From facd7baf0b245d01447036957744e7405ded97ca Mon Sep 17 00:00:00 2001 From: jgallucci32 Date: Thu, 7 Apr 2022 14:18:26 -0700 Subject: [PATCH 01/10] Remove invalid link to kubernetes cloud providers Kubernetes removed the official documentation for cloud providers in https://github.com/kubernetes/website/pull/23517. Users are now instructed to view the individual documentation provided by each cloud provider. --- content/rke/latest/en/config-options/cloud-providers/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rke/latest/en/config-options/cloud-providers/_index.md b/content/rke/latest/en/config-options/cloud-providers/_index.md index 45501bcf784..f9a58253e15 100644 --- a/content/rke/latest/en/config-options/cloud-providers/_index.md +++ b/content/rke/latest/en/config-options/cloud-providers/_index.md @@ -3,7 +3,7 @@ title: Cloud Providers weight: 250 --- -RKE supports the ability to set your specific [cloud provider](https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/) for your Kubernetes cluster. There are specific cloud configurations for these cloud providers. +RKE supports the ability to set your specific cloud provider for your Kubernetes cluster. There are specific cloud configurations for these cloud providers. To enable a cloud provider its name as well as any required configuration options must be provided under the `cloud_provider` directive in the cluster YML. * [AWS]({{}}/rke/latest/en/config-options/cloud-providers/aws) From 9dca333f2720be3117078265cec1a835361c62fc Mon Sep 17 00:00:00 2001 From: jgallucci32 Date: Thu, 7 Apr 2022 14:21:18 -0700 Subject: [PATCH 02/10] Remove invalid link to cloud providers in v2.5 Kubernetes removed the official documentation for cloud providers in https://github.com/kubernetes/website/pull/23517. Users are now instructed to view the individual documentation provided by each cloud provider. --- .../rke-clusters/cloud-providers/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md index 82f660865e9..6b12db8c31a 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md @@ -6,7 +6,7 @@ aliases: - /rancher/v2.5/en/cluster-provisioning/rke-clusters/options/cloud-providers - /rancher/v2.x/en/cluster-provisioning/rke-clusters/cloud-providers/ --- -A _cloud provider_ is a module in Kubernetes that provides an interface for managing nodes, load balancers, and networking routes. For more information, refer to the [official Kubernetes documentation on cloud providers.](https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/) +A _cloud provider_ is a module in Kubernetes that provides an interface for managing nodes, load balancers, and networking routes. When a cloud provider is set up in Rancher, the Rancher server can automatically provision new nodes, load balancers or persistent storage devices when launching Kubernetes definitions, if the cloud provider you're using supports such automation. @@ -39,7 +39,7 @@ For details on enabling the vSphere cloud provider, refer to [this page.](./vsph ### Setting up a Custom Cloud Provider -The `Custom` cloud provider is available if you want to configure any [Kubernetes cloud provider](https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/). +The `Custom` cloud provider is available if you want to configure any Kubernetes cloud provider. For the custom cloud provider option, you can refer to the [RKE docs]({{}}/rke/latest/en/config-options/cloud-providers/) on how to edit the yaml file for your specific cloud provider. There are specific cloud providers that have more detailed configuration : From 62f23aaa3462a91157faaa9717ee16fc660ab917 Mon Sep 17 00:00:00 2001 From: Roberto Bonafiglia Date: Fri, 8 Apr 2022 10:31:33 +0200 Subject: [PATCH 03/10] Added wireguard port on networking installation --- .../en/installation/installation-requirements/_index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/k3s/latest/en/installation/installation-requirements/_index.md b/content/k3s/latest/en/installation/installation-requirements/_index.md index 3daee8b3ccc..276e684d7c4 100644 --- a/content/k3s/latest/en/installation/installation-requirements/_index.md +++ b/content/k3s/latest/en/installation/installation-requirements/_index.md @@ -44,7 +44,7 @@ K3s performance depends on the performance of the database. To ensure optimal sp The K3s