Merge branch 'main' of https://github.com/rancher/rancher-docs

2026-05-06 05:03:27 +00:00 · 2023-12-08 16:05:52 -05:00
parent baef340693 8203da887a
commit abb444f490
38 changed files with 52 additions and 52 deletions
@@ -6,7 +6,7 @@ You can access Rancher's resources through the Kubernetes API. This guide will h

 1. In the upper left corner, click **☰ > Global Settings**. 
 2. Find and copy the address in the `server-url` field.
-3. [Create](../reference-guides/user-settings/api-keys#creating-an-api-key) a Rancher API key with no scope.
+3. [Create](../reference-guides/user-settings/api-keys.md#creating-an-api-key) a Rancher API key with no scope.

  :::danger

@@ -15,7 +15,7 @@ Follow the instructions from this page when:
 :::tip

 * Follow these steps to [migrate Rancher](../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md).
-* If you need to restore Rancher to its previous state at the same Rancher version, see the [restore documentation]( ../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher.md).
+* If you need to restore Rancher to its previous state at the same Rancher version, see the [restore documentation](../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher.md).

 :::

@@ -42,7 +42,7 @@ The Rancher API server is built on top of an embedded Kubernetes API server and
 - **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes](../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md) on existing nodes, or perform [Kubernetes upgrades.](installation-and-upgrade/upgrade-and-roll-back-kubernetes.md)
 - **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts](../pages-for-subheaders/helm-charts-in-rancher.md) that make it easy to repeatedly deploy applications.
 - **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration](../pages-for-subheaders/manage-projects.md) and for [managing applications within projects.](../pages-for-subheaders/kubernetes-resources-setup.md)
- **Fleet Continuous Delivery:** Within Rancher, you can leverage [Fleet Continuous Delivery](../pages-for-subheaders/fleet-gitops-at-scale.md) to deploy applications from git repositories, without any manual operation, to targeted downstream Kubernetes clusters.
+- **Fleet Continuous Delivery:** Within Rancher, you can leverage [Fleet Continuous Delivery](../integrations-in-rancher/fleet/fleet.md) to deploy applications from git repositories, without any manual operation, to targeted downstream Kubernetes clusters.
 - **Istio:** Our [integration with Istio](../pages-for-subheaders/istio.md) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing.

 ### Working with Cloud Infrastructure
@@ -16,7 +16,7 @@ If you have an existing configuration using the SAML protocol and want to switch
 ## Prerequisites

 - On Rancher, Keycloak (SAML) is disabled.
- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new OIDC client](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients) for help.

     Setting | Value
@@ -11,7 +11,7 @@ If your organization uses Keycloak Identity Provider (IdP) for user authenticati

 ## Prerequisites

- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new SAML client](https://www.keycloak.org/docs/latest/server_admin/#saml-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#saml-clients) for help.

     Setting | Value
@@ -9,7 +9,7 @@ weight: 1

 :::note Important:

-In Kubernetes 1.27 and later, you must use an out-of-tree AWS cloud provider. In-tree cloud providers have been deprecated. The Amazon cloud provider has been removed completely, and won't work after an upgrade to Kubernetes 1.27. The steps listed below are still required to set up an Amazon cloud provider. You can [set up an out-of-tree cloud provider for RKE](#using-the-out-of-tree-aws-cloud-provider-for-rke) after creating an IAM role and configuring the ClusterID.
+In Kubernetes 1.27 and later, you must use an out-of-tree AWS cloud provider. In-tree cloud providers have been deprecated. The Amazon cloud provider has been removed completely, and won't work after an upgrade to Kubernetes 1.27. The steps listed below are still required to set up an Amazon cloud provider. You can [set up an out-of-tree cloud provider](#using-the-out-of-tree-aws-cloud-provider) after creating an IAM role and configuring the ClusterID.

 You can also [migrate from an in-tree to an out-of-tree AWS cloud provider](./migrate-to-out-of-tree-amazon.md) on Kubernetes 1.26 and earlier. All existing clusters must migrate prior to upgrading to v1.27 in order to stay functional.

