Merge remote-tracking branch 'upstream/main' into main-to-release/v2.7.5

2026-05-02 03:03:16 +00:00 · 2023-06-22 13:27:14 -07:00
parent 66d3497b2f cab1ea018d
commit f01d471d6e
1154 changed files with 137978 additions and 464 deletions
@@ -84,7 +84,7 @@ Log into Rancher to confirm that the upgrade succeeded.

 Having network issues following upgrade?

-See [Restoring Cluster Networking](../../../../versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/namespace-migration.md).
+See [Restoring Cluster Networking](/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/namespace-migration.md).

 :::

@@ -103,6 +103,8 @@ helm upgrade --install \
  ingress-nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx \
  --set controller.service.type=LoadBalancer \
+  --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz \
+  --set controller.service.externalTrafficPolicy=Local \
  --version 4.6.0 \
  --create-namespace
 ```
@@ -10,9 +10,9 @@ title: Rollbacks

 Rancher v2.6.4 upgrades the cluster-api module from v0.4.4 to v1.0.2. Version v1.0.2 of the cluster-api, in turn, upgrades the Cluster API's  Custom Resource Definitions (CRDs) from `cluster.x-k8s.io/v1alpha4` to `cluster.x-k8s.io/v1beta1`. The CRDs upgrade to v1beta1 causes rollbacks to fail when you attempt to move from Rancher v2.6.4 to any previous version of Rancher v2.6.x. This is because CRDs that use the older apiVersion (v1alpha4) are incompatible with v1beta1.

-To avoid rollback failure, the following Rancher scripts should be run **before** you attempt a restore operation or rollback: 
+To avoid rollback failure, the following Rancher scripts should be run **before** you attempt a restore operation or rollback:

-* `verify.sh`:  Checks for any Rancher-related resources in the cluster. 
+* `verify.sh`:  Checks for any Rancher-related resources in the cluster.
 *  `cleanup.sh`: Cleans up the cluster.

 See the [rancher/rancher-cleanup repo](https://github.com/rancher/rancher-cleanup) for more details and source code.
@@ -127,7 +127,7 @@ helm rollback rancher 3 -n cattle-system

 ## Rolling Back to Rancher v2.2-v2.4+

-To roll back to Rancher before v2.5, follow the procedure detailed here: [Restoring Backups — Kubernetes installs](../../../../versioned_docs/version-2.0-2.4/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md) Restoring a snapshot of the Rancher server cluster will revert Rancher to the version and state at the time of the snapshot.
+To roll back to Rancher before v2.5, follow the procedure detailed here: [Restoring Backups — Kubernetes installs](/versioned_docs/version-2.0-2.4/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup.md) Restoring a snapshot of the Rancher server cluster will revert Rancher to the version and state at the time of the snapshot.

 For information on how to roll back Rancher installed with Docker, refer to [this page.](../other-installation-methods/rancher-on-a-single-node-with-docker/roll-back-docker-installed-rancher.md)

@@ -139,4 +139,4 @@ Managed clusters are authoritative for their state. This means restoring the Ran

 ## Rolling Back to Rancher v2.0-v2.1

-Rolling back to Rancher v2.0-v2.1 is no longer supported. The instructions for rolling back to these versions are preserved [here](../../../../versioned_docs/version-2.0-2.4/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup/roll-back-to-v2.0-v2.1.md) and are intended to be used only in cases where upgrading to Rancher v2.2+ is not feasible.
+Rolling back to Rancher v2.0-v2.1 is no longer supported. The instructions for rolling back to these versions are preserved [here](/versioned_docs/version-2.0-2.4/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup/roll-back-to-v2.0-v2.1.md) and are intended to be used only in cases where upgrading to Rancher v2.2+ is not feasible.
@@ -32,7 +32,7 @@ Note that upgrades _to_ or _from_ any chart in the [rancher-alpha repository](..

 The upgrade instructions assume you are using Helm 3.

-For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 migration docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) The [Helm 2 upgrade page here](../../../../versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/helm2.md)provides a copy of the older upgrade instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible.
+For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 migration docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) The [Helm 2 upgrade page here](/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/helm2.md)provides a copy of the older upgrade instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible.

 ### For air-gapped installs: Populate private registry

@@ -179,7 +179,7 @@ Log into Rancher to confirm that the upgrade succeeded.

 Having network issues following upgrade?

-See [Restoring Cluster Networking](../../../../versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/namespace-migration.md).
+See [Restoring Cluster Networking](/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/namespace-migration.md).

 :::

@@ -16,7 +16,7 @@ Some feature flags require a restart of the Rancher container. Features that req

