Google has disabled basic authentication in 1.19+ and a user must
explicitly disable basic authentication before upgrading to 1.19+. Here,
a note is added about this restriction and how to rectify it properly.
Update security page to indicate that CIS 1.5 and 1.6 are covered by
this section.
Add network policy to Hardening Guide that shows how to allow for DNS
traffic.
Signed-off-by: Brian Downs <brian.downs@gmail.com>
The new KEv2-driven GKE cluster provider will support creating "private
clusters", but this has a unique meaning for GKE that is different from
other Kubernetes providers that needs some extra explanation, and can
require pre-planning and/or manual steps during the cluster provisioning
process. This change documents the considerations needed for an advanced
setup like this.
Prior to 2.5.8, enabling Auto Upgrade for GKE hosted clusters was not
recommended because it could cause the state of the cluster in GKE to
become out of sync with the state of the cluster in Rancher. With 2.5.8,
this is not a concern any more because of the syncing mechanism in the
new GKE provisioner. Therefore, it's recommended to use the Auto Upgrade
feature, which defaults to enabled in both Rancher and the GKE console.
This change removes the note erroneously added in 74b31fae.
* Add notes about Shared VPCs
* Change "Node Subnet" to "Node Subnet / Subnet" - the field name
changes depending on whether you use Ip Aliases, but means the same
thing in both cases
* Clarify use of Subnetwork Name
* Clarify use of address ranges and range names
* Add private cluster-related fields
* Fix HTTP (L7) Load Balancing reference URL
* Add reference URL for Maintenance Window
* Add notes on image types
* Enhance Machine Type
* Use "node pool" instead of "node group"
* Fix "Autoscaling" under "Node Pools" - this has been fixed in the UI
* Add note to "Auto Upgrade" to match <2.5.8 tab
Running RKE version: v1.2.7
```
rke util get-kubeconfig
INFO[0000] Creating new kubeconfig file
INFO[0000] Copied file [./kube_config_cluster.yml] to new location [kube_config090097404] as back-up
INFO[0000] [reconcile] Rebuilding and updating local kube config
INFO[0000] Successfully Deployed local admin kubeconfig at [./kube_config_cluster.yml]
INFO[0000] [reconcile] host [osl-argusdev-kube-cluster1.mnemonic.no] is a control plane node with reachable Kubernetes API endpoint in the cluster
```
Output is without dash and only underscore.
Brian Downs
Erik Wilson
Catherine Luse
Shubham Dang
Colleen Murphy
Colleen Murphy
Donnie Adams
Billy Tat
Nikolas