@@ -177,7 +177,7 @@ The kubelet component has the ability to automatically obtain ECR credentials, w

 ### Using the Out-of-Tree AWS Cloud Provider

-<Tabs>
+<Tabs groupId="k8s-distro">
 <TabItem value="RKE2">

 1. [Node name conventions and other prerequisites](https://cloud-provider-aws.sigs.k8s.io/prerequisites/) must be followed for the cloud provider to find the instance correctly.
@@ -329,7 +329,7 @@ Refer to the offical AWS upstream documentation for the [cloud controller manage

 ### Helm Chart Installation from CLI

-<Tabs>
+<Tabs groupId="k8s-distro">
 <TabItem value="RKE2">

 Official upstream docs for [Helm chart installation](https://github.com/kubernetes/cloud-provider-aws/tree/master/charts/aws-cloud-controller-manager) can be found on Github.
@@ -605,7 +605,7 @@ kubectl rollout status daemonset -n kube-system aws-cloud-controller-manager

 ### Helm Chart Installation from UI

-<Tabs>
+<Tabs groupId="k8s-distro">
 <TabItem value="RKE2">

 1. Click **☰**, then select the name of the cluster from the left navigation.
@@ -12,7 +12,7 @@ You can migrate from an in-tree to an out-of-tree AWS cloud provider on Kubernet

 To migrate from the in-tree cloud provider to the out-of-tree AWS cloud provider, you must stop the existing cluster's kube controller manager and install the AWS cloud controller manager. There are many ways to do this. Refer to the official AWS documentation on the [external cloud controller manager](https://cloud-provider-aws.sigs.k8s.io/getting_started/) for details.

-If it's acceptable to have some downtime, you can [switch to an external cloud provider](./amazon.md#using-the-out-of-tree-aws-cloud-provider-for-rke), which removes in-tree components and then deploy charts to install the AWS cloud controller manager.
+If it's acceptable to have some downtime, you can [switch to an external cloud provider](./amazon.md#using-the-out-of-tree-aws-cloud-provider), which removes in-tree components and then deploy charts to install the AWS cloud controller manager.

 If your setup can't tolerate any control plane downtime, you must enable leader migration. This facilitates a smooth transition from the controllers in the kube controller manager to their counterparts in the cloud controller manager. Refer to the official AWS documentation on [Using leader migration](https://cloud-provider-aws.sigs.k8s.io/getting_started/) for more details.

@@ -20,7 +20,7 @@ If your setup can't tolerate any control plane downtime, you must enable leader
 The Kubernetes [cloud controller migration documentation](https://kubernetes.io/docs/tasks/administer-cluster/controller-manager-leader-migration/#before-you-begin) states that it's possible to migrate with the same Kubernetes version, but assumes that the migration is part of a  Kubernetes upgrade. Refer to the Kubernetes documentation on [migrating to use the cloud controller manager](https://kubernetes.io/docs/tasks/administer-cluster/controller-manager-leader-migration/) to see if you need to customize your setup before migrating. Confirm your [migration configuration values](https://kubernetes.io/docs/tasks/administer-cluster/controller-manager-leader-migration/#default-configuration). If your cloud provider provides an implementation of the Node IPAM controller,  you also need to [migrate the IPAM controller](https://kubernetes.io/docs/tasks/administer-cluster/controller-manager-leader-migration/#node-ipam-controller-migration).
 :::

-<Tabs>
+<Tabs groupId="k8s-distro">
 <TabItem value="RKE2">

 1. Update the cluster config to enable leader migration:
@@ -55,8 +55,8 @@ spec:
 kubectl cordon -l "node-role.kubernetes.io/controlplane=true"
 ```

-3. To install the AWS cloud controller manager with leader migration enabled, follow Steps 1-3 for [deploying the cloud controller manager chart](./amazon.md#using-out-of-tree-aws-cloud-provider-for-rke2)
-From Kubernetes 1.22 onwards, the kube-controller-manager will utilize a default configuration which will satisfy the controller-to-manager migration. 
+3. To install the AWS cloud controller manager with leader migration enabled, follow Steps 1-3 for [deploying the cloud controller manager chart](./amazon.md#using-the-out-of-tree-aws-cloud-provider)
+From Kubernetes 1.22 onwards, the kube-controller-manager will utilize a default configuration which will satisfy the controller-to-manager migration.
 Update container args of the `aws-cloud-controller-manager` under `spec.rkeConfig.additionalManifest` to enable leader migration:

