG?tOZ#LS7Xc%|_NY6<4P#+DtMg;~LqYG9~3Hkf$P z+*H?)r((Em7n{&lADx&6--D8SgQf)kTng&LhcD`8Rjn>ET7DF|ku&~FuC#l^M)a!o zF6knBw&cwpoflgRXa^3u{)#N0c;ot_^N#-Yrh&^5nNM-G<317P1(#n;3m9ZMF0hP` zhpfaZ?ukF6EhHLrch`2s@%=4a@uaKE#uJ7;o&}6INk0~Z6(tV+Y?@X3gXHhJ^NQi z+lTB4=cePnZ8(@Dgy(tnDL#{$b#HOvl^Xrjg|gCmgThY)sC>Lhk2}XC z`7x8k#W>H@tv|e2A|;Sv^iuCS-qW!#Doe@P+47!IOfKASqu-+(L=o;5C2_^TiPdwl{>_QZ>IJ%9AwvLJ}A3z+eC{|I^&@1 zkbF*<*NjR+y~6_^pAy(ObPfzqn3|dbcZ)$a-VDo?v^3BV)_2^9*mrcSFQGpsN9naB z+f&vqTs!9n#>)@XR1W#x8#$@iHcwRDTR7M0%x1jJ|Ez`pitfVfV5Mq){SdE1<8*0{ z1c!3gt*hQ&8Oc}dmgALdRFw8j^OVQT+#;*Lrp4i>>UX)ng=$2^fdeqP;lD-q*1!l` zPU@e#!$edl+?-AuF%KwhXPslq8m=t}m>7{$97yt4eep|XD!070*ZRYzl)q&6t4uVi z{}{~u23VR$zw$H@9z(CXy2^pUPox<{qKUJYl9KXPR1^nF;hpY>FIA!|85cX+^kv@h=?VB-K@w4JnzSIygSYm{y7Qsh2;hsf;G zBAP<(^F5-HrF~(}Qm)ePoq0~1Q3>m2qVtK`ql++{Dms4Rgd%EFtOtTac5?q2;D=|d zHa`KksjOo+f9eBc9rl0T=Mlx%D)Gewx*zPlmf;Ra zrV|uL^`tk-uK~k3fzxKuZrQTwR~8EcLxQLal0h)=gun{F4|-WFFp*~XvP>=z`PqW- z04_bQL;2{@7*GL5M@J7sz4RF(TGj(rhkK+zy~5f8spb{DQtMx8(-CeRi!O;}mw3L6 z;}DHAB>GWI`+~%-|B4>*>MIJ+>}uH`!f2Tl$p4{`!(^w}fFA+K#IJ{DlU9LJ54v%^ ziL;VHU?6VhTqh$dI|dhrSO|U5^SzUiAwlpMo}XFYp&YsQ;#wd~vQFZ-249FP(3OUJ zBJcw2l8Z2H``(tfpOuxB0HruwXXTyPZ}8MaNYMd9_}=h>5l!#yZXH*wnXBH&>-&(F{vrOuZ=xbAvZL(%xru_u5{WVWb%4qQrSqj-eb0o zlNC8H^4sX*%j05Wxm#OX-^-rA#61U|*%2Ti@!!t^8Oyfj##MqeE`G9Qun`t7cS1t8 zL%iWvU9Eh+?SS1dlb*i*DbP2KFI|$4ccQNn78dpf|7&q6f%gL`p)WA-1gVVZyNcQp z3w!u@zHj5Tkb%6a^;z~TS%RCF=~82++?2yAgg%sFRXoa*qv#2}WC)1%^L&wGy=JjN z!RZ-ii7eM4mTBH`1^r-_hv1(ey#)2JFEVRi;LU|;%jV{00Q?)WT^4HXy3mItE{h=k zUU{5JVwcJ8WY`ZOme8~w;TQET*~ZW)Mnm>~FQf!V#%7*`3Uh~tDx>MY9W8r$<$J`U zrCbr!O|&}OvGp&mnf-;!9otOx)p88dxm%(~*2JIL|8sb_^VctfUvvDX3-<7lu`VPugau?Ne|}bSIDvAnPw@olhROuL;+> z8AX$nHG7HYNfzh>{2PeQSx{hvi>}9VRIn>&YQw<^tLYlI_e*VtQ}*HhNIgt0P)9`F zZpnGSQX3O&rs>jq;~yLXR|jK_Xaa0$N(#pP~>sW8WoV^?HU}s2gkZ(BMl9W&dyFU996x&y@%uZ zrB=ne7R$g%%@xP-Pf-{n4MW7=tTkmBrE&UnjK&rJUU(J)QicFrUwx`*e8QX>OF^_${{||Ppyc?Dt9BzuEl<1WiSJNnt zv}z5KA{UoeKF2#VD!tzJCtZkL-9D_URb^lLvID{jEf%IFSk*qBUi9A*|HfkA;}i6O zZr;2Z0DAgZ9$IhU)}a&@)XP>ka;hbzXr{75t?Gxv_t+OG3CO9bseMUUC!REG30s70 zt0s_DyGBN+ot>Tcls5$Cn>FxXX$7!=K#U4J{)N`xWg(ITxVUZ|pV*udS3{CyyFPK% z$Y9vvp^x!y)7{BMy6icuDOXdTpDSST(?6gSQ!&z-EXMv~>`{B@{%AL{*48$9YCR>J zsy{D>=?D=OZl)j4+Uz*^C3)dG{mPLedm28rw(31#)wZ&QCBlCc`}B37uAY=$uM=O# zUUjW-4tyVn?t8oU;zy4iG2|0YM`0R40;GD6Ra~(8MaAi?8LSN;%b~=9fk(^7e zxbUuB8*peYEEqvzR##R~ubB-PtQdT}y>P6^&dGUKUcLeNNm#!r&y&!OsM$?Lk@rM> zNUBw&a*EAzpz^GsJ!u%YsIj{~Ni$JzA|f{^n#2=T80uYmNKG_IV9%f2Ic@cbtxxdb)0zw9&>fipdeSeJw*PP-vYm{a&NouEk2ay{U>walh*j&V5WotvEU7|LN zBvut!Z**IE^yIXM^FA4Mu=oT&=uXrvD(VD6{%T@$>l>HME$%e0>|c3Z6F5(lgtCdg zzP{x>TTqPQ58sS57d8(zqV9SZAbR9;Y2L<&h^It;O4t7M)@e-%@_d~sGp2<`t^7l7 zyRbNrFCk<7{=0fFC8gZ@Q-zh&SLMv{Q_a1Z#5yVAj51kmgd6k4zkmGnsV|xuX6r=a za~*nbvKF>-7-9qtQuEzQQT0sM=XJOM8I)ih={wsV9qqOLUYmFj4c|K(e0OxJ|By$? zucTGK>CLG5?H~SUmGQ3@9UQ04c=nH7T^kiD_Xt~&W>IzTUruK{e0{eR`Y&un{;9>h z-7~W$^ENX4;%Db}nv6&$2j1+}lldX>oI*fAAb;|`59Q;@4d3i7s5#d~nk~==)v1{) z+R%;cdXO#@0$g)eInw-qzRlw0zES(w6)11M zo;30$F(_PSO(O^vDD4F&TrTpMBd`1232f%l{#h&L*z6{)nL5sea!F1zF(Q)s|*Qz%fr`}Z}#La>LDlClr-ZivY<*$M7O z=t!hTSvM`I@*MeY3^^@bacE?Ust@GZE@*v4)Cp(bKK zxdLT%#Qq~jixD*@=uz976mXlPotGQTQWd-V!5x~lKE;e?51t&z=#=|@o$=!(o)7=! zDWv8&W{HZ}<<}~{_D$Y`!*rRE_3YmxW7`UTh>lE(J>4?{#Z>mKog# zqz`T0p}Rxey!{OK^C`BfBjr>;UaqOR?dY)Zsb{Gos_NgRoo}Rz^M%FWG2-UjX-2ON zoF8UTe_*`y{y&&hQzJ9G3yV`t4Igj?`4~8S0Dwl+uuWb?e)_vz8>G({_dO(bT)wVD zNp0=6sU3|Km1Er2->c<)tpRvHDrgyvTX~2$r967@oesAYZ)~SQ)m>$3rJe*|0z>Op zldO0$qWTs$!qUT3HUDS9dj+1r&im0ZSuLPda4oVs@I=VNKN;f`kuEP<1O=Bb@pFHDfYqcS`VW~d>0&|PQ$HVO)3K7O8?$np8e@-Q z$7h$4NW*h3dEG-#3jcHQy?59-wcFyrYX#!hvX?72u^w1>2;$m*{k2C9d)S}&C7+Y& ze=c)Xn!)c&m_L7E7_K{ErK;vlSkzW9IQ2R}##=_Xqs{Xe-%+r4rxMLQj&6Jrme7-J(MKCuCT zk5sNlaq>5*5>2nf^6dkPbIAG`c z*E;cGUK%RC4R9e9DA;_w8ekZwJB^_+IxVSMJTrq|l)(%KEUPyC`YQx*Qy zds`YtrVJJ}1it)fzxtUJzrQ4o-k10w_eyGlB2Fo)@%z`iz-Y#gmB64Tek$|(+ep8E z>WPhpKVjPQ`=_G>4cwiE8&8_}Df{0a{QIXRV6hUHPXGI-4!=J>uz2;SRR8TuhXT>0 z8SJn=+w3&ak z^#Uzal|Md^4ca0P*aXEAZUTnvJ13aAZCrNE{^tilj6(|#77>O@Gw>sP(Sm5T=9qsQz z2ux@zfE=|Jy6Dd5T;_3ha_WY|)#pdM<>ZjhMM&S+L}oSfOCOzgasXdF@Sj~B}4}m0wAJ(g1xsqbbymGz!bnG0O{(H^bLNZc!bn}oUCwh{5bk; zn@~GG*Ub_}`I0y$eV>+%Z3_hjMQKGvEHr&s+X@h)kHR~w8=Ew=eEo(E&rpt(_1jxn zy#jH*ooFQ#8+h?&82~^WEiN|=)9H;jw~h6Gu}e`_8CN&4t*h-qi{+* zUc>>GO1V9uUB3-wz)Rh%t!gr3>%d7`7u~tC6nE_5XIN|;ICwA?pGBa6<=5Ma+&EAl zc>4QO6V2dXZFxO-*_V{Y@!I#orLrET>cFfne@WN^vz9evgy*Lg$Kv8*+#LRUto3?L z44%yMbIB~kJfK1GrMmtFET_+yZ$U88&Fo4$IpEkv=i=s_M;6i z`n2Z(9l>Y!uL+s$_j;i=D{g4m4kV}qJQ`8>)PSf2tD-ezz#_VS{v<5lxg;dEQ*+2E z>gcevwzZAbpH{mF?f~d=cTr9Peap;jbeRcWW!KbRdoh8*z^CRa%Sc3WYu=7uQ;Dr3V3_d2uAy*-=h({5=5` zUwC(Cy;hD5FF}h1g(5B?K_OnF3rp)a3ypOAI5`<%Q4jbKF^7_xx&olw=Y*3x4oFLP zgN@4jDGL)-v~+cQV7*cTwYD$#KE$RVTvTTZU9{IxP?WT_u}x1;6SQGsFHC}kr$9N# z!9dm~N0<9D7Ubd4@o@z#0GjRF3G!wvJ_5uRB~?|wQ~6oBH`)2e9eMiK{E5%KDzBZU z%qThUv)vQ)y{~A4a(%B!HPhe>_WfJ1n8vUIRKDDg)R6{#T4t=2F57t~MOiG`ExkTcIHJ9pJ!!0PlDyY6-%f16&!7-_(bX8jS*di}m?5!}X{Yi`)*8IdVAy zu*1%V6+_({zy%bzWR}2}ADn5~*|)CpF8O^4YhY2>vtMz1bJPZ_ClJn!Cv|a7V?_r> zM7&IU2~xEpICN{s;P8#6DU`-vm?ogi3}vbM!Tpg?s*3*v2*xC3!vo7avcn5W1t89r zg8ll^TEzv_We|{je7;C`z|XN3{*qL1lQLq4ixf~BVA~nOv66T0-j!IkR{jXiD#1b+ zR2j{^xyx2td1-O6v%i1Wk{dbu(>tlIQTGiiXBa;JoKO#};TEO-=N!}w0@W1VW}LBu zGHORri~)qVvx60^m=#(Gt?){3?qTpXR#Q{Mit56oGnQ$b<=+N1l*i%KD$Y*$PGRAI zJT;5uY>idC?|hhakWV@6tnNOnsma1nlST}g?N{E|x``+oK|)^C3Zo?|f} z2ViS&!MzCx3_LY#opIC#1QUt!b%=(5hRY(4FSRGc#~=HkIr-*mTwI(6x749S99S~S zca6_U@%-TeY}oP&)`4(*;V3H)o?2=`*3pA^$0TO*pj=wdwh+#il$_X>r-m~eoSZ_3 zE}K|c?M36@zRP)iwiGXFjt$W*rV3#<>cJvGRBU*Z;EIc2goJq5w>wfmQwbn9B_)Med%_0!d>>CA2*PdY z4m-d1xM6QkF$#Pc!#l3jE}EJG)`W=r9x!B;q9z7{`NmSy2G0(SC=pK1HDV^! zpB)S&_(T4x9^pxhi@WeSTK>6C2ERMabNxKY1l6bf>w`0QeyFZ4g}-@MfByz$W#!rV z`Dbt`i1&<`=eVPy(XwDb`|jPl%lON*K}Hb+EM_nT*Z%97fkpGhA>uU`^WIkH&EKaT zpH~h9KBD+1g%YSLT3PnNOD=9{$t!&!RfHKU&tYgVnJygoa_hrl#yuL>!MH}?i@}*c zIyDuNz$hDp`KR{@fqH$Prn1cy&6bb2M5uU)Sk&CoVjkhC$8>{-QLc}f?|^>Or%zi6 z5;xh;Q_&hpNN>(|kq8^6M((P>z(5w|pc{^Ao37)K$GJuU%>vdewj!OzOZ;f73rXSNQZsXY2Gh{^Ic(Uu)ATd&!z3#IwBO^G9Vw;q*6`y zPs-@Da}{Yl@mM^m`O^x_1~?Vp$p$yj`}RWeL4T0fwl&*YgQhj#kq#*US|#q~kKkiR zXf1OeovGdVy)k(Q{2E?ZUmA>vU?sA`y76H8Dp(5?gXk!cK=``oaBKNW2f+p|S=0rA zibjE?Imfoom=eBQw-MZwS<>g>I4-0Pj27$_+#TaO1-`$!J?C}hJM$*kbHM#&j>y0!s%ZB{)HAIlwt zhl6#QWptN@PSW1KzGbjTym;+e>b7+-8MqC0F6IjP zL+IHJn=7z<^K8@hkU8{+n-WWJ5xvT6w-q@Uml6bd==ZncAXC6DM#{QHQ&V$L!HD)+w8;ASscIR8U{NTCR$CnA*6P3`#xzlKe4N=h>< z+e9cAaQu=^oLCpF%hQo_9b7c=!#FiZp@#0lfD8rXG)S4CT#d6v6!t{Vb=QeUw;(`= zdFL8*2X1+JDc=i>h>YC2fB$|214CHN&*H`j<{tvpF~&NLq%+So;y1ws#1}3cWMoJu zyr9n5DJV#FXnB?!$E z$*6a)BqB3JmQjp##c^|V4U&!B1-ntPgq07Dhkw4b`o`xA8v6e0DK->{RH&QC)o|K& zA!^_+dtkc2pGl`H9`xnQm%k+u0QZpI8bYMNB5yVI<17{PzIC`3&%1ZYiG-gTg8??t zli@5QN27oOcRo1T1~z02c8&wimiUFGNEt_s$BA*ILi-VRlTQ)%h<5^_Kare|c9mqf zb`Tp4tlRsyZjnK;5)BuQN0`=D?rgQP?2-@D3lO6bJYiq)4l4r5sD9D{Pe<;J&B*+Z z;<^Z-0jTh-Zi{1HN<2g3kz~Y6`V4tC^7S5~=?wdXxEI&SbC14u3dgs55J45s3-X&X z#76OQ9N8QY#ox)w+D~M*b;m`zU{T|hm1UolsLLU3O9`WHVueG>(K#}5e%RtJ+;<+K)%WEz8tIttZv*OE_WL}eVp~F zboBhf99gd8NX;)O*v806m?M-R1t*fGj+qU%3n#w6_B%IeYks8gzbALb+&DaTuq3X1 zLi>Z%XeaSKsPe-H0lQ14hPgyV39SI{vH@FF-@D*LbbTIC6dM1kwiU0P;R(7ohq)i? zi6sxRFRxz`iHFXx>R|MttXMUgay^VrQ{2QLEXakpAHae_HC$b$es9+9_h1S6uyy~Wh<{i|R> z;*FKEcB(P~LD}6ZM|avY-Z+MMp8aI@#Q=H^bWMjp+9$}nnLt@YDYEHs7?p3#swoY= zxJR20S%kOL+oyX0)u?8>>`I_IUZp@3`PFNFxo=bOwl4lDCVELrg@J%`47XbCegH&< z?rPM%JtZ2i)rm~^`mNPVjQIbT`2U~c|9flk0mPDJ2*??aF~#pjLQsE~!xv^8Ip(oC z?0)-O9i&7vo8FK0A9BU~Bh)JawSv?Yx}O}b8c9X=9OpO$Z8C9gDW%J>){ONrivU9* zuw_((+r=>XYUl*c1^ge@YtMT62vh~<`o6zbKd=yEcEQ35`}YsTXMVKLC)*^Mk3TCD zOfJO_q}s(RK6p6wq~l{_9g~RDmE&a%9g3v1LF>M`5Lb+~_!4 z;|a(gG4%vgHZHKUELeGV*rCHuFF(Bc{^KtP}3&H)ekdqLtAK9f4gN2 z<={Jv$)bU&`;P-IC6wd5+rG>I2!6@tqGly_3O*m?kd-+0w%Bd6jDeVe8U&dD`Q{J1IF8 z<+6Q&!Y`c$_j6AFD5B~G@23JsqVA9=IXx8zQb@3?8)X*8sWm}^)_3KX2N-yZwy*=KmMiJLc40S$!~NB+Wv zotT>85URgJVZ&u#7vdn9pSs7Y>lM z@r4QHt9R%>e=Eo~%Gf2!GaP9OjD#Ve1vN(o`3cyigisOm5Tv$%N+kM4&+yqv2>DmmoWQb=~YE{Wl^}AriuMxl! z@a=`45KCwiG()sN0upxc2LW#xg}qSaJnK;ckGx=Rz8RMy2<9nZ#`;+obXnjs2O1>| zK)2*tlrD;vZlnD5cAJ9W8lrA_bV!3|Xd>@ErU8I$1b!u-bv67h!Hz^;zVoD5AE^*N zUH6I>0PxmkTN?rO2OdaU0q0c$LP2WJKb7;VqsSkb%vlHR4<883-fd;6=|YY2q(7%! zibMQO1#jL9mAXH+W9gyo;{S{ySdqC$KoL#?;8}SD2M5zuECQq?D3!o}xK9eORACkf zfDCMDe#sS7Qg~e``{J*lVKEEG_Rin>X}F~`;)(+bhnzd#uA$@pjA zn5wA9;S@*YvnW~#TF%t+)MgSJF9Vd1zFU_1M6xj-tuxX`-sqVX#uLmcx`Ccq9aWI^+CKnA8FROnO zx36hfRN_l3-_+okrdd*a%r3KpX9-CmI~3!yubmN23J+~I>@Q4BO3K+~a>sk;T0a4+ zrRC0p_SGB2_RdH*EllMuU+%A#HT|WWGN3mjHE^Bq^&@;AfNaD4GBD-TqX0b=D)a*9 zsKAI*MrVpBbN*c`ixzr`mhz5GUXT#6JerspxNEne&no-RVNvkXlPUDEnA#Y z7>6SOh;z6}p>Hq^qz4gCKlhB&$99_`;2Xds;hJ9BJq1{wMS(IOHo|r0K;}Hqq9FQa zfCA}f^Dt@&XeK>;yWIo4iW(?_v-O#P?;b{gM=dP*73u?K@h0}KRC zkfx`mGPKwuLqm5hg`z3P@FR=nhPt6ud?T%*0_7?4c>ns?3PjtRT55b7?L|re!62Vy z0-p3CN=StyIdbik7j0ub8+Uw>@rNdO+VV4 z_J6QZHk3x8)qhIs>rYNcz>h%mLGKoJ%jDyf5)-5Iml=m*nds@DL$;X}6LPP9&)8ap z0uxPFbm1x>^|hP?41{-qlAio+5$7C=R@J2xOf;zCdewgk*YD8dyPqdK?18RVFShWv zo0;%PgsoQE!c!dZxOy!Awd&aci|D_6EwIBe42R@~IUB5GuD8)f=BU0Y zjq+jOTzYuB@{tVX!FI<)^`_>fUwOoT4MtIwCP`gyZ9UR+*#GPXCqd3gkCK4ll!E)n zFTj!l*edesC+P5FMJr2cI-Yv<#ri;{KC9O z?UTEg^K0$O95MUc0hWWC7KId@`9#UPe(`$ab{JM~C%joJPL1+Nx%--+%z-`c2dNHH zP`#SHIq!Axz*9B(6B4JoNd=4174NC>j%rGr6pmGp{ zAs`Rs%%cqgZP8NUbvTB9u*x{lz|5H-m|{u78FaGn2BCLNyYi5uKOmwbP0dj|(}LNZ z2FRf9ZOcQmo#c6(IWR|;v;?Mf(QAEOwR}^)!rKt%E6c-Z-&oFk0~1p4%tgs(a!z^) z6=F?7UExED$0L@02(+>;NY+(Mr`JlpVBz#@uC19)A2eF%>VK4FZ8ByU?sj{K>1V#7 z(@Wk-Ed`k!6I$A#0gG@M16}L$XLYZEAy?S=Vb!6#P-pI^Fpkl^76h4~Mt5BvpsS0E zvt!w|gF#0RKCE&FV1gs{wA07P!42!zf8FwoY!nmE4B>lG=a$D3#3AEw3)*=`2i4Vf zG!ijswjkXMv-O7#9ePsmp6oMbegJvg-ImgN{5mO9vuqydg(`>X(KlXo9wzrU)#zop zo2JkSS?`i$*zYx?H)-_V$vyGI7S^ zG;N9x$j88)B=2+We>LHJamNZI>;ek<-xpNtwmIR%)@YfWw0(2A7HqOb%m7kdvFm28 zOj{Rdnxb1Q)^zXO?Dbl%R;m#X+ugmFl^mT{mQ`JrO&mlPrR-CRi$060uqK&OI|<5$ zvLE+ee6%|_?s`yL0o4S+XN_ongZu+<f|j#F4oVRz4y_T#8fsmsFmR_f`z#kcF(ua$R>hv(enHY+m8d0&RbV~dPpA0 zkfYPk(h~Gz2{U&Bf+BD!qW^p@+3b`&wit8e(xJxa=$*geP_zXIRTQ!6VKMU=DG=d_ z1Ae@!M=x-1B5lMMqxDCS`Z1)Nii3lL=vZMDF#LR45N7hl1tV=CvGT&oL@Ki?6<3hr zY|M7H^Ds?mA)Xq;?DZ~%Rw`$=-5jk_)J&W4Ng$!3&S)^r zozKex*C$bowq*>Q5hwwez{7nMZR8jPCA%n{Z=0*I&Z!~8xeXhZV`_AHH-6bF8j0}1yGT}{fOvb5|Cjq-zma~2~3go7`ku^QGzTd{hMRh+<{G1hkv#I zLXu67h^`E0;?ZU!