From b6192dee43210cd335d4d20a9745641d2a8bb859 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 19 Mar 2026 11:14:14 -0700 Subject: [PATCH] Ingress nginx replacement (#2237) * Replace/remove ingress-nginx references * Add links to annotations + remove example using unsupported annotation --- .../troubleshooting.md | 11 +-- .../helm-chart-options.md | 91 +---------------- .../deploy-rancher-manager/equinix-metal.md | 2 +- .../register-existing-clusters.md | 2 +- .../eks.md | 2 +- .../gke.md | 2 +- .../create-a-digitalocean-cluster.md | 2 +- .../create-a-google-compute-engine-cluster.md | 2 +- .../create-an-amazon-ec2-cluster.md | 2 +- .../create-an-azure-cluster.md | 2 +- .../provision-kubernetes-clusters-in-aos.md | 2 +- ...rovision-kubernetes-clusters-in-vsphere.md | 2 +- .../use-existing-nodes/use-existing-nodes.md | 2 +- .../troubleshooting.md | 11 +-- .../helm-chart-options.md | 99 +------------------ .../deploy-rancher-manager/equinix-metal.md | 2 +- .../register-existing-clusters.md | 2 +- .../eks.md | 2 +- .../gke.md | 2 +- .../create-a-digitalocean-cluster.md | 2 +- .../create-an-amazon-ec2-cluster.md | 2 +- .../create-an-azure-cluster.md | 2 +- .../provision-kubernetes-clusters-in-aos.md | 2 +- ...rovision-kubernetes-clusters-in-vsphere.md | 2 +- .../use-existing-nodes/use-existing-nodes.md | 2 +- .../troubleshooting.md | 11 +-- .../helm-chart-options.md | 99 +------------------ .../deploy-rancher-manager/equinix-metal.md | 2 +- .../register-existing-clusters.md | 2 +- .../eks.md | 2 +- .../gke.md | 2 +- .../create-a-digitalocean-cluster.md | 2 +- .../create-an-amazon-ec2-cluster.md | 2 +- .../create-an-azure-cluster.md | 2 +- .../provision-kubernetes-clusters-in-aos.md | 2 +- ...rovision-kubernetes-clusters-in-vsphere.md | 2 +- .../use-existing-nodes/use-existing-nodes.md | 2 +- .../troubleshooting.md | 11 +-- .../helm-chart-options.md | 91 +---------------- .../deploy-rancher-manager/equinix-metal.md | 2 +- .../register-existing-clusters.md | 2 +- .../eks.md | 2 +- .../gke.md | 2 +- .../create-a-digitalocean-cluster.md | 2 +- .../create-a-google-compute-engine-cluster.md | 2 +- .../create-an-amazon-ec2-cluster.md | 2 +- .../create-an-azure-cluster.md | 2 +- .../provision-kubernetes-clusters-in-aos.md | 2 +- ...rovision-kubernetes-clusters-in-vsphere.md | 2 +- .../use-existing-nodes/use-existing-nodes.md | 2 +- .../troubleshooting.md | 11 +-- .../helm-chart-options.md | 91 +---------------- .../deploy-rancher-manager/equinix-metal.md | 2 +- .../register-existing-clusters.md | 2 +- .../eks.md | 2 +- .../gke.md | 2 +- .../create-a-digitalocean-cluster.md | 2 +- .../create-a-google-compute-engine-cluster.md | 2 +- .../create-an-amazon-ec2-cluster.md | 2 +- .../create-an-azure-cluster.md | 2 +- .../provision-kubernetes-clusters-in-aos.md | 2 +- ...rovision-kubernetes-clusters-in-vsphere.md | 2 +- .../use-existing-nodes/use-existing-nodes.md | 2 +- .../troubleshooting.md | 11 +-- .../helm-chart-options.md | 91 +---------------- .../deploy-rancher-manager/equinix-metal.md | 2 +- .../register-existing-clusters.md | 2 +- .../eks.md | 2 +- .../gke.md | 2 +- .../create-a-digitalocean-cluster.md | 2 +- .../create-a-google-compute-engine-cluster.md | 2 +- .../create-an-amazon-ec2-cluster.md | 2 +- .../create-an-azure-cluster.md | 2 +- .../provision-kubernetes-clusters-in-aos.md | 2 +- ...rovision-kubernetes-clusters-in-vsphere.md | 2 +- .../use-existing-nodes/use-existing-nodes.md | 2 +- 76 files changed, 94 insertions(+), 662 deletions(-) diff --git a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md index 881a6d871a0..3ff9a6a1e0c 100644 --- a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md @@ -13,7 +13,7 @@ This section describes how to troubleshoot an installation of Rancher on a Kuber Most of the troubleshooting will be done on objects in these 3 namespaces. - `cattle-system` - `rancher` deployment and pods. -- `ingress-nginx` - Ingress controller pods and services. +- `traefik` - Ingress controller pods and services. - `cert-manager` - `cert-manager` pods. ### "default backend - 404" @@ -123,10 +123,10 @@ kubectl -n cattle-system describe ingress If its ready and the SSL is still not working you may have a malformed cert or secret. -Check the nginx-ingress-controller logs. Because the nginx-ingress-controller has multiple containers in its pod you will need to specify the name of the container. +Check the `traefik` logs. ``` -kubectl -n ingress-nginx logs -f nginx-ingress-controller-rfjrq nginx-ingress-controller +kubectl logs -n traefik traefik-6b94b8b688-bngw2 ... W0705 23:04:58.240571 7 backend_ssl.go:49] error obtaining PEM from secret cattle-system/tls-rancher-ingress: error retrieving secret cattle-system/tls-rancher-ingress: secret cattle-system/tls-rancher-ingress was not found ``` @@ -148,11 +148,6 @@ The most common cause of this issue is port 8472/UDP is not open between the nod Once the network issue is resolved, the `canal` pods should timeout and restart to establish their connections. -### nginx-ingress-controller Pods show RESTARTS - -The most common cause of this issue is the `canal` pods have failed to establish the overlay network. See [canal Pods show READY `2/3`](#canal-pods-show-ready-23) for troubleshooting. - - ### Failed to dial to /var/run/docker.sock: ssh: rejected: administratively prohibited (open failed) Some causes of this error include: diff --git a/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 873e125ced0..60548ab1c96 100644 --- a/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -132,18 +132,14 @@ This option is only effective on the initial Rancher install. See [Issue 16522]( To customize or use a different ingress with Rancher server you can set your own Ingress annotations. +Please refer to the Traefik documentation for the full list of Ingress NGINX annotations that are [supported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#annotations-support) and [unsupported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#unsupported-annotations) by Traefik's kubernetesIngressNginx provider. + Example on setting a custom certificate issuer: ```plain --set ingress.extraAnnotations.'cert-manager\.io/cluster-issuer'=issuer-name ``` -Example on setting a static proxy header with `ingress.configurationSnippet`. This value is parsed like a template so variables can be used. - -```plain ---set ingress.configurationSnippet='more_set_input_headers X-Forwarded-Host {{ .Values.hostname }};' -``` - ### HTTP Proxy Rancher requires internet access for some functionality (Helm charts). Use `proxy` to set your proxy server or use `extraEnv` to set the `HTTPS_PROXY` environment variable to point to your proxy server. @@ -216,26 +212,6 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.22 - -In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: - -For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) - -```yaml ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChartConfig -metadata: - name: rke2-ingress-nginx - namespace: kube-system -spec: - valuesContent: |- - controller: - config: - use-forwarded-headers: "true" -``` - ### Required Headers - `Host` @@ -252,66 +228,3 @@ spec: ### Health Checks Rancher will respond `200` to health checks on the `/healthz` endpoint. - -### Example NGINX config - -This NGINX configuration is tested on NGINX 1.14. - -:::caution - -This NGINX configuration is only an example and may not suit your environment. For complete documentation, see [NGINX Load Balancing - HTTP Load Balancing](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/). - -::: - -- Replace `IP_NODE1`, `IP_NODE2` and `IP_NODE3` with the IP addresses of the nodes in your cluster. -- Replace both occurrences of `FQDN` to the DNS name for Rancher. -- Replace `/certs/fullchain.pem` and `/certs/privkey.pem` to the location of the server certificate and the server certificate key respectively. - -``` -worker_processes 4; -worker_rlimit_nofile 40000; - -events { - worker_connections 8192; -} - -http { - upstream rancher { - server IP_NODE_1:80; - server IP_NODE_2:80; - server IP_NODE_3:80; - } - - map $http_upgrade $connection_upgrade { - default Upgrade; - '' close; - } - - server { - listen 443 ssl http2; - server_name FQDN; - ssl_certificate /certs/fullchain.pem; - ssl_certificate_key /certs/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://rancher; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close. - proxy_read_timeout 900s; - proxy_buffering off; - } - } - - server { - listen 80; - server_name FQDN; - return 301 https://$server_name$request_uri; - } -} -``` diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 98a91950391..e8a091ef41b 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -97,7 +97,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces #### Finished diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index f8fdc984308..87139599192 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -69,7 +69,7 @@ Specifically, the value should be a comma-delimited string which only contains I - Your cluster is registered and assigned a state of **Pending**. Rancher is deploying resources to manage your cluster. - You can access your cluster after its state is updated to **Active**. -- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `ingress-nginx`, `kube-public` and `kube-system`, if present). +- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `traefik`, `kube-public` and `kube-system`, if present). :::note diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md index fcdcefffbe7..f640ac8a61f 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md @@ -63,7 +63,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## EKS Cluster Configuration Reference diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index 287367362a8..1349cbea0a4 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -75,7 +75,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Private Clusters diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index 7e6b5b57d11..eea841ade9d 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -48,7 +48,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md index d7a09f4089c..29f4300b8a9 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md @@ -78,7 +78,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### GCE Best Practices diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 07b28f311fa..53bfd79286b 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -65,7 +65,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 186a95f366c..840401452f5 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -87,7 +87,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index df67f078ac3..5c4f452faae 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -85,7 +85,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index 88f0599cdcb..0f11b804d6c 100644 --- a/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/docs/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -86,7 +86,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index a27ac9ac48c..a6c991869da 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -102,7 +102,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### 3. Amazon Only: Tag Resources diff --git a/versioned_docs/version-2.10/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md b/versioned_docs/version-2.10/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md index 4fa1f09c8f6..24090771fba 100644 --- a/versioned_docs/version-2.10/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md +++ b/versioned_docs/version-2.10/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md @@ -13,7 +13,7 @@ This section describes how to troubleshoot an installation of Rancher on a Kuber Most of the troubleshooting will be done on objects in these 3 namespaces. - `cattle-system` - `rancher` deployment and pods. -- `ingress-nginx` - Ingress controller pods and services. +- `traefik` - Ingress controller pods and services. - `cert-manager` - `cert-manager` pods. ### "default backend - 404" @@ -123,10 +123,10 @@ kubectl -n cattle-system describe ingress If its ready and the SSL is still not working you may have a malformed cert or secret. -Check the nginx-ingress-controller logs. Because the nginx-ingress-controller has multiple containers in its pod you will need to specify the name of the container. +Check the `traefik` logs. ``` -kubectl -n ingress-nginx logs -f nginx-ingress-controller-rfjrq nginx-ingress-controller +kubectl logs -n traefik traefik-6b94b8b688-bngw2 ... W0705 23:04:58.240571 7 backend_ssl.go:49] error obtaining PEM from secret cattle-system/tls-rancher-ingress: error retrieving secret cattle-system/tls-rancher-ingress: secret cattle-system/tls-rancher-ingress was not found ``` @@ -148,11 +148,6 @@ The most common cause of this issue is port 8472/UDP is not open between the nod Once the network issue is resolved, the `canal` pods should timeout and restart to establish their connections. -### nginx-ingress-controller Pods show RESTARTS - -The most common cause of this issue is the `canal` pods have failed to establish the overlay network. See [canal Pods show READY `2/3`](#canal-pods-show-ready-23) for troubleshooting. - - ### Failed to dial to /var/run/docker.sock: ssh: rejected: administratively prohibited (open failed) Some causes of this error include: diff --git a/versioned_docs/version-2.10/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.10/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index f5ea1e636a1..ae12bc8ccb5 100644 --- a/versioned_docs/version-2.10/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.10/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -127,18 +127,14 @@ This option is only effective on the initial Rancher install. See [Issue 16522]( To customize or use a different ingress with Rancher server you can set your own Ingress annotations. +Please refer to the Traefik documentation for the full list of Ingress NGINX annotations that are [supported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#annotations-support) and [unsupported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#unsupported-annotations) by