 ```shell
@@ -151,7 +151,7 @@ cloud_provider:
 kubectl cordon -l "node-role.kubernetes.io/controlplane=true"
 ```

-3. To install the AWS cloud controller manager, you must enable leader migration and follow the same steps as when installing AWS on a new cluster. To enable leader migration, add the following to the container arguments in step 7 while following the [steps to install the chart](./amazon.md#helm-chart-installation-from-ui-for-rke):
+3. To install the AWS cloud controller manager, you must enable leader migration and follow the same steps as when installing AWS on a new cluster. To enable leader migration, add the following to the container arguments in step 7 while following the [steps to install the chart](./amazon.md#helm-chart-installation-from-ui):

 ```yaml
 - '--enable-leader-migration=true' 
@@ -23,7 +23,7 @@ If you have any specific firewall rules or configuration, you will need to add t

 ## Linux Dependencies

-The packages that need to be installed on the template are listed below. These will have slightly different names based on distribution; some distributions ship these by default, for example.
+The packages that need to be installed on the template are listed below. These will have slightly different names based on distribution; for example, some distributions ship these dependencies by default. The cluster provisioner will automatically install the dependencies required for Kubernetes. The dependencies listed below are required for the functioning of the Rancher cluster provisioner (not for Kubernetes):

 * curl
 * wget
@@ -82,4 +82,4 @@ The following features are available under **Global Configuration**:
 - **Global DNS Entries**
 - **Global DNS Providers**

-As these are legacy features, please see the Rancher v2.0—v2.4 docs on [catalogs](../../versioned_docs/version-2.0-2.4/pages-for-subheaders/helm-charts-in-rancher.md), [global DNS entries](../../versioned_docs/version-2.0-2.4/how-to-guides/new-user-guides/helm-charts-in-rancher/globaldns.md#adding-a-global-dns-entry), and [global DNS providers](../../versioned_docs/version-2.0-2.4/how-to-guides/new-user-guides/helm-charts-in-rancher/globaldns.md#editing-a-global-dns-provider) for more details.
+As these are legacy features, please see the Rancher v2.0—v2.4 docs on [catalogs](/versioned_docs/version-2.0-2.4/pages-for-subheaders/helm-charts-in-rancher.md), [global DNS entries](/versioned_docs/version-2.0-2.4/how-to-guides/new-user-guides/helm-charts-in-rancher/globaldns.md#adding-a-global-dns-entry), and [global DNS providers](/versioned_docs/version-2.0-2.4/how-to-guides/new-user-guides/helm-charts-in-rancher/globaldns.md#editing-a-global-dns-provider) for more details.
@@ -48,7 +48,7 @@ The `rancher-backup` operator can be installed from the Rancher UI, or with the

 :::note

-There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer [here](./fleet-gitops-at-scale.md#troubleshooting) for a workaround.
+There is a known issue in Fleet that occurs after performing a restoration using the backup-restore-operator: Secrets used for clientSecretName and helmSecretName are not included in Fleet gitrepos. Refer [Fleet Troubleshooting](../integrations-in-rancher/fleet/overview.md#troubleshooting) for a workaround.

 :::

@@ -153,4 +153,4 @@ If you have a legacy app installed and want to upgrade it:

 ### Limitations

-[Dashboard apps or Rancher feature charts](helm-charts-in-rancher.md) **cannot** be installed using the Rancher CLI.
+Dashboard apps or Rancher feature charts **cannot** be installed using the Rancher CLI.
@@ -11,7 +11,7 @@ The `rancher-monitoring` application can quickly deploy leading open-source moni

 Introduced in Rancher v2.5, the application is powered by [Prometheus](https://prometheus.io/), [Grafana](https://grafana.com/grafana/),  [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/), the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), and the [Prometheus adapter.](https://github.com/DirectXMan12/k8s-prometheus-adapter) 

-For information on V1 monitoring and alerting, available in Rancher v2.2 up to v2.4, please see the Rancher v2.0—v2.4 docs on [cluster monitoring](../../versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-monitoring.md), [alerting](../../versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-alerts.md), [notifiers](../../versioned_docs/version-2.0-2.4/explanations/integrations-in-rancher/notifiers.md) and other [tools](../../versioned_docs/version-2.0-2.4/pages-for-subheaders/project-tools.md).
+For information on V1 monitoring and alerting, available in Rancher v2.2 up to v2.4, please see the Rancher v2.0—v2.4 docs on [cluster monitoring](/versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-monitoring.md), [alerting](/versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-alerts.md), [notifiers](/versioned_docs/version-2.0-2.4/explanations/integrations-in-rancher/notifiers.md) and other [tools](/versioned_docs/version-2.0-2.4/pages-for-subheaders/project-tools.md).