|1Q{eym1x`PM@i>$i-?pVrwhTB5C1`c^c6$wV%Zf%?Vca;yZP@ zyp8-oWX{#iHF~>sE|_XDU7h~<>vi?nRQs(gXP(!bUtD$$adQ+_+E_KIrTZOOl$Zvo zvBaPZpnf+1VKe&@nqGU6j|q7&9QANM+N*F+*7lddol3DLOCrVy3_A?4wGKCYyp-(t zBT2y}CA#3F%Cp`;C&!qIeg*&d3R*6TMmm*ex28+UFOnqLRXmODKcD<9Jhd1-N=#UW$+MicZ?q$V$s;bfrp2j^fiZRUg)SV9fxk576pI-L0 zbXnj^K0cr@s8o?jvYcYo&=tS_{G;Q26SFM^UdB!@g%HWcP2YxcI@m8*W#n;gmgLmF zS8!kPJm%Uy!*-B#&bjA$%8>dg>v0;#{#;(-Ljx^c<~x-Vr`Pjmxah`-TlT)mG&``9 z{Qb4lv8&5P@ua5($34bIyVA|(2cNAl3@mS$a-VV!Qa5DY#i^(tEGXXd>Fahp=8eQ- zzNFhxm|dIT>#Nc7M*jV2wVap9=N8UZ6@A9So78$HUXrOyTJ!bgjJ@C4Jl(5hPA{ti zPIyy98{T7*LqO9GZG8}V#hF0;*Y;=#6szc&i{H>e( zeQ&<$+X?h<Z$;}P~N?#2-=i?yCLzjHm zpZAw>XX70oTV}@%Us?9>Tu`B~D-Y^9>tX`vgrH9zr zm%h0aUmswx@I}jVmXh%?2WhVhpsBeqaBGcss)4fIl^cT@bpoTr-jia=GzzYuFn(+I z_mU{3T1R2!?yxlv(bes&TlMNo@R*Na@NvWiDby!Cuee!Ibe$?pYlTCSGrWOzqo|w; zRf^W0D15<8=eq+?QifeJkS-7te5oE)6qi#{|Dc9Wc8_GMjCi8mh3t<<#&zTn^m~Pr*>sw)!tJJnOBS)D! zuc;ZsuyLjlKQt_-@^JA#we*Jz;1**SgKLyt{@k#uGIJ%y=X4ZXc0|^|+=!X;{I=+DO?e&pYx0-7gVzBM>6WtEaEGQ_RaHdCo$lS#u-OErPw|tWh7OND#5UC#Y>DW0Z<^-vT)4`9sFO;~HmQ@|fQ|O3(vvc0l zMYXh)R3WoH^y$Tmvpo|vZS~xa-ae;I*GJAd_jLC@eV0(9p+n=+C}*GkE0^A(C1t2u zw$ei}BY>4L%zTFLTyfk|K zI{mYW{_e115%SkVBu?$Yg8L?Peh(g$;yl@-atb4P9D_FsFkk4?yF==Tt`AO}+mPn3 z(^4Ni+MM5UBr3ihS0J_eA;}AOUMGsAZLruKthnaqr4ox`BoH1|#?SbUX25{lf8Ryk zBd;UU1tzzsoOFDAEnxAK`TEFKvF1r_m6NrmPj?IK{vfpG>q8&gzTZLCF|K+SD;-_W zw)I275q+0P2@m+yCbk3}qN<|rbFDSiFKI9|h>*8?aFTTHg$~!rM;fOiO^UIfg0=p+ z(khPltfV~|)lcM(C+(SkIh3ta?c*Hq(?~XkCs@lf{Jip{adFa>tXB()($f*73g0I` zX1w_GWj?xx2#RwL3~zF|ix2JJq4=ay_U=jCE4@pm74aEszA_9Ue7>g3wGpBdYm9%^ z@LW-xO6_pT=(;y7A>QE~iCkk&2|t!%^}-UvUj=!XFa=#d+OaoM=Hq^E$%~|A%}MQ^ zdvdxC5kmcCyp7Y=I15rjzdz^Jk?iu>82)JSZ7l_`=EPAshruh(+^jleBIse>7{KzF7B=U_F==xNBIAS#Yml`Of|pn2xgDl z-ckAfeKEA}ei**B25BRq`pdQZc^?G6?3>9jbnii>b@WG#`$jr-448sr)VGUIAgPUo zoS08Dg_Xd$KoK((c_nzh6XKIH*rPBoFU_< zD7(MC1Yjt^(l7+D2amSHpzNig&Q);B(%Z}P#dOb9-1;cq^5R`Q0%wJ4PbohzF4j!B zWLTbi277|nr<4T8Qstx@2-QOr6nyq0-EatkqZ#s7XLsA0k!FsTc_sPt; zms)E$*JWO9`!P9npC!nj?cfH^bywT-2Vb3pc{$7suTD5&tpLQ){5}%8`JY`rD6ccB zZ77Ii!kzZR-iaaaZ6{_86?W}%dw8e6gpI>wrFB&Cgnsy)S;fa`k;e3N=U#t)@H-?? zYqabS3JU53U$xAK@u0;Qj4dPR(PRWBj&kQ+_Y%y$j;CV25t9Ohu|!Ff*Yx4jr*cdf zQO9&_6x$n+^M@(S;$6kpZ001?`*}?S^9!Tq3@7G+Yzhf&gLmp4kT@*Ih(3ug`a~Fw ze&mQK+CBuq1gnFRii)7X5(I{%B?Mu@QIq&=FtaRTLZe>X`yDcIy{7lZUa<>^@i5B& zZ#Q}Dqu&u|g3+a97I#UY>A-3M-FjIPoC;*wYxoZEbmZAngABJ8SoB?>+FuLWu^wq? zXl}v3X}F_^1Ju@AD2xdSJ9Nkd2OG@tJ$p6+z_m*iz3~HtKZ571sHD^lWEe~S_2mg5 z3eQkU*12^QI5VzUvqlR*$*tA^Jxr5*z$!%xl#rr-)sp~K6dBnpex0ZoVT4Dp#^4`? z{>8hl60eE8_{VoRb1u}H`if+@gfdZkacciEyXPm}Elek8H~h%ZH2tHG{$0c)#qZJE zkJd#~YZ@91vozE^j%CGoBwF}HF&%Q1L92>jEuu>#6Es+GF5!f&WRjl_k-nr7(2;$%^l!P!xGaYjR9h;D^l6?}&+Hec+JQfoa z958kY@M?}tA7SKxitZ4ZjqC}^+bCDpkQJ^hI|uWh-2|+U04OnIR@=v1Zeci`prVpR zqpV#8mJC!?w=Q?AEVyaq+FmJKdhdgCwz{%_IKHA9?$%Fh$K&Jgm)&Pg=RfoO77FVK zITxMA5w&B-pko8)HF(Ooz7*J&R-#Ek%e%TjP4A_tp(h~_#H}4iw!YQ`M$$sAo90!0TE${N`w%ZSiJ~8YaZ^&>LjL=#}yK* z6dLD*$#8r>2tB3U(jc)B_koU*`d?@E;M2_=pWkUb~TY zUm(OrAgyY_0+8Kh@)U^f9}IQx<&C)qSd`10lhh+2^*FOM$k69V3^w)HDDdanj|q2J znW))-_Jut`@z#|D2M*i7Bjeb81g;U?8L)^D`wWK&Nlh)w@frvf;2fgZCcA|Lff##I zSy{OnvcN6(>9`ark?AUgSqa$e6`=eKPruV<3K~ogc8v=g)0Tg9626k|PTe#KeaD>2Ky_o3>UFs48%n!sU7MCo_^)TOoT9mlGAq z!TpIt5^R`OAyowQ0g!@tJ4`@*W&l(B?m3;%{4-1z#Z^N6zH9S>mw1>j-3&cXYR`8> z+XGE9vVc5aV}M-591eo+kEu@Y`@1@c77kF8cZ3lHI8pEdHa~UU5VIXFBP_iS74pFX z@4;NbKm{8`#dUy8Osor_NqC0I#o5;f{HTfyw5#b<>ZGd7p3W%KB|O;45TI^i=TRun ze9UHE2@PF>*9BtZX7XnXEcJ+=XtV&5Q7KD?u*%n8Zk`g3qYRvL7*(l& zmPTN3u<^_S;baFK+z2*{2jK9@#l^My6iaPPa;7luP5q^oC=od@2oFk%9VRuAzOcB7 z24RfB@`?DBwLqbu4=C=Qx}z|TH=v&HU|s!KVl!a;QtxftXrK*gbO~o@c2>zYC)Q{v z1)VB4MIQm%4m0y=F}hX;C{o=J0r%?V?1O)?AGmfGFouKgbOM#6MKfX)z-lo0fM}(; zt+?LAY;e9)&j`uOX0o?9AG&&a?qW3YW`N(N7?4auPtW7g3$7UuTI{If9bdtUheS&) zCNGAH$YVELX>$)*O>X%Hz&M6qNf%TYN6`)2hRBOUnhEn)X^DvKV>dI>K}d-ZlF2yN z5!x3J#kAcC>yBu{vir~~gtU#k$9Y6BAu*>eSXiG0ZMyUWI#pj~s|d;@Hp3|lCJGkP zWgu1)!iyYWxKO%CCE_;|?Q0_BZk4kbEh#B{+zm)D-0Qb<)*sO#outF>9T|Dsih z##9w}G=zTJux?!^POyyGMMxQHF#(S3EgCJBnLXH$8xXq5Zo$f=#3W%BkuXc^sy>XO z3B3yoTkN&g9qP3#nG1Xy<`6;ERW+C4FpX(O&%= zn@fXE0D#Mo$B06)@W!%*p}oCbgLD<(D*C+_#+E=jeoa}0$!-d0zLJr_?Nc7jr3u+n z^3;DPcAmSRjE0zpKS~qco~*>HGBA5zHlm9(1SA{X7;aVa|YEx0wvF2@VeE&sHEnTCO9*Vj;jo8U_YW zAlw(wJAuuk4}H)M2{U85ppO|lt2yVuw}(M_IZ~jpsFg(kn4`BN4xQh&ip6dE@xRP^ z;%?BLvk493{8|7}p{CBv79m0?1zZ?yU-*rjT_|3y4Mk#SUy3y(qYpqvM&PX&!+P`y z(9nx$Ad}q!-Siu4$P5Plsc;fzGm--z-Oz`ZY)FPfEz~$`U_QHu{eN`X*UX46DC94q zx{18-zpqA;pS+^IE5IB2_X}@yIpWg_swRA{&*kkP3-0(k*10s2_T8`PXAHtjOHK43 zitpo{-2wg1r25fqbRUhd&hTJD{c4Bmljw-s!Vi1UOLz-24I+Tp4%V#)yFYZ3{nSVY z2O;YMY7XY;7BpC^xp@3BN(U^yIs?;!e-(tD7RB2n?1`5g;Xs0{0-$L=?V%jrNAZ z@`i*FZBPsgwVC@1_l)ljJRR?^C%%nr_O{nzjoo=d8OZ{g&L57yU3O; z%fX-7ixCL}0tGPGu65TOqCmQP9j{QT@$Q_T@%FJuAH{uciEp{?4qicl9}r~JG~)8V zUAyE)(sX)sTEo<9wbsWvNRwySl46ge9yP%3s*fmIg7f;hEzARCwAJWN?`{vvPiPZ| zIb8s5QB~}@!c#K##%h~xWalSw1%lN@8{@wDxmjyhRo1_O>>EG)`i73-mA`|uSK}sU+V~kVHsSk?`hSQQ%r+UF@v2geQ>Di5K7vZ49zmtP!>D8V%() z$vN0^)_m%U^LN=B*V(08M;VV?VC(RUx@DSRFC#J&;BbGh2E~p@bvpnfkJJ=S|hUnOBa$CiKHQf6**Fi za?pMW<3i$Kz*?#|^XUR0k3WPofPvn5;u#IW6#!zrk_wZ~PQp^0I5`)m&O+7d9tu3? zRmKSv21GGJ6@YD8jy(Zn{dM9f;GgY}?70zG2BR0*8bsjFU~nBE*F{Qc1l0okLon(> z^1s?G#wI2#Gem>iI;aNd2p1>bHKzVkp;A^ zZuTfqG|}_?Eejt#tR-Q?kRcLHS|L0o=sj=&zDkJ49bh^VfUzh3jgOBHBDIz5j9ZH+ zMW4Jq%tfuWA#5A+`Pg&C2mB+Ct z^x*Q}(&i_g3%UVT1HyM|O?cxSIV)FhQhy$ME#CM6P9>9ayHI7kxYhmyWk+lS;b@D2 zR)8CRfGwSXe1ufx5I!9)%oq1xQt&8=_L2hn;enB9B}(ssfX$l&z=EYsnsveW^*@N; zxRjELTMEOl+UA|0lT;USQX3{eYWXo3>+#XgoZIrHCQC1)H*zTW>eanS8W0x~{Z@c} zSqC?g;d9pKCZtK+9f@Uh)Y#wqk{#0ajt9{9!2_gP)QiPQw1tV1Vfokn%ktEzPWswo z=xUvyJWjGAh=tylUwo&AUb`E1p784qGr@5Z(7)NMv9oZ}XeMJoBlCxmS1~VNAb6-T zR`I!RbLcouM3qQOiTgwBv~gh>hYRYG#i%irH^mHb@WvPTz#Hg-vD{&!#_5u#= zIk1~x8Hg4hp&f>m7IcDh2u1R33|#U-@Cr7d7rDS;3c~~)*sma6K@{xBNlWY-Nc&V& zh@*Vfx!jgDDok;ZQx`q@SO~)hGMe9cjD-8+Nh&_lqU54SGUq7xfdg97jlj`%Qkg>-_g1Xy`4W0&GzaS(38J z=6y2GUzysnkA?mXbf_*tNsT0g;MKgq23*6;ycD1eI6Y7AJW@GNasO0p)%6@-mPtQ1 zr3{!kS=!%HMJvoX!Bs<>4U@6u?#B2GRbO5hx8c_~C5f zt7tu=6FKU-Kjr_yR4LP7ndrHDgMb3465uk^W&?<%$f6;F6T`#wc#s0{E`e){?j-OO zxLvXF{oug%;ha7=3&h7gf$gf*pl~S>tzZMp9XvcZvkhs3=1z<&0;00E+j(z3A9*5_Em$QIO~YcQPss+9-3$}YF}*bpib?0EM~SL-u*q=I*x zkQ3e}Im~+guEvXa=D}izLv!;7{BN4@XE>u~txlvMXn+1LE%H}qBV zc!?rL+0VA4QrS>WWhS5qO#HTTRlV zURq-10OXTA|GoV(GEOUWVkPzf`H3v{jzUgJ>vc#@+fv)_;gJRYliV%hAqO-9ejO*x zI6puCIO81sAGrj+I}sUeZr;X{1`4;vYW%dd=lPe{2g)hFo-g@$<j77M#*Ylb!b13=tF%i3^)j3Esy{rr}N zoQDnaW2$~2=&}bemCUg2yp#LL4h2>1me|SQf)t}{QNH!LcQ)>F+qu*tnlGvLz>6<7 znfxluqEb?9NZzLQc&8mN>H3=rz+MgFF=8V%qq~JHo^8Ly@)~1xxr)yZ$99@FEjy^8 z@1DI`r`?59{?7F=+1mZ=*}U{IaaVm)T8=CzzzpGgR_9O>o5ee30tQ~b^pzG)_$4J- za?`EF%5=SFo0H|UWKJe8yArua01So#f9Ggl-ZcY(&3T$^Vh(; zoS&|-xvXUUlA734w0>r?mD@B8E4R|eJbEk5Eok8AZ@J}^8yhLX>=Ntypi@VR z34{6ZTX|<}p(6<1Cjl;}ce5PHrLEOEvd{VLn#|aAV}6fM4`}P8dv_1e`iu8I9T+(= z`$Nuu=6fA;_KBKkc8z@oy?*kh_;T5m23kVM^0u${^c9P_Dtnl2$-_Y+s50v{KKL5R0{|PTo5ev+b2+=XK3z)pyTslKmO|?NtB6 zW(y4|N{R64!AW|-Y?%uat10JzF{($OF=@qyq{JN3-oR;GC``ZLR(bl1jsBNmTg#q? z^L2&s+%Z9ta?OXO`E(;WS~H^rC7y<9_ujKlW-q`4qPr`&kMVc|=?kFYy z{?ClWjZIvRW6%+CKCxDLE5EEq<m_^P zkc-7Q-(Ztp6s7!Yf8ctudhZ+F|4N67`(#=1_5TG{B7%Z+$a^}aB0Kyv_FVtB!+{TO zI>@oJJ<4xtX^41^=XhCsXLwwpvG~rlD|L2L?UPrvqbnNqyb~*Q^vHv_OPEt^2I9!v z$*=70dxu#rI5r+9Yd6xO$x2~mt4dzJSR(CIu=5|wb6r2=s2m{*X_>X=(MA`Rz{c*v z;?S5!`N_$0cQbWvnl0Gc?c&eWh{%e#Nk6O8JheJV^Tuk0(V;eX@mF)RX3;`MK7ccS z1SQoMbqEsAk&+->X(>D8(?MK-i;(?z&o>Of?axOx^R*z^FiAh{>D&I|kg}L(G_p>~ zjqYL;LDD~fLaGgd@OKgj$K`7f8mr4rtI~C_)EJNqaVI2O$m>DtUe~z zw5zXo%dS=4wP8K8wx*9K-P839etcRIQDfC;RwBaY{J?kXEjQGbeYzNO7m$T#+PD!q zK*8%pt|OF7B+&*1JWH}ws16+7`H@lS4-;6=Pmp}4Kly*Me3SH_J$&2Mfq8NiK{QMj z#iWrgDQT>GW3~qF)0YE)Ipco2w>D2mD&!lho2VwXRz$y+*A3QP2N?u-|Gm=g!R~W8`b%4RB8hdV4%PJ_Z%H)3KRbfq@8}7YGm}) zV5996kxq7pa1tfa9;;`Bei6$D1sAiMK+`=s+mN@lk_tIWfgnI z)iaUs*zvz9uEG=x9HB|fIXx%fQ=L{5v^V9deO2Sa#-UesF)|lx#x*|$EafklQDW{s z?!o|b@_uedS7xxv?YjKlaC*VLD%R=SQS465t^L zR*Q~LglmIZ44u8bJwbbeup_O_&kUs|KavfAq}E+U&UAz9fLcps)G~|{nDSNL zfzLcC2f`82kDu1xKBjD;XeBanUds5|<6!-ytj-M%%GRtE9kFMA7(XAj&1jE3`7JUH#|T1($}PWa!yY{+X@UA z#QK`q9Y-6OSy+}+_)N!tOye~yIb_B=Z=J)W4eMV%Tn9sO`As#|b;>F~H+Jf9!G~Nb z$_j6-?&WddW>Cp{-@0~H$QqpsI8XPpnKiz&98~;sE9H+jW&e8}Qgp3XR5Iq|37a~T zT&~RgtH9C5IKlf-2gmHsp_EkGxT%h^`I#ZsVO%!=8NrW;H>YFActhoVpkBozF5dE` z6eXq=aQZaOBQ#fpW4(PP;p}w=6KKh&^Ch)+m?Gut;ZxsZ&(FDzBG^Q|2bH?Z=D;UZD2X^^5|Fd zC$HC)+KoH@dgZzLR*cUQ@k2tnmBurOd68U6}Wmjoj{#T&?@$#;U3N zvtd&jm(@Pf(!|C1u;|a4RF7|PX@9-0Znn7BFDGW(X^H;cp{d(vy-N=4(JDJT>(^+c zfC4Kt48r5TcN~I{o}hk45Ms5>!ou|@nay%f_+O)qi@I^+GPpk{UPW#rLO6^39u?*a zkLf&}xIdOs9~0+Go04eL%a`pG`QN;w!nx&t^DeYleKa-=IK%J**&Aen98wVn4p#d~ zf6q6K{`5NHRjB@b^S*HjTRE>6BYI1ygsyYkDyW`cIAis`;d#*~S5XJIjf$^Yo<~jm z_UiP`e^c3O8;0D`Ge}x|FPf&1BzHq>=l(m6m~%Z+r>?PyKd<&9t%AWtL%qE-u^YiX zsm_5&6v%HY7DKY52w6IZhv4&zp8swbD_S54@Xz};b3Jz3GF+&6(3{v>c62*?f`MfU?DO-`}UoG%`XokAnZC)MIocR zyyxXXiy+K4c4jFNUa=T$1l*`Lp`4%hyR5{$4?=qn+?e%GtWdUDDkDC5?N0&_5kWSh zd|k?S>$%C&{>r$GZ^%45agBEIivqsDFKrg?V%4V}9Iw)4V~wI8zTqav9@y9`oWmJ* zk-zujgzF8%OFOw0UDvPjYIyeS^O>(ZyB#EJ;#(quof**pAas$JuujB`180;PO8Q7` zEQ7-UCKkN0kj8fLk6`HGu~F(LR6OX!sbIP5<(^Po#f)Of6POS%8R7w>K=WBDh>)nj zsFB($GPi@Vh|s~PLa6u@1wV7Kn6Su5KOn5|eOB>qD*y(84Im|VF3@vAQeurI&9|&D zFwTtB?fp&JChIr>t2@(bv1G>9j98mQU054H8YNXdJjzsr!J3=kza4!xuiYu!0FyQ` zHw>roN5^Al_-uQIg3?b%4&-AvTz;249T+wC&`shgSiM$F!dcQIBl+K^i={%d^4(%6FP z=@Trc=DhYF<+qinWeNYxVREMYV1)uXQ+TiVN}tqokBj9}V7=FfgPQk>qKyeTSE5(# zDfZ#gZnqRm=z4K|s!Zl!PfAoZ3$^j|G zWi~!(A_c{@EA8Vi$IIgq%~sd8%w#wKObNRF7JHdmd{?c@`k^~e+&Gi_-tH)pW}!zxXQ=S6S)U&xjQjr zs9#4TDN+NU?Q0>EpX8U`j~QX?y(3FUR}>HS2u%nW;wukNCEZ9=uof=fa1g zy55DF$BB0;)gRhdyT@G)1LoB8sRqJ*wySy6y4%P;BNO29+T!F>KTD^X(2x)nZSAWn zun_y1iJ28W-BzfqkXxWgx9QXQqDel-zC4MmhLOR`m8>?Ot*jkM`1y-Yb=`gV#}ChH z$McnF8`_IAIjUeiZ_q?Myi_I6hOB0_wTnS!cI(;+m0FeIki^J>qhDuk4Eb*!=VJUI z`0M&M0S!|nEoH6Pomx{vs)+JHZeV4Z39$IeJ`={}sS=u6sG~DV_Qr&-Vmc!wEG9VA z4vjj|pC_vMBWMQ}YWLRNxUwVW1RSO0-p5$>SI)<)#nxheNpR==XyeI?{KvekWyRLu zy@$Ia<#lkK@9}{?a~tmMNjAn!s-N(KfuoMpMrCfozEK5NwF!8aw1k!JUVc)l1Wa;)?ce%9S zLke8Lr0L?z)wl1u{#=MZy{q)TRa2w%VQF67D3bwf-C{AVWRHtv-?