diff --git a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index cbe6e77b492..9f45c8ba22d 100644 --- a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -140,7 +140,7 @@ Upgrade Rancher to the latest version with all your settings. Take all the values from the previous step and append them to the command using `--set key=value`. -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm upgrade rancher rancher-/rancher \ @@ -162,7 +162,7 @@ Alternatively, it's possible to export the current values to a file and referenc ``` 1. Update only the Rancher version: - For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. + For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm upgrade rancher rancher-/rancher \ diff --git a/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 5ddfc3bae57..6e0f7263d1c 100644 --- a/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/docs/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -62,7 +62,7 @@ For information on enabling experimental features, refer to [this page.](../../. | `systemDefaultRegistry` | "" | `string` - private registry to be used for all system container images, e.g., http://registry.example.com/ | | `tls` | "ingress" | `string` - See [External TLS Termination](#external-tls-termination) for details. - "ingress, external" | | `useBundledSystemChart` | `false` | `bool` - select to use the system-charts packaged with Rancher server. This option is used for air gapped installations. | -| `global.cattle.psp.enabled` | `true` | `bool` - select 'false' to disable PSP for RKE/RKE2 (K8s) versions `v1.25` and higher. | +| `global.cattle.psp.enabled` | `true` | `bool` - select 'false' to disable PSPs for Kubernetes v1.25 and above when using Rancher v2.7.2-v2.7.4. When using Rancher v2.7.5 and above, Rancher attempts to detect if a cluster is running a Kubernetes version where PSPs are not supported, and will default it's usage of PSPs to false if it can determine that PSPs are not supported in the cluster. Users can still manually override this by explicitly providing `true` or `false` for this value. Rancher will still use PSPs by default in clusters which support PSPs (such as clusters running Kubernetes v1.24 or lower).| ### Bootstrap Password diff --git a/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md index ee21d12a1ca..51982a8c623 100644 --- a/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md @@ -177,7 +177,7 @@ kubectl create namespace cattle-system Next, install Rancher, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools. -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. Placeholder | Description ------------|------------- @@ -208,7 +208,7 @@ Create Kubernetes secrets from your own certificates for Rancher to use. The com Install Rancher, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools. -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. | Placeholder | Description | | -------------------------------- | ----------------------------------------------- | diff --git a/docs/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md b/docs/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md index 57bc47ae75d..b6489884a74 100644 --- a/docs/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md +++ b/docs/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md @@ -130,7 +130,7 @@ The final command to install Rancher is below. The command requires a domain nam To install a specific Rancher version, use the `--version` flag (e.g., `--version 2.6.6`). Otherwise, the latest Rancher is installed by default. Refer to [Choosing a Rancher Version](../../installation-and-upgrade/resources/choose-a-rancher-version.md). -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. Note the password requires a minimum of 12 characters. diff --git a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 00187b3b23a..3f851c442fa 100644 --- a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -158,7 +158,7 @@ Follow the steps to [install cert-manager](../../../pages-for-subheaders/install Use the same version of Helm to install Rancher, that was used on the first cluster. -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ```bash helm install rancher rancher-latest/rancher \ diff --git a/docs/pages-for-subheaders/enable-experimental-features.md b/docs/pages-for-subheaders/enable-experimental-features.md index cf687d9ee43..0494ed5f0fa 100644 --- a/docs/pages-for-subheaders/enable-experimental-features.md +++ b/docs/pages-for-subheaders/enable-experimental-features.md @@ -34,7 +34,7 @@ Values set from the Rancher API will override the value passed in through the co When installing Rancher with a Helm chart, use the `--set` option. In the below example, two features are enabled by passing the feature flag names in a comma separated list: -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm install rancher rancher-latest/rancher \ diff --git a/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md b/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md index 29a7e98d226..67d02984b42 100644 --- a/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md +++ b/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md @@ -201,7 +201,7 @@ Because `rancher` is the default option for `ingress.tls.source`, we are not spe - Set the `hostname` to the DNS name you pointed at your load balancer. - Set the `bootstrapPassword` to something unique for the `admin` user. - To install a specific Rancher version, use the `--version` flag, example: `--version 2.7.0` -- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm install rancher rancher-/rancher \ @@ -242,7 +242,7 @@ In the following command, - `ingress.tls.source` is set to `letsEncrypt` - `letsEncrypt.email` is set to the email address used for communication about your certificate (for example, expiry notices) - Set `letsEncrypt.ingress.class` to whatever your ingress controller is, e.g., `traefik`, `nginx`, `haproxy`, etc. -- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm install rancher rancher-/rancher \ @@ -285,7 +285,7 @@ If you want to check if your certificates are correct, see [How do I check Commo - Set the `hostname`. - Set the `bootstrapPassword` to something unique for the `admin` user. - Set `ingress.tls.source` to `secret`. -- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm install rancher rancher-/rancher \ diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index cbe6e77b492..9f45c8ba22d 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -140,7 +140,7 @@ Upgrade Rancher to the latest version with all your settings. Take all the values from the previous step and append them to the command using `--set key=value`. -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm upgrade rancher rancher-/rancher \ @@ -162,7 +162,7 @@ Alternatively, it's possible to export the current values to a file and referenc ``` 1. Update only the Rancher version: - For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. + For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm upgrade rancher rancher-/rancher \ diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md index 5ddfc3bae57..bf6ea01ca23 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/installation-references/helm-chart-options.md @@ -62,7 +62,7 @@ For information on enabling experimental features, refer to [this page.](../../. | `systemDefaultRegistry` | "" | `string` - private registry to be used for all system container images, e.g., http://registry.example.com/ | | `tls` | "ingress" | `string` - See [External TLS Termination](#external-tls-termination) for details. - "ingress, external" | | `useBundledSystemChart` | `false` | `bool` - select to use the system-charts packaged with Rancher server. This option is used for air gapped installations. | -| `global.cattle.psp.enabled` | `true` | `bool` - select 'false' to disable PSP for RKE/RKE2 (K8s) versions `v1.25` and higher. | +| `global.cattle.psp.enabled` | `true` | `bool` - select 'false' to disable PSPs for Kubernetes v1.25 and above when using Rancher v2.7.2-v2.7.4. When using Rancher v2.7.5 and above, Rancher attempts to detect if a cluster is running a Kubernetes version where PSPs are not supported, and will default it's usage of PSPs to false if it can determine that PSPs are not supported in the cluster. Users can still manually override this by explicitly providing `true` or `false` for this value. Rancher will still use PSPs by default in clusters which support PSPs (such as clusters running Kubernetes v1.24 or lower). | ### Bootstrap Password diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md index ee21d12a1ca..51982a8c623 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md @@ -177,7 +177,7 @@ kubectl create namespace cattle-system Next, install Rancher, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools. -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. Placeholder | Description ------------|------------- @@ -208,7 +208,7 @@ Create Kubernetes secrets from your own certificates for Rancher to use. The com Install Rancher, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools. -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. | Placeholder | Description | | -------------------------------- | ----------------------------------------------- | diff --git a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md index 57bc47ae75d..b6489884a74 100644 --- a/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md +++ b/versioned_docs/version-2.7/getting-started/quick-start-guides/deploy-rancher-manager/helm-cli.md @@ -130,7 +130,7 @@ The final command to install Rancher is below. The command requires a domain nam To install a specific Rancher version, use the `--version` flag (e.g., `--version 2.6.6`). Otherwise, the latest Rancher is installed by default. Refer to [Choosing a Rancher Version](../../installation-and-upgrade/resources/choose-a-rancher-version.md). -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. Note the password requires a minimum of 12 characters. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 00187b3b23a..3f851c442fa 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -158,7 +158,7 @@ Follow the steps to [install cert-manager](../../../pages-for-subheaders/install Use the same version of Helm to install Rancher, that was used on the first cluster. -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ```bash helm install rancher rancher-latest/rancher \ diff --git a/versioned_docs/version-2.7/pages-for-subheaders/enable-experimental-features.md b/versioned_docs/version-2.7/pages-for-subheaders/enable-experimental-features.md index cf687d9ee43..0494ed5f0fa 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/enable-experimental-features.md +++ b/versioned_docs/version-2.7/pages-for-subheaders/enable-experimental-features.md @@ -34,7 +34,7 @@ Values set from the Rancher API will override the value passed in through the co When installing Rancher with a Helm chart, use the `--set` option. In the below example, two features are enabled by passing the feature flag names in a comma separated list: -For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm install rancher rancher-latest/rancher \ diff --git a/versioned_docs/version-2.7/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md b/versioned_docs/version-2.7/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md index 29a7e98d226..67d02984b42 100644 --- a/versioned_docs/version-2.7/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md +++ b/versioned_docs/version-2.7/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md @@ -201,7 +201,7 @@ Because `rancher` is the default option for `ingress.tls.source`, we are not spe - Set the `hostname` to the DNS name you pointed at your load balancer. - Set the `bootstrapPassword` to something unique for the `admin` user. - To install a specific Rancher version, use the `--version` flag, example: `--version 2.7.0` -- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm install rancher rancher-/rancher \ @@ -242,7 +242,7 @@ In the following command, - `ingress.tls.source` is set to `letsEncrypt` - `letsEncrypt.email` is set to the email address used for communication about your certificate (for example, expiry notices) - Set `letsEncrypt.ingress.class` to whatever your ingress controller is, e.g., `traefik`, `nginx`, `haproxy`, etc. -- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm install rancher rancher-/rancher \ @@ -285,7 +285,7 @@ If you want to check if your certificates are correct, see [How do I check Commo - Set the `hostname`. - Set the `bootstrapPassword` to something unique for the `admin` user. - Set `ingress.tls.source` to `secret`. -- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false`. +- For Kubernetes v1.25 or later, set `global.cattle.psp.enabled` to `false` when using Rancher v2.7.2-v2.7.4. This is not necessary for Rancher v2.7.5 and above, but you can still manually set the option if you choose. ``` helm install rancher rancher-/rancher \