Traefik's kubernetesIngressNginx provider. + Example on setting a custom certificate issuer: ```plain --set ingress.extraAnnotations.'cert-manager\.io/cluster-issuer'=issuer-name ``` -Example on setting a static proxy header with `ingress.configurationSnippet`. This value is parsed like a template so variables can be used. - -```plain ---set ingress.configurationSnippet='more_set_input_headers X-Forwarded-Host {{ .Values.hostname }};' -``` - ### HTTP Proxy Rancher requires internet access for some functionality (Helm charts). Use `proxy` to set your proxy server or use `extraEnv` to set the `HTTPS_PROXY` environment variable to point to your proxy server. @@ -211,34 +207,6 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.22 - -In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: - -For RKE installations, edit the `cluster.yml` to add the following settings. -```yaml -ingress: - provider: nginx - options: - use-forwarded-headers: 'true' -``` - -For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) - -```yaml ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChartConfig -metadata: - name: rke2-ingress-nginx - namespace: kube-system -spec: - valuesContent: |- - controller: - config: - use-forwarded-headers: "true" -``` - ### Required Headers - `Host` @@ -255,66 +223,3 @@ spec: ### Health Checks Rancher will respond `200` to health checks on the `/healthz` endpoint. - -### Example NGINX config - -This NGINX configuration is tested on NGINX 1.14. - -:::caution - -This NGINX configuration is only an example and may not suit your environment. For complete documentation, see [NGINX Load Balancing - HTTP Load Balancing](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/). - -::: - -- Replace `IP_NODE1`, `IP_NODE2` and `IP_NODE3` with the IP addresses of the nodes in your cluster. -- Replace both occurrences of `FQDN` to the DNS name for Rancher. -- Replace `/certs/fullchain.pem` and `/certs/privkey.pem` to the location of the server certificate and the server certificate key respectively. - -``` -worker_processes 4; -worker_rlimit_nofile 40000; - -events { - worker_connections 8192; -} - -http { - upstream rancher { - server IP_NODE_1:80; - server IP_NODE_2:80; - server IP_NODE_3:80; - } - - map $http_upgrade $connection_upgrade { - default Upgrade; - '' close; - } - - server { - listen 443 ssl http2; - server_name FQDN; - ssl_certificate /certs/fullchain.pem; - ssl_certificate_key /certs/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://rancher; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close. - proxy_read_timeout 900s; - proxy_buffering off; - } - } - - server { - listen 80; - server_name FQDN; - return 301 https://$server_name$request_uri; - } -} -``` diff --git a/versioned_docs/version-2.10/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/versioned_docs/version-2.10/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 98a91950391..e8a091ef41b 100644 --- a/versioned_docs/version-2.10/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/versioned_docs/version-2.10/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -97,7 +97,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces #### Finished diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index f3aa3bc7451..da782aca746 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -69,7 +69,7 @@ Specifically, the value should be a comma-delimited string which only contains I - Your cluster is registered and assigned a state of **Pending**. Rancher is deploying resources to manage your cluster. - You can access your cluster after its state is updated to **Active**. -- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `ingress-nginx`, `kube-public` and `kube-system`, if present). +- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `traefik`, `kube-public` and `kube-system`, if present). :::note diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md index 59a6efe3c1a..bd6b11fbb63 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md @@ -63,7 +63,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## EKS Cluster Configuration Reference diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index 287367362a8..1349cbea0a4 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -75,7 +75,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Private Clusters diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index 6f64d0abb70..4addf08c1c2 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -93,7 +93,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 3a4db1d0a73..b4f81265db3 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -125,7 +125,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 2b9e2e10cdd..c1d28940c8e 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -134,7 +134,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index df67f078ac3..5c4f452faae 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -85,7 +85,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index ba57f07ddb1..4f210723927 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -108,7 +108,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.10/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md b/versioned_docs/version-2.10/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index 45e8fba4b02..a71c911e305 100644 --- a/versioned_docs/version-2.10/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +++ b/versioned_docs/version-2.10/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -92,7 +92,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### 3. Amazon Only: Tag Resources diff --git a/versioned_docs/version-2.11/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md b/versioned_docs/version-2.11/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md index 4fa1f09c8f6..24090771fba 100644 --- a/versioned_docs/version-2.11/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md +++ b/versioned_docs/version-2.11/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md @@ -13,7 +13,7 @@ This section describes how to troubleshoot an installation of Rancher on a Kuber Most of the troubleshooting will be done on objects in these 3 namespaces. - `cattle-system` - `rancher` deployment and pods. -- `ingress-nginx` - Ingress controller pods and services. +- `traefik` - Ingress controller pods and services. - `cert-manager` - `cert-manager` pods. ### "default backend - 404" @@ -123,10 +123,10 @@ kubectl -n cattle-system describe ingress If its ready and the SSL is still not working you may have a malformed cert or secret. -Check the nginx-ingress-controller logs. Because the nginx-ingress-controller has multiple containers in its pod you will need to specify the name of the container. +Check the `traefik` logs. ``` -kubectl -n ingress-nginx logs -f nginx-ingress-controller-rfjrq nginx-ingress-controller +kubectl logs -n traefik traefik-6b94b8b688-bngw2 ... W0705 23:04:58.240571 7 backend_ssl.go:49] error obtaining PEM from secret cattle-system/tls-rancher-ingress: error retrieving secret cattle-system/tls-rancher-ingress: secret