 :::

-The following is a list of feature flags available in Rancher. If you've upgraded from a previous Rancher version, you may see additional flags in the Rancher UI, such as `proxy` or `dashboard` (both [discontinued](../../../../versioned_docs/version-2.5/reference-guides/installation-references/feature-flags.md)):
+The following is a list of feature flags available in Rancher. If you've upgraded from a previous Rancher version, you may see additional flags in the Rancher UI, such as `proxy` or `dashboard` (both [discontinued](/versioned_docs/version-2.5/reference-guides/installation-references/feature-flags.md)):

 - `continuous-delivery`: Allows Fleet GitOps to be disabled separately from Fleet. See [Continuous Delivery.](../../../how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md) for more information.
 - `fleet`: The Rancher provisioning framework in v2.6 and later requires Fleet. The flag will be automatically enabled when you upgrade, even if you disabled this flag in an earlier version of Rancher. See [Fleet - GitOps at Scale](../../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md) for more information.
@@ -31,7 +31,7 @@ The following is a list of feature flags available in Rancher. If you've upgrade

 The following table shows the availability and default values for some feature flags in Rancher. Features marked "GA" are generally available:

-| Feature Flag Name             | Default Value | Status       | Available As Of | 
+| Feature Flag Name             | Default Value | Status       | Available As Of |
 | ----------------------------- | ------------- | ------------ | --------------- |
 | `continuous-delivery` | `true` | GA | v2.6.0 |
 | `fleet`  | `true` | Can no longer be disabled | v2.6.0 |
@@ -384,7 +384,7 @@ Log into Rancher. Confirm that the upgrade succeeded by checking the version dis

 :::note Having network issues in your user clusters following upgrade?

-See [Restoring Cluster Networking](../../../../../versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/namespace-migration.md).
+See [Restoring Cluster Networking](/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/namespace-migration.md).

 :::

@@ -8,7 +8,7 @@ title: Helm Version Requirements

 This section contains the requirements for Helm, which is the tool used to install Rancher on a high-availability Kubernetes cluster.

-> The installation instructions have been updated for Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 Migration Docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) [This section](../../../../versioned_docs/version-2.0-2.4/pages-for-subheaders/helm2.md) provides a copy of the older high-availability Rancher installation instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible.
+> The installation instructions have been updated for Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 Migration Docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) [This section](/versioned_docs/version-2.0-2.4/pages-for-subheaders/helm2.md) provides a copy of the older high-availability Rancher installation instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible.

 - Helm v3.2.x or higher is required to install or upgrade Rancher v2.5.
 - Helm v2.16.0 or higher is required for Kubernetes v1.16. For the default Kubernetes version, refer to the [release notes](https://github.com/rancher/rke/releases) for the version of RKE that you are using.
@@ -23,7 +23,7 @@ While configuring the routes for `rancher-cis-benchmark` alerts, you can specify

 To configure alerts for a scan that runs on a schedule,

-1. Please enable alerts on the `rancher-cis-benchmark` application (#enabling-alerting-for-rancher-cis-benchmark)
+1. Please enable alerts on the `rancher-cis-benchmark` application. For more information, see [this page](../../../how-to-guides/advanced-user-guides/cis-scan-guides/enable-alerting-for-rancher-cis-benchmark.md).
 1. In the upper left corner, click **☰ > Cluster Management**.
 1. On the **Clusters** page, go to the cluster where you want to run a CIS scan and click **Explore**.
 1. Click **CIS Benchmark > Scan**.
@@ -2,6 +2,10 @@
 title: Configure Active Directory (AD)
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-active-directory"/>
+</head>
+
 If your organization uses Microsoft Active Directory as central user repository, you can configure Rancher to communicate with an Active Directory server to authenticate users. This allows Rancher admins to control access to clusters and projects based on users and groups managed externally in the Active Directory, while allowing end-users to authenticate with their AD credentials when logging in to the Rancher UI.

 Rancher uses LDAP to communicate with the Active Directory server. The authentication flow for Active Directory is therefore the same as for the [OpenLDAP authentication](../../../../pages-for-subheaders/configure-openldap.md) integration.
@@ -2,6 +2,10 @@
 title: Configure Azure AD
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad"/>
+</head>
+