server needs port 6443 to be accessible by all nodes. -The nodes need to be able to reach other nodes over UDP port 8472 when Flannel VXLAN is used. The node should not listen on any other port. K3s uses reverse tunneling such that the nodes make outbound connections to the server and all kubelet traffic runs through that tunnel. However, if you do not use Flannel and provide your own custom CNI, then port 8472 is not needed by K3s. +The nodes need to be able to reach other nodes over UDP port 8472 when Flannel VXLAN is used or UDP ports 51820 and 51821 (when using IPv6) when Flannel Wireguard backend is used. The node should not listen on any other port. K3s uses reverse tunneling such that the nodes make outbound connections to the server and all kubelet traffic runs through that tunnel. However, if you do not use Flannel and provide your own custom CNI, then the ports needed by Flannel are not needed by K3s. If you wish to utilize the metrics server, you will need to open port 10250 on each node. @@ -59,6 +59,8 @@ If you plan on achieving high availability with embedded etcd, server nodes must |-----|-----|----------------|---| | TCP | 6443 | K3s agent nodes | Kubernetes API Server | UDP | 8472 | K3s server and agent nodes | Required only for Flannel VXLAN +| UDP | 51820 | K3s server and agent nodes | Required only for Flannel Wireguard backend +| UDP | 51821 | K3s server and agent nodes | Required only for Flannel Wireguard backend with IPv6 | TCP | 10250 | K3s server and agent nodes | Kubelet metrics | TCP | 2379-2380 | K3s server nodes | Required only for HA with embedded etcd From 54c8abb9cd01e4130761008783b9418fd98a035c Mon Sep 17 00:00:00 2001 From: Bastian Hofmann Date: Fri, 8 Apr 2022 13:01:46 +0200 Subject: [PATCH 04/10] Always link to the latest Longhorn docs version Signed-off-by: Bastian Hofmann --- content/rancher/v2.6/en/longhorn/_index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/rancher/v2.6/en/longhorn/_index.md b/content/rancher/v2.6/en/longhorn/_index.md index ad14ffbb067..d394cab5d02 100644 --- a/content/rancher/v2.6/en/longhorn/_index.md +++ b/content/rancher/v2.6/en/longhorn/_index.md @@ -24,12 +24,12 @@ With Longhorn, you can: ### Installing Longhorn with Rancher -1. Fulfill all [Installation Requirements.](https://longhorn.io/docs/1.1.0/deploy/install/#installation-requirements) +1. Fulfill all [Installation Requirements.](https://longhorn.io/docs/latest/deploy/install/#installation-requirements) 1. Go to the cluster where you want to install Longhorn. 1. Click **Apps & Marketplace**. 1. Click **Charts**. 1. Click **Longhorn**. -1. Optional: To customize the initial settings, click **Longhorn Default Settings** and edit the configuration. For help customizing the settings, refer to the [Longhorn documentation.](https://longhorn.io/docs/1.0.2/references/settings/) +1. Optional: To customize the initial settings, click **Longhorn Default Settings** and edit the configuration. For help customizing the settings, refer to the [Longhorn documentation.](https://longhorn.io/docs/latest/references/settings/) 1. Click **Install**. **Result:** Longhorn is deployed in the Kubernetes cluster. @@ -64,7 +64,7 @@ Longhorn creates a dedicated storage controller for each volume and synchronousl The storage controller and replicas are themselves orchestrated using Kubernetes. -You can learn more about its architecture [here.](https://longhorn.io/docs/1.0.2/concepts/) +You can learn more about its architecture [here.](https://longhorn.io/docs/latest/concepts/)
Longhorn Architecture
![Longhorn Architecture]({{}}/img/rancher/longhorn-architecture.svg) From 8efe67488d26c0b6ca9659a490d51d6fc0928edf Mon Sep 17 00:00:00 2001 From: mutron3k Date: Fri, 8 Apr 2022 10:05:40 -0400 Subject: [PATCH 05/10] updating cert-manager version to match 2.6 notes https://rancher.com/docs/rancher/v2.6/en/installation/install-rancher-on-k8s/ "New in v2.6.4, cert-manager versions 1.6.2 and 1.7.1 are compatible. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022." and https://rancher.com/docs/rancher/v2.6/en/installation/install-rancher-on-k8s/ ("CLICK TO EXPAND") helm install cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.7.1 --- .../deployment/quickstart-manual-setup/_index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/quickstart-manual-setup/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/quickstart-manual-setup/_index.md index cd8a9fe0e07..5dcaa385978 100644 --- a/content/rancher/v2.6/en/quick-start-guide/deployment/quickstart-manual-setup/_index.md +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/quickstart-manual-setup/_index.md @@ -92,7 +92,7 @@ helm repo add rancher-latest https://releases.rancher.com/server-charts/latest kubectl create namespace cattle-system -kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml +kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml helm repo add jetstack https://charts.jetstack.io @@ -101,13 +101,13 @@ helm repo update helm install cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ - --version v1.5.1 + --version v1.7.1 # Windows Powershell helm install cert-manager jetstack/cert-manager \` --namespace cert-manager \` --create-namespace \` - --version v1.5.1 + --version v1.7.1 ``` The final command to install Rancher is below. The command requires a domain name that forwards traffic to the Linux machine. For the sake of simplicity in this tutorial, you can use a fake domain name to create your proof-of-concept. An example of a fake domain name would be `.sslip.io`. From 5f30d33956ddd31a9ce1825a4677259cec80dbe2 Mon Sep 17 00:00:00 2001 From: Bastian Hofmann Date: Mon, 11 Apr 2022 10:24:53 +0200 Subject: [PATCH 06/10] Fix link in Logging -> Flows to link to the correct upstream docs page Signed-off-by: Bastian Hofmann --- .../v2.6/en/logging/custom-resource-config/flows/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/logging/custom-resource-config/flows/_index.md b/content/rancher/v2.6/en/logging/custom-resource-config/flows/_index.md index f4ffeb05cfb..2ad4991dc8f 100644 --- a/content/rancher/v2.6/en/logging/custom-resource-config/flows/_index.md +++ b/content/rancher/v2.6/en/logging/custom-resource-config/flows/_index.md @@ -3,7 +3,7 @@ title: Flows and ClusterFlows weight: 1 --- -For the full details on configuring `Flows` and `ClusterFlows`, see the [Banzai Cloud Logging operator documentation.](https://banzaicloud.com/docs/one-eye/logging-operator/configuration/output/) +For the full details on configuring `Flows` and `ClusterFlows`, see the [Banzai Cloud Logging operator documentation.](https://banzaicloud.com/docs/one-eye/logging-operator/configuration/flow/) - [Configuration](#configuration) - [YAML Example](#yaml-example) From 391d7aee66693048b854992b50e12e52c2ba71ad Mon Sep 17 00:00:00 2001 From: Guilherme Macedo Date: Fri, 15 Apr 2022 10:03:35 +0200 Subject: [PATCH 07/10] Add new security advisories Signed-off-by: Guilherme Macedo --- content/rancher/v2.6/en/security/cve/_index.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/rancher/v2.6/en/security/cve/_index.md b/content/rancher/v2.6/en/security/cve/_index.md index 628473bb891..b353c508096 100644 --- a/content/rancher/v2.6/en/security/cve/_index.md +++ b/content/rancher/v2.6/en/security/cve/_index.md @@ -7,6 +7,10 @@ Rancher is committed to informing the community of security issues in our produc | ID | Description | Date | Resolution | |----|-------------|------|------------| +| [CVE-2021-36784](https://github.com/rancher/rancher/security/advisories/GHSA-jwvr-vv7p-gpwq) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 which allows users who have create or update permissions on [Global Roles](https://rancher.com/docs/rancher/v2.6/en/admin-settings/rbac/) to escalate their permissions, or those of another user, to admin-level permissions. Global Roles grant users Rancher-wide permissions, such as the ability to create clusters. In the identified versions of Rancher, when users are given permission to edit or create Global Roles, they are not restricted to only granting permissions which they already posses. This vulnerability affects customers who utilize non-admin users that are able to create or edit Global Roles. The most common use case for this scenario is the `restricted-admin` role. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | +| [CVE-2021-4200](https://github.com/rancher/rancher/security/advisories/GHSA-hx8w-ghh8-r4xf) | This vulnerability only affects customers using the `restricted-admin` role in Rancher. A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 where the `global-data` role in `cattle-global-data` namespace grants write access to the Catalogs. Since each user with any level of catalog access was bound to the `global-data` role, this grants write access to templates (`CatalogTemplates`) and template versions (`CatalogTemplateVersions`) for any user with any level of catalog access. New users created in Rancher are by default assigned to the `user` role (standard user), which is not designed to grant write catalog access. This vulnerability effectively elevates the privilege of any user to write access for the catalog template and catalog template version resources. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | +| [GHSA-wm2r-rp98-8pmh](https://github.com/rancher/rancher/security/advisories/GHSA-wm2r-rp98-8pmh) | This vulnerability only affects customers using [Fleet](https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/) for continuous delivery with authenticated Git and/or Helm repositories. An issue was discovered in `go-getter` library in versions prior to [`v1.5.11`](https://github.com/hashicorp/go-getter/releases/tag/v1.5.11) that exposes SSH private keys in base64 format due to a failure in redacting such information from error messages. The vulnerable version of this library is used in Rancher through Fleet in versions of Fleet prior to [`v0.3.9`](https://github.com/rancher/fleet/releases/tag/v0.3.9). This issue affects Rancher versions 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3. The issue was found and reported by Dagan Henderson from Raft Engineering. | 14 Apr 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) and [Rancher v2.5.13](https://github.com/rancher/rancher/releases/tag/v2.5.13) | +| [CVE-2021-36778](https://github.com/rancher/rancher/security/advisories/GHSA-4fc7-hc63-7fjg) | A vulnerability was discovered in Rancher versions from 2.5.0 up to and including 2.5.11 and from 2.6.0 up to and including 2.6.2, where an insufficient check of the same-origin policy when downloading Helm charts from a configured private repository can lead to exposure of the repository credentials to a third-party provider. This issue only happens when the user configures access credentials to a private repository in Rancher inside `Apps & Marketplace > Repositories`. The issue was found and reported by Martin Andreas Ullrich. | 14 Apr 2022 | [Rancher v2.6.3](https://github.com/rancher/rancher/releases/tag/v2.6.3) and [Rancher v2.5.12](https://github.com/rancher/rancher/releases/tag/v2.5.12) | | [GHSA-hwm2-4ph6-w6m5](https://github.com/rancher/rancher/security/advisories/GHSA-hwm2-4ph6-w6m5) | A vulnerability was discovered in versions of Rancher starting 2.0 up to and including 2.6.3. The `restricted` pod security policy (PSP) provided in Rancher deviated from the upstream `restricted` policy provided in Kubernetes on account of which Rancher's PSP had `runAsUser` set to `runAsAny`, while upstream had `runAsUser` set to `MustRunAsNonRoot`. This allowed containers to run as any user, including a privileged user (`root`), even when Rancher's `restricted` policy was enforced on a project or at the cluster level. | 31 Mar 2022 | [Rancher v2.6.4](https://github.com/rancher/rancher/releases/tag/v2.6.4) | | [CVE-2021-36775](https://github.com/rancher/rancher/security/advisories/GHSA-28g7-896h-695v) | A vulnerability was discovered in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. After removing a `Project Role` associated with a group from the project, the bindings that granted access to cluster-scoped resources for those subjects were not deleted. This was due to an incomplete authorization logic check. A user who was a member of the affected group with authenticated access to Rancher could exploit this vulnerability to access resources they shouldn't have had access to. The exposure level would depend on the original permission level granted to the affected project role. This vulnerability only affected customers using group based authentication in Rancher. | 31 Mar 2022 | [Rancher v2.6.3](https://github.com/rancher/rancher/releases/tag/v2.6.3), [Rancher v2.5.12](https://github.com/rancher/rancher/releases/tag/v2.5.12) and [Rancher v2.4.18](https://github.com/rancher/rancher/releases/tag/v2.4.18) | | [CVE-2021-36776](https://github.com/rancher/rancher/security/advisories/GHSA-gvh9-xgrq-r8hw) | A