cattle-system/tls-rancher-ingress was not found ``` @@ -148,11 +148,6 @@ The most common cause of this issue is port 8472/UDP is not open between the nod Once the network issue is resolved, the `canal` pods should timeout and restart to establish their connections. -### nginx-ingress-controller Pods show RESTARTS - -The most common cause of this issue is the `canal` pods have failed to establish the overlay network. See [canal Pods show READY `2/3`](#canal-pods-show-ready-23) for troubleshooting. - - ### Failed to dial to /var/run/docker.sock: ssh: rejected: administratively prohibited (open failed) Some causes of this error include: diff --git a/versioned_docs/version-2.11/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.11/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index aa8da6f793f..ee163284121 100644 --- a/versioned_docs/version-2.11/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.11/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -126,18 +126,14 @@ This option is only effective on the initial Rancher install. See [Issue 16522]( To customize or use a different ingress with Rancher server you can set your own Ingress annotations. +Please refer to the Traefik documentation for the full list of Ingress NGINX annotations that are [supported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#annotations-support) and [unsupported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#unsupported-annotations) by Traefik's kubernetesIngressNginx provider. + Example on setting a custom certificate issuer: ```plain --set ingress.extraAnnotations.'cert-manager\.io/cluster-issuer'=issuer-name ``` -Example on setting a static proxy header with `ingress.configurationSnippet`. This value is parsed like a template so variables can be used. - -```plain ---set ingress.configurationSnippet='more_set_input_headers X-Forwarded-Host {{ .Values.hostname }};' -``` - ### HTTP Proxy Rancher requires internet access for some functionality (Helm charts). Use `proxy` to set your proxy server or use `extraEnv` to set the `HTTPS_PROXY` environment variable to point to your proxy server. @@ -210,34 +206,6 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.22 - -In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: - -For RKE installations, edit the `cluster.yml` to add the following settings. -```yaml -ingress: - provider: nginx - options: - use-forwarded-headers: 'true' -``` - -For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) - -```yaml ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChartConfig -metadata: - name: rke2-ingress-nginx - namespace: kube-system -spec: - valuesContent: |- - controller: - config: - use-forwarded-headers: "true" -``` - ### Required Headers - `Host` @@ -254,66 +222,3 @@ spec: ### Health Checks Rancher will respond `200` to health checks on the `/healthz` endpoint. - -### Example NGINX config - -This NGINX configuration is tested on NGINX 1.14. - -:::caution - -This NGINX configuration is only an example and may not suit your environment. For complete documentation, see [NGINX Load Balancing - HTTP Load Balancing](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/). - -::: - -- Replace `IP_NODE1`, `IP_NODE2` and `IP_NODE3` with the IP addresses of the nodes in your cluster. -- Replace both occurrences of `FQDN` to the DNS name for Rancher. -- Replace `/certs/fullchain.pem` and `/certs/privkey.pem` to the location of the server certificate and the server certificate key respectively. - -``` -worker_processes 4; -worker_rlimit_nofile 40000; - -events { - worker_connections 8192; -} - -http { - upstream rancher { - server IP_NODE_1:80; - server IP_NODE_2:80; - server IP_NODE_3:80; - } - - map $http_upgrade $connection_upgrade { - default Upgrade; - '' close; - } - - server { - listen 443 ssl http2; - server_name FQDN; - ssl_certificate /certs/fullchain.pem; - ssl_certificate_key /certs/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://rancher; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close. - proxy_read_timeout 900s; - proxy_buffering off; - } - } - - server { - listen 80; - server_name FQDN; - return 301 https://$server_name$request_uri; - } -} -``` diff --git a/versioned_docs/version-2.11/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/versioned_docs/version-2.11/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 98a91950391..e8a091ef41b 100644 --- a/versioned_docs/version-2.11/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/versioned_docs/version-2.11/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -97,7 +97,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces #### Finished diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 20d09a90ca0..d7505ab1465 100644 --- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -69,7 +69,7 @@ Specifically, the value should be a comma-delimited string which only contains I - Your cluster is registered and assigned a state of **Pending**. Rancher is deploying resources to manage your cluster. - You can access your cluster after its state is updated to **Active**. -- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `ingress-nginx`, `kube-public` and `kube-system`, if present). +- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `traefik`, `kube-public` and `kube-system`, if present). :::note diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md index 59a6efe3c1a..bd6b11fbb63 100644 --- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md +++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md @@ -63,7 +63,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## EKS Cluster Configuration Reference diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index 287367362a8..1349cbea0a4 100644 --- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -75,7 +75,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Private Clusters diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index 6f64d0abb70..4addf08c1c2 100644 --- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -93,7 +93,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 3a4db1d0a73..b4f81265db3 100644 --- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -125,7 +125,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 2b9e2e10cdd..c1d28940c8e 100644 --- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -134,7 +134,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index df67f078ac3..5c4f452faae 100644 --- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -85,7 +85,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index ba57f07ddb1..4f210723927 100644 --- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -108,7 +108,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.11/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md b/versioned_docs/version-2.11/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index 45e8fba4b02..a71c911e305 100644 --- a/versioned_docs/version-2.11/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +++ b/versioned_docs/version-2.11/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -92,7 +92,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### 3. Amazon Only: Tag Resources diff --git a/versioned_docs/version-2.12/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md b/versioned_docs/version-2.12/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md index 881a6d871a0..3ff9a6a1e0c 100644 --- a/versioned_docs/version-2.12/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md +++ b/versioned_docs/version-2.12/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md @@ -13,7 +13,7 @@ This section describes how to troubleshoot an installation of Rancher on a Kuber Most of the troubleshooting will be done on objects in these 3 namespaces. - `cattle-system` - `rancher` deployment and pods. -- `ingress-nginx` - Ingress controller pods and services. +- `traefik` - Ingress controller pods and services. - `cert-manager` - `cert-manager` pods. ### "default backend - 404" @@ -123,10 +123,10 @@ kubectl -n cattle-system describe ingress If its ready and the SSL is still not working you may have a malformed cert or secret. -Check the nginx-ingress-controller logs. Because the nginx-ingress-controller has multiple containers in its pod you will need to specify the name of the container. +Check the `traefik` logs. ``` -kubectl -n ingress-nginx logs -f nginx-ingress-controller-rfjrq nginx-ingress-controller +kubectl logs -n traefik traefik-6b94b8b688-bngw2 ... W0705 23:04:58.240571 7 backend_ssl.go:49] error obtaining PEM from secret cattle-system/tls-rancher-ingress: error retrieving secret cattle-system/tls-rancher-ingress: secret cattle-system/tls-rancher-ingress was not found ``` @@ -148,11 +148,6 @@ The most common cause of this issue is port 8472/UDP is not open between the nod Once the network issue is resolved, the `canal` pods should timeout and restart to establish their connections. -### nginx-ingress-controller Pods show RESTARTS - -The most common cause of this issue is the `canal` pods have failed to establish the overlay network. See [canal Pods show READY `2/3`](#canal-pods-show-ready-23) for troubleshooting. - - ### Failed to dial to /var/run/docker.sock: ssh: rejected: administratively prohibited (open failed) Some causes of this error include: diff --git a/versioned_docs/version-2.12/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.12/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 2a70338a693..46ccc4fe231 100644 --- a/versioned_docs/version-2.12/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.12/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -135,18 +135,14 @@ This option is only effective on the initial Rancher install. See [Issue 16522]( To customize or use a different ingress with Rancher server you can set your own Ingress annotations. +Please refer to the Traefik documentation for the full list of Ingress NGINX annotations that are [supported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#annotations-support) and [unsupported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#unsupported-annotations) by Traefik's kubernetesIngressNginx provider. + Example on setting a custom certificate issuer: ```plain --set ingress.extraAnnotations.'cert-manager\.io/cluster-issuer'=issuer-name ``` -Example on setting a static proxy header with `ingress.configurationSnippet`. This value is parsed like a template so variables can be used. - -```plain ---set ingress.configurationSnippet='more_set_input_headers X-Forwarded-Host {{ .Values.hostname }};' -``` - ### HTTP Proxy Rancher requires internet access for some functionality (Helm charts). Use `proxy` to set your proxy server or use `extraEnv` to set the `HTTPS_PROXY` environment variable to point to your proxy server. @@ -219,26 +215,6 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.22 - -In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: - -For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) - -```yaml ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChartConfig -metadata: - name: rke2-ingress-nginx - namespace: kube-system -spec: - valuesContent: |- - controller: - config: - use-forwarded-headers: "true" -``` - ### Required Headers - `Host` @@ -255,66 +231,3 @@ spec: ### Health Checks Rancher will respond `200` to health checks on the `/healthz` endpoint. - -### Example NGINX config - -This NGINX configuration is tested on NGINX 1.14. - -:::caution - -This NGINX configuration is only an example and may not suit your environment. For complete documentation, see [NGINX Load Balancing - HTTP Load Balancing](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/). - -::: - -- Replace `IP_NODE1`, `IP_NODE2` and `IP_NODE3` with the IP addresses of the nodes in your cluster. -- Replace both occurrences of `FQDN` to the DNS name for Rancher. -- Replace `/certs/fullchain.pem` and `/certs/privkey.pem` to the location of the server certificate and the server certificate key respectively. - -``` -worker_processes 4; -worker_rlimit_nofile 40000; - -events { - worker_connections 8192; -} - -http { - upstream rancher { - server IP_NODE_1:80; - server IP_NODE_2:80; - server IP_NODE_3:80; - } - - map $http_upgrade $connection_upgrade { - default Upgrade; - '' close; - } - - server { - listen 443 ssl http2; - server_name FQDN; - ssl_certificate /certs/fullchain.pem; - ssl_certificate_key /certs/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://rancher; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close. - proxy_read_timeout 900s; - proxy_buffering off; - } - } - - server { - listen 80; - server_name FQDN; - return 301 https://$server_name$request_uri; - } -} -``` diff --git a/versioned_docs/version-2.12/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/versioned_docs/version-2.12/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 98a91950391..e8a091ef41b 100644 --- a/versioned_docs/version-2.12/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/versioned_docs/version-2.12/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -97,7 +97,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces #### Finished diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 20d09a90ca0..d7505ab1465 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -69,7 +69,7 @@ Specifically, the value should be a comma-delimited string which only contains I - Your cluster is registered and assigned a state of **Pending**. Rancher is deploying resources to manage your cluster. - You can access your cluster after its state is updated to **Active**. -- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `ingress-nginx`, `kube-public` and `kube-system`, if present). +- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `traefik`, `kube-public` and `kube-system`, if present). :::note diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md index 59a6efe3c1a..bd6b11fbb63 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md @@ -63,7 +63,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## EKS Cluster Configuration Reference diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index 287367362a8..1349cbea0a4 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -75,7 +75,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Private Clusters diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index 7e6b5b57d11..eea841ade9d 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -48,7 +48,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md index d7a09f4089c..29f4300b8a9 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md @@ -78,7 +78,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### GCE Best Practices diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 11231c88c5a..8b90b805a9a 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -64,7 +64,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 186a95f366c..840401452f5 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -87,7 +87,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index df67f078ac3..5c4f452faae 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -85,7 +85,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index 2373f134ed4..13ac4de1505 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -86,7 +86,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.12/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md b/versioned_docs/version-2.12/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index 8e09f4a4b88..ef914ad61a7 100644 --- a/versioned_docs/version-2.12/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +++ b/versioned_docs/version-2.12/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -92,7 +92,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### 3. Amazon Only: Tag Resources diff --git a/versioned_docs/version-2.13/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md b/versioned_docs/version-2.13/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md index 881a6d871a0..3ff9a6a1e0c 100644 --- a/versioned_docs/version-2.13/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md +++ b/versioned_docs/version-2.13/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md @@ -13,7 +13,7 @@ This section describes how to troubleshoot an installation of Rancher on a Kuber Most of the troubleshooting will be done on objects in these 3 namespaces. - `cattle-system` - `rancher` deployment and pods. -- `ingress-nginx` - Ingress controller pods and services. +- `traefik` - Ingress controller pods and services. - `cert-manager` - `cert-manager` pods. ### "default backend - 404" @@ -123,10 +123,10 @@ kubectl -n cattle-system describe ingress If its ready and the SSL is still not working you may have a malformed cert or secret. -Check the nginx-ingress-controller logs. Because the nginx-ingress-controller has multiple containers in its pod you will need to specify the name of the container. +Check the `traefik` logs. ``` -kubectl -n ingress-nginx logs -f nginx-ingress-controller-rfjrq nginx-ingress-controller +kubectl logs -n traefik traefik-6b94b8b688-bngw2 ... W0705 23:04:58.240571 7 backend_ssl.go:49] error obtaining PEM from secret cattle-system/tls-rancher-ingress: error retrieving secret cattle-system/tls-rancher-ingress: secret cattle-system/tls-rancher-ingress was not found ``` @@ -148,11 +148,6 @@ The most common cause of this issue is port 8472/UDP is not open between the nod Once the network issue is resolved, the `canal` pods should timeout and restart to establish their connections. -### nginx-ingress-controller Pods show RESTARTS - -The most common cause of this issue is the `canal` pods have failed to establish the overlay network. See [canal Pods show READY `2/3`](#canal-pods-show-ready-23) for troubleshooting. - - ### Failed to dial to /var/run/docker.sock: ssh: rejected: administratively prohibited (open failed) Some causes of this error include: diff --git a/versioned_docs/version-2.13/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.13/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 873e125ced0..60548ab1c96 100644 --- a/versioned_docs/version-2.13/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.13/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -132,18 +132,14 @@ This option is only effective on the initial Rancher install. See [Issue 16522]( To customize or use a different ingress with Rancher server you can set your own Ingress annotations. +Please refer to the Traefik documentation for the full list of Ingress NGINX annotations that are [supported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#annotations-support) and [unsupported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#unsupported-annotations) by Traefik's kubernetesIngressNginx provider. + Example on setting a custom certificate issuer: ```plain --set ingress.extraAnnotations.'cert-manager\.io/cluster-issuer'=issuer-name ``` -Example on setting a static proxy header with `ingress.configurationSnippet`. This value is parsed like a template so variables can be used. - -```plain ---set ingress.configurationSnippet='more_set_input_headers X-Forwarded-Host {{ .Values.hostname }};' -``` - ### HTTP Proxy Rancher requires internet access for some functionality (Helm charts). Use `proxy` to set your proxy server or use `extraEnv` to set the `HTTPS_PROXY` environment variable to point to your proxy server. @@ -216,26 +212,6 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.22 - -In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: - -For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) - -```yaml ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChartConfig -metadata: - name: rke2-ingress-nginx - namespace: kube-system -spec: - valuesContent: |- - controller: - config: - use-forwarded-headers: "true" -``` - ### Required Headers - `Host` @@ -252,66 +228,3 @@ spec: ### Health Checks Rancher will respond `200` to health checks on the `/healthz` endpoint. - -### Example NGINX config - -This NGINX configuration is tested on NGINX 1.14. - -:::caution - -This NGINX configuration is only an example and may not suit your environment. For complete documentation, see [NGINX Load Balancing - HTTP Load Balancing](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/). - -::: - -- Replace `IP_NODE1`, `IP_NODE2` and `IP_NODE3` with the IP addresses of the nodes in your cluster. -- Replace both occurrences of `FQDN` to the DNS name for Rancher. -- Replace `/certs/fullchain.pem` and `/certs/privkey.pem` to the location of the server certificate and the server certificate key respectively. - -``` -worker_processes 4; -worker_rlimit_nofile 40000; - -events { - worker_connections 8192; -} - -http { - upstream rancher { - server IP_NODE_1:80; - server IP_NODE_2:80; - server IP_NODE_3:80; - } - - map $http_upgrade $connection_upgrade { - default Upgrade; - '' close; - } - - server { - listen 443 ssl http2; - server_name FQDN; - ssl_certificate /certs/fullchain.pem; - ssl_certificate_key /certs/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://rancher; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close. - proxy_read_timeout 900s; - proxy_buffering off; - } - } - - server { - listen 80; - server_name FQDN; - return 301 https://$server_name$request_uri; - } -} -``` diff --git