}p)tiRVLCCPhH zX!l(>Z6vZUUIbFGGi1i*)LK^OxGj%Mnl@Zw5HDk_^zr@qKl?A+sS7{Odc4LhZ;~VY zr`fVMTqIiHdR7&e2W!;$l8pG0nG9ffC3jHbFZ!6VYjOO4>>cO*H)FwF&Nmn-Eptsa zzc6AJ1Ix>L`a`ykPIbNW&ucFuwiswcJFTdGxl{)0PK6Qc4sfq-Vp!5wl01u!hLm#Q zUV}Fj7wg&9Q;9BqHvXI6Ka{e_>T_JXeM_2f32I-y+j;e0Ns~48br055NORZQtKTV3 zGi4owERu{KM2jx;;2?t%Y(oO@HHUYSz2TYC+|=%`yk_KJO9HKo2fvET(!@!&@cIo8 zY3{N8y{UR}(L_qjkfHeZDMRUN8?@+|rDC)Vi#kg1>9?JxXVT&rw}jGemtAW9YzYS( z(S(%_V_(=dG~vWTu)&?!xN&_TPe*F&+RUAS{x}kW$d-8v^weQVawCi%(k!m?l_kbIfyOn}z;dma z{X={C$UpqHZ`o+J5JOQQ2t!fTqW|IH5;C+${^g7^%*i8YXqEUYHodbH|L{nuGT{C? zR-ZSq$Xz8NaH1uTafGCtR@aV$R?ujD1oo2G-!jQy-|Nudzb^zDKX!h|uic*EnT;W63N^+LWg+m~=xg<0mv?iNSgD2)9i*N$% zA#1HHCvu>;8BzCXou#i#@U{iE|5gUI-1rI>U;GXyS!%&zau%-X{w>GW%-4|x48m@LOoDz7| zvasSBox-nUZ|B*Q1m-z6uEe5iN#F7%u+#g}y3drA1YRN*qRfSem8eQLSuCgy zSMChP5?zTRUzIY`a%OIBUA?qdroIW7<@r0?{m6F*^JsAuQ|rp5&Pl83;YQYQb2ox^ zmr}(>qfE1H<7%RKVsbz1we=N0Cf9qvC@KQf@Y=w$;o0l87$kgo3%m!-w$-;ydHgO= zBa=yy7;qHjWA0l5`gqk6Xt*#RC)(j;oq@;ptXN=Y@d+Z_v6UDvP?G&#l5rEbSI*z@ zXTaE_=*%+39wz>D#V!fzu7(WPhxTV49m@IkfkUWA(zLBYxJQyRoe>!Q;lnDEy6JOb zbby4hLiOSTwO01x)jf~|a9JNNeb+2-)a%&Qr#Bft9B$S$a``>J#N(pnjg~#K!{_N( zhi?aa{*bdA?Rt1WqMf~xGvvIE%eElvTyNvyn>P-eAS)C1ScRwKAt|DvhsJ#+Hr~fS zC%6SKdst@dd0KIYiJac?g$h~GRTo7BnI~U&PP{vxp(ye0;cQCl{F%aIYRZc|IAwWS zVCN~Lrbt|$c)C3t#l>t&9LFA9(3t<&F2+&(`{?Dlqh&Ua`#j~MoY#i9>NtJFH!R+Y z;|d>DDvUVjfqqPVUW;C$T*KKXvAs71xE@r<(CSirp3DQ zsvle!4(PE2dAuR2FLNM@xu-_I410|q6N$(TCbvd^^1e~Nn#Kww=KH5H(a_bop_~_=wndCj96vS`o}zNl zTFN%Xw~kv-C|GSz#k2z~$Ey}u3#`P&{(h_9+Ql1|UjphO%}zxM^H!De zvHt3WXCJh5qsD1@?&tjX-R4NQ)1A)VwjrDiKdS=6d5jpzXx&ex?0s^1%Km~!SpNS$ zvzr$m_#;uvNCAV6>EPi=3O&w`X*wtVz*={~WmSuVCKHK#j>?+d$}~;e!K$TkP@kp z$Dle}G>~og``4I!%E(=P%5AJ^*bP0@rZ+8g^5_YWWzMyIND$D|qWq!UFH6VafU1vrP{xl6&{pB$^(|9q5y)@##stbLfV{i;|RD<6(T`$-VvYmqib;T|8&Yft|aS+ny%k$X&aQ z;Ic|Zc*(K!a>WPM$feYFKB_5wU|#=mddEry%2RL7GWYs=N?6@jv&iZq{+1URSj5G) zjne+TP*)s<$zQTM0+aHZu{$HG_mINkTNUtD$2~(+e&hx^dIW|E+mPz@K5Y)R%cVP& z{PUxe*w+93)i?1XVtZ(B!4u;`Xb(7n9{-^prIdMNW+ODWbd7O@( z1H+t!5zLvrf8SpIX#II59h#l%v;r+N<(FHMTP?a-TD~!2m2u@(+s0q`>uyiX=gQ*@ zweB*EcaWk*j|Is!TB9KE3WUn?4Si0Pro5*7R#~7N&yy%mOe}dx23vrK>k?O^%2vt? zd+C==3GPy7a6CL$_Wm@*4wzjD4Yi{5V4&gQ*V=6S~7m*H+b>naIX(1x5d*R$(KSB4pI!mBm=HTxzcpfY}lXA@dCE8 z6U_4(@&Si5x1MahyzgR;r7K^R~|J>wiFu^q|%-dU5$k@a~3tTMRV`f zo{hwseJF3SUMT1kDStZghIGKd{$)VY#UXpq0OUE1{hOlOD(l|wEfu9$G&wRmluI=b zE0FP!7;(AJ1V2<<;Zd4<-~Q$jdh}bU-kvRmGbJqag9?N zZHFm0ku>n{F7(zW43r12t|dQN2``d*$QMAf2QQzz_4j4UNrYE5=E+^zq!DYT_vX{T zu@|_4v0t>5l=dL#AR>38L9^}CKdVc*JYF>a|9=CNVd$Gux5%CQ!(X$s^_7Z~!}N21 zG}&ytw(9qnC$<>Hi9h@v3$x+WqjxA~W{^{X`zKT_aZ^FzK|XP(Zw_018k?w<3|^VG zr8MP}S6jEo?D?q*+I{DB4a)45?)+gbZCo(<-z1Q;m3-Lg>n>O)gNsTvUs~A5u*5oi z-(KEVntS1$^Pi|cDTh2u!#vjRJFnjNB)L0pYB=(b`tXy_bJJ|G578H`a|A%aVjGBo&#B)%rpKI9^$-TjA#u|Mug^vGeo9- zP)&Ms?OJ@tt4)8sr~jW7idE)H)TqdpI52c5kAu?1=iWhccRG!Dvv5z*+q3| zka2)O^ea(;x;8d;PIdN!;KFpHH=POBMR1dd{uWgI#-^s!AtpBl^_5QufLVuUAQb@Q zuWaddcF?M-AxK0d`w8m-B)SVDB?Dv7g-h$qMw;Io9VD8)N4rbcqsIfuhK=-;hX7oo zLX&W1ON0DBgE+th{TYeCeo~!;3i1o!69F??O}Z(dqICLQ)}5o3*_$R=!y_Uhe*FFv zI?(k61R52B&j!1}FEEf7NH>yGL%NkDhymcIN8nl=EiuDmxFcKgN+^QoVJ&?8$5Rg=y#*FV1<-e#GyvrF0L zxQT4vUYG36J#r5nPFU-*3zz-dSFY`k6rPBt8X?1wTxv)oCkmG&n+$L>r9TjWall>)iSjjqL_}KE zkkWfwW(d)D0kXPz_T~;#!d)VAY-HsDqErP);ny)PfYCY50*nvT)We#Hk7Ti#)hU#c%4n-t)4AFipoI*v}pw zNY75ni$vlZpiWBHcT@>T&j_k8^ymcfFA=+qAmlOhfj~x9H8wVW^cn$f6J2bU6N!I7 z6?EI3?6Y%Iz2pWNMu&kNCk<{;fRdf(eiB?wVPip$3e9&nOG&XNsfPxj zzYT_eDHXxHHkG>C6CF#dhTD5kBm)BT4Tw{RGYs|Us(=<1gVGWq4G)$oD=UwIThoW> zRa-l@j(nCf0|FY>iMYQJyim ztLQmyI`2iHxDrDfXqT}~TVn+4701HKrZ4%8iur~IZOh-gqv;oH(ye+rA3VlKu>7Lu z<~ z)l!HfCZVvwYDXH)@GPV7n>U~Z1lV3SO-d6gp(rm?{g&p7%QZV|#~F@R8k+dN<`Znc zQA8BdU-OdwpK0UsCZ>&3_)&$|+^)suVmau}LzU&<56LjYf)c>D(MAU_b*fDQ0x!?j zd;;RT)m$T9$y*VyZU+pFN%6To&DhEJ-$cd4Tmc^jcLy;`HW}BE+lQt;k~$Muhr-fD|%h#92EFP_7JLL|z8bSqU!LJ0uh=w)8?)FxJ&A7Ic9zxRIxv^C< z(d&|slyteJsa{o@_|S6G=b-CqYm%Y|PY1Dm&Jle7Uf?c50;Cmx&rg zzykLM0OjL&&{4VWi_xg}$S9;HZ%Le4JL#@~CZoT8shv7?D*a6iRqR`{u8No+83-L)yNE`=o5%^=# zb#%+o>b2@cl9MG4aDwp@1k+}3FOdb?Rsbf}pdN(rEXYNALlLo@PgPt&{ z{@K~tN4f#^6`B(`WMX1F^;<}(`m6IU^p)sRDEj3`JPjB`;5iDXW3Ql;9Q3uyZ4(b0 z)m1fKAj+uP8EVntNuNh{%NAArmT~R8($b6RR^e8!Z<&kpWgF&FZ@l*WzGI6HRq*#*J%D2{q z^^M!natenld@(AHRkhJn9mWFiVF-BI7x{M?S=ofgk2hX&(cnT~A{B)qlz#DmcKJJS zCTnVHN^vtXFhqOV=DP4tV-*7Efwm+E4ef?reFJ}r7}riO?4CgdJ6(;UKcdZ!4?typ zwwr zafFtJyu7?6udk4}zn#D3zU)C95tg&0%Oo&F$ED&NAmzJZ^@{YEG8k0S`s91XdbOlA zSFT*i>uEvpcf&O`%)vI9rG#`KQB)fbmO1CHI}B*opzm4E!oq?M5jC*u+w5%E!r|ZO zrHi-0?5BNq3JMK<dllcm2G;`>3ptNX^k|29pgen@Ah@!QtcJ=yP$){AGQre3;x_wFPoy2|W= zyx#V>J*GxR+lG#wwb#wVFIrt|98Ws!8ygWcmHc*%tdi7}HFh_hwQUR@^`PO0B4je* z6zoPTG$Ocq2_V5e2?q#O1b{8oJ$sf=Q&Zp5Pw(QS90=%2M=)mC{WUnUnc!u>h?N>V z^7>J;o*b&+;}8=2Erp9xSQpMxO}0{`9|oj;mCek!=;-JO>)2nJ$DjWw&iSpvjYaK+ zHaDG@2;wKqbqSvP=|bam>(}p_dklL= zI(-oJ72xN1AfKU3(?2kJ#QfYaX!%Uo~-lHFMMdQ$cs%Vcm8`0dpPLzM5`WcrAPx4>><$@ z?YvcjQ8#b$?%cTspryeJ_8WynH+Lx>51CtRoIwd8uBB^7Bei81?O@09Q z`pOzdvLD<*(w}c+WCW@sW#4`5hUsf}PsIF2B@X=xs}bxB4i4t!x0)uWe@S3Qc(&%J zL}KYr!5%2ENJ>gF&WLge;{U}UEBY#4^{!tVUTbV{&7F7A*ettgeo(h6%$8k6jC}Nl z#fI>QFOF*zW&ZEWe9D909wKcvlarJ2ZI25ZxPGbuCbsu&3k~%4+%F(@BcJVf5vD!K zH2B@^EBWPKg=@#NH`i%lWo2qa(!?@KNJ;e}z!%+kEj2CeTlm0GDo8d7_wMa} ze9Y98KB*}P4Oo<(ByGOFI7p6HPnY@u_eJ{l^?1$N;efB@>O!MIKPIe5)A9H4>Yx%b z8t&=(0BF_*!I6Lsf7kufu=fmz;AEi5lS!Rd6UL*0E_O{H=cJ{i5@DHJU%)PnwH>v0 zxzM{nls<;f*%|ot&&;^TjmpXfOuSj#J-qGdUvGW;h8BuBr|LJxNxHbWq-JJD+0`{R zs)H?5U@VO9C;VYT*bTL^v^)-Z3epD&t^m$$Fk6VbOZ5bpv`v0t-L^mZZbn6st$5DK z=_$3J#`&*o`@;VN{nO zXu~TkOpn|M`VErCqY#9>|Be|tx^fL*k|m|3y-M5KVJl@Z-d_t%cqJm43h+@bka7*frj$%7Z ziZ9`n^e_)Jd`oS$zRD@b3N`#&;#Le28|eYo+_f&87qt7eYkd&de1agw@;4kNAVP+e zI1Ow@=R)kX1L>`B-#F!t|<-0zc?7UmVcOGr|HBwDab1){Vf zqoOolFtM@Gq7x(R**{7k)?-4`>2nzO^B#`N{%#}LV4jXWq#2$c6OjkuNUL=Cv;uPs zaiwitq>lie%-ERjo-E&^)xD?k*#x8Luy?|W3Qf*-i}7vc<0GBZ!iD!W)YtnnC93ck z(Od@URileUXSkaV)ex@jI&1ERMK{Iq>hbJEi{Oxuqx83mI6#(#CJWs5ykQ+3oj2Bnw-7E| z`f_0K%a>C>r!X8iWuiv9R@MIe`SZZT!-j>{QMTLzjdw@SX|xSGOC9SXp3wXsHzL#o zLkF?92rirLO@1K^ImSfi?h2b(awL7vNhiHGlB~^Vwb8l~N+5-h1B(Ulr>H~CJp6A=P zw(~N4E0-@f;yh$-&V&8b1W6_YCOkN5kS`pjBV8m&h?((g5iosjdi*3+Jx|F=PL=UW zSUzI%EV)(ke9@?d&@z!sl#syQj0g*(LU>12zrG22Cy9yGX$`HdN9dj)1V@{T93ag} za|i}PfQ6+nEDA+hr#2xB%_vW@gda6a=p6SbDJjW|{{WGmg6#ydLokf`*{+~$9}tXc zzC8%3I_T-YwB8WDpzwEg@^o_ynjBF5hp3i6tTU@*Y!? z5|`nbbL<}Qv!sGG+#qFp%a$9cJ{*F_$}S+g-;wt{AYjGnjS{K#VP&VAHe)HnXVdKZ zHZ%lV-jo%F1CoC0)~zHVm1hCBY&V2G3a;@G=5A0B*D{LP-^CB11>_?kZI3J$OeRUE z-a8<`#KpCPeY5}>27pVE8HI=oClaNB=qijBBgwH1bhQvmx&(io^hpNlo(BR;aJunK zA|i~tol=M2Wpg7YC8|IkGlMA?AZd{RCvSD_mM!T1dK}Us0)m3d@csaP_%JfUKydo{ z`qZZxs^It3)YPOte3(mDi&P z4-Ui_=}zI^Q12ma{;;VCZW}QYUStcGV?>pPoUgKKbhY1){ITCIB=ihaV9Tz>g9{=_ zc1L;R`%ZO z<{BeB1X)VU%)dL~0J2gbK#)v$=Jk7tf&aUBjzO-~!_3SY7)(op1pdBMY2s&WexczM zeiH&nkez#d_IS~0G5f|RPIFw?z-aCf0vkFA7Dwj ziP8+^aV7hr`5R|5qkm>tc}`^y$U9ShGmDt3vmJV^D7Lw4p7D@Whx6%> SO>|WFqp7-oZ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From ca22e20ef7f94dc2530d60438ea34798c20bda2b Mon Sep 17 00:00:00 2001 From: Jen Travinski Date: Fri, 10 Sep 2021 16:06:54 -0400 Subject: [PATCH 26/29] Documented new CVEs (#3507) --- content/rancher/v2.6/en/security/cve/_index.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/rancher/v2.6/en/security/cve/_index.md b/content/rancher/v2.6/en/security/cve/_index.md index afd2bc0c0c9..b97cf1a59c5 100644 --- a/content/rancher/v2.6/en/security/cve/_index.md +++ b/content/rancher/v2.6/en/security/cve/_index.md @@ -7,6 +7,9 @@ Rancher is committed to informing the community of security issues in our produc | ID | Description | Date | Resolution | |----|-------------|------|------------| +| [CVE-2021-25318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25318) | A vulnerability was discovered in Rancher versions 2.0 through the aforementioned fixed versions, where users were granted access to resources regardless of the resource's API group. For example, Rancher should have allowed users access to `apps.catalog.cattle.io`, but instead incorrectly gave access to `apps.*`. Resources affected in the **Downstream clusters** and **Rancher management cluster** can be found [here](https://github.com/rancher/rancher/security/advisories/GHSA-f9xf-jq4j-vqw4). There is not a direct mitigation besides upgrading to the patched Rancher versions. | 14 Jul 2021 | [Rancher v2.5.9](https://github.com/rancher/rancher/releases/tag/v2.5.9) and [Rancher v2.4.16](https://github.com/rancher/rancher/releases/tag/v2.4.16) | +| [CVE-2021-31999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31999) | A vulnerability was discovered in Rancher 2.0.0 through the aforementioned patched versions, where a malicious Rancher user could craft an API request directed at the proxy for the Kubernetes API of a managed cluster to gain access to information they do not have access to. This is done by passing the "Impersonate-User" or "Impersonate-Group" header in the Connection header, which is then correctly removed by the proxy. At this point, instead of impersonating the user and their permissions, the request will act as if it was from the Rancher management server and incorrectly return the information. The vulnerability is limited to valid Rancher users with some level of permissions on the cluster. There is not a direct mitigation besides upgrading to the patched Rancher versions. | 14 Jul 2021 | [Rancher v2.5.9](https://github.com/rancher/rancher/releases/tag/v2.5.9) and [Rancher v2.4.16](https://github.com/rancher/rancher/releases/tag/v2.4.16) | +| [CVE-2021-25320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25320) | A vulnerability was discovered in Rancher 2.2.0 through the aforementioned patched versions, where cloud credentials weren't being properly validated through the Rancher API. Specifically through a proxy designed to communicate with cloud providers. Any Rancher user that was logged-in and aware of a cloud-credential ID that was valid for a given cloud provider, could call that cloud provider's API through the proxy API, and the cloud-credential would be attached. The exploit is limited to valid Rancher users. There is not a direct mitigation outside of upgrading to the patched Rancher versions. | 14 Jul 2021 | [Rancher