 Using the `rancher-monitoring` application, you can quickly deploy leading open-source monitoring and alerting solutions onto your cluster.

@@ -12,7 +12,7 @@ description: 创建 Keycloak OpenID Connect (OIDC) 客户端并配置 Rancher
 ## 先决条件

 - 已在 Rancher 上禁用 Keycloak (SAML)。
- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/docs/latest/server_installation/)。
+- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/guides#getting-started)。
 - 在 Keycloak 中，使用以下设置创建一个[新的 OIDC 客户端](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients)。如需获取帮助，请参见 [Keycloak 文档](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients)。

   | 设置 | 值 |
@@ -7,7 +7,7 @@ description: 创建 Keycloak SAML 客户端并配置 Rancher 以使用 Keycloak

 ## 先决条件

- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/docs/latest/server_installation/)。
+- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/guides#getting-started)。
 - 在 Keycloak 中，使用以下设置创建一个[新的 SAML 客户端](https://www.keycloak.org/docs/latest/server_admin/#saml-clients)。如需获取帮助，请参见 [Keycloak 文档](https://www.keycloak.org/docs/latest/server_admin/#saml-clients)。

   | 设置 | 值 |
@@ -12,7 +12,7 @@ description: 创建 Keycloak OpenID Connect (OIDC) 客户端并配置 Rancher
 ## 先决条件

 - 已在 Rancher 上禁用 Keycloak (SAML)。
- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/docs/latest/server_installation/)。
+- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/guides#getting-started)。
 - 在 Keycloak 中，使用以下设置创建一个[新的 OIDC 客户端](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients)。如需获取帮助，请参见 [Keycloak 文档](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients)。

   | 设置 | 值 |
@@ -7,7 +7,7 @@ description: 创建 Keycloak SAML 客户端并配置 Rancher 以使用 Keycloak

 ## 先决条件

- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/docs/latest/server_installation/)。
+- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/guides#getting-started)。
 - 在 Keycloak 中，使用以下设置创建一个[新的 SAML 客户端](https://www.keycloak.org/docs/latest/server_admin/#saml-clients)。如需获取帮助，请参见 [Keycloak 文档](https://www.keycloak.org/docs/latest/server_admin/#saml-clients)。

   | 设置 | 值 |
@@ -12,7 +12,7 @@ description: 创建 Keycloak OpenID Connect (OIDC) 客户端并配置 Rancher
 ## 先决条件

 - 已在 Rancher 上禁用 Keycloak (SAML)。
- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/docs/latest/server_installation/)。
+- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/guides#getting-started)。
 - 在 Keycloak 中，使用以下设置创建一个[新的 OIDC 客户端](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients)。如需获取帮助，请参见 [Keycloak 文档](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients)。

   | 设置 | 值 |
@@ -7,7 +7,7 @@ description: 创建 Keycloak SAML 客户端并配置 Rancher 以使用 Keycloak

 ## 先决条件

- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/docs/latest/server_installation/)。
+- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/guides#getting-started)。
 - 在 Keycloak 中，使用以下设置创建一个[新的 SAML 客户端](https://www.keycloak.org/docs/latest/server_admin/#saml-clients)。如需获取帮助，请参见 [Keycloak 文档](https://www.keycloak.org/docs/latest/server_admin/#saml-clients)。

   | 设置 | 值 |
@@ -12,7 +12,7 @@ description: 创建 Keycloak OpenID Connect (OIDC) 客户端并配置 Rancher
 ## 先决条件

 - 已在 Rancher 上禁用 Keycloak (SAML)。
- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/docs/latest/server_installation/)。
+- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/guides#getting-started)。
 - 在 Keycloak 中，使用以下设置创建一个[新的 OIDC 客户端](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients)。如需获取帮助，请参见 [Keycloak 文档](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients)。

   | 设置 | 值 |
@@ -7,7 +7,7 @@ description: 创建 Keycloak SAML 客户端并配置 Rancher 以使用 Keycloak