a/versioned_docs/version-2.13/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/versioned_docs/version-2.13/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 98a91950391..e8a091ef41b 100644 --- a/versioned_docs/version-2.13/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/versioned_docs/version-2.13/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -97,7 +97,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces #### Finished diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index f8fdc984308..87139599192 100644 --- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -69,7 +69,7 @@ Specifically, the value should be a comma-delimited string which only contains I - Your cluster is registered and assigned a state of **Pending**. Rancher is deploying resources to manage your cluster. - You can access your cluster after its state is updated to **Active**. -- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `ingress-nginx`, `kube-public` and `kube-system`, if present). +- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `traefik`, `kube-public` and `kube-system`, if present). :::note diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md index 59a6efe3c1a..bd6b11fbb63 100644 --- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md +++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md @@ -63,7 +63,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## EKS Cluster Configuration Reference diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index 287367362a8..1349cbea0a4 100644 --- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -75,7 +75,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Private Clusters diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index 7e6b5b57d11..eea841ade9d 100644 --- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -48,7 +48,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md index d7a09f4089c..29f4300b8a9 100644 --- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md +++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md @@ -78,7 +78,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### GCE Best Practices diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 07b28f311fa..53bfd79286b 100644 --- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -65,7 +65,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 186a95f366c..840401452f5 100644 --- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -87,7 +87,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index df67f078ac3..5c4f452faae 100644 --- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -85,7 +85,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index 88f0599cdcb..0f11b804d6c 100644 --- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -86,7 +86,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.13/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md b/versioned_docs/version-2.13/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index a27ac9ac48c..a6c991869da 100644 --- a/versioned_docs/version-2.13/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +++ b/versioned_docs/version-2.13/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -102,7 +102,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### 3. Amazon Only: Tag Resources diff --git a/versioned_docs/version-2.14/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md b/versioned_docs/version-2.14/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md index 881a6d871a0..3ff9a6a1e0c 100644 --- a/versioned_docs/version-2.14/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md +++ b/versioned_docs/version-2.14/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/troubleshooting.md @@ -13,7 +13,7 @@ This section describes how to troubleshoot an installation of Rancher on a Kuber Most of the troubleshooting will be done on objects in these 3 namespaces. - `cattle-system` - `rancher` deployment and pods. -- `ingress-nginx` - Ingress controller pods and services. +- `traefik` - Ingress controller pods and services. - `cert-manager` - `cert-manager` pods. ### "default backend - 404" @@ -123,10 +123,10 @@ kubectl -n cattle-system describe ingress If its ready and the SSL is still not working you may have a malformed cert or secret. -Check the nginx-ingress-controller logs. Because the nginx-ingress-controller has multiple containers in its pod you will need to specify the name of the container. +Check the `traefik` logs. ``` -kubectl -n ingress-nginx logs -f nginx-ingress-controller-rfjrq nginx-ingress-controller +kubectl logs -n traefik traefik-6b94b8b688-bngw2 ... W0705 23:04:58.240571 7 backend_ssl.go:49] error obtaining PEM from secret cattle-system/tls-rancher-ingress: error retrieving secret cattle-system/tls-rancher-ingress: secret cattle-system/tls-rancher-ingress was not found ``` @@ -148,11 +148,6 @@ The most common cause of this issue is port 8472/UDP is not open between the nod Once the network issue is resolved, the `canal` pods should timeout and restart to establish their connections. -### nginx-ingress-controller Pods show RESTARTS - -The most common cause of this issue is the `canal` pods have failed to establish the overlay network. See [canal Pods show READY `2/3`](#canal-pods-show-ready-23) for troubleshooting. - - ### Failed to dial to /var/run/docker.sock: ssh: rejected: administratively prohibited (open failed) Some causes of this error include: diff --git a/versioned_docs/version-2.14/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.14/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 873e125ced0..60548ab1c96 100644 --- a/versioned_docs/version-2.14/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.14/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -132,18 +132,14 @@ This option is only effective on the initial Rancher install. See [Issue 16522]( To customize or use a different ingress with Rancher server you can set your own Ingress annotations. +Please refer to the Traefik documentation for the full list of Ingress NGINX annotations that are [supported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#annotations-support) and [unsupported](https://doc.traefik.io/traefik/reference/routing-configuration/kubernetes/ingress-nginx/#unsupported-annotations) by Traefik's kubernetesIngressNginx provider. + Example on setting a custom certificate issuer: ```plain --set ingress.extraAnnotations.'cert-manager\.io/cluster-issuer'=issuer-name ``` -Example on setting a static proxy header with `ingress.configurationSnippet`. This value is parsed like a template so variables can be used. - -```plain ---set ingress.configurationSnippet='more_set_input_headers X-Forwarded-Host {{ .Values.hostname }};' -``` - ### HTTP Proxy Rancher requires internet access for some functionality (Helm charts). Use `proxy` to set your proxy server or use `extraEnv` to set the `HTTPS_PROXY` environment variable to point to your proxy server. @@ -216,26 +212,6 @@ If you are using a Private CA signed certificate (or if `agent-tls-mode` is set Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. -### Configuring