vulnerability was discovered in Rancher versions starting 2.5.0 up to and including 2.5.9, that allowed an authenticated user to impersonate any user on a cluster through an API proxy, without requiring knowledge of the impersonated user's credentials. This was due to the API proxy not dropping the impersonation header before sending the request to the Kubernetes API. A malicious user with authenticated access to Rancher could use this to impersonate another user with administrator access in Rancher, thereby gaining administrator level access to the cluster. | 31 Mar 2022 | [Rancher v2.6.0](https://github.com/rancher/rancher/releases/tag/v2.6.0) and [Rancher v2.5.10](https://github.com/rancher/rancher/releases/tag/v2.5.10) | From b74e02735100c27c8a1fcad52cce8333e2df4a45 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Mon, 18 Apr 2022 14:15:03 -0400 Subject: [PATCH 08/10] Updated 2.6 docs for broken link also --- .../rke-clusters/cloud-providers/_index.md | 2 +- .../rke-clusters/cloud-providers/_index.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md index 6b12db8c31a..2679bbe634b 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md @@ -41,7 +41,7 @@ For details on enabling the vSphere cloud provider, refer to [this page.](./vsph The `Custom` cloud provider is available if you want to configure any Kubernetes cloud provider. -For the custom cloud provider option, you can refer to the [RKE docs]({{}}/rke/latest/en/config-options/cloud-providers/) on how to edit the yaml file for your specific cloud provider. There are specific cloud providers that have more detailed configuration : +For the custom cloud provider option, you can refer to the [RKE docs]({{}}/rke/latest/en/config-options/cloud-providers/) on how to edit the yaml file for your specific cloud provider. There are specific cloud providers that have more detailed configuration: * [vSphere]({{}}/rke/latest/en/config-options/cloud-providers/vsphere/) * [OpenStack]({{}}/rke/latest/en/config-options/cloud-providers/openstack/) diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md index 0d82a9a6e0b..bcb6f1d2089 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/cloud-providers/_index.md @@ -2,7 +2,7 @@ title: Setting up Cloud Providers weight: 2300 --- -A _cloud provider_ is a module in Kubernetes that provides an interface for managing nodes, load balancers, and networking routes. For more information, refer to the [official Kubernetes documentation on cloud providers.](https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/) +A _cloud provider_ is a module in Kubernetes that provides an interface for managing nodes, load balancers, and networking routes. When a cloud provider is set up in Rancher, the Rancher server can automatically provision new nodes, load balancers or persistent storage devices when launching Kubernetes definitions, if the cloud provider you're using supports such automation. @@ -35,9 +35,9 @@ For details on enabling the vSphere cloud provider, refer to [this page.](./vsph ### Setting up a Custom Cloud Provider -The `Custom` cloud provider is available if you want to configure any [Kubernetes cloud provider](https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/). +The `Custom` cloud provider is available if you want to configure any Kubernetes cloud provider. -For the custom cloud provider option, you can refer to the [RKE docs]({{}}/rke/latest/en/config-options/cloud-providers/) on how to edit the yaml file for your specific cloud provider. There are specific cloud providers that have more detailed configuration : +For the custom cloud provider option, you can refer to the [RKE docs]({{}}/rke/latest/en/config-options/cloud-providers/) on how to edit the yaml file for your specific cloud provider. There are specific cloud providers that have more detailed configuration: * [vSphere]({{}}/rke/latest/en/config-options/cloud-providers/vsphere/) * [OpenStack]({{}}/rke/latest/en/config-options/cloud-providers/openstack/) From efaa378baeff825ab9b77d15546069361c8fe050 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Mon, 18 Apr 2022 15:06:21 -0400 Subject: [PATCH 09/10] Added update to two other links in 2.6 --- .../rancher/v2.6/en/cluster-admin/volumes-and-storage/_index.md | 2 +- content/rancher/v2.6/en/longhorn/_index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/_index.md b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/_index.md index 9467dfa660f..745fbce0131 100644 --- a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/_index.md @@ -44,7 +44,7 @@ For details and prerequisites, refer to [this page.](./provisioning-new-storage) Longhorn is free, open source software. Originally developed by Rancher Labs, it is now being developed as a sandbox project of the Cloud Native Computing Foundation. It can be installed on any Kubernetes cluster with Helm, with kubectl, or with the Rancher UI. -If you have a pool of block storage, Longhorn can help you provide persistent storage to your Kubernetes cluster without relying on cloud providers. For more information about Longhorn features, refer to the [documentation.](https://longhorn.io/docs/1.0.2/what-is-longhorn/) +If you have a pool of block storage, Longhorn can help you provide persistent storage to your Kubernetes cluster without relying on cloud providers. For more information about Longhorn features, refer to the [documentation.](https://longhorn.io/docs/latest/what-is-longhorn/) Rancher v2.5 simplified the process of installing Longhorn on a Rancher-managed cluster. For more information, see [this page.]({{}}/rancher/v2.6/en/longhorn) diff --git a/content/rancher/v2.6/en/longhorn/_index.md b/content/rancher/v2.6/en/longhorn/_index.md index d394cab5d02..fc3d2e2ac91 100644 --- a/content/rancher/v2.6/en/longhorn/_index.md +++ b/content/rancher/v2.6/en/longhorn/_index.md @@ -6,7 +6,7 @@ weight: 19 [Longhorn](https://longhorn.io/) is a lightweight, reliable and easy-to-use distributed block storage system for Kubernetes. -Longhorn is free, open source software. Originally developed by Rancher Labs, it is now being developed as a sandbox project of the Cloud Native Computing Foundation. It can be installed on any Kubernetes cluster with Helm, with kubectl, or with the Rancher UI. You can learn more about its architecture [here.](https://longhorn.io/docs/1.0.2/concepts/) +Longhorn is free, open source software. Originally developed by Rancher Labs, it is now being developed as a sandbox project of the Cloud Native Computing Foundation. It can be installed on any Kubernetes cluster with Helm, with kubectl, or with the Rancher UI. You can learn more about its architecture [here.](https://longhorn.io/docs/latest/concepts/) With Longhorn, you can: From 78f3f2d8943ad7782028094170f266bff52ca912 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Mon, 18 Apr 2022 15:18:58 -0400 Subject: [PATCH 10/10] Added word for phrasing clarity --- .../latest/en/installation/installation-requirements/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/k3s/latest/en/installation/installation-requirements/_index.md b/content/k3s/latest/en/installation/installation-requirements/_index.md index 276e684d7c4..f4fd336d7f7 100644 --- a/content/k3s/latest/en/installation/installation-requirements/_index.md +++ b/content/k3s/latest/en/installation/installation-requirements/_index.md @@ -44,7 +44,7 @@ K3s performance depends on the performance of the database. To ensure optimal sp The K3s server needs port 6443 to be accessible by all nodes. -The nodes need to be able to reach other nodes over UDP port 8472 when Flannel VXLAN is used or UDP ports 51820 and 51821 (when using IPv6) when Flannel Wireguard backend is used. The node should not listen on any other port. K3s uses reverse tunneling such that the nodes make outbound connections to the server and all kubelet traffic runs through that tunnel. However, if you do not use Flannel and provide your own custom CNI, then the ports needed by Flannel are not needed by K3s. +The nodes need to be able to reach other nodes over UDP port 8472 when Flannel VXLAN is used or over UDP ports 51820 and 51821 (when using IPv6) when Flannel Wireguard backend is used. The node should not listen on any other port. K3s uses reverse tunneling such that the nodes make outbound connections to the server and all kubelet traffic runs through that tunnel. However, if you do not use Flannel and provide your own custom CNI, then the ports needed by Flannel are not needed by K3s. If you wish to utilize the metrics server, you will need to open port 10250 on each node.