v2.5.9](https://github.com/rancher/rancher/releases/tag/v2.5.9) and [Rancher v2.4.16](https://github.com/rancher/rancher/releases/tag/v2.4.16) | | [CVE-2021-25313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25313) | A security vulnerability was discovered on all Rancher 2 versions. When accessing the Rancher API with a browser, the URL was not properly escaped, making it vulnerable to an XSS attack. Specially crafted URLs to these API endpoints could include JavaScript which would be embedded in the page and execute in a browser. There is no direct mitigation. Avoid clicking on untrusted links to your Rancher server. | 2 Mar 2021 | [Rancher v2.5.6](https://github.com/rancher/rancher/releases/tag/v2.5.6), [Rancher v2.4.14](https://github.com/rancher/rancher/releases/tag/v2.4.14), and [Rancher v2.3.11](https://github.com/rancher/rancher/releases/tag/v2.3.11) | | [CVE-2019-14435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14435) | This vulnerability allows authenticated users to potentially extract otherwise private data out of IPs reachable from system service containers used by Rancher. This can include but not only limited to services such as cloud provider metadata services. Although Rancher allow users to configure whitelisted domains for system service access, this flaw can still be exploited by a carefully crafted HTTP request. The issue was found and reported by Matt Belisle and Alex Stevenson at Workiva. | 5 Aug 2019 | [Rancher v2.2.7](https://github.com/rancher/rancher/releases/tag/v2.2.7) and [Rancher v2.1.12](https://github.com/rancher/rancher/releases/tag/v2.1.12) | | [CVE-2019-14436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14436) | The vulnerability allows a member of a project that has access to edit role bindings to be able to assign themselves or others a cluster level role granting them administrator access to that cluster. The issue was found and reported by Michal Lipinski at Nokia. | 5 Aug 2019 | [Rancher v2.2.7](https://github.com/rancher/rancher/releases/tag/v2.2.7) and [Rancher v2.1.12](https://github.com/rancher/rancher/releases/tag/v2.1.12) | From 4a9ff6467b13f02b93d9b756abd981da9e11dc3a Mon Sep 17 00:00:00 2001 From: Jen Travinski Date: Fri, 10 Sep 2021 16:21:46 -0400 Subject: [PATCH 27/29] Documented default SUC deployment with Rancher k3s upgrades (#3499) * Documented default SUC deployment w/k3s upgrades * Revised wording on k3s upgrades --- content/k3s/latest/en/upgrades/automated/_index.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/content/k3s/latest/en/upgrades/automated/_index.md b/content/k3s/latest/en/upgrades/automated/_index.md index d61e541d5c3..cc9be6c00c3 100644 --- a/content/k3s/latest/en/upgrades/automated/_index.md +++ b/content/k3s/latest/en/upgrades/automated/_index.md @@ -24,14 +24,19 @@ For more details on the design and architecture of the system-upgrade-controller - [system-upgrade-controller](https://github.com/rancher/system-upgrade-controller) - [k3s-upgrade](https://github.com/rancher/k3s-upgrade) -To automate upgrades in this manner you must: +To automate upgrades in this manner, you must do the following: 1. Install the system-upgrade-controller into your cluster 1. Configure plans +>**Note:** Users can and should use Rancher to upgrade their K3s cluster if Rancher is managing it. +> +> * If you choose to use Rancher to upgrade, the following steps below are taken care of for you. +> * If you choose not to use Rancher to upgrade, you must use the following steps below to do so. + ### Install the system-upgrade-controller -The system-upgrade-controller can be installed as a deployment into your cluster. The deployment requires a service-account, clusterRoleBinding, and a configmap. To install these components, run the following command: + The system-upgrade-controller can be installed as a deployment into your cluster. The deployment requires a service-account, clusterRoleBinding, and a configmap. To install these components, run the following command: ``` kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/download/v0.6.2/system-upgrade-controller.yaml ``` From 6eaf17ffb2f0e1b5175e3da92a9c9f504c8dce3b Mon Sep 17 00:00:00 2001 From: Jordi Prats Date: Fri, 10 Sep 2021 23:54:23 +0200 Subject: [PATCH 28/29] Fix image upgrade plan (#3288) Hi, For the agent plan, there's no need to specify the rancher/k3s-upgrade version --- content/k3s/latest/en/upgrades/automated/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/k3s/latest/en/upgrades/automated/_index.md b/content/k3s/latest/en/upgrades/automated/_index.md index cc9be6c00c3..32264b4eeed 100644 --- a/content/k3s/latest/en/upgrades/automated/_index.md +++ b/content/k3s/latest/en/upgrades/automated/_index.md @@ -83,7 +83,7 @@ spec: args: - prepare - server-plan - image: rancher/k3s-upgrade:v1.17.4-k3s1 + image: rancher/k3s-upgrade serviceAccountName: system-upgrade upgrade: image: rancher/k3s-upgrade From 53d9ecec1f1b7af992cbcb99d9a6f84dc58c1c44 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Sat, 11 Sep 2021 22:27:56 -0700 Subject: [PATCH 29/29] Fix links --- .../v2.6/en/admin-settings/rke-templates/_index.md | 2 +- .../editing-clusters/rke-config-reference/_index.md | 2 +- .../editing-clusters/rke2-config-reference/_index.md | 2 +- .../rancher/v2.6/en/cluster-admin/nodes/_index.md | 2 +- .../v2.6/en/cluster-admin/restoring-etcd/_index.md | 2 +- .../en/cluster-admin/volumes-and-storage/_index.md | 2 +- .../provisioning-new-storage/_index.md | 2 +- .../en/cluster-provisioning/production/_index.md | 2 +- .../en/cluster-provisioning/rke-clusters/_index.md | 2 +- .../rke-clusters/custom-nodes/_index.md | 4 ++-- .../rke-clusters/node-pools/ec2/_index.md | 2 +- .../ec2/ec2-node-template-config/_index.md | 4 ++-- .../vsphere/provisioning-vsphere-clusters/_index.md | 4 ++-- .../rke-clusters/windows-clusters/_index.md | 4 ++-- content/rancher/v2.6/en/faq/technical/_index.md | 4 ++-- .../single-node-install-external-lb/_index.md | 2 +- .../resources/choosing-version/_index.md | 4 ++-- .../resources/k8s-tutorials/ha-RKE/_index.md | 4 ++-- .../infrastructure-tutorials/ec2-node/_index.md | 2 +- .../resources/local-system-charts/_index.md | 2 +- .../helm-2-instructions/_index.md | 2 +- content/rancher/v2.6/en/k8s-in-rancher/_index.md | 2 +- .../overview/architecture-recommendations/_index.md | 2 +- content/rancher/v2.6/en/pipelines/_index.md | 12 ++++++------ content/rancher/v2.6/en/pipelines/config/_index.md | 8 ++++---- content/rancher/v2.6/en/pipelines/example/_index.md | 2 +- .../v2.6/en/project-admin/pipelines/_index.md | 2 +- .../v2.6/en/project-admin/project-members/_index.md | 2 +- 28 files changed, 43 insertions(+), 43 deletions(-) diff --git a/content/rancher/v2.6/en/admin-settings/rke-templates/_index.md b/content/rancher/v2.6/en/admin-settings/rke-templates/_index.md index b947f5a9035..9d259bcc1bf 100644 --- a/content/rancher/v2.6/en/admin-settings/rke-templates/_index.md +++ b/content/rancher/v2.6/en/admin-settings/rke-templates/_index.md @@ -102,7 +102,7 @@ You can [save the configuration of an existing cluster as an RKE template.]({{}}/rancher/v2.6/en/admin-settings/rke-templates/rke-templates-and-hardware). -Another option is to use [cluster templates,](../../cluster-templates) which include node pool configuration options, but don't provide configuration enforcement. For details on the differences between cluster templates and RKE templates, see [this page.](../../cluster-templates/template-differences) +Another option is to use [cluster templates,]({{}}/rancher/v2.6/en/admin-settings/cluster-templates) which include node pool configuration options, but don't provide configuration enforcement. # YAML Customization diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md index 2b9ca444871..be2c01bd1d6 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke-config-reference/_index.md @@ -110,7 +110,7 @@ Project network isolation is available if you are using any RKE network plugin t ### Kubernetes Cloud Providers -You can configure a [Kubernetes cloud provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers). If you want to use dynamically provisioned [volumes and storage]({{}}/rancher/v2.6/en/k8s-in-rancher/volumes-and-storage/) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers). If you want to use dynamically provisioned [volumes and storage]({{}}/rancher/v2.6/en/k8s-in-rancher/volumes-and-storage/) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. >**Note:** If the cloud provider you want to use is not listed as an option, you will need to use the [config file option](#cluster-config-file) to configure the cloud provider. Please reference the [RKE cloud provider documentation]({{}}/rke/latest/en/config-options/cloud-providers/) on how to configure the cloud provider. diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke2-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke2-config-reference/_index.md index 42f08416ea9..b0afd7b152c 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke2-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke2-config-reference/_index.md @@ -41,7 +41,7 @@ For more details on the different networking providers and how to configure them #### Cloud Provider -You can configure a [Kubernetes cloud provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers). If you want to use dynamically provisioned [volumes and storage]({{}}/rancher/v2.6/en/k8s-in-rancher/volumes-and-storage/) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. +You can configure a [Kubernetes cloud provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers). If you want to use dynamically provisioned [volumes and storage]({{}}/rancher/v2.6/en/k8s-in-rancher/volumes-and-storage/) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. >**Note:** If the cloud provider you want to use is not listed as an option, you will need to use the [config file option](#cluster-config-file) to