Ingress for External TLS when Using NGINX v0.22 - -In NGINX v0.22, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/06efac9f0b6f8f84b553f58ccecf79dc42c75cc6/Changelog.md) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX v0.22, you must enable the `use-forwarded-headers` option for ingress: - -For RKE2 installations, you can create a custom `rke2-ingress-nginx-config.yaml` file at `/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml` containing this required setting to enable using forwarded headers with external TLS termination. Without this required setting applied, the external LB will continuously respond with redirect loops it receives from the ingress controller. (This can be created before or after rancher is installed, rke2 server agent will notice this addition and automatically apply it.) - -```yaml ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChartConfig -metadata: - name: rke2-ingress-nginx - namespace: kube-system -spec: - valuesContent: |- - controller: - config: - use-forwarded-headers: "true" -``` - ### Required Headers - `Host` @@ -252,66 +228,3 @@ spec: ### Health Checks Rancher will respond `200` to health checks on the `/healthz` endpoint. - -### Example NGINX config - -This NGINX configuration is tested on NGINX 1.14. - -:::caution - -This NGINX configuration is only an example and may not suit your environment. For complete documentation, see [NGINX Load Balancing - HTTP Load Balancing](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/). - -::: - -- Replace `IP_NODE1`, `IP_NODE2` and `IP_NODE3` with the IP addresses of the nodes in your cluster. -- Replace both occurrences of `FQDN` to the DNS name for Rancher. -- Replace `/certs/fullchain.pem` and `/certs/privkey.pem` to the location of the server certificate and the server certificate key respectively. - -``` -worker_processes 4; -worker_rlimit_nofile 40000; - -events { - worker_connections 8192; -} - -http { - upstream rancher { - server IP_NODE_1:80; - server IP_NODE_2:80; - server IP_NODE_3:80; - } - - map $http_upgrade $connection_upgrade { - default Upgrade; - '' close; - } - - server { - listen 443 ssl http2; - server_name FQDN; - ssl_certificate /certs/fullchain.pem; - ssl_certificate_key /certs/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://rancher; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close. - proxy_read_timeout 900s; - proxy_buffering off; - } - } - - server { - listen 80; - server_name FQDN; - return 301 https://$server_name$request_uri; - } -} -``` diff --git a/versioned_docs/version-2.14/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md b/versioned_docs/version-2.14/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md index 98a91950391..e8a091ef41b 100644 --- a/versioned_docs/version-2.14/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md +++ b/versioned_docs/version-2.14/getting-started/quick-start-guides/deploy-rancher-manager/equinix-metal.md @@ -97,7 +97,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces #### Finished diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index f8fdc984308..87139599192 100644 --- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -69,7 +69,7 @@ Specifically, the value should be a comma-delimited string which only contains I - Your cluster is registered and assigned a state of **Pending**. Rancher is deploying resources to manage your cluster. - You can access your cluster after its state is updated to **Active**. -- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `ingress-nginx`, `kube-public` and `kube-system`, if present). +- **Active** clusters are assigned two Projects: `Default` (containing the namespace `default`) and `System` (containing the namespaces `cattle-system`, `traefik`, `kube-public` and `kube-system`, if present). :::note diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md index fcdcefffbe7..f640ac8a61f 100644 --- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md +++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/eks.md @@ -63,7 +63,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## EKS Cluster Configuration Reference diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md index 287367362a8..1349cbea0a4 100644 --- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md +++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-clusters-from-hosted-kubernetes-providers/gke.md @@ -75,7 +75,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Private Clusters diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md index 7e6b5b57d11..eea841ade9d 100644 --- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md +++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-digitalocean-cluster.md @@ -48,7 +48,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md index d7a09f4089c..29f4300b8a9 100644 --- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md +++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-a-google-compute-engine-cluster.md @@ -78,7 +78,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### GCE Best Practices diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md index 07b28f311fa..53bfd79286b 100644 --- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md +++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-amazon-ec2-cluster.md @@ -65,7 +65,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md index 186a95f366c..840401452f5 100644 --- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md +++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/create-an-azure-cluster.md @@ -87,7 +87,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### Optional Next Steps diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md index df67f078ac3..5c4f452faae 100644 --- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md +++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md @@ -85,7 +85,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md index 88f0599cdcb..0f11b804d6c 100644 --- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md +++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/vsphere/provision-kubernetes-clusters-in-vsphere.md @@ -86,7 +86,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ## Optional Next Steps diff --git a/versioned_docs/version-2.14/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md b/versioned_docs/version-2.14/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md index a27ac9ac48c..a6c991869da 100644 --- a/versioned_docs/version-2.14/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md +++ b/versioned_docs/version-2.14/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes/use-existing-nodes.md @@ -102,7 +102,7 @@ You can access your cluster after its state is updated to **Active**. **Active** clusters are assigned two Projects: - `Default`, containing the `default` namespace -- `System`, containing the `cattle-system`, `ingress-nginx`, `kube-public`, and `kube-system` namespaces +- `System`, containing the `cattle-system`, `traefik`, `kube-public`, and `kube-system` namespaces ### 3. Amazon Only: Tag Resources