 ## Microsoft Graph API

 Microsoft Graph API is now the flow through which you will set up Azure AD. The below sections will assist [new users](#new-user-setup) in configuring Azure AD with a new instance as well as assist existing Azure app owners in [migrating to the new flow](#migrating-from-azure-ad-graph-api-to-microsoft-graph-api).
@@ -2,6 +2,10 @@
 title: Configure FreeIPA
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-freeipa"/>
+</head>
+
 If your organization uses FreeIPA for user authentication, you can configure Rancher to allow your users to login using their FreeIPA credentials.

 :::note Prerequisites:
@@ -2,6 +2,10 @@
 title: Configure GitHub
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-github"/>
+</head>
+
 In environments using GitHub, you can configure Rancher to allow sign on using GitHub credentials.

 :::note Prerequisites:
@@ -2,6 +2,10 @@
 title: Configure Google OAuth
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-google-oauth"/>
+</head>
+
 If your organization uses G Suite for user authentication, you can configure Rancher to allow your users to log in using their G Suite credentials.

 Only admins of the G Suite domain have access to the Admin SDK. Therefore, only G Suite admins can configure Google OAuth for Rancher.
@@ -2,6 +2,11 @@
 title: Configure Keycloak (OIDC)
 description: Create a Keycloak OpenID Connect (OIDC) client and configure Rancher to work with Keycloak. By the end your users will be able to sign into Rancher using their Keycloak logins
 ---
+
+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-oidc"/>
+</head>
+
 If your organization uses [Keycloak Identity Provider (IdP)](https://www.keycloak.org) for user authentication, you can configure Rancher to allow your users to log in using their IdP credentials. Rancher supports integration with Keycloak using the OpenID Connect (OIDC) protocol and the SAML protocol. Both implementations are functionally equivalent when used with Rancher. This page describes the process to configure Rancher to work with Keycloak using the OIDC protocol.

 If you prefer to use Keycloak with the SAML protocol instead, refer to [this page](configure-keycloak-saml.md).
@@ -3,6 +3,10 @@ title: Configure Keycloak (SAML)
 description: Create a Keycloak SAML client and configure Rancher to work with Keycloak. By the end your users will be able to sign into Rancher using their Keycloak logins
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-saml"/>
+</head>
+
 If your organization uses Keycloak Identity Provider (IdP) for user authentication, you can configure Rancher to allow your users to log in using their IdP credentials.

 ## Prerequisites
@@ -2,6 +2,10 @@
 title: Configure Okta (SAML)
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml"/>
+</head>
+
 If your organization uses Okta Identity Provider (IdP) for user authentication, you can configure Rancher to allow your users to log in using their IdP credentials.

 :::note
@@ -2,6 +2,10 @@
 title: Configure PingIdentity (SAML)
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-pingidentity"/>
+</head>
+
 If your organization uses Ping Identity Provider (IdP) for user authentication, you can configure Rancher to allow your users to log in using their IdP credentials.

 >**Prerequisites:**
@@ -2,7 +2,11 @@
 title: Local Authentication
 ---

-Local authentication is the default until you configure an external authentication provider. Local authentication is where Rancher stores the user information, i.e. names and passwords, of who can log in to Rancher. By default, the `admin` user that logs in to Rancher for the first time is a local user.
+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/create-local-users"/>
+</head>
+
+Local authentication is the default until you configure an external authentication provider. Rancher stores user account information, such as usernames and passwords, locally. By default, the `admin` user that logs in to Rancher for the first time is a local user.

 ## Adding Local Users

@@ -2,6 +2,10 @@
 title: Users and Groups
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups"/>
+</head>
+
 Rancher relies on users and groups to determine who is allowed to log in to Rancher and which resources they can access. When you configure an external authentication provider, users from that provider will be able to log in to your Rancher server. When a user logs in, the authentication provider will supply your Rancher server with a list of groups to which the user belongs.

 Access to clusters, projects, multi-cluster apps, and global DNS providers and entries can be controlled by adding either individual users or groups to these resources. When you add a group to a resource, all users who are members of that group in the authentication provider, will be able to access the resource with the permissions that you've specified for the group. For more information on roles and permissions, see [Role Based Access Control](../../../../pages-for-subheaders/manage-role-based-access-control-rbac.md).
@@ -2,7 +2,11 @@
 title: 1. Configuring Microsoft AD FS for Rancher
 ---

-Before configuring Rancher to support AD FS users, you must add Rancher as a [relying party trust](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/understanding-key-ad-fs-concepts) in AD FS.