configure the cloud provider. Please reference [this documentation]({{}}/rke/latest/en/config-options/cloud-providers/) on how to configure the cloud provider. diff --git a/content/rancher/v2.6/en/cluster-admin/nodes/_index.md b/content/rancher/v2.6/en/cluster-admin/nodes/_index.md index bd3300fff8a..a60fb2d562a 100644 --- a/content/rancher/v2.6/en/cluster-admin/nodes/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/nodes/_index.md @@ -5,7 +5,7 @@ weight: 2030 After you launch a Kubernetes cluster in Rancher, you can manage individual nodes from the cluster's **Node** tab. Depending on the [option used]({{}}/rancher/v2.6/en/cluster-provisioning/) to provision the cluster, there are different node options available. -> If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters]({{< baseurl >}}/rancher/v2.6/en/k8s-in-rancher/editing-clusters). +> If you want to manage the _cluster_ and not individual nodes, see [Editing Clusters]({{< baseurl >}}/rancher/v2.6/en/cluster-admin/editing-clusters). This section covers the following topics: diff --git a/content/rancher/v2.6/en/cluster-admin/restoring-etcd/_index.md b/content/rancher/v2.6/en/cluster-admin/restoring-etcd/_index.md index 1d27fdd5dc6..099fa8295f3 100644 --- a/content/rancher/v2.6/en/cluster-admin/restoring-etcd/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/restoring-etcd/_index.md @@ -74,7 +74,7 @@ If the group of etcd nodes loses quorum, the Kubernetes cluster will report a fa 5. Run the revised command. -6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/custom-nodes) and you want to reuse an old node, you are required to [clean up the nodes]({{}}/rancher/v2.6/en/faq/cleaning-cluster-nodes/) before attempting to add them back into a cluster. +6. After the single nodes is up and running, Rancher recommends adding additional etcd nodes to your cluster. If you have a [custom cluster]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/custom-nodes) and you want to reuse an old node, you are required to [clean up the nodes]({{}}/rancher/v2.6/en/cluster-admin/cleaning-cluster-nodes/) before attempting to add them back into a cluster. # Enabling Snapshot Features for Clusters Created Before Rancher v2.2.0 diff --git a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/_index.md b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/_index.md index 91ae4fec196..9467dfa660f 100644 --- a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/_index.md @@ -13,7 +13,7 @@ To set up persistent storage, the `Manage Volumes` [role]({{}}/rancher/ If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers/) +For provisioning new storage with Rancher, the cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/) For attaching existing persistent storage to a cluster, the cloud provider does not need to be enabled. diff --git a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/provisioning-new-storage/_index.md b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/provisioning-new-storage/_index.md index 2d2fb6176ca..52b13e5d662 100644 --- a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/provisioning-new-storage/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/provisioning-new-storage/_index.md @@ -20,7 +20,7 @@ To provision new storage for your workloads, follow these steps: - To set up persistent storage, the `Manage Volumes` [role]({{}}/rancher/v2.6/en/admin-settings/rbac/cluster-project-roles/#project-role-reference) is required. - If you are provisioning storage for a cluster hosted in the cloud, the storage and cluster hosts must have the same cloud provider. -- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers/) +- The cloud provider must be enabled. For details on enabling cloud providers, refer to [this page.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/) - Make sure your storage provisioner is available to be enabled. The following storage provisioners are enabled by default: diff --git a/content/rancher/v2.6/en/cluster-provisioning/production/_index.md b/content/rancher/v2.6/en/cluster-provisioning/production/_index.md index 53a6f83f09d..c0c61b54f01 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/production/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/production/_index.md @@ -47,4 +47,4 @@ number of nodes for each Kubernetes role, refer to the section on [recommended a ### Networking * Minimize network latency. Rancher recommends minimizing latency between the etcd nodes. The default setting for `heartbeat-interval` is `500`, and the default setting for `election-timeout` is `5000`. These [settings for etcd tuning](https://coreos.com/etcd/docs/latest/tuning.html) allow etcd to run in most networks (except really high latency networks). -* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers/) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). +* Cluster nodes should be located within a single region. Most cloud providers provide multiple availability zones within a region, which can be used to create higher availability for your cluster. Using multiple availability zones is fine for nodes with any role. If you are using [Kubernetes Cloud Provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/) resources, consult the documentation for any restrictions (i.e. zone storage restrictions). diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/_index.md index d6daea2408b..66fea5d3088 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/_index.md @@ -51,6 +51,6 @@ For more information, refer to the section on [launching Kubernetes on new nodes In this scenario, you want to install Kubernetes on bare-metal servers, on-prem virtual machines, or virtual machines that already exist in a cloud provider. With this option, you will run a Rancher agent Docker container on the machine. -If you want to reuse a node from a previous custom cluster, [clean the node]({{}}/rancher/v2.6/en/admin-settings/removing-rancher/rancher-cluster-nodes/) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node]({{}}/rancher/v2.6/en/cluster-admin/cleaning-cluster-nodes/) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. For more information, refer to the section on [custom nodes.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/custom-nodes/) diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/custom-nodes/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/custom-nodes/_index.md index c877c86f746..fcf49838d16 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/custom-nodes/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/custom-nodes/_index.md @@ -33,7 +33,7 @@ Begin creation of a custom cluster by provisioning a Linux host. Your host can b - An on-prem VM - A bare-metal server -If you want to reuse a node from a previous custom cluster, [clean the node]({{}}/rancher/v2.6/en/admin-settings/removing-rancher/rancher-cluster-nodes/) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. +If you want to reuse a node from a previous custom cluster, [clean the node]({{}}/rancher/v2.6/en/cluster-admin/cleaning-cluster-nodes/) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. Provision the host according to the [installation requirements]({{}}/rancher/v2.6/en/cluster-provisioning/node-requirements) and the [checklist for production-ready clusters.]({{}}/rancher/v2.6/en/cluster-provisioning/production) @@ -65,7 +65,7 @@ If you're using Amazon EC2 as your host and want to use the [dual-stack](https:/ >- Using Windows nodes as Kubernetes workers? See [this section]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/). >- Bare-Metal Server Reminder: If you plan on dedicating bare-metal servers to each role, you must provision a bare-metal server for each role (i.e. provision multiple bare-metal servers). -8. **Optional**: Click **[Show advanced options]({{}}/rancher/v2.6/en/admin-settings/agent-options/)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. +8. **Optional**: Click **[Show advanced options]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/rancher-agents/)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. 9. Copy the command displayed on screen to your clipboard. diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/_index.md index cb6bd571f1f..65f1687bed0 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/_index.md @@ -61,7 +61,7 @@ Add one or more node pools to your cluster. For more information about node pool 1. Click **Amazon EC2**. 1. Create a node pool for each Kubernetes role. For each node pool, choose a node template that you created. For more information about node pools, including best practices for assigning Kubernetes roles to them, see [this section.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools) 1. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers/) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options) +1. Use **Cluster Options** to choose the version of Kubernetes that will be installed, what network provider will be used and if you want to enable project network isolation. Refer to [Selecting Cloud Providers]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/) to configure the Kubernetes Cloud Provider. For help configuring the cluster, refer to the [RKE cluster configuration reference.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options) >**Note:** If you want to use the [dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/) feature, there are additional [requirements]({{}}/rke//latest/en/config-options/dual-stack#requirements) that must be taken into consideration. 