 ## 先决条件

- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/docs/latest/server_installation/)。
+- 你必须配置了 [Keycloak IdP 服务器](https://www.keycloak.org/guides#getting-started)。
 - 在 Keycloak 中，使用以下设置创建一个[新的 SAML 客户端](https://www.keycloak.org/docs/latest/server_admin/#saml-clients)。如需获取帮助，请参见 [Keycloak 文档](https://www.keycloak.org/docs/latest/server_admin/#saml-clients)。

   | 设置 | 值 |
@@ -13,7 +13,7 @@ If your organization uses Keycloak Identity Provider (IdP) for user authenticati

 ## Prerequisites

- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new SAML client](https://www.keycloak.org/docs/latest/server_admin/#saml-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#saml-clients) for help.

     Setting | Value
@@ -11,7 +11,7 @@ If your organization uses Keycloak Identity Provider (IdP) for user authenticati

 ## Prerequisites

- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new SAML client](https://www.keycloak.org/docs/latest/server_admin/#saml-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#saml-clients) for help.

     Setting | Value
@@ -16,7 +16,7 @@ If you have an existing configuration using the SAML protocol and want to switch
 ## Prerequisites

 - On Rancher, Keycloak (SAML) is disabled.
- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new OIDC client](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients) for help.

     Setting | Value
@@ -11,7 +11,7 @@ If your organization uses Keycloak Identity Provider (IdP) for user authenticati

 ## Prerequisites

- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new SAML client](https://www.keycloak.org/docs/latest/server_admin/#saml-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#saml-clients) for help.

     Setting | Value
@@ -23,7 +23,7 @@ If you have any specific firewall rules or configuration, you will need to add t

 ## Linux Dependencies

-The packages that need to be installed on the template are listed below. These will have slightly different names based on distribution; some distributions ship these by default, for example.
+The packages that need to be installed on the template are listed below. These will have slightly different names based on distribution; for example, some distributions ship these dependencies by default. The cluster provisioner will automatically install the dependencies required for Kubernetes. The dependencies listed below are required for the functioning of the Rancher cluster provisioner (not for Kubernetes):

 * curl
 * wget
@@ -162,4 +162,4 @@ If you have a legacy app installed and want to upgrade it:

 ### Limitations

-[Dashboard apps or Rancher feature charts](helm-charts-in-rancher.md) **cannot** be installed using the Rancher CLI.
+Dashboard apps or Rancher feature charts **cannot** be installed using the Rancher CLI.
@@ -15,7 +15,7 @@ Follow the instructions from this page when:
 :::tip

 * Follow these steps to [migrate Rancher](../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md).
-* If you need to restore Rancher to its previous state at the same Rancher version, see the [restore documentation]( ../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher.md).
+* If you need to restore Rancher to its previous state at the same Rancher version, see the [restore documentation](../../../how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher.md).

 :::

@@ -16,7 +16,7 @@ If you have an existing configuration using the SAML protocol and want to switch
 ## Prerequisites

 - On Rancher, Keycloak (SAML) is disabled.
- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new OIDC client](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients) for help.

     Setting | Value
@@ -11,7 +11,7 @@ If your organization uses Keycloak Identity Provider (IdP) for user authenticati

 ## Prerequisites

- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new SAML client](https://www.keycloak.org/docs/latest/server_admin/#saml-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#saml-clients) for help.

     Setting | Value
@@ -23,7 +23,7 @@ If you have any specific firewall rules or configuration, you will need to add t

 ## Linux Dependencies

-The packages that need to be installed on the template are listed below. These will have slightly different names based on distribution; some distributions ship these by default, for example.
+The packages that need to be installed on the template are listed below. These will have slightly different names based on distribution; for example, some distributions ship these dependencies by default. The cluster provisioner will automatically install the dependencies required for Kubernetes. The dependencies listed below are required for the functioning of the Rancher cluster provisioner (not for Kubernetes):

 * curl
 * wget
@@ -153,4 +153,4 @@ If you have a legacy app installed and want to upgrade it:

 ### Limitations

-[Dashboard apps or Rancher feature charts](helm-charts-in-rancher.md) **cannot** be installed using the Rancher CLI.
+Dashboard apps or Rancher feature charts **cannot** be installed using the Rancher CLI.
@@ -6,7 +6,7 @@ You can access Rancher's resources through the Kubernetes API. This guide will h

 1. In the upper left corner, click **☰ > Global Settings**. 
 2. Find and copy the address in the `server-url` field.
-3. [Create](../reference-guides/user-settings/api-keys#creating-an-api-key) a Rancher API key with no scope.
+3. [Create](../reference-guides/user-settings/api-keys.md#creating-an-api-key) a Rancher API key with no scope.