+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher"/>
+</head>
+
+Before you configure Rancher to support Active Directory Federation Service (AD FS), you must add Rancher as a [relying party trust](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/understanding-key-ad-fs-concepts) in AD FS.

 1. Log into your AD server as an administrative user.

@@ -2,7 +2,11 @@
 title: 2. Configuring Rancher for Microsoft AD FS
 ---

-After you complete [Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md), enter your AD FS information into Rancher to allow AD FS users to authenticate with Rancher.
+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/configure-microsoft-ad-federation-service-saml/configure-rancher-for-ms-adfs"/>
+</head>
+
+After you complete [Configuring Microsoft AD FS for Rancher](configure-ms-adfs-for-rancher.md), enter your Active Directory Federation Service (AD FS) information into Rancher so that AD FS users can authenticate with Rancher.

 :::note Important Notes For Configuring Your ADFS Server:

@@ -2,8 +2,12 @@
 title: Pod Security Policies
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies"/>
+</head>
+
 :::caution
-Pod Security Policy is only available in Kubernetes until v1.24. [Pod Security Standards](pod-security-standards.md) are the built-in alternative.
+Pod Security Policies are only available in Kubernetes until v1.24. [Pod Security Standards](pod-security-standards.md) are the built-in alternative.
 :::

 [Pod Security Policies (PSPs)](https://kubernetes.io/docs/concepts/security/pod-security-policy/) are objects that control security-sensitive aspects of the pod specification (such as root privileges).
@@ -2,26 +2,24 @@
 title: Custom Branding
 ---

-Rancher v2.6 introduced the ability to customize Rancher’s branding and navigation links.
+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/custom-branding"/>
+</head>

-## Changing Brand Settings
-
-:::note Prerequisite:
+## Prerequisite

 You will need to have at least cluster member permissions.

-:::
+## Brand Configuration

 To configure the brand settings,

 1. Click **☰ > Global settings**.
 2. Click **Branding**.

-## Brand Configuration
-
 ### Private Label Company Name

-This option replaces “Rancher” with the value you provide in most places. Files that need to have Rancher in the name, such as “rancher-compose.yml”, will not be changed.
+This option replaces "Rancher" with the value you provide in most places. Files that need to have Rancher in the name, such as `rancher-compose.yml`, won't be changed.

 ### Support Links

@@ -2,6 +2,10 @@
 title: Configuring a Global Default Private Registry
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry"/>
+</head>
+
 :::note
 This page describes how to configure a global default private registry from the Rancher UI, after Rancher is already installed. 

@@ -2,6 +2,10 @@
 title: Global Permissions
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions"/>
+</head>
+
 _Permissions_ are individual access rights that you can assign when selecting a custom permission for a user.

 Global Permissions define user authorization outside the scope of any particular cluster. Out-of-the-box, there are four default global permissions: `Administrator`, `Restricted Admin`,`Standard User` and `User-base`.
@@ -2,6 +2,10 @@
 title: Locked Roles
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/locked-roles"/>
+</head>
+
 You can set roles to a status of `locked`. Locking roles prevent them from being assigned to users in the future.

 Locked roles:
@@ -2,6 +2,10 @@
 title: Pod Security Standards (PSS) & Pod Security Admission (PSA)
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards"/>
+</head>
+
 [Pod Security Standards (PSS)](https://kubernetes.io/docs/concepts/security/pod-security-standards/) and [Pod Security Admission (PSA)](https://kubernetes.io/docs/concepts/security/pod-security-admission/) define security restrictions for a broad set of workloads.
 They became available and were turned on by default in Kubernetes v1.23, and replace [Pod Security Policies (PSP)](https://kubernetes.io/docs/concepts/security/pod-security-policy/) in Kubernetes v1.25 and above.

@@ -2,6 +2,10 @@
 title: Pod Security Admission (PSA) Configuration Templates
 ---

+<head> 
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates"/>
+</head>
+
 [Pod Security admission (PSA)](./pod-security-standards.md) configuration templates are a Rancher custom-defined resource (CRD), available in Rancher v2.7.2 and above. The templates provide pre-defined security configurations that you can apply to a cluster:

 - `rancher-privileged`: The most permissive configuration. It doesn't restrict the behavior of any pods. This allows for known privilege escalations. This policy has no exemptions.
@@ -35,7 +35,7 @@ When running the command to start the K3s Kubernetes API server, you will pass i
  ```
  curl -sfL https://get.k3s.io |  INSTALL_K3S_VERSION=<VERSION> sh -s - server \
    --datastore-endpoint="<DATASTORE_ENDPOINT>"
-    ```
+  ```