1. Click **Create**. diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/ec2-node-template-config/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/ec2-node-template-config/_index.md index 7d52f4f8c07..6e3a1b0dc8c 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/ec2-node-template-config/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/ec2-node-template-config/_index.md @@ -21,7 +21,7 @@ See [Amazon Documentation: Adding Permissions to a User (Console)](https://docs. See our three example JSON policies: - [Example IAM Policy]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/#example-iam-policy) -- [Example IAM Policy with PassRole]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers) or want to pass an IAM Profile to an instance) +- [Example IAM Policy with PassRole]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/#example-iam-policy-with-passrole) (needed if you want to use [Kubernetes Cloud Provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers) or want to pass an IAM Profile to an instance) - [Example IAM Policy to allow encrypted EBS volumes]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/ec2/#example-iam-policy-to-allow-encrypted-ebs-volumes) policy to an user. ### Authenticate & Configure Nodes @@ -38,7 +38,7 @@ Please refer to [Amazon EC2 security group when using Node Driver]({{}} Configure the instances that will be created. Make sure you configure the correct **SSH User** for the configured AMI. It is possible that a selected region does not support the default instance type. In this scenario you must select an instance type that does exist, otherwise an error will occur stating the requested configuration is not supported. -If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers), you will need an additional permission in your policy. See [Example IAM policy with PassRole](#example-iam-policy-with-passrole) for an example policy. +If you need to pass an **IAM Instance Profile Name** (not ARN), for example, when you want to use a [Kubernetes Cloud Provider]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers), you will need an additional permission in your policy. See [Example IAM policy with PassRole](#example-iam-policy-with-passrole) for an example policy. ### Engine Options diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/vsphere/provisioning-vsphere-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/vsphere/provisioning-vsphere-clusters/_index.md index 9f98b33adbc..18b9d24a741 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/vsphere/provisioning-vsphere-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/vsphere/provisioning-vsphere-clusters/_index.md @@ -9,7 +9,7 @@ First, you will set up your vSphere cloud credentials in Rancher. Then you will Then you will create a vSphere cluster in Rancher, and when configuring the new cluster, you will define node pools for it. Each node pool will have a Kubernetes role of etcd, controlplane, or worker. Rancher will install RKE Kubernetes on the new nodes, and it will set up each node with the Kubernetes role defined by the node pool. -For details on configuring the vSphere node template, refer to the [vSphere node template configuration reference.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/vsphere/provisioning-vsphere-clusters/node-template-reference/) +For details on configuring the vSphere node template, refer to the [vSphere node template configuration reference.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/vsphere/vsphere-node-template-config/) For details on configuring RKE Kubernetes clusters in Rancher, refer to the [cluster configuration reference.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options) @@ -26,7 +26,7 @@ The node templates are documented and tested with the vSphere Web Services API v Before proceeding to create a cluster, you must ensure that you have a vSphere user with sufficient permissions. When you set up a node template, the template will need to use these vSphere credentials. -Refer to this [how-to guide]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/vsphere/provisioning-vsphere-clusters/creating-credentials) for instructions on how to create a user in vSphere with the required permissions. These steps result in a username and password that you will need to provide to Rancher, which allows Rancher to provision resources in vSphere. +Refer to this [how-to guide]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/vsphere/creating-credentials) for instructions on how to create a user in vSphere with the required permissions. These steps result in a username and password that you will need to provide to Rancher, which allows Rancher to provision resources in vSphere. ### Network Permissions diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md index 8411c7e7198..56228d49c21 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md @@ -105,7 +105,7 @@ Windows requires that containers must be built on the same Windows Server versio ### Cloud Provider Specific Requirements -If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers/) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. +If you set a Kubernetes cloud provider in your cluster, some additional steps are required. You might want to set a cloud provider if you want to want to leverage a cloud provider's capabilities, for example, to automatically provision storage, load balancers, or other infrastructure for your cluster. Refer to [this page]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/) for details on how to configure a cloud provider cluster of nodes that meet the prerequisites. If you are using the GCE (Google Compute Engine) cloud provider, you must do the following: @@ -180,7 +180,7 @@ The first node in your cluster should be a Linux host has both the **Control Pla 1. In the **Node Operating System** section, click **Linux**. 1. In the **Node Role** section, choose at least **etcd** and **Control Plane**. We recommend selecting all three. -1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent]({{}}/rancher/v2.6/en/admin-settings/agent-options/) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +1. Optional: If you click **Show advanced options,** you can customize the settings for the [Rancher agent]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/custom-nodes/agent-options/) and [node labels.](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) 1. Copy the command displayed on the screen to your clipboard. 1. SSH into your Linux host and run the command that you copied to your clipboard. 1. When you are finished provisioning your Linux node(s), select **Done**. diff --git a/content/rancher/v2.6/en/faq/technical/_index.md b/content/rancher/v2.6/en/faq/technical/_index.md index c616ebfd0d8..11f25ca0a35 100644 --- a/content/rancher/v2.6/en/faq/technical/_index.md +++ b/content/rancher/v2.6/en/faq/technical/_index.md @@ -52,7 +52,7 @@ Node Templates can be accessed by opening your account menu (top right) and sele ### Why is my Layer-4 Load Balancer in `Pending` state? -The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers/) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) +The Layer-4 Load Balancer is created as `type: LoadBalancer`. In Kubernetes, this needs a cloud provider or controller that can satisfy these requests, otherwise these will be in `Pending` state forever. More information can be found on [Cloud Providers]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/) or [Create External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) ### Where is the state of Rancher stored? @@ -86,7 +86,7 @@ The UI consists of static files, and works based on responses of the API. That m A node is required to have a static IP configured (or a reserved IP via DHCP). If the IP of a node has changed, you will have to remove it from the cluster and readd it. After it is removed, Rancher will update the cluster to the correct state. If the cluster is no longer in `Provisioning` state, the node is removed from the cluster. -When the IP address of the node changed, Rancher lost connection to the node, so it will be unable to clean the node properly. See [Cleaning cluster nodes]({{}}/rancher/v2.6/en/faq/cleaning-cluster-nodes/) to clean the node. +When the IP address of the node changed, Rancher lost connection to the node, so it will be unable to clean the node properly. See [Cleaning cluster nodes]({{}}/rancher/v2.6/en/cluster-admin/cleaning-cluster-nodes/) to clean the node. When the node is removed from the cluster, and the node is cleaned, you can readd the node to the cluster. diff --git a/content/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb/_index.md b/content/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb/_index.md index a2a0cf80ba5..91972e9aa5f 100644 --- a/content/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb/_index.md +++ b/content/rancher/v2.6/en/installation/resources/advanced/single-node-install-external-lb/_index.md @@ -181,7 +181,7 @@ If you want to record all transactions with the Rancher API, enable the [API Aud ### Air Gap -If you are visiting this page to complete an [Air Gap Installation]({{}}/rancher/v2.6/en/installation/air-gap-installation/), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. +If you are visiting this page to complete an [Air Gap Installation]({{}}/rancher/v2.6/en/installation/other-installation-methods/air-gap), you must pre-pend your private registry URL to the server tag when running the installation command in the option that you choose. Add `` with your private registry URL in front of `rancher/rancher:latest`. **Example:** diff --git a/content/rancher/v2.6/en/installation/resources/choosing-version/_index.md b/content/rancher/v2.6/en/installation/resources/choosing-version/_index.md index 0505311ab2a..db2a8afef31 100644 --- a/content/rancher/v2.6/en/installation/resources/choosing-version/_index.md +++ b/content/rancher/v2.6/en/installation/resources/choosing-version/_index.md @@ -72,10 +72,10 @@ After installing Rancher, if you want to change which Helm chart repository to i helm repo add rancher- https://releases.rancher.com/server-charts/ ``` -4. Continue to follow the steps to [upgrade Rancher]({{}}/rancher/v2.6/en/installation/upgrades-rollbacks/upgrades/ha) from the new Helm chart repository. +4. Continue to follow the steps to [upgrade Rancher]({{}}/rancher/v2.6/en/installation/install-rancher-on-k8s/upgrades) from the new Helm chart repository. {{% /tab %}} {{% tab "Docker Images" %}} -When performing [Docker installs]({{}}/rancher/v2.6/en/installation/single-node), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. +When performing [Docker installs]({{}}/rancher/v2.6/en/installation/other-installation-methods/single-node-docker), upgrades, or rollbacks, you can use _tags_ to install a specific version of Rancher. ### Server Tags diff --git a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md index 225ede6223e..3e8f952de63 100644 --- a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md +++ b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md @@ -11,7 +11,7 @@ This section describes how to install a Kubernetes cluster. This cluster should The Rancher management server can only be run on Kubernetes cluster in an infrastructure provider where Kubernetes is installed using RKE or K3s. Use of Rancher on hosted Kubernetes providers, such as EKS, is not supported. -For systems without direct internet access, refer to [Air Gap: Kubernetes install.]