  :::danger

@@ -16,7 +16,7 @@ If you have an existing configuration using the SAML protocol and want to switch
 ## Prerequisites

 - On Rancher, Keycloak (SAML) is disabled.
- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new OIDC client](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#oidc-clients) for help.

     Setting | Value
@@ -11,7 +11,7 @@ If your organization uses Keycloak Identity Provider (IdP) for user authenticati

 ## Prerequisites

- You must have a [Keycloak IdP Server](https://www.keycloak.org/docs/latest/server_installation/) configured.
+- You must have a [Keycloak IdP Server](https://www.keycloak.org/guides#getting-started) configured.
 - In Keycloak, create a [new SAML client](https://www.keycloak.org/docs/latest/server_admin/#saml-clients), with the settings below. See the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#saml-clients) for help.

     Setting | Value
@@ -9,7 +9,7 @@ weight: 1

 :::note Important:

-In Kubernetes 1.27 and later, you must use an out-of-tree AWS cloud provider. In-tree cloud providers have been deprecated. The Amazon cloud provider has been removed completely, and won't work after an upgrade to Kubernetes 1.27. The steps listed below are still required to set up an Amazon cloud provider. You can [set up an out-of-tree cloud provider for RKE](#using-the-out-of-tree-aws-cloud-provider-for-rke) after creating an IAM role and configuring the ClusterID.
+In Kubernetes 1.27 and later, you must use an out-of-tree AWS cloud provider. In-tree cloud providers have been deprecated. The Amazon cloud provider has been removed completely, and won't work after an upgrade to Kubernetes 1.27. The steps listed below are still required to set up an Amazon cloud provider. You can [set up an out-of-tree cloud provider](#using-the-out-of-tree-aws-cloud-provider) after creating an IAM role and configuring the ClusterID.

 You can also [migrate from an in-tree to an out-of-tree AWS cloud provider](./migrate-to-out-of-tree-amazon.md) on Kubernetes 1.26 and earlier. All existing clusters must migrate prior to upgrading to v1.27 in order to stay functional.

@@ -177,7 +177,7 @@ The kubelet component has the ability to automatically obtain ECR credentials, w

 ### Using the Out-of-Tree AWS Cloud Provider

-<Tabs>
+<Tabs groupId="k8s-distro">
 <TabItem value="RKE2">

 1. [Node name conventions and other prerequisites](https://cloud-provider-aws.sigs.k8s.io/prerequisites/) must be followed for the cloud provider to find the instance correctly.
@@ -329,7 +329,7 @@ Refer to the offical AWS upstream documentation for the [cloud controller manage

 ### Helm Chart Installation from CLI

-<Tabs>
+<Tabs groupId="k8s-distro">
 <TabItem value="RKE2">

 Official upstream docs for [Helm chart installation](https://github.com/kubernetes/cloud-provider-aws/tree/master/charts/aws-cloud-controller-manager) can be found on Github.
@@ -605,7 +605,7 @@ kubectl rollout status daemonset -n kube-system aws-cloud-controller-manager

 ### Helm Chart Installation from UI

-<Tabs>
+<Tabs groupId="k8s-distro">
 <TabItem value="RKE2">

 1. Click **☰**, then select the name of the cluster from the left navigation.
@@ -12,7 +12,7 @@ You can migrate from an in-tree to an out-of-tree AWS cloud provider on Kubernet

 To migrate from the in-tree cloud provider to the out-of-tree AWS cloud provider, you must stop the existing cluster's kube controller manager and install the AWS cloud controller manager. There are many ways to do this. Refer to the official AWS documentation on the [external cloud controller manager](https://cloud-provider-aws.sigs.k8s.io/getting_started/) for details.