  Where `<DATASTORE_ENDPOINT>` is the connection URI for your datastore. For example, `mysql://username:password@tcp(hostname:3306)/database-name` if you're using MySQL. Valid datastores include  etcd, MySQL, PostgreSQL, or SQLite (default).

@@ -6,15 +6,17 @@ This section describes how to create a vSphere username and password. You will n

 The following table lists the permissions required for the vSphere user account:

-| Privilege Group       | Operations  |
-|:----------------------|:-----------------------------------------------------------------------|
-| Cns Privileges        | Searchable |
-| Datastore             | AllocateSpace <br/> Browse <br/> FileManagement (Low level file operations) <br/> UpdateVirtualMachineFiles <br/> UpdateVirtualMachineMetadata |
-| Global                | Set custom attribute |
-| Network               | Assign |
-| Resource              | AssignVMToPool |
-| Virtual Machine       | Config (All) <br/> GuestOperations (All) <br/> Interact (All) <br/> Inventory (All) <br/> Provisioning (All) |
-| vSphere Tagging       | Assign or Unassign vSphere Tag <br/> Assign or Unassign vSphere Tag on Object |
+| Privilege Group          | Operations  |
+|:-------------------------|:-----------------------------------------------------------------------|
+| Cns Privileges           | Searchable |
+| Content library          | Read Storage <br/> (Required only if deploying Template from Content Library) |
+| Cryptographic operations | Direct Access |
+| Datastore                | AllocateSpace <br/> Browse <br/> FileManagement (Low level file operations) <br/> UpdateVirtualMachineFiles <br/> UpdateVirtualMachineMetadata |
+| Global                   | Set custom attribute |
+| Network                  | Assign |
+| Resource                 | AssignVMToPool |
+| Virtual Machine          | Config (All) <br/> GuestOperations (All) <br/> Interact (All) <br/> Inventory (All) <br/> Provisioning (All) |
+| vSphere Tagging          | Assign or Unassign vSphere Tag <br/> Assign or Unassign vSphere Tag on Object |

 The following steps create a role with the required privileges and then assign it to a new user in the vSphere console:

@@ -200,7 +200,7 @@ The node operating system image. For more information for the node image options

 :::note

-The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](../../versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](logging.md) is compatible with the Container-Optimized OS image.
+The default option is "Container-Optimized OS with Docker". The read-only filesystem on GCP's Container-Optimized OS is not compatible with the [legacy logging](/versioned_docs/version-2.0-2.4/pages-for-subheaders/cluster-logging.md) implementation in Rancher. If you need to use the legacy logging feature, select "Ubuntu with Docker" or "Ubuntu with Containerd". The [current logging feature](logging.md) is compatible with the Container-Optimized OS image.

 :::

@@ -5,8 +5,6 @@ description: Rancher integrates with popular logging services. Learn the require

 The [Logging operator](https://kube-logging.github.io/docs/) now powers Rancher's logging solution in place of the former, in-house solution.

-For an overview of the changes in v2.5, see [this section.](../integrations-in-rancher/logging/logging-architecture.md#changes-in-rancher-v2-5)
-
 ## Enabling Logging

 You can enable the logging for a Rancher managed cluster by going to the Apps page and installing the logging app.
@@ -59,9 +57,8 @@ For a list of options that can be configured when the logging application is ins

 ### Windows Support

-Logging support for Windows clusters is available and logs can be collected from Windows nodes.
+You can [enable logging](../integrations-in-rancher/logging/logging-helm-chart-options.md#enabledisable-windows-node-logging) from Windows nodes.

-For details on how to enable or disable Windows node logging, see [this section.](../integrations-in-rancher/logging/logging-helm-chart-options.md#enable-disable-windows-node-logging)

 ### Working with a Custom Docker Root Directory

@@ -86,7 +83,7 @@ By default, Rancher collects logs for control plane components and node componen

 ### The Logging Buffer Overloads Pods

-Depending on your configuration, the default buffer size may be too large and cause pod failures. One way to reduce the load is to lower the logger's flush interval. This prevents logs from overfilling the buffer. You can also add more flush threads to handle moments when many logs are attempting to fill the buffer at once. 
+Depending on your configuration, the default buffer size may be too large and cause pod failures. One way to reduce the load is to lower the logger's flush interval. This prevents logs from overfilling the buffer. You can also add more flush threads to handle moments when many logs are attempting to fill the buffer at once.