({{}}/rancher/v2.6/en/installation/air-gap-high-availability/) +For systems without direct internet access, refer to [Air Gap: Kubernetes install.]({{}}/rancher/v2.6/en/installation/other-installation-methods/air-gap/) > **Single-node Installation Tip:** > In a single-node Kubernetes cluster, the Rancher server does not have high availability, which is important for running Rancher in production. However, installing Rancher on a single-node cluster can be useful if you want to save resources by using a single node in the short term, while preserving a high-availability migration path. @@ -165,5 +165,5 @@ Save a copy of the following files in a secure location: See the [Troubleshooting]({{}}/rancher/v2.6/en/installation/resources/troubleshooting/) page. -### [Next: Install Rancher]({{}}/rancher/v2.6/en/installation/k8s-install/helm-rancher/) +### [Next: Install Rancher]({{}}/rancher/v2.6/en/installation/install-rancher-on-k8s/) diff --git a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node/_index.md b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node/_index.md index c2a21d94f3c..c4211bae501 100644 --- a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node/_index.md +++ b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/infrastructure-tutorials/ec2-node/_index.md @@ -13,7 +13,7 @@ If the Rancher server is installed in a single Docker container, you only need o ### 1. Optional Preparation -- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/options/cloud-providers/) +- **Create IAM role:** To allow Rancher to manipulate AWS resources, such as provisioning new storage or new nodes, you will need to configure Amazon as a cloud provider. There are several things you'll need to do to set up the cloud provider on EC2, but part of this process is setting up an IAM role for the Rancher server nodes. For the full details on setting up the cloud provider, refer to this [page.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/) - **Create security group:** We also recommend setting up a security group for the Rancher nodes that complies with the [port requirements for Rancher nodes.]({{}}/rancher/v2.6/en/installation/requirements/#port-requirements) ### 2. Provision Instances diff --git a/content/rancher/v2.6/en/installation/resources/local-system-charts/_index.md b/content/rancher/v2.6/en/installation/resources/local-system-charts/_index.md index 7771e875d39..3e39fe26ca0 100644 --- a/content/rancher/v2.6/en/installation/resources/local-system-charts/_index.md +++ b/content/rancher/v2.6/en/installation/resources/local-system-charts/_index.md @@ -11,5 +11,5 @@ In an air gapped installation of Rancher, you will need to configure Rancher to A local copy of `system-charts` has been packaged into the `rancher/rancher` container. To be able to use these features in an air gap install, you will need to run the Rancher install command with an extra environment variable, `CATTLE_SYSTEM_CATALOG=bundled`, which tells Rancher to use the local copy of the charts instead of attempting to fetch them from GitHub. -Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap Docker installation]({{}}/rancher/v2.6/en/installation/air-gap-single-node/install-rancher) instructions and the [air gap Kubernetes installation]({{}}/rancher/v2.6/en/installation/air-gap-high-availability/install-rancher/) instructions. +Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap installation]({{}}/rancher/v2.6/en/installation/other-installation-methods/air-gap) instructions for Docker and Helm installs. diff --git a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md index 413c2400159..6a4efe4867c 100644 --- a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md +++ b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md @@ -75,7 +75,7 @@ In order to upgrade cert-manager, follow these instructions: Before you can perform the upgrade, you must prepare your air gapped environment by adding the necessary container images to your private registry and downloading or rendering the required Kubernetes manifest files. -1. Follow the guide to [Prepare your Private Registry]({{}}/rancher/v2.6/en/installation/air-gap-installation/prepare-private-reg/) with the images needed for the upgrade. +1. Follow the guide to [Prepare your Private Registry]({{}}/rancher/v2.6/en/installation/other-installation-methods/air-gap/populate-private-registry/) with the images needed for the upgrade. 1. From a system connected to the internet, add the cert-manager repo to Helm diff --git a/content/rancher/v2.6/en/k8s-in-rancher/_index.md b/content/rancher/v2.6/en/k8s-in-rancher/_index.md index 5df2b8677ad..0864b408ef3 100644 --- a/content/rancher/v2.6/en/k8s-in-rancher/_index.md +++ b/content/rancher/v2.6/en/k8s-in-rancher/_index.md @@ -52,7 +52,7 @@ For more information, see [Service Discovery]({{}}/rancher/v2.6/en/k8s- After your project has been [configured to a version control provider]({{}}/rancher/v2.6/en/project-admin/pipelines/#1-configure-version-control-providers), you can add the repositories and start configuring a pipeline for each repository. -For more information, see [Pipelines]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/). +For more information, see [Pipelines]({{}}/rancher/v2.6/en/pipelines/). ## Applications diff --git a/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md b/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md index c53af953f71..85b0a3c5ba3 100644 --- a/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md +++ b/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md @@ -108,4 +108,4 @@ For more best practices for downstream clusters, refer to the [production checkl If you are using an [authorized cluster endpoint,]({{}}/rancher/v2.6/en/overview/architecture/#4-authorized-cluster-endpoint) we recommend creating an FQDN pointing to a load balancer which balances traffic across your nodes with the `controlplane` role. -If you are using private CA signed certificates on the load balancer, you have to supply the CA certificate, which will be included in the generated kubeconfig file to validate the certificate chain. See the documentation on [kubeconfig files]({{}}/rancher/v2.6/en/k8s-in-rancher/kubeconfig/) and [API keys]({{}}/rancher/v2.6/en/user-settings/api-keys/#creating-an-api-key) for more information. \ No newline at end of file +If you are using private CA signed certificates on the load balancer, you have to supply the CA certificate, which will be included in the generated kubeconfig file to validate the certificate chain. See the documentation on [kubeconfig files]({{}}/rancher/v2.6/en/cluster-admin/cluster-access/kubeconfig/) and [API keys]({{}}/rancher/v2.6/en/user-settings/api-keys/#creating-an-api-key) for more information. \ No newline at end of file diff --git a/content/rancher/v2.6/en/pipelines/_index.md b/content/rancher/v2.6/en/pipelines/_index.md index 58bd819713f..ebf82d30aaf 100644 --- a/content/rancher/v2.6/en/pipelines/_index.md +++ b/content/rancher/v2.6/en/pipelines/_index.md @@ -35,7 +35,7 @@ This section covers the following topics: # Concepts -For an explanation of concepts and terminology used in this section, refer to [this page.]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/concepts) +For an explanation of concepts and terminology used in this section, refer to [this page.]({{}}/rancher/v2.6/en/pipelines/concepts) # How Pipelines Work @@ -43,7 +43,7 @@ After enabling the ability to use pipelines in a project, you can configure mult A pipeline is configured off of a group of files that are checked into source code repositories. Users can configure their pipelines either through the Rancher UI or by adding a `.rancher-pipeline.yml` into the repository. -Before pipelines can be configured, you will need to configure authentication to your version control provider, e.g. GitHub, GitLab, Bitbucket. If you haven't configured a version control provider, you can always use [Rancher's example repositories]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/example-repos/) to view some common pipeline deployments. +Before pipelines can be configured, you will need to configure authentication to your version control provider, e.g. GitHub, GitLab, Bitbucket. If you haven't configured a version control provider, you can always use [Rancher's example repositories]({{}}/rancher/v2.6/en/pipelines/example-repos/) to view some common pipeline deployments. When you configure a pipeline in one of your projects, a namespace specifically for the pipeline is automatically created. The following components are deployed to it: @@ -61,7 +61,7 @@ When you configure a pipeline in one of your projects, a namespace specifically Minio storage is used to store the logs for pipeline executions. - >**Note:** The managed Jenkins instance works statelessly, so don't worry about its data persistency. The Docker Registry and Minio instances use ephemeral volumes by default, which is fine for most use cases. If you want to make sure pipeline logs can survive node failures, you can configure persistent volumes for them, as described in [data persistency for pipeline components]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/storage). + >**Note:** The managed Jenkins instance works statelessly, so don't worry about its data persistency. The Docker Registry and Minio instances use ephemeral volumes by default, which is fine for most use cases. If you want to make sure pipeline logs can survive node failures, you can configure persistent volumes for them, as described in [data persistency for pipeline components]({{}}/rancher/v2.6/en/pipelines/storage). # Roles-based Access Control for Pipelines @@ -189,7 +189,7 @@ Now that repositories are added to your project, you can start configuring the p 1. In the dropdown menu in the top navigation bar, select the project where you want to configure pipelines. 