-If it's acceptable to have some downtime, you can [switch to an external cloud provider](./amazon.md#using-the-out-of-tree-aws-cloud-provider-for-rke), which removes in-tree components and then deploy charts to install the AWS cloud controller manager.
+If it's acceptable to have some downtime, you can [switch to an external cloud provider](./amazon.md#using-the-out-of-tree-aws-cloud-provider), which removes in-tree components and then deploy charts to install the AWS cloud controller manager.

 If your setup can't tolerate any control plane downtime, you must enable leader migration. This facilitates a smooth transition from the controllers in the kube controller manager to their counterparts in the cloud controller manager. Refer to the official AWS documentation on [Using leader migration](https://cloud-provider-aws.sigs.k8s.io/getting_started/) for more details.

@@ -20,7 +20,7 @@ If your setup can't tolerate any control plane downtime, you must enable leader
 The Kubernetes [cloud controller migration documentation](https://kubernetes.io/docs/tasks/administer-cluster/controller-manager-leader-migration/#before-you-begin) states that it's possible to migrate with the same Kubernetes version, but assumes that the migration is part of a  Kubernetes upgrade. Refer to the Kubernetes documentation on [migrating to use the cloud controller manager](https://kubernetes.io/docs/tasks/administer-cluster/controller-manager-leader-migration/) to see if you need to customize your setup before migrating. Confirm your [migration configuration values](https://kubernetes.io/docs/tasks/administer-cluster/controller-manager-leader-migration/#default-configuration). If your cloud provider provides an implementation of the Node IPAM controller,  you also need to [migrate the IPAM controller](https://kubernetes.io/docs/tasks/administer-cluster/controller-manager-leader-migration/#node-ipam-controller-migration).
 :::

-<Tabs>
+<Tabs groupId="k8s-distro">
 <TabItem value="RKE2">

 1. Update the cluster config to enable leader migration:
@@ -55,8 +55,8 @@ spec:
 kubectl cordon -l "node-role.kubernetes.io/controlplane=true"
 ```

-3. To install the AWS cloud controller manager with leader migration enabled, follow Steps 1-3 for [deploying the cloud controller manager chart](./amazon.md#using-out-of-tree-aws-cloud-provider-for-rke2)
-From Kubernetes 1.22 onwards, the kube-controller-manager will utilize a default configuration which will satisfy the controller-to-manager migration. 
+3. To install the AWS cloud controller manager with leader migration enabled, follow Steps 1-3 for [deploying the cloud controller manager chart](./amazon.md#using-the-out-of-tree-aws-cloud-provider)
+From Kubernetes 1.22 onwards, the kube-controller-manager will utilize a default configuration which will satisfy the controller-to-manager migration.
 Update container args of the `aws-cloud-controller-manager` under `spec.rkeConfig.additionalManifest` to enable leader migration:

 ```shell
@@ -151,7 +151,7 @@ cloud_provider:
 kubectl cordon -l "node-role.kubernetes.io/controlplane=true"
 ```

-3. To install the AWS cloud controller manager, you must enable leader migration and follow the same steps as when installing AWS on a new cluster. To enable leader migration, add the following to the container arguments in step 7 while following the [steps to install the chart](./amazon.md#helm-chart-installation-from-ui-for-rke):
+3. To install the AWS cloud controller manager, you must enable leader migration and follow the same steps as when installing AWS on a new cluster. To enable leader migration, add the following to the container arguments in step 7 while following the [steps to install the chart](./amazon.md#helm-chart-installation-from-ui):

 ```yaml
 - '--enable-leader-migration=true' 
@@ -23,7 +23,7 @@ If you have any specific firewall rules or configuration, you will need to add t

 ## Linux Dependencies

-The packages that need to be installed on the template are listed below. These will have slightly different names based on distribution; some distributions ship these by default, for example.
+The packages that need to be installed on the template are listed below. These will have slightly different names based on distribution; for example, some distributions ship these dependencies by default. The cluster provisioner will automatically install the dependencies required for Kubernetes. The dependencies listed below are required for the functioning of the Rancher cluster provisioner (not for Kubernetes):

 * curl
 * wget
@@ -153,4 +153,4 @@ If you have a legacy app installed and want to upgrade it:

 ### Limitations

-[Dashboard apps or Rancher feature charts](helm-charts-in-rancher.md) **cannot** be installed using the Rancher CLI.
+Dashboard apps or Rancher feature charts **cannot** be installed using the Rancher CLI.