 For a more complete description of how to configure the logging buffer to suit your organization's needs, see the official Logging operator documentation on [buffers](https://kube-logging.github.io/docs/configuration/plugins/outputs/buffer/) and on [Fluentd configuration](https://kube-logging.github.io/docs/logging-infrastructure/fluentd/).

@@ -2,4 +2,4 @@
 title: Machine Configuration
 ---

-Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2), [DigitalOcean](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean), and [Azure](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure) to learn more.
+Machine configuration is the arrangement of resources assigned to a virtual machine. Please see the docs for [Amazon EC2](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/amazon-ec2.md), [DigitalOcean](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/digitalocean.md), and [Azure](../reference-guides/cluster-configuration/downstream-cluster-configuration/machine-configuration/azure.md) to learn more.
@@ -4,12 +4,6 @@ title: Cluster Administration

 After you provision a cluster in Rancher, you can begin using powerful Kubernetes features to deploy and scale your containerized applications in development, testing, or production environments.

-This page covers the following topics:
-
- [Switching between clusters](#switching-between-clusters)
- [Managing clusters in Rancher](#managing-clusters-in-rancher)
- [Configuring tools](#configuring-tools)
-
 :::note

 This section assumes a basic familiarity with Docker and Kubernetes. For a brief explanation of how Kubernetes components work together, refer to the [concepts](../reference-guides/kubernetes-concepts.md) page.
@@ -2,4 +2,4 @@
 title: Node Template Configuration
 ---

-To learn about node template config, refer to [EC2 Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2), [DigitalOcean Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/digitalocean), [Azure Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/azure), [vSphere Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/vsphere), and [Nutanix Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/nutanix).
+To learn about node template config, refer to [EC2 Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/amazon-ec2.md), [DigitalOcean Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/digitalocean.md), [Azure Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/azure.md), [vSphere Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/vsphere.md), and [Nutanix Node Template Configuration](../reference-guides/cluster-configuration/downstream-cluster-configuration/node-template-configuration/nutanix.md).
@@ -10,7 +10,7 @@ Rancher can provision nodes in AOS (AHV) and install Kubernetes on them. When cr
 A Nutanix cluster may consist of multiple groups of VMs with distinct properties, such as the amount of memory or the number of vCPUs. This grouping allows for fine-grained control over the sizing of nodes for each Kubernetes role.

 - [Creating a Nutanix Cluster](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md#creating-a-nutanix-aos-cluster)
- [Provisioning Storage](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos)
+- [Provisioning Storage](../how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider/nutanix/provision-kubernetes-clusters-in-aos.md)

 ## Creating a Nutanix Cluster

@@ -47,7 +47,7 @@ Choose from the following options:
 - [Option A: Default Rancher-generated Self-signed Certificate](#option-a-default-rancher-generated-self-signed-certificate)
 - [Option B: Bring Your Own Certificate, Self-signed](#option-b-bring-your-own-certificate-self-signed)
 - [Option C: Bring Your Own Certificate, Signed by a Recognized CA](#option-c-bring-your-own-certificate-signed-by-a-recognized-ca)
- [Option D: Let's Encrypt Certificate](#option-d-let-s-encrypt-certificate)
+- [Option D: Let's Encrypt Certificate](#option-d-lets-encrypt-certificate)
 - [Option E: Localhost tunneling, no Certificate](#option-e-localhost-tunneling-no-certificate)

 ### Option A: Default Rancher-generated Self-signed Certificate
@@ -1,16 +0,0 @@
---
-title: v2.7
-description: Dummy file used to redirect to the base url
---
-
-<!-- Redirect plugin currently does not allow the final segment of a url (e.g. /v2.7/faq is valid, but /v2.7 is not)
-     to contain a period so this method is used to to allow users to access baseurl/v2.7 and be redirected to baseurl
-
-     releaseTask: when a new minor version is released, the name of this file and the title need to be updated.
-->
-
-import {Redirect} from '@docusaurus/router';
-
-const Home = () => {
-  return <Redirect to="/" />;
-};