1. In the left navigation bar, click **Legacy > Project > Pipelines**. 1. Find the repository that you want to set up a pipeline for. -1. Configure the pipeline through the UI or using a yaml file in the repository, i.e. `.rancher-pipeline.yml` or `.rancher-pipeline.yaml`. Pipeline configuration is split into stages and steps. Stages must fully complete before moving onto the next stage, but steps in a stage run concurrently. For each stage, you can add different step types. Note: As you build out each step, there are different advanced options based on the step type. Advanced options include trigger rules, environment variables, and secrets. For more information on configuring the pipeline through the UI or the YAML file, refer to the [pipeline configuration reference.]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/config) +1. Configure the pipeline through the UI or using a yaml file in the repository, i.e. `.rancher-pipeline.yml` or `.rancher-pipeline.yaml`. Pipeline configuration is split into stages and steps. Stages must fully complete before moving onto the next stage, but steps in a stage run concurrently. For each stage, you can add different step types. Note: As you build out each step, there are different advanced options based on the step type. Advanced options include trigger rules, environment variables, and secrets. For more information on configuring the pipeline through the UI or the YAML file, refer to the [pipeline configuration reference.]({{}}/rancher/v2.6/en/pipelines/config) * If you are going to use the UI, select the vertical **⋮ > Edit Config** to configure the pipeline using the UI. After the pipeline is configured, you must view the YAML file and push it to the repository. * If you are going to use the YAML file, select the vertical **⋮ > View/Edit YAML** to configure the pipeline. If you choose to use a YAML file, you need to push it to the repository after any changes in order for it to be updated in the repository. When editing the pipeline configuration, it takes a few moments for Rancher to check for an existing pipeline configuration. @@ -209,7 +209,7 @@ Now that repositories are added to your project, you can start configuring the p # Pipeline Configuration Reference -Refer to [this page]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/config) for details on how to configure a pipeline to: +Refer to [this page]({{}}/rancher/v2.6/en/pipelines/config) for details on how to configure a pipeline to: - Run a script - Build and publish images @@ -248,7 +248,7 @@ Available Events: * **Pull Request**: Whenever a pull request is made to the repository, the pipeline is triggered. * **Tag**: When a tag is created in the repository, the pipeline is triggered. -> **Note:** This option doesn't exist for Rancher's [example repositories]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/example-repos/). +> **Note:** This option doesn't exist for Rancher's [example repositories]({{}}/rancher/v2.6/en/pipelines/example-repos/). ### Modifying the Event Triggers for the Repository diff --git a/content/rancher/v2.6/en/pipelines/config/_index.md b/content/rancher/v2.6/en/pipelines/config/_index.md index af0a6811d27..86b10606e47 100644 --- a/content/rancher/v2.6/en/pipelines/config/_index.md +++ b/content/rancher/v2.6/en/pipelines/config/_index.md @@ -301,7 +301,7 @@ timeout: 30 # Notifications -You can enable notifications to any notifiers based on the build status of a pipeline. Before enabling notifications, Rancher recommends [setting up notifiers]({{}}/rancher/v2.6/en/monitoring-alerting/legacy/notifiers/) so it will be easy to add recipients immediately. +You can enable notifications to any notifiers based on the build status of a pipeline. Before enabling notifications, Rancher recommends setting up notifiers so it will be easy to add recipients immediately. ### Configuring Notifications by UI @@ -309,7 +309,7 @@ You can enable notifications to any notifiers based on the build status of a pip 1. Select the conditions for the notification. You can select to get a notification for the following statuses: `Failed`, `Success`, `Changed`. For example, if you want to receive notifications when an execution fails, select **Failed**. -1. If you don't have any existing notifiers, Rancher will provide a warning that no notifiers are set up and provide a link to be able to go to the notifiers page. Follow the [instructions]({{}}/rancher/v2.6/en/monitoring-alerting/legacy/notifiers/) to add a notifier. If you already have notifiers, you can add them to the notification by clicking the **Add Recipient** button. +1. If you don't have any existing notifiers, Rancher will provide a warning that no notifiers are set up and provide a link to be able to go to the notifiers page. Follow the [instructions]({{}}/rancher/v2.0-v2.4/en/cluster-admin/tools/notifiers) to add a notifier. If you already have notifiers, you can add them to the notification by clicking the **Add Recipient** button. > **Note:** Notifiers are configured at a cluster level and require a different level of permissions. @@ -636,8 +636,8 @@ If you want to use a version control provider with a certificate from a custom/i The internal Docker registry and the Minio workloads use ephemeral volumes by default. This default storage works out-of-the-box and makes testing easy, but you lose the build images and build logs if the node running the Docker Registry or Minio fails. In most cases this is fine. If you want build images and logs to survive node failures, you can configure the Docker Registry and Minio to use persistent volumes. -For details on setting up persistent storage for pipelines, refer to [this page.]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/storage) +For details on setting up persistent storage for pipelines, refer to [this page.]({{}}/rancher/v2.6/en/pipelines/storage) # Example rancher-pipeline.yml -An example pipeline configuration file is on [this page.]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/example) +An example pipeline configuration file is on [this page.]({{}}/rancher/v2.6/en/pipelines/example) diff --git a/content/rancher/v2.6/en/pipelines/example/_index.md b/content/rancher/v2.6/en/pipelines/example/_index.md index f8dfae7b4a3..3c0be119356 100644 --- a/content/rancher/v2.6/en/pipelines/example/_index.md +++ b/content/rancher/v2.6/en/pipelines/example/_index.md @@ -5,7 +5,7 @@ weight: 501 Pipelines can be configured either through the UI or using a yaml file in the repository, i.e. `.rancher-pipeline.yml` or `.rancher-pipeline.yaml`. -In the [pipeline configuration reference]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines/config), we provide examples of how to configure each feature using the Rancher UI or using YAML configuration. +In the [pipeline configuration reference]({{}}/rancher/v2.6/en/pipelines/config), we provide examples of how to configure each feature using the Rancher UI or using YAML configuration. Below is a full example `rancher-pipeline.yml` for those who want to jump right in. diff --git a/content/rancher/v2.6/en/project-admin/pipelines/_index.md b/content/rancher/v2.6/en/project-admin/pipelines/_index.md index 6510f55f3f8..a64a73e6dcc 100644 --- a/content/rancher/v2.6/en/project-admin/pipelines/_index.md +++ b/content/rancher/v2.6/en/project-admin/pipelines/_index.md @@ -13,4 +13,4 @@ After configuring Rancher and GitHub, you can deploy containers running Jenkins - Run unit tests. - Run regression tests. -For details, refer to the [pipelines]({{}}/rancher/v2.6/en/k8s-in-rancher/pipelines) section. \ No newline at end of file +For details, refer to the [pipelines]({{}}/rancher/v2.6/en/pipelines) section. \ No newline at end of file diff --git a/content/rancher/v2.6/en/project-admin/project-members/_index.md b/content/rancher/v2.6/en/project-admin/project-members/_index.md index da9c400ca2f..c84e655974f 100644 --- a/content/rancher/v2.6/en/project-admin/project-members/_index.md +++ b/content/rancher/v2.6/en/project-admin/project-members/_index.md @@ -7,7 +7,7 @@ If you want to provide a user with access and permissions to _specific_ projects You can add members to a project as it is created, or add them to an existing project. ->**Tip:** Want to provide a user with access to _all_ projects within a cluster? See [Adding Cluster Members]({{}}/rancher/v2.6/en/cluster-provisioning/cluster-members/) instead. +>**Tip:** Want to provide a user with access to _all_ projects within a cluster? See [Adding Cluster Members]({{}}/rancher/v2.6/en/admin-settings/rbac/cluster-project-roles/